...
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
IDS08-J | Medium | Unlikely | Yes | No | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| CodeSonar |
| JAVA.IO.TAINT.REGEX | Tainted Regular Expression (Java) | ||||||
| Security Reviewer - Static Reviewer |
| regex_injection_dos | Full Implementation | ||||||
| SonarQube |
| Regular expressions should not be vulnerable to Denial of Service attacks |
Related Guidelines
...