Missing validation for regular expression

Description

Validations using regular expressions should use the start of text (\A) and end of text (\z or \Z) boundaries.

Note, it is best security practice to prefer the boundary expressions \A and \z or \Z over ^ and $, because ^ and $ operate as line-based boundaries when multiline mode is enabled.

Remediations

❌ Avoid matching without start and end boundaries:

regexp.MustCompile("foo")

❌ Avoid using line-based boundaries:

regexp.MustCompile("^foo$")

✅ Use whole-text boundaries:

regexp.MustCompile("\Afoo\z")

Associated CWE

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_permissive_regex_validation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_permissive_regex_validation