Add sanitizers for compiled regexes

2026-04-25 16:55:19 +02:00 · 2024-06-11 15:44:16 +01:00
parent 6ff7fb2a70
commit 93f10fcf14
2 changed files with 19 additions and 0 deletions
--- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py
+++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py
@@ -164,3 +164,13 @@ def partial_ssrf_7():
    if re.match(r'[a-zA-Z0-9]+', user_input):
        url = f"https://example.com/foo#{user_input}"
        requests.get(url) # NOT OK, but NOT FOUND - user input can contain arbitrary character as a suffix.
+
+    reg = re.compile(r'^[a-zA-Z0-9]+$')
+
+    if reg.match(user_input):
+       url = f"https://example.com/foo#{user_input}"
+       requests.get(url) # OK - user input can only contain alphanumerical characters
+
+    if reg.fullmatch(user_input):
+       url = f"https://example.com/foo#{user_input}"
+       requests.get(url) # OK - user input can only contain alphanumerical characters