Insecure Use of Regular Expressions

Why is this important?

Regular Expressions (Regex) are used in almost every application. However, it is often overlooked that Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. This can lead to issues that bypass security-related user input validation.

Read below to find out how to fix this issue in your code.

Fixing Insecure Use of Regular Expressions

Option A: Use the Right Regex Syntax

  1. Go through the issues that GuardRails identified in the PR.
  2. Identify any ^ or $ operators in the regular expression.

    /^https?:\/\/[^\n]+$/i
    
  3. Replace ^ with \A and/or $ with \z

    /\Ahttps?:\/\/[^\n]+\z/i
    
  4. Test it and ensure the regex is still working as expected.

  5. Ship it 🚢 and relax 🌴

More information: