fix: clarify permissive regexp rules (#371)

Bearer · Apr 12, 2024 · 9081651 · 9081651
1 parent c366d47
commit 9081651
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/rules/go/lang/permissive_regex_validation.yml b/rules/go/lang/permissive_regex_validation.yml
@@ -29,6 +29,9 @@ metadata:
     Validations using regular expressions should use the start of text (\A) and
     end of text (\z or \Z) boundaries.
 
+    Note, it is best security practice to prefer the boundary expressions \A and \z or \Z
+    over ^ and $, because ^ and $ operate as line-based boundaries when multiline mode is enabled.
+
     ## Remediations
 
     ❌ Avoid matching without start and end boundaries:
@@ -40,7 +43,7 @@ metadata:
     ❌ Avoid using line-based boundaries:
 
     ```go
-    regexp.MustCompile("^foo$"}
+    regexp.MustCompile("^foo$")
     ```
 
     ✅ Use whole-text boundaries:

diff --git a/rules/php/symfony/permissive_regex_validation.yml b/rules/php/symfony/permissive_regex_validation.yml
@@ -57,6 +57,9 @@ metadata:
     Validations using regular expressions should use the start of text (\A) and
     end of text (\z or \Z) boundaries.
 
+    Note, it is best security practice to prefer the boundary expressions \A and \z or \Z
+    over ^ and $, because ^ and $ operate as line-based boundaries when multiline mode is enabled.
+
     ## Remediations
 
     ❌ Avoid matching without start and end boundaries: