CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
      • Dotnet-core
      • Dotnet
      • Jwt-dotnet
      • Lang
        • Audit
        • Best practice
        • Correctness
        • Security
        • Security
          • Ad
          • Cryptography
          • Filesystem
          • Http
          • Injections
          • Insecure deserialization
          • Memory
          • Regular expression dos
          • Sqli
          • Ssrf
          • System
          • Xxe
      • Mongo
      • Postgres
      • Razor
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Regular expression dos

regular-expression-dos-infinite-timeout

Specifying the regex timeout leaves the system vulnerable to a regex-based Denial of Service (DoS) attack. Consider setting the timeout to a short amount of time like 2 or 3 seconds. If you are sure you need an infinite timeout, double check that your context meets the conditions outlined in the “Notes to Callers” section at the bottom of this page: https://docs.microsoft.com/en-us/dotnet/api/system.text.regularexpressions.regex.-ctor?view=net-6.0
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1333: Inefficient Regular Expression Complexity
OWASP:
- A
- 0
- 1
- :
- 2
- 0
- 1
- 7
-

- -
-

- I
- n
- j
- e
- c
- t
- i
- o
- n

regular-expression-dos

When using System.Text.RegularExpressions to process untrusted input, pass a timeout. A malicious user can provide input to RegularExpressions that abuses the backtracking behaviour of this regular expression engine. This will lead to excessive CPU usage, causing a Denial-of-Service attack
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1333: Inefficient Regular Expression Complexity
OWASP:
- A
- 0
- 1
- :
- 2
- 0
- 1
- 7
-

- -
-

- I
- n
- j
- e
- c
- t
- i
- o
- n
MemorySqli
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.