Difference between revisions of "Overly Permissive Regular Expression"

From OWASP
Jump to: navigation, search
(Added basic information)
 
(Removed from draft, added to the list)
 
Line 1: Line 1:
= DRAFT =
+
[[Category:Vulnerability]]
  
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
+
[[Category:Input Validation Vulnerability]]
  
  

Latest revision as of 20:36, 17 May 2013


Contents

Description

The tested application is using a regular expression that is to broad in scope for the sufficient restriction of the set of allowed values.

Risk Factors

Overly Permissive Regular Expressions are a very common flaw in applications where regular expressions are used to restrict user input. Because of their overall complexity, developers using regular expressions will often use the wildcard character, or fail to restrict the number of characters allowed in the request.

This exploit is the opening that a malicious user needs to begin an injection attack, either client or server side. When an attacker can get inappropriate values into the backend processing system, there is much more of a chance of finding an injection flaw in a system.

Examples

For example, consider this expression to match a floating point number in text:

   [-+]?([0-9])*\.?([0-9]*)

While it does allow for floating point numbers, the greedy * token will allow for the pattern to start anywhere in the string, leaving an opening for injection.

Related Attacks

Related Controls

References