From ffe13e2ceb7d0f7861266cd0f85bb9d40d577cf8 Mon Sep 17 00:00:00 2001 From: Christoph Hofmann Date: Sun, 17 Dec 2023 15:33:10 +0100 Subject: [PATCH] Fix potenial DoS issues --- .sonarlint/OpenHAB.Windows.slconfig | 15 - .../CSharp/SonarLint.xml | 89 ----- .../openhab_openhab-windowscsharp.ruleset | 370 ------------------ src/openHAB.Core/Model/OpenHABItem.cs | 2 +- src/openHAB.Core/Openhab.Core.csproj | 18 +- src/openHAB.Core/SDK/OpenHABClient.cs | 2 +- src/openHAB.Core/Services/IconCaching.cs | 4 +- .../Controls/ColorWidget.xaml.cs | 2 +- .../Controls/ImageLabel.xaml.cs | 6 +- .../Converters/IconToPathConverter.cs | 2 +- src/openHAB.Windows/openHAB.Windows.csproj | 14 +- 11 files changed, 11 insertions(+), 513 deletions(-) delete mode 100644 .sonarlint/OpenHAB.Windows.slconfig delete mode 100644 .sonarlint/openhab_openhab-windows/CSharp/SonarLint.xml delete mode 100644 .sonarlint/openhab_openhab-windowscsharp.ruleset diff --git a/.sonarlint/OpenHAB.Windows.slconfig b/.sonarlint/OpenHAB.Windows.slconfig deleted file mode 100644 index 704efb31..00000000 --- a/.sonarlint/OpenHAB.Windows.slconfig +++ /dev/null @@ -1,15 +0,0 @@ -{ - "ServerUri": "https://sonarcloud.io/", - "Organization": { - "Key": "openhab", - "Name": "openHAB" - }, - "ProjectKey": "openhab_openhab-windows", - "ProjectName": "openhab-windows", - "Profiles": { - "CSharp": { - "ProfileKey": "AXflIL33YGfeNt47qUY1", - "ProfileTimestamp": "2021-11-22T10:44:23Z" - } - } -} \ No newline at end of file diff --git a/.sonarlint/openhab_openhab-windows/CSharp/SonarLint.xml b/.sonarlint/openhab_openhab-windows/CSharp/SonarLint.xml deleted file mode 100644 index 90bc98df..00000000 --- a/.sonarlint/openhab_openhab-windows/CSharp/SonarLint.xml +++ /dev/null @@ -1,89 +0,0 @@ - - - - - sonar.cs.analyzeGeneratedCode - false - - - sonar.cs.file.suffixes - .cs - - - sonar.cs.ignoreHeaderComments - true - - - sonar.cs.roslyn.ignoreIssues - false - - - - - S107 - - - max - 7 - - - - - S110 - - - max - 5 - - - - - S1479 - - - maximum - 30 - - - - - S2342 - - - flagsAttributeFormat - ^([A-Z]{1,3}[a-z0-9]+)*([A-Z]{2})?s$ - - - format - ^([A-Z]{1,3}[a-z0-9]+)*([A-Z]{2})?$ - - - - - S2436 - - - max - 2 - - - maxMethod - 3 - - - - - S3776 - - - propertyThreshold - 3 - - - threshold - 15 - - - - - \ No newline at end of file diff --git a/.sonarlint/openhab_openhab-windowscsharp.ruleset b/.sonarlint/openhab_openhab-windowscsharp.ruleset deleted file mode 100644 index 79df8173..00000000 --- a/.sonarlint/openhab_openhab-windowscsharp.ruleset +++ /dev/null @@ -1,370 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/src/openHAB.Core/Model/OpenHABItem.cs b/src/openHAB.Core/Model/OpenHABItem.cs index cbf47601..f1582444 100644 --- a/src/openHAB.Core/Model/OpenHABItem.cs +++ b/src/openHAB.Core/Model/OpenHABItem.cs @@ -187,7 +187,7 @@ public void UpdateValue(object value) /// State as double value. public double GetStateAsDoubleValue() { - string newstate = Regex.Replace(_state, "[^0-9,.]", string.Empty); + string newstate = Regex.Replace(_state, "[^0-9,.]", string.Empty, RegexOptions.None, TimeSpan.FromMilliseconds(100)); double value = 0; double.TryParse(newstate, NumberStyles.AllowDecimalPoint, CultureInfo.InvariantCulture, out value); diff --git a/src/openHAB.Core/Openhab.Core.csproj b/src/openHAB.Core/Openhab.Core.csproj index 964fb5e6..24f15a1a 100644 --- a/src/openHAB.Core/Openhab.Core.csproj +++ b/src/openHAB.Core/Openhab.Core.csproj @@ -1,4 +1,4 @@ - + @@ -28,7 +28,6 @@ x86 false prompt - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset bin\x86\Debug\OpenHAB.Core.XML @@ -41,7 +40,6 @@ x86 false prompt - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset ARM @@ -53,7 +51,6 @@ ARM false prompt - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset ARM @@ -65,7 +62,6 @@ ARM false prompt - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset x64 @@ -77,7 +73,6 @@ x64 false prompt - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset x64 @@ -89,7 +84,6 @@ x64 false prompt - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset @@ -227,16 +221,6 @@ - - - openhab_openhab-windowscsharp.ruleset - - - - - SonarLint.xml - - 14.0 diff --git a/src/openHAB.Core/SDK/OpenHABClient.cs b/src/openHAB.Core/SDK/OpenHABClient.cs index 6858e611..e367572f 100644 --- a/src/openHAB.Core/SDK/OpenHABClient.cs +++ b/src/openHAB.Core/SDK/OpenHABClient.cs @@ -113,7 +113,7 @@ public async Task> GetOpenHABServerInfo(OpenHABCo return new HttpResponseResult(serverInfo, result.StatusCode); } - string runtimeversion = Regex.Replace(apiInfo?.RuntimeInfo.Version, "[^.0-9]", string.Empty); + string runtimeversion = Regex.Replace(apiInfo?.RuntimeInfo.Version, "[^.0-9]", string.Empty, RegexOptions.None, TimeSpan.FromMilliseconds(100)); if (!Version.TryParse(runtimeversion, out Version serverVersion)) { string message = "Not able to parse runtime verion from openHAB server"; diff --git a/src/openHAB.Core/Services/IconCaching.cs b/src/openHAB.Core/Services/IconCaching.cs index f4ef0898..5b321e7f 100644 --- a/src/openHAB.Core/Services/IconCaching.cs +++ b/src/openHAB.Core/Services/IconCaching.cs @@ -29,8 +29,8 @@ public async Task ResolveIconPath(string iconUrl, string iconFormat) { try { - Match iconName = Regex.Match(iconUrl, "icon/[0-9a-zA-Z]*"); - Match iconState = Regex.Match(iconUrl, "state=[0-9a-zA-Z=]*"); + Match iconName = Regex.Match(iconUrl, "icon/[0-9a-zA-Z]*", RegexOptions.None, TimeSpan.FromMilliseconds(100)); + Match iconState = Regex.Match(iconUrl, "state=[0-9a-zA-Z=]*", RegexOptions.None, TimeSpan.FromMilliseconds(100)); if (!iconName.Success) { diff --git a/src/openHAB.Windows/Controls/ColorWidget.xaml.cs b/src/openHAB.Windows/Controls/ColorWidget.xaml.cs index 0c5caae0..f9b91a25 100644 --- a/src/openHAB.Windows/Controls/ColorWidget.xaml.cs +++ b/src/openHAB.Windows/Controls/ColorWidget.xaml.cs @@ -53,7 +53,7 @@ internal override void SetState() string rgbString = Widget.Item?.State; string[] rgbSegements = Widget.Item?.State.Split(','); - Regex rgbRegEx = new Regex(@"^(([1-9][\.\d]*)(,)){2}([1-9][\.\d]*)"); + Regex rgbRegEx = new Regex(@"^(([1-9][\.\d]*)(,)){2}([1-9][\.\d]*)", RegexOptions.None, TimeSpan.FromMilliseconds(100)); if (rgbString == null || rgbString.Length == 0 || !rgbRegEx.IsMatch(rgbString) || rgbSegements == null) { diff --git a/src/openHAB.Windows/Controls/ImageLabel.xaml.cs b/src/openHAB.Windows/Controls/ImageLabel.xaml.cs index b3c47e70..fd3b3973 100644 --- a/src/openHAB.Windows/Controls/ImageLabel.xaml.cs +++ b/src/openHAB.Windows/Controls/ImageLabel.xaml.cs @@ -41,13 +41,13 @@ private static async void IconChangedCallback(DependencyObject dependencyObject, // fix IconPathState by removing empty space and special characters string iconPath = control.IconPath; - Match format = Regex.Match(iconPath, @"format=svg"); - Match state = Regex.Match(iconPath, @"state=(.+?)&"); + Match format = Regex.Match(iconPath, @"format=svg", RegexOptions.None, TimeSpan.FromMilliseconds(100)); + Match state = Regex.Match(iconPath, @"state=(.+?)&", RegexOptions.None, TimeSpan.FromMilliseconds(100)); if (state != null) { if (!string.IsNullOrEmpty(state.Value)) { - string newstate = Regex.Replace(state.Groups[1].Value, "[^0-9a-zA-Z.&]", string.Empty); + string newstate = Regex.Replace(state.Groups[1].Value, "[^0-9a-zA-Z.&]", string.Empty, RegexOptions.None, TimeSpan.FromMilliseconds(100)); iconPath = control.IconPath.Replace(state.Groups[1].Value, newstate, StringComparison.InvariantCulture); } } diff --git a/src/openHAB.Windows/Converters/IconToPathConverter.cs b/src/openHAB.Windows/Converters/IconToPathConverter.cs index b55a96b4..2f7c5c02 100644 --- a/src/openHAB.Windows/Converters/IconToPathConverter.cs +++ b/src/openHAB.Windows/Converters/IconToPathConverter.cs @@ -33,7 +33,7 @@ public object Convert(object value, Type targetType, object parameter, string la var state = widget.Item?.State ?? "ON"; string iconFormat = _settings.UseSVGIcons ? "svg" : "png"; - var regMatch = Regex.Match(state, @"\d+"); + var regMatch = Regex.Match(state, @"\d+", RegexOptions.None, TimeSpan.FromMilliseconds(100)); if (regMatch.Success) { state = regMatch.Value; diff --git a/src/openHAB.Windows/openHAB.Windows.csproj b/src/openHAB.Windows/openHAB.Windows.csproj index 41eeb94d..89b7f11b 100644 --- a/src/openHAB.Windows/openHAB.Windows.csproj +++ b/src/openHAB.Windows/openHAB.Windows.csproj @@ -1,4 +1,4 @@ - + @@ -39,7 +39,6 @@ false prompt true - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset bin\x86\Debug\OpenHAB.Windows.XML false false @@ -55,7 +54,6 @@ prompt true true - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset true @@ -67,7 +65,6 @@ false prompt true - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset false @@ -81,7 +78,6 @@ prompt true true - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset true @@ -93,7 +89,6 @@ false prompt true - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset false @@ -107,7 +102,6 @@ prompt true true - ..\..\.sonarlint\openhab_openhab-windowscsharp.ruleset @@ -124,9 +118,6 @@ Strings\en-us\Errors.resw - - openhab_openhab-windowscsharp.ruleset - @@ -238,9 +229,6 @@ - - SonarLint.xml -