CWE-185
Incorrect Regular Expression
AI Translation Available
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
Status
draft
Abstraction
class
Affected Platforms
Extended Description
AI Translation
When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.
Technical Details
AI Translation
Common Consequences
other
access control
Impacts
unexpected state
varies by context
bypass protection mechanism
Detection Methods
automated static analysis
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression.