Vulnerable Code

  • The sample code regularly loads a log file into memory and clients are allowed to get the keyword search suggestions after passing the keyword as an argument to suggestSearches()
  • This code might also lead to Regex injection attacks

Secure Code

  • This secure code filters the non-alphanumeric characters excluding ‘space‘ and ‘single quote‘ from the search string. This code prevents regexp injection