Unsanitized user input in regular expression
- Rule ID: php_lang_regex_using_user_input
- Languages: php
- Source: regex_using_user_input.yml
Description
Constructing regular expressions from user input can lead to a vulnerability known as Regular Expression Denial of Service (ReDoS). This occurs because certain regular expressions can be processed with exponential time complexity, leading to excessive CPU usage and potentially crashing the system when handling malicious input.
Remediations
- Do not use user input directly in regular expressions. This can prevent attackers from exploiting complex patterns to cause a denial of service.
$user_input = $_GET["name"] . ".php";
preg_grep($user_input, $array); // unsafe - Do sanitize or validate user input before incorporating it into regular expressions. This reduces the risk of ReDoS attacks by ensuring only safe patterns are used.
References
Associated CWE
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_lang_regex_using_user_input
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_lang_regex_using_user_input