rspec/rules/S6444/csharp/rule.adoc

include::../description.adoc[]

== Sensitive Code Example

[source,csharp]
----
public void RegexPattern(string input)
{
    var emailPattern = new Regex(".+@.+", RegexOptions.None);
    var isNumber = Regex.IsMatch(input, "[0-9]+");
    var isLetterA = Regex.IsMatch(input, "(a+)+");
}
----

== Compliant Solution

[source,csharp]
----
public void RegexPattern(string input)
{
    var emailPattern = new Regex(".+@.+", RegexOptions.None, TimeSpan.FromMilliseconds(100));
    var isNumber = Regex.IsMatch(input, "[0-9]+", RegexOptions.None, TimeSpan.FromMilliseconds(100));
    var isLetterA = Regex.IsMatch(input, "(a+)+", RegexOptions.NonBacktracking); // .Net 7 and above
    AppDomain.CurrentDomain.SetData("REGEX_DEFAULT_MATCH_TIMEOUT", TimeSpan.FromMilliseconds(100)); // process-wide setting
}
----

include::../see.adoc[]

include::../rspecator.adoc[]
Create rule S6444: RegEx evaluation should have a time out specified (#1188) 2022-12-15 11:55:35 +01:00			`include::../description.adoc[]`

			`== Sensitive Code Example`

			`[source,csharp]`
			`----`
			`public void RegexPattern(string input)`
			`{`
			`var emailPattern = new Regex(".+@.+", RegexOptions.None);`
			`var isNumber = Regex.IsMatch(input, "[0-9]+");`
			`var isLetterA = Regex.IsMatch(input, "(a+)+");`
			`}`
			`----`

			`== Compliant Solution`

			`[source,csharp]`
			`----`
			`public void RegexPattern(string input)`
			`{`
			`var emailPattern = new Regex(".+@.+", RegexOptions.None, TimeSpan.FromMilliseconds(100));`
			`var isNumber = Regex.IsMatch(input, "[0-9]+", RegexOptions.None, TimeSpan.FromMilliseconds(100));`
			`var isLetterA = Regex.IsMatch(input, "(a+)+", RegexOptions.NonBacktracking); // .Net 7 and above`
			`AppDomain.CurrentDomain.SetData("REGEX_DEFAULT_MATCH_TIMEOUT", TimeSpan.FromMilliseconds(100)); // process-wide setting`
			`}`
			`----`

			`include::../see.adoc[]`

			`include::../rspecator.adoc[]`