Skip to content
This repository has been archived by the owner on Dec 18, 2017. It is now read-only.

Add timeout values to all regex expressions #1752

Closed
blowdart opened this issue Apr 30, 2015 · 2 comments
Closed

Add timeout values to all regex expressions #1752

blowdart opened this issue Apr 30, 2015 · 2 comments
Assignees
@ChengTian
Labels
3 - Done bug
Milestone
1.0.0-beta7

Comments

@blowdart
Copy link
Member

To avoid regex attacks add a time-out value to every regular expression in the code base.
@ChengTian ChengTian modified the milestones: 1.0.0-beta6, 1.0.0 May 13, 2015
@ChengTian
Copy link
Contributor

I remember @blowdart finds that currently we are unable to add this to CoreCLR version of runtime.

Should be a post-beta5 issue.

@muratg , do we want a Security label for this kind of issue, or just use Bug?

@ChengTian ChengTian modified the milestones: 1.0.0-beta6, 1.0.0 May 13, 2015
@blowdart
Copy link
Member Author

I'd stick with bug.

As for CoreCLR this is not true. CoreCLR does not provide a global default. You can, and should, in both desktop and core use the regex constructor which takes the Timeout everywhere.

@ChengTian ChengTian added the bug label May 13, 2015
@muratg muratg modified the milestones: 1.0.0-beta7, 1.0.0-beta6 Jun 24, 2015
@ChengTian ChengTian mentioned this issue Aug 11, 2015
Merged
@glennc glennc mentioned this issue Sep 3, 2015
Closed
@kevinchalet kevinchalet mentioned this issue Sep 30, 2015
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ChengTian ChengTian

Labels
3 - Done bug
Projects
None yet
Milestone
1.0.0-beta7
Development

No branches or pull requests
3 participants
@blowdart @ChengTian @muratg