ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6444/csharp/rule.adoc

31 lines
860 B
Plaintext
Raw Normal View History

Create rule S6444: RegEx evaluation should have a time out specified (#1188)
2022-12-15 11:55:35 +01:00
include::../description.adoc[]
== Sensitive Code Example
[source,csharp]
----
public void RegexPattern(string input)
{
var emailPattern = new Regex(".+@.+", RegexOptions.None);
var isNumber = Regex.IsMatch(input, "[0-9]+");
var isLetterA = Regex.IsMatch(input, "(a+)+");
}
----
== Compliant Solution
[source,csharp]
----
public void RegexPattern(string input)
{
var emailPattern = new Regex(".+@.+", RegexOptions.None, TimeSpan.FromMilliseconds(100));
var isNumber = Regex.IsMatch(input, "[0-9]+", RegexOptions.None, TimeSpan.FromMilliseconds(100));
var isLetterA = Regex.IsMatch(input, "(a+)+", RegexOptions.NonBacktracking); // .Net 7 and above
AppDomain.CurrentDomain.SetData("REGEX_DEFAULT_MATCH_TIMEOUT", TimeSpan.FromMilliseconds(100)); // process-wide setting
}
----
include::../see.adoc[]
Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
2023-05-25 14:18:12 +02:00
include::../rspecator.adoc[]
Reference in New Issue Copy Permalink