Conversation
Defense in depth additional check to stop scripts from running when Analyzer.Options.RunScripts is false and return a clear Violation in validation or a failed OperationResult at runtime. Replace Assembly.Load usage with resolving assembly file paths and adding MetadataReference.CreateFromFile to avoid triggering module initializers; unresolved references now produce a Violation. Added ResolveAssemblyPath helper (checks loaded assemblies, AppContext.BaseDirectory, and runtime directory) and the System.IO import.
Wrap regex matching in a try/catch to handle RegexMatchTimeoutException and log a warning instead of crashing. Refactor the matching loops to correctly build and return TypedClauseCapture results for state1 and state2, and add a 5 second match timeout when constructing cached Regex instances to prevent long-running/DoS regex evaluations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements to script and regex operation handling, focusing on security, reliability, and error reporting. The main changes include preventing unintended side effects during script validation, improving assembly reference resolution, and adding timeouts and error handling to regex operations.