Inefficient Regular Expression Complexity
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-1333: Inefficient Regular Expression Complexity |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code creates regular expressions with no or excessively long timeouts, which means regex operations could run indefinitely if given complex or malicious input. This leaves the application vulnerable to resource exhaustion.
Impact#
An attacker could craft input that causes the regex engine to hang, potentially freezing the application or making it unresponsive. This can lead to denial of service, impacting system reliability and availability for legitimate users.