[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Permissive Regular Expression

ID: 625Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Extended Description

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

not identifying the beginning and end of the target string

using wildcards instead of acceptable character ranges

others

Applicable Platforms
Language: Perl
Language: PHP

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
 
Bypass protection mechanism
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.
 
  

Relationships

Related CWETypeViewChain
CWE-625 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples   (Details)

  1. (Demonstrative Example Id DX-37)

Observed Examples

  1. CVE-2006-1895 : ".*" regexp leads to static code injection
  2. CVE-2002-2175 : insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.
  3. CVE-2006-4527 : regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.
  4. CVE-2005-1949 : Regexp for IP address isn't anchored at the end, allowing appending of shell metacharacters.
  5. CVE-2002-2109 : Regexp isn't "anchored" to the beginning or end, which allows spoofed values that have trusted values as substrings.
  6. CVE-2006-6511 : regexp in .htaccess file allows access of files whose names contain certain substrings
  7. CVE-2006-6629 : allow load of macro files whose names contain certain substrings.
  8. : VIM Mailing list, March 14, 2006

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT Java Secure Coding IDS08-J
 
Sanitize untrusted data passed to a regex
 
 

References:

  1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 8, "Character Stripping Vulnerabilities", Page 437.'. Published on 2006.

© 2013 SecPod Technologies