add example for domain names with sub-domains to missing-regexp-anchor

github · May 8, 2024 · 813ec7c · 813ec7c
1 parent 1ba27e6
commit 813ec7c
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/go/ql/src/Security/CWE-020/MissingRegexpAnchorGoodDomain.go b/go/ql/src/Security/CWE-020/MissingRegexpAnchorGoodDomain.go
@@ -5,13 +5,16 @@ import (
 )
 
 func checkSubdomain(domain String) {
-	// GOOD: Checking the domain is `example.com` or a subdomain of `example.com`.
-	re := "(^|\\.)example\\.com$"
-
-	// Alternatively, checking strictly that the domain is `example.com`.
-	// re2 := "^example\\.com$"
-
+	// Checking strictly that the domain is `example.com`.
+	re := "^example\\.com$"
 	if matched, _ := regexp.MatchString(re, domain); matched {
 		// domain is good.
 	}
-}
+
+	// GOOD: Alternatively, check the domain is `example.com` or a subdomain of `example.com`.
+	re2 := "(^|\\.)example\\.com$"
+
+	if matched, _ := regexp.MatchString(re2, domain); matched {
+		// domain is good.
+	}
+}