8000 (CodeQL) Escaped regex metacharacters to prevent abuse by pixeebot-helm-test[bot] · Pull Request #1 · hintwatermelon/roller4 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

8000 (CodeQL) Escaped regex metacharacters to prevent abuse #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

(CodeQL) Escaped regex metacharacters to prevent abuse #1

wants to merge 1 commit into from

Conversation

pixeebot-helm-test[bot]
Copy link
B554

Remediation

This change fixes findings identified by CodeQL.

Details

This change fixes Regex Injection vulnerabilities by escaping the user input before using it in a regular expression. This is important because untrusted input can contain special characters that can change the behavior of the regular expression, leading to security vulnerabilities like denial of service, or change the application behavior to match in unexpected situations, possibly causing logical vulnerabilities.

Our changes look like this:

  import java.util.regex.Pattern;

  // run the regex
- Pattern p = Pattern.compile(userInput);
+ Pattern p = Pattern.compile(Pattern.quote(userInput));
  Matcher m = p.matcher(input);
  if (m.find()) {
    // do something
  }
More reading

I have additional improvements ready for this repo! If you want to see them, leave the comment:

@pixeebot next

... and I will open a new PR right away!

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: codeql:java/regex-injection

@pixeebot-helm-test pixeebot-helm-test bot mentioned this pull request Nov 24, 2024
Open
@pixeebot-helm-test pixeebot-helm-test
Copy link
Author

I'm confident in this change, and the CI checks pass, too!

If you see any reason not to merge this, or you have suggestions for improvements, please let me know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants
0