XC Diagnostics Ruleset Rule for Reserved Ports Needs End of String match

Question

XC Diagnostics Ruleset Rule for Reserved Ports Needs End of String match

scoffeyfv opened this issue a year ago · comments

The ruleset provided for XC Diagnostics has a rule for XC Reserved Ports (code 05ab). Its regex matches the known XC reserved ports but doesn't specify an end of string, so matches on substrings of the port number. For example a VS with port 5001 will trigger due to the reserved port 500.

Ben Novak · Answer 1 · Thu Oct 26 2023 02:35:18 GMT+0800 (China Standard Time)

lookin at this rule, I'm not sure how this is happening. I'll have to dig a bit deeper

    {
        "code": "05ab",
        "severity": "Warning",
        "title": "XC reserved ports",
        "message": "List of reserved ports 22|53|68|323|500|1067|2379|2380|4500|5355|6443|8005|8007|8087|8443|8444|8505|8507|9007|9090|9153|9999|10249|10250|10251|10252|10256|10257|10259|18091|18092|18093|18095|22222|23790|23791|23801|23802|28000-32767|65000-65535 (github issue #209)",
        "regex": "(?<=\\bdestination\\s\\/\\S+\/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}:)(?:2[89][0-9]{3}|3[01][0-9]{3}|32[0-6][0-9]{2}|327[0-5][0-9]|6[5-9][0-9]{3}|65[0-4][0-9]{2}|6553[0-5]|(?:22|53|68|323|500|1067|2379|2380|4500|5355|6443|8005|8007|8087|8443|8444|8505|8507|9007|9090|9153|9999|10249|10250|10251|10252|10256|10257|10259|18091|18092|18093|18095|22222|23790|23791|23801|23802))"
    }