CWE-625

Permissive Regular Expression

AI Translation Available

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Status

draft

Abstraction

base

Affected Platforms

Perl PHP

Extended Description

AI Translation

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

- not identifying the beginning and end of the target string

- using wildcards instead of acceptable character ranges

- others

Technical Details

AI Translation

Common Consequences

access control

Impacts

bypass protection mechanism

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

elusione del meccanismo di protezione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Quando applicabile, assicurarsi che l'espressione regolare segnali i pattern di inizio e fine stringa, come "/^string$/" per Perl.

CWE-625

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter