AWS codeguru high security documentation change
Summary
Modified regex patterns by removing start/end anchors in multiple parameters
Security assessment
Removal of ^ and $ anchors in input validation patterns (e.g., changing from '^[\S]+$' to '[\S]+') weakens strict input validation, potentially allowing unexpected characters and increasing injection risk.
Diff
diff --git a/codeguru/latest/security-api/API_CreateScan.md b/codeguru/latest/security-api/API_CreateScan.md index e3e10cbb7..00c0564bd 100644 --- a//codeguru/latest/security-api/API_CreateScan.md +++ b//codeguru/latest/security-api/API_CreateScan.md @@ -56 +56 @@ Length Constraints: Minimum length of 1. Maximum length of 64. -Pattern: `^[\S]+$` +Pattern: `[\S]+` @@ -80 +80 @@ Length Constraints: Minimum length of 1. Maximum length of 140. -Pattern: `^[a-zA-Z0-9-_$:.]*$` +Pattern: `[a-zA-Z0-9-_$:.]*` @@ -155 +155 @@ Type: String -Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` +Pattern: `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}` @@ -166 +166 @@ Length Constraints: Minimum length of 1. Maximum length of 140. -Pattern: `^[a-zA-Z0-9-_$:.]*$` +Pattern: `[a-zA-Z0-9-_$:.]*` @@ -177 +177 @@ Length Constraints: Minimum length of 1. Maximum length of 300. -Pattern: `^arn:aws:codeguru-security:[\S]+:[\d]{12}:scans\/[a-zA-Z0-9-_$:.]*$` +Pattern: `arn:aws:codeguru-security:[\S]+:[\d]{12}:scans\/[a-zA-Z0-9-_$:.]*`