bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2026-02-19 19:03:35 +00:00
Code Issues Releases Wiki Activity

Add regex example to "Match detection for URIs" that is not broken (#158)

Browse Source 
* Add regex example to "Match detection for URIs" that is not broken

I find it important that examples actually follow best practices. The
current regex one is not. `^https://.*google\.com$` is an improper regex
(as already pointed out because it also matches `malicious-site.com`)
that is only there to show the weaknesses of regular expressions for
this use case. I find such an example very good for this purpose but
there should also be a "good example" that complements it.

I found such a "good example" that I hope is more useful and has no
unwanted loopholes.

* Change wording from bad/good to unsafe/safe in regex match detection

* Update uri-match-detection.md

Co-authored-by: fred_the_tech_writer <69817454+fschillingeriv@users.noreply.github.com>
This commit is contained in:
Robin Schneider
2021-03-03 16:49:37 +01:00
committed by GitHub
parent cabb1ab89f
commit 336e666357
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
_articles/features/uri-match-detection.md
View File

@@ -75,11 +75,23 @@ Regular expressions are an advanced option and can be quite dangerous if used in
Selecting **Regular expression** will prompt Bitwarden to offer auto-fill when the detected resources matches a specified [regular expression](https://en.wikipedia.org/wiki/Regular_expression){:target="_blank"}. Regular expressions are always *case insensitive*.
For example, if the URI vault `^https://.*google\.com$` uses regular expression match detection:
#### Unsafe example
If the URI value `^https://.*google\.com$` uses regular expression match detection:
- **Auto-fill offered** for `https://google.com`, `https://sub.google.com`, `https://malicious-site.com?q=google.com`
- **Auto-fill not offered** for `http://google.com` or `https://yahoo.com`
This probably matches more than what is intended. Consider avoiding periods (`.`), which unless escaped (`\`) match on any character.
#### Safe example
If the URI value `^https://[a-z]+\.wikipedia\.org/w/index\.php` uses regular expression match detection:
- **Auto-fill offered** for `https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Bitwarden`, `https://pl.wikipedia.org/w/index.php?title=Specjalna:Zaloguj&returnto=Bitwarden`, `https://en.wikipedia.org/w/index.php`
- **Auto-fill not offered** for `https://en.wikipedia.org/wiki/Bitwarden`, `https://malicious-site.com`
### Exact
Selecting **Exact** will prompt Bitwarden to offer auto-fill when the Login URI value matches the detected resource exactly.