diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-24 03:12:40 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-24 03:12:40 +0300 |
| commit | 10b5e85b507ca5377f0f93d8c8ec5d4d432ae291 (patch) | |
| tree | f2c8bacd903d84462abc67f00a38d231abae63dd /doc/development/secure_coding_guidelines.md | |
| parent | 3c6803b07510a705508cf2529325b86eda460bf2 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/development/secure_coding_guidelines.md')
| -rw-r--r-- | doc/development/secure_coding_guidelines.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md index 51d3338e5ed..e3ae2840cfe 100644 --- a/doc/development/secure_coding_guidelines.md +++ b/doc/development/secure_coding_guidelines.md @@ -184,6 +184,8 @@ and [possessive quantifiers](https://www.regular-expressions.info/possessive.htm - Avoid nested quantifiers if possible (for example `(a+)+`) - Try to be as precise as possible in your regex and avoid the `.` if there's an alternative - For example, Use `_[^_]+_` instead of `_.*_` to match `_text here_` +- Use reasonable ranges (for example, `{1,10}`) for repeating patterns instead of unbounded `*` and `+` matchers +- When possible, perform simple input validation such as maximum string length checks before using regular expressions - If in doubt, don't hesitate to ping `@gitlab-com/gl-security/appsec` #### Go |