[Python] CWE-400: Regular Expression Injection

## Query

Relevant PR: https://github.com/github/codeql/pull/5442

## Report

Constructing regular expressions directly from tainted data enables attackers to craft regular expressions in order to cause a Denial of Service or change the behaviour of the application depending on the matched string.

This query identifies cases in which a regular expression is used without being escaped before by `re.escape` (see [python re documentation](https://docs.python.org/3/library/re.html)).


- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*

## Result(s)

- PRs providing fix:
- - https://github.com/cve-search/cve-search/pull/629 (CVE-2021-45470)
- - https://github.com/kevoreilly/CAPEv2/pull/473
- - https://github.com/cuckoosandbox/cuckoo/pull/3188
- - https://github.com/tubone24/ebook_homebrew/pull/289
- - https://github.com/ctxis/CAPE/pull/480


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Python] CWE-400: Regular Expression Injection #318

Query

Report

Result(s)

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[Python] CWE-400: Regular Expression Injection #318

Description

Query

Report

Result(s)

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions