CompTIA CySA+ (CS0-003) — Question 212

A web application has a function to retrieve content from an internal URL to identify CSRF attacks in the logs. The security analyst is building a regular expression that will filter out the correctly formatted requests. The target URL is https://10.1.2.3/api, and the receiving API only accepts GET requests and uses a single integer argument named “id.” Which of the following regular expressions should the analyst use to achieve the objective?

Answer options

• A. ^(?!https://10\.1\.2\.3/api\?id=[0-9]+)
• B. ^https://10\.1\.2\.3/api\?id=\d+
• C. (?:^https://10\.1\.2\.3/api\?id=[0-9]+)
• D. ^https://10\.1\.2\.3/api\?id=[0-9]+$

Correct answer: D

Explanation

The correct answer is D because it accurately matches the entire URL format, ensuring it starts with the specified URL and ends after the integer 'id' argument. Option A is incorrect as it uses a negative lookahead which does not match valid requests. Option B is close but does not specify that it must end after the integer, allowing for additional characters. Option C is also incorrect because it does not enforce that the match must be at the beginning and end of the string.