search

TAXIIProject / libtaxii

A Python library for handling TAXII Messages invoking TAXII Services.
http://libtaxii.readthedocs.org/
BSD 3-Clause "New" or "Revised" License
70 stars 42 forks source link

Enhance TAXII 1.0 message ID regex #166

Closed guidovranken closed 9 years ago

guidovranken commented 9 years ago

https://github.com/TAXIIProject/libtaxii/blob/master/libtaxii/validation.py#L24

This:

message_id_regex_10 = RegexTuple("[0-9]+", "Numbers only")

should probably be this:

message_id_regex_10 = RegexTuple("^[0-9]+$", "Numbers only")

I noticed this in a manual code analysis of libtaxii and I haven't tested it in a live install of libtaxii, but:

>>> import re
>>> m_id = "1234abcd"
>>> re.match("[0-9]+", m_id)
<_sre.SRE_Match object at 0xe59168>
>>> re.match("^[0-9]+$", m_id)
>>>

In other words, the current regex in validation.py matches all strings that start with one or more numeric characters but does not prohibit non-numeric suffixes (and the TAXII 1.0 spec dictates only numeric characters to be used as message ID's). My proposed regex fixes that.

gtback commented 9 years ago

Thanks, @guidovranken. It seems to already prevent non-numeric PREfixes, but not suffixes (for reasons I don't completely understand). In any event, I included the ^ just to be safe :smile:

MarkDavidson commented 9 years ago

Thank you both for identifying and fixing this issue. BTW, I frequently use this for testing regexes (is that the plural of regex? who knows): http://regexpal.com/

-Mark