Home

Regular expressions should not be vulnerable to Denial of Service attacks

  • Vulnerability
  • Critical

Rule description

  • Regular expressions should not be vulnerable to Denial of Service attacks

 

Non-compliant Code Example 

global function string matchRegexTest2 (string regPattern)
string findtext
findtext = "Hello test"
Match(findtext, regPattern)
Return regPattern
end function

Compliant Code Example

global function string matchRegexTest1 (string regPattern)
Match("hi test123", "^[A-Za-z]")
Return regPattern
end function
Visual Expert 2020
 VEPBRULE17