Missing validation for regular expression

• Rule ID: ruby_rails_permissive_regex_validation
• Languages: ruby
• Source: permissive_regex_validation.yml

Description

Validations using regular expressions should use the start of text (\A) and end of text (\z or \Z) boundaries.

Remediations

❌ Avoid matching without start and end boundaries:

validates :attribute, format: { with: /foo/}

❌ Avoid using line-based boundaries:

validates :attribute, format: { with: /^foo$/}

✅ Use whole-text boundaries:

validates :attribute1, format: { with: "\Afoo\Z"}
validates :attribute2, format: { with: "\Afoo\z"}

Associated CWE

• CWE-625: Permissive Regular Expression

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_rails_permissive_regex_validation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_rails_permissive_regex_validation