Insecure Use of Regular Expressions

Fixing Insecure Use of Regular Expressions

Regular Expressions (Regex) are used in almost every application. However, it is often overlooked that Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. This can lead to issues that bypass security-related user input validation.

Option A: Use the Right Regex Syntax

1. Go through the issues that GuardRails identified in the PR/MR

2. Identify any ^ or $ operators in the regular expression

   /^https?:\/\/[^\n]+$/i

3. Replace ^ with \A and/or $ with \z

   /\Ahttps?:\/\/[^\n]+\z/i

4. Test it and ensure the regex is still working as expected

5. Ship it 🚢 and relax 🌴