Insecure Use of Regular Expressions

Why is this important?

Regular Expressions (Regex) are used in almost every application. However, it is often overlooked that Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. This can lead to issues that bypass security-related user input validation.

Read below to find out how to fix this issue in your code.

Fixing Insecure Use of Regular Expressions

Option A: Use the Right Regex Syntax

  1. Go through the issues that GuardRails identified in the PR.
  2. Identify any ^ or $ operators in the regular expression.
  /^https?:\/\/[^\n]+$/i
  1. Replace ^ with \A and/or $ with \z
  /\Ahttps?:\/\/[^\n]+\z/i
  1. Test it and ensure the regex is still working as expected.
  2. Ship it 🚢 and relax 🌴

More information:

Insecure Use of Language/Framework APIInsecure Use of SQL Queries