The product uses a regular expression that does not sufficiently restrict the set of allowed values.

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

• not identifying the beginning and end of the target string
• using wildcards instead of acceptable character ranges
• others

Modes Of Introduction

Implementation : This problem is frequently found when the regular expression is used in input validation or security features such as authentication.

Applicable Platforms

Language

Name: Perl (Undetermined)
Name: PHP (Undetermined)

Common Consequences

Observed Examples

Potential Mitigations

Phases : Implementation
When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.

Detection Methods

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness : High

Vulnerability Mapping Notes

Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

References

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

Submission

Modifications