...
This compliant solution sanitizes the search terms by using Pattern.quote() to escape any malicious characters in the search string. Unlike the previous compliant solution, a search string using punctuation characters, such as "name =" is permitted.
| Code Block | ||
|---|---|---|
| ||
public static void FindLogEntry(String search) {
// Sanitize search string
search = Pattern.quote(search);
// Construct regex dynamically from user string
String regex = "(.*? +public\\[\\d+\\] +.*" + search + ".*)";
// ...
}
|
...
Failing to sanitize untrusted data included as part of a regular expression can result in the disclosure of sensitive information.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
IDS08-J | Medium | Unlikely | Yes |
No | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| CodeSonar |
| JAVA.IO.TAINT.REGEX | Tainted Regular Expression (Java) | ||||||
| SonarQube |
| Regular expressions should not be vulnerable to Denial of Service attacks |
Related Guidelines
Bibliography
...
IDS09-J. Specify an appropriate locale when comparing locale-dependent data