Validation using permissive regular expression detected.
- Rule ID: ruby_rails_permissive_regex_validation
- Languages: ruby
- Source: permissive_regex_validation.yml
Description
Validations using regular expressions should use the start of text (\A) and end of text (\z or \Z) boundaries.
Remediations
❌ Avoid matching without start and end boundaries:
validates :attribute, format: { with: /foo/}
❌ Avoid using line-based boundaries:
validates :attribute, format: { with: /^foo$/}
✅ Use whole-text boundaries:
validates :attribute1, format: { with: "\Afoo\Z"}
validates :attribute2, format: { with: "\Afoo\z"}
Associated CWE
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=ruby_rails_permissive_regex_validation
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=ruby_rails_permissive_regex_validation
Ready to take the next step? Learn more about Bearer Cloud.