ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2630/rule.adoc

19 lines
805 B
Plaintext
Raw Normal View History

migrate rule descriptions to new education format
2023-05-03 11:06:20 +02:00
== Why is this an issue?
RULEAPI-617: Add Jira closed RSPECs in Github repository
2021-06-08 14:23:48 +02:00
Far from being quick and efficient, regular expression evaluation can lead to an exponential number of evaluation paths in the worst case. Use a vulnerable regular expression, and with the right inputs it could bring your system to its knees, resulting in a Denial of Service.
Specifically, a vulnerable regex is one that contains a repeated group (E.G. ``++(x)*++`` ), and inside that group there is either further repetition or overlapping alternation (E.G. ``++ab|aba++`` ).
migrate rule descriptions to new education format
2023-05-03 11:06:20 +02:00
=== Noncompliant code example
RULEAPI-617: Add Jira closed RSPECs in Github repository
2021-06-08 14:23:48 +02:00
RULEAPI-661: Add syntax coloring
2022-02-04 17:28:24 +01:00
[source,text]
RULEAPI-617: Add Jira closed RSPECs in Github repository
2021-06-08 14:23:48 +02:00
----
public void testInput(String input) {
input.replaceAll("(x+)*", ""); // Noncompliant; group is repeated and contains repetition
input.replaceAll("(ab|aba)+", ""); // Noncompliant; group is repeated and contains overlapping alternation
}
----
Reference in New Issue Copy Permalink