Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b65a033

Browse files
luchua-bcluchua-bc
committed
Shorten the regex private domain match
1 parent ff58abb commit b65a033

1 file changed

Lines changed: 1 addition & 7 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -72,13 +72,7 @@ class URIConstructor extends ClassInstanceExpr {
7272
* Gets a regular expression for matching private hosts.
7373
*/
7474
private string getPrivateHostRegex() {
75-
result = "(?i)localhost(/.*)?" or
76-
result = "127\\.0\\.0\\.1(/.*)?" or // IPv4 patterns
77-
result = "10(\\.[0-9]+){3}(/.*)?" or
78-
result = "172\\.16(\\.[0-9]+){2}(/.*)?" or
79-
result = "192.168(\\.[0-9]+){2}(/.*)?" or
80-
result = "\\[0:0:0:0:0:0:0:1\\](/.*)?" or // IPv6 patterns
81-
result = "\\[::1\\](/.*)?"
75+
result = "(?i)localhost([:/].*)?|127\\.0\\.0\\.1([:/].*)?|10(\\.[0-9]+){3}([:/].*)?|172\\.16(\\.[0-9]+){2}([:/].*)?|192.168(\\.[0-9]+){2}([:/].*)?|\\[0:0:0:0:0:0:0:1\\]([:/].*)?|\\[::1\\]([:/].*)?"
8276
}
8377

8478
/**

0 commit comments

Comments
 (0)