A web application has a function to retrieve content from an internal URL to identify CSRF attacks in the logs. The security analyst is building a regular expression that will filter out the correctly formatted requests. The target URL is https://10.1.2.3/api, and the receiving API only accepts GET requests and uses a single integer argument named “id.” Which of the following regular expressions should the analyst use to achieve the objective?
Who's going to memorize regex for an exam? You have to be kidding... Anyway, just memorized it start with an ^ and ends with a $ sign. -_-
D. ^https://10\.1\.2\.3/api\?id=[0-9]+$ Matches the URL exactly from start (^) to end ($), making sure no extra characters exist before or after the URL. It meets all the stated requirements.
^...$ = Perfectly matches the entire string.
I’m taking the exam on next Sunday, I’m putting this in my memory ^…$,
how did you do?