Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rule SXXX: RegEx evaluation should have a time out specified #1061

Closed
wants to merge 1 commit into from
Closed

Add rule SXXX: RegEx evaluation should have a time out specified #1061

wants to merge 1 commit into from

Conversation

Corniel
Copy link
Contributor

@Corniel Corniel commented Jun 18, 2022
edited by martin-strecker-sonarsource

Replaced by #1188

Ad proposed the Sonarsource community and implemented here: Sonar .NET.

I hope this PR actually helps the process, otherwise, my apologies.

@martin-strecker-sonarsource martin-strecker-sonarsource mentioned this pull request Jun 27, 2022
Merged
@martin-strecker-sonarsource
Copy link
Contributor

Related or possible duplicates

A lot of the rules are mentioning backtracking as a root for stack overflows or non-linear execution time problems. .Net 7 adds a NonBacktracking option to avoid this. See also https://devblogs.microsoft.com/dotnet/regular-expression-improvements-in-dotnet-7/#backtracking-and-regexoptions-nonbacktracking

We may consider RegexOptions.NonBacktracking as a valid alternative to specifying a timeout (more research is needed, though).

@Corniel
Copy link
Contributor Author

Corniel commented Jul 14, 2022
edited

@martin-strecker-sonarsource Already decided which one to go for? I think S5852 is an duplicate of S4784. I think it is up to you who to merge on an another.

@martin-strecker-sonarsource
Copy link
Contributor

Hi @Corniel,

Working on the specification is a team effort, and we need to dedicate some time in our sprints to it. I will prepare as much as I can for the moment (tasks like looking for duplicates and so on), and I will drive the specification. Thanks to your work, we are already in a well-advanced state, but it will take some time to get this through the whole process.

@Corniel
Copy link
Contributor Author

Corniel commented Jul 14, 2022

Working on the specification is a team effort, and we need to dedicate some time in our sprints to it. I will prepare as much as I can for the moment (tasks like looking for duplicates and so on), and I will drive the specification. Thanks to your work, we are already in a well-advanced state, but it will take some time to get this through the whole process.

That is totally understandable. Take your time. I hope the current state can be shipped before the part that evaluates the regex is also taken into account, but that is a call your team should make.

martin-strecker-sonarsource added a commit that referenced this pull request Aug 25, 2022
@martin-strecker-sonarsource
Copy data from #1061
fd716e4
martin-strecker-sonarsource added a commit that referenced this pull request Aug 25, 2022
@martin-strecker-sonarsource
Copy data from #1061
8a95cee
@martin-strecker-sonarsource martin-strecker-sonarsource mentioned this pull request Aug 25, 2022
Merged
@martin-strecker-sonarsource
Copy link
Contributor

Replaced by #1188
Thank you @Corniel for the blueprint. I created a new PR to get a new rule id and copied the content over.

@Corniel Corniel deleted the rule/add-SXXXX branch August 26, 2022 06:26
martin-strecker-sonarsource added a commit that referenced this pull request Nov 10, 2022
@martin-strecker-sonarsource
Copy data from #1061
1df39ab
martin-strecker-sonarsource added a commit that referenced this pull request Nov 10, 2022
@martin-strecker-sonarsource
Copy data from #1061
e72812f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@martin-strecker-sonarsource martin-strecker-sonarsource

Labels
dotnet
Projects
None yet
Milestone
No milestone
2 participants
@Corniel @martin-strecker-sonarsource