rspec/rules/S6444/vbnet/rule.adoc

include::../description.adoc[]

== Sensitive Code Example

[source,vbnet]
----
Public Sub RegexPattern(Input As String)
    Dim EmailPattern As New Regex(".+@.+", RegexOptions.None)
    Dim IsNumber as Boolean = Regex.IsMatch(Input, "[0-9]+")
    Dim IsLetterA as Boolean = Regex.IsMatch(Input, "(a+)+")
End Sub
----

== Compliant Solution

[source,vbnet]
----
Public Sub RegexPattern(Input As String)
    Dim EmailPattern As New Regex(".+@.+", RegexOptions.None, TimeSpan.FromMilliseconds(100))
    Dim IsNumber as Boolean = Regex.IsMatch(Input, "[0-9]+", RegexOptions.None, TimeSpan.FromMilliseconds(100))
    Dim IsLetterA As Boolean = Regex.IsMatch(Input, "(a+)+", RegexOptions.NonBacktracking) '.Net 7 And above
    AppDomain.CurrentDomain.SetData("REGEX_DEFAULT_MATCH_TIMEOUT", TimeSpan.FromMilliseconds(100)) 'process-wide setting
End Sub
----

include::../see.adoc[]

include::../rspecator.adoc[]
Create rule S6444: RegEx evaluation should have a time out specified (#1188) 2022-12-15 11:55:35 +01:00			`include::../description.adoc[]`

			`== Sensitive Code Example`

			`[source,vbnet]`
			`----`
			`Public Sub RegexPattern(Input As String)`
			`Dim EmailPattern As New Regex(".+@.+", RegexOptions.None)`
			`Dim IsNumber as Boolean = Regex.IsMatch(Input, "[0-9]+")`
			`Dim IsLetterA as Boolean = Regex.IsMatch(Input, "(a+)+")`
			`End Sub`
			`----`

			`== Compliant Solution`

			`[source,vbnet]`
			`----`
			`Public Sub RegexPattern(Input As String)`
			`Dim EmailPattern As New Regex(".+@.+", RegexOptions.None, TimeSpan.FromMilliseconds(100))`
			`Dim IsNumber as Boolean = Regex.IsMatch(Input, "[0-9]+", RegexOptions.None, TimeSpan.FromMilliseconds(100))`
			`Dim IsLetterA As Boolean = Regex.IsMatch(Input, "(a+)+", RegexOptions.NonBacktracking) '.Net 7 And above`
			`AppDomain.CurrentDomain.SetData("REGEX_DEFAULT_MATCH_TIMEOUT", TimeSpan.FromMilliseconds(100)) 'process-wide setting`
			`End Sub`
			`----`

			`include::../see.adoc[]`

			`include::../rspecator.adoc[]`