Missing validation for regular expression

Rule ID: go_lang_permissive_regex_validation
Languages: go
Source: permissive_regex_validation.yml

Description

When using regular expressions for validation, it's crucial to specify the start and end of the text boundaries. This ensures the entire text is validated, not just parts of it. Use \A and \z (or \Z) over ^ and $ to specify text boundaries, because these accurately mark the beginning and end of the text, even in multiline mode.

Remediations

Do not use regular expressions without specifying start and end boundaries. This can lead to incomplete validation.
```
regexp.MustCompile("foo") // unsafe
```
Do not use line-based boundaries (^ and $) for validation as they may not secure the entire text.
```
regexp.MustCompile("^foo$") // unsafe
```
Do use whole-text boundaries (\A and \z or \Z) in your regular expressions to ensure comprehensive validation.
```
regexp.MustCompile("\Afoo\z")
```

Associated CWE

CWE-625: Permissive Regular Expression

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_permissive_regex_validation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_permissive_regex_validation