Bill Sempf: Removed from draft, added to the list

2013-05-18T01:36:16Z

Removed from draft, added to the list

Bill Sempf: Added basic information

2013-05-15T14:19:23Z

Added basic information

New page

= DRAFT =

Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

==Description==

The tested application is using a regular expression that is to broad in scope for the sufficient restriction of the set of allowed values.

==Risk Factors==

Overly Permissive Regular Expressions are a very common flaw in applications where regular expressions are used to restrict user input. Because of their overall complexity, developers using regular expressions will often use the wildcard character, or fail to restrict the number of characters allowed in the request.

This exploit is the opening that a malicious user needs to begin an injection attack, either client or server side. When an attacker can get inappropriate values into the backend processing system, there is much more of a chance of finding an injection flaw in a system.

==Examples==

For example, consider this expression to match a floating point number in text:

[-+]?([0-9])*\.?([0-9]*)

While it does allow for floating point numbers, the greedy * token will allow for the pattern to start anywhere in the string, leaving an opening for injection.

==Related [[Attacks]]==

* [[Cross-site Scripting (XSS)]]
* [[Regular expression Denial of Service - ReDoS]]
* [[SQL Injection]]

==Related [[Controls]]==

* [[Input Validation]]

==References==

* [http://cwe.mitre.org/data/definitions/625.html CWE 625]

← Older revision		Revision as of 01:36, 18 May 2013
Line 1:		Line 1:
−	~~= DRAFT =~~	+	[[Category:Vulnerability]]

−	~~Last revision (mm/dd/yy)~~: ~~'''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''~~	+	[[Category:Input Validation Vulnerability]]

Overly Permissive Regular Expression - Revision history

Bill Sempf: Removed from draft, added to the list

Bill Sempf: Added basic information