...
Failing to sanitize untrusted data included as part of a regular expression can result in the disclosure of sensitive information.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
IDS08-J | Medium | Unlikely | Yes | NoMedium | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| CodeSonar |
| JAVA.IO.TAINT.REGEX | Tainted Regular Expression (Java) | ||||||
| SonarQube |
| Regular expressions should not be vulnerable to Denial of Service attacks |
...