Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Set regex input matcher lengths #2431

Closed
g-k opened this issue Mar 20, 2017 · 1 comment
Closed

Set regex input matcher lengths #2431

g-k opened this issue Mar 20, 2017 · 1 comment
Assignees
@nihakhanna
Labels
security Security issue: can be an active issue, or related to security hygene
Milestone
General Release 55

Comments

@g-k
Copy link
Contributor

g-k commented Mar 20, 2017

Per checklist APP-INPUTVAL

  • Defines a minimum and maximum length for the data (e.g. {1,25} )

https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Input_Validation

Replace unbound patterns like + and * with limits like {1,255} in validation regexes. The maximums can be set to the database field sizes.
@g-k
Copy link
Contributor Author

g-k commented Mar 20, 2017

These are implicitly bound by the max upload size, but we can be stricter.

@jvehent jvehent added the security Security issue: can be an active issue, or related to security hygene label Mar 20, 2017
@ghost ghost added this to the Sprint 54.3 milestone Mar 20, 2017
@ianb ianb assigned ianb and unassigned ianb Mar 22, 2017
@ghost ghost modified the milestones: Sprint 54.3, Sprint 54.4 Mar 31, 2017
@ghost ghost modified the milestones: Sprint 54.4, Sprint 54.5 Apr 17, 2017
@ghost ghost modified the milestones: Sprint 54.5, Sprint 54.6 May 1, 2017
@ghost ghost modified the milestones: Sprint 54.6, Screenshots in 55 May 12, 2017
@nihakhanna nihakhanna mentioned this issue Jun 7, 2017
Merged
@ianb ianb closed this as completed in #2974 Jun 8, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nihakhanna nihakhanna

Labels
security Security issue: can be an active issue, or related to security hygene
Projects
None yet
Milestone
General Release 55
Development

No branches or pull requests
4 participants
@ianb @g-k @jvehent @nihakhanna