|
|
Status: Draft Weakness ID: 625 (Weakness Base)Description Summary The product uses a regular expression that does not sufficiently restrict the set of allowed values. Extended Description This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: (1) not identifying the beginning and end of the target string; (2) using wildcards instead of acceptable character ranges; and others. Weakness Ordinalities Primary (where the weakness exists independent of other weaknesses) Potential Mitigations When applicable, ensure that your regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl. Demonstrative Examples $phone = GetPhoneNumber(); if ($phone =~ /\d+-\d+/) { # looks like it only has hyphens and digits system("lookup-phone $phone"); } else { error("malformed number!"); }
An attacker could provide an argument such as: "; ls -l ; echo 123-456" This would pass the check, since "123-456" is sufficient to match the "\d+-\d+" portion of the regular expression. Observed Examples
Other Notes This problem is frequently found when the regular expression is used in input validation or security features such as authentication. Relationships
Applicable Platforms Languages Perl PHP Time of Introduction  ImplementationContent History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities |
|
|
|||
