New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rule SXXX: RegEx evaluation should have a time out specified #1061
Conversation
Related or possible duplicates
A lot of the rules are mentioning backtracking as a root for stack overflows or non-linear execution time problems. .Net 7 adds a NonBacktracking option to avoid this. See also https://devblogs.microsoft.com/dotnet/regular-expression-improvements-in-dotnet-7/#backtracking-and-regexoptions-nonbacktracking We may consider |
@martin-strecker-sonarsource Already decided which one to go for? I think S5852 is an duplicate of S4784. I think it is up to you who to merge on an another. |
Hi @Corniel, Working on the specification is a team effort, and we need to dedicate some time in our sprints to it. I will prepare as much as I can for the moment (tasks like looking for duplicates and so on), and I will drive the specification. Thanks to your work, we are already in a well-advanced state, but it will take some time to get this through the whole process. |
That is totally understandable. Take your time. I hope the current state can be shipped before the part that evaluates the |
Replaced by #1188
Ad proposed the Sonarsource community and implemented here: Sonar .NET.
I hope this PR actually helps the process, otherwise, my apologies.