Defect Description

CWEs: 625, 185
Defect name: Permissive Regular Expression, Incorrect Regular Expression
Location: my_project_directory/my_code.java: 244
Priority: Minor 1
Priority Assessment: Context ↓   Severity ↑↑   Ease of Exploit ↓↓↓   Confidence ↑

Risk Assessment

This defect’s greatest risk factor for your application is:
    Denial of Service
which is very important for your application.

The risk is offset by the low likelihood of the consequence.
The defect most likely results in:
    Incorrect Answers

The risk is also offset by the difficulty of exploitation.

Priority Assessment

The following attributes are greatly increasing the importance of the defect:
    Severity of Consequence
The following attributes are significantly increasing the importance of the defect:
    Likelihood of False Positive
The following attributes are significantly decreasing the importance of the defect:
    Contextual Importance
The following attributes are tremendously decreasing the importance of the defect:
    Ease of Exploitation

Duplicates

SAST1 found 39 duplicate defects at this location, all with the same type. Line 224 of file my_project_directory/my_code.java is the location where the defect becomes an issue. Each duplicate entry describes different places in the code base where the data is set that causes the defect at line 224 of my_project_directory/my_code.java. In other words, these are the different paths in the code that can lead to the defect.
 

Description Alignment

This defect aligns best with CWEs 625, 185
SAST1 suggests that this defect aligns with CWEs 85, 73
SAST2 suggests that this defect aligns with CWEs 624
SAST3 suggests that this defect aligns with CWE 625

SAST 1 Assessment

SAST1 elevates the importance of this defect, by not considering the above factors which decreases the defect’s importance.

SAST2 Assessment

Time Saver: SAST2 over inflates the importance of this defect.

SAST3 Assessment

SAST3 only found this defect under a high false positive setting, even though the defect’s expect false positive rate is low.
SAST3 diminishes the importance of this defect, by not considering the above factors which increases the defect’s importance.

Architectural Assessment

This defect is not architectural.

Detailed Defect Description

For more information on the CWE defect description, visit
    http://cwe.mitre.org/data/definitions/625.html
    http://cwe.mitre.org/data/definitions/185.html

Examples

For more information on the CVE examples of this defect, visit
    http://cvedetails.com/cwe_details/625/cwe.html
    http://cvedetails.com/cwe_details/185/cwe.html

Attack Assessment

For more information on the CAPEC attack vectors associated with this defect, visit
    http://capec.mitre.org/data/definitions/6.html
    http://capec.mitre.org/data/definitions/15.html
    http://capec.mitre.org/data/definitions/79.html