CWE-625 宽松定义的正则表达式

admin
admin
admin
138858
文章
114
评论
2021年12月16日16:27:07评论72 views字数 2560阅读8分32秒阅读模式

CWE-625 宽松定义的正则表达式

Permissive Regular Expression

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

扩展描述

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 185 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 185 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: PeerOf cwe_CWE_ID: 187 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 184 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 183 cwe_View_ID: 1000

适用平台

Language: [{'cwe_Name': 'Perl', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'PHP', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism

可能的缓解方案

Implementation

策略:

When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.

示例代码

The following example demonstrates the weakness.

bad Perl

$phone = GetPhoneNumber();
if ($phone =~ /d+-d+/) {


# looks like it only has hyphens and digits

system("lookup-phone $phone");

}
else {

error("malformed number!");

}

An attacker could provide an argument such as: "; ls -l ; echo 123-456" This would pass the check, since "123-456" is sufficient to match the "d+-d+" portion of the regular expression.

分析过的案例

标识 说明 链接
CVE-2006-1895 ".*" regexp leads to static code injection https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1895
CVE-2002-2175 insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2175
CVE-2006-4527 regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4527
CVE-2005-1949 Regexp for IP address isn't anchored at the end, allowing appending of shell metacharacters. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949
CVE-2002-2109 Regexp isn't "anchored" to the beginning or end, which allows spoofed values that have trusted values as substrings. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109
CVE-2006-6511 regexp in .htaccess file allows access of files whose names contain certain substrings https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6511
CVE-2006-6629 allow load of macro files whose names contain certain substrings. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6629

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
The CERT Oracle Secure Coding Standard for Java (2011) IDS08-J Sanitize untrusted data passed to a regex

引用

文章来源于互联网:scap中文网

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月16日16:27:07
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-625 宽松定义的正则表达式https://cn-sec.com/archives/613073.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息