Module ReDoS

Import path

import semmle.code.csharp.security.dataflow.ReDoS

Imports

RegularExpressions
Remote

Provides classes representing data flow sources for remote user input.

Sanitizers

Provides classes for identifying expressions that might be sanitized.

Predicates

isExponentialRegex

An expression that represents a regular expression with potential exponential behavior.

Classes

ExponentialRegexDataflow

A data flow configuration for tracking exponential worst case time regular expression string literals to the pattern argument of a regex.

ExponentialRegexSink

An expression passed as the input to a call to a Regex method, where the regex appears to have exponential behaviour.

RemoteSource

A source of remote user input.

Sanitizer

A sanitizer for untrusted user input used in dangerous regular expression operations.

Sink

A data flow sink for untrusted user input used in dangerous regular expression operations.

Source

A data flow source for untrusted user input used in dangerous regular expression operations.

TaintTrackingConfiguration

A taint-tracking configuration for untrusted user input used in dangerous regular expression operations.