Blog #2

#2 More security. Properly parsing input data and Regex.

Everyone knows in computer security that buffer overflows and string insertions are pretty much how computers get compromised and exploited. Some operating systems really focus on their capabilities to prevent buffer overflows and string insertions from happening such as GrapheneOS or OpenBSD, but a much easier fix is simply parsing your input properly into your functions and programs to make sure that it is not malicious.

I personally have found that Regex has been most effective in simply creating rules that parse the input for sanitation. It is also of course supported in all programming languages. My research has led to this:

Using Regex, craft an expression that represents only sanitary data, and deny all other program/function input in effort.

This results in practical elimination of any exploits if done properly, but then again there's always cracking jobs and MiTM (man in the middle) operations (we'll talk about this in another post). There are many ways of using Regex to secure a system. For example, with simply maximizing an input field to 100 bytes that removes pretty much all exploitation as most exploits even simple bash shells are 120+ bytes (characters).

Here is a hard example with source code for you of how regex can secure input fields such as username, password, etc.

var userex = new RegExp("^[a-zA-Z @.0-9]{8,40}$");
var passwordex = new RegExp("^[a-zA-Z0-9!@#\$%\^\&*\)\(+=._-]{8,40}$");
var nameex = new RegExp("^[a-zA-Z ]{8,40}$");
var profileex = new RegExp("^[a-zA-Z0-9 !@#\$%\^\&*\),\(\:+=._-\\s]{20,100}$");
console.log("Magnetox" + userex.test("Magnetox"));
console.log("Magnetox$" + userex.test("Magnetox$"));
console.log("Magn" + userex.test("Magn"));
console.log("Magnetox$123" + passwordex.test("Magnetox$123"));
console.log("Mag$23" + passwordex.test("Mag$23"));
console.log("Magnetox$123$$$$," + passwordex.test("Magnetox$123$$$$,"));
console.log("Magnetox" + nameex.test("Magnetox"));
console.log("Magne tox" + nameex.test("Magne tox"));
console.log("Magn" + nameex.test("Magn"));
console.log("Magnetox$123AMNOTAMNOTAMNOT" + profileex.test("Magnetox$123AMNOTAMNOTAMNOT"));
console.log("Mag$23" + profileex.test("Mag$23"));
console.log("Magnetox$123$$$$, BCUZ BRO" + profileex.test("Magnetox$123$$$$, BCUZ BRO"));

Just copy the source code and run it in node.js. That's what I wrote it in. You'll see how it catches for errors in the input as the Regex expression is designed to do. A great site to design Regex and test is this one.

If you're wondering where Magnetox is from, it's my old gamer name I used to play with. I used it for about a decade on the Playstation Network (since PS3 launch), but have switched now to Xbox and am rocking @BlkeBrns as my social tag. Feel free to add me up!
-Blake Burns