codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Java: CWE-625 Query to detect regex dot bypass

Open luchua-bc opened this issue 3 years ago • 0 comments
trafficstars

By default, "dot" (.) in regular expressions matches all characters except newline characters \n and \r. Regular expressions containing a dot can be bypassed with the characters \r(%0a) and \n(%0d) when the default regex matching implementations of Java are used. When regular expressions serve to match protected resource patterns to grant access to protected application resources, attackers can gain access to unauthorized paths.

This query helps to detect insecure patterns and guard against unauthorized access by checking two patterns:

  • whether a safe regex pattern is used
  • whether a safe Java API is in place

Please consider to merge this PR.

Thanks, @luchua-bc

luchua-bc avatar Jul 20 '22 22:07 luchua-bc