Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix vulnerable regexp in rule 932140 #1355
spartantri left a comment
The "fix" don't match common
Hi @fgsch @theMiddleBlue @franbuehler I think you like better regex, can you please take a look/test, apparently this needs fixing for other use cases, as it is it won't match
I did my testing with this expression below to take care both the redos and the three false negatives I found:
But if we use .* after the for switched then it make useless the switches section and it will be better to remove it as it is optional, this will make this regular expression more prone to false positives so we may need to address the for syntax a bit better but the text that would match will look a bit weird.
Test at least with:
I'd say let's concentrate on dealing with the problem in this PR and fix FNs in a different PR.
I've added spaces in different places to no avail.