Process wide setting for RegEx match timeout is ignored

Hello,

We are using regular expressions to validate input in our .Net Core 6 based API. We configured process wide setting for RegEx match timeout using below line of code in Main method, but the Sonar cloud 10.2 is still marking the code “new Regex” with error message “Pass a timeout to limit the execution time.”.

AppDomain.CurrentDomain.SetData("REGEX_DEFAULT_MATCH_TIMEOUT", TimeSpan.FromMilliseconds(100));

Please let me know if we are missing any other settings to consider the above process wide setting.

Thanks for your time

Hey there.

Are you using SonarCloud (https://sonarcloud.io), or SonarQube v10.2?

Thank you for the reply. Sorry, we are on SonarQube 10.2 (build 77647).

Please let me know if you need any other information.

Hello,

Just checking to see whether this is a false positive as scanner may be ignoring the process wide setting.

Thanks

Hello @StreamingGuy

Welcome to the community!

Thank you for reporting this issue.

I confirm this as a false positive, we do not take into account REGEX_DEFAULT_MATCH_TIMEOUT.
I have created an issue in our backlog to tackle it in the future.

Have a nice day!

Thank you Sebastien for looking into our request and confirming that as false positive.

Appreciate your time.

Hello @StreamingGuy,

It has been pointed out to me that we do not plan to support the REGEX_DEFAULT_MATCH_TIMEOUT.
It is difficult to detect reliably the usage of this property.
If you set this property, you can disable the rule.

For more information, you can check the rule implementation PR.

I hope that works for you.

Thank you for the update. We will disable the rule and proceed with further scans.

Thanks again for quickly looking into our request.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.