Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failing to sanitize untrusted data included as part of a regular expression can result in the disclosure of sensitive information.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

IDS08-J

Medium

Unlikely

Medium

P4

L3

Automated Detection

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.IO.TAINT.REGEX

Tainted Regular Expression (Java)

SonarQube
Include Page
SonarQube_V
SonarQube_V

S2631

Regular expressions should not be vulnerable to Denial of Service attacks

Related Guidelines

MITRE CWE

CWE-625, Permissive Regular Expression

Bibliography

...


...

Image Modified Image Modified