From 0e3db4dd8b4fad16d44155236d7aba303abdbb6b Mon Sep 17 00:00:00 2001
From: mokarchi <mokarchi@gmail.com>
Date: Fri, 23 Feb 2024 23:49:06 +0330
Subject: [PATCH 1/4] Add regex evaluation timeout

---
 src/coverlet.core/Helpers/InstrumentationHelper.cs | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/coverlet.core/Helpers/InstrumentationHelper.cs b/src/coverlet.core/Helpers/InstrumentationHelper.cs
index f0af9b31c..6755678d8 100644
--- a/src/coverlet.core/Helpers/InstrumentationHelper.cs
+++ b/src/coverlet.core/Helpers/InstrumentationHelper.cs
@@ -24,6 +24,8 @@ internal class InstrumentationHelper : IInstrumentationHelper
     private readonly IFileSystem _fileSystem;
     private readonly ISourceRootTranslator _sourceRootTranslator;
     private ILogger _logger;
+    private static readonly RegexOptions s_regexOptions =
+      RegexOptions.Multiline | RegexOptions.Compiled | RegexOptions.IgnoreCase;
 
     public InstrumentationHelper(IProcessExitHandler processExitHandler, IRetryHelper retryHelper, IFileSystem fileSystem, ILogger logger, ISourceRootTranslator sourceRootTranslator)
     {
@@ -331,7 +333,7 @@ public bool IsValidFilterExpression(string filter)
       if (filter.EndsWith("]"))
         return false;
 
-      if (new Regex(@"[^\w*]").IsMatch(filter.Replace(".", "").Replace("?", "").Replace("[", "").Replace("]", "")))
+      if (new Regex(@"[^\w*]", s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(filter.Replace(".", "").Replace("?", "").Replace("[", "").Replace("]", "")))
         return false;
 
       return true;
@@ -358,7 +360,7 @@ public bool IsModuleExcluded(string module, string[] excludeFilters)
 #pragma warning restore IDE0057 // Use range operator
         modulePattern = WildcardToRegex(modulePattern);
 
-        var regex = new Regex(modulePattern);
+        var regex = new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(1));
 
         if (regex.IsMatch(module))
           return true;
@@ -387,7 +389,7 @@ public bool IsModuleIncluded(string module, string[] includeFilters)
 
         modulePattern = WildcardToRegex(modulePattern);
 
-        var regex = new Regex(modulePattern);
+        var regex = new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(1));
 
         if (regex.IsMatch(module))
           return true;
@@ -421,7 +423,7 @@ public bool IsTypeIncluded(string module, string type, string[] includeFilters)
     }
 
     public bool IsLocalMethod(string method)
-        => new Regex(WildcardToRegex("<*>*__*|*")).IsMatch(method);
+        => new Regex(WildcardToRegex("<*>*__*|*"), s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(method);
 
     public void SetLogger(ILogger logger)
     {
@@ -443,7 +445,7 @@ private static bool IsTypeFilterMatch(string module, string type, string[] filte
         typePattern = WildcardToRegex(typePattern);
         modulePattern = WildcardToRegex(modulePattern);
 
-        if (new Regex(typePattern).IsMatch(type) && new Regex(modulePattern).IsMatch(module))
+        if (new Regex(typePattern, s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(type) && new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(module))
           return true;
       }
 

From df85e45a5572e1ecc5a35a9788fd0affea52e304 Mon Sep 17 00:00:00 2001
From: mokarchi <mokarchi@gmail.com>
Date: Mon, 26 Feb 2024 12:05:45 +0330
Subject: [PATCH 2/4] increase anti-DoS timeout

---
 src/coverlet.core/Helpers/InstrumentationHelper.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/coverlet.core/Helpers/InstrumentationHelper.cs b/src/coverlet.core/Helpers/InstrumentationHelper.cs
index 6755678d8..88182a8ae 100644
--- a/src/coverlet.core/Helpers/InstrumentationHelper.cs
+++ b/src/coverlet.core/Helpers/InstrumentationHelper.cs
@@ -333,7 +333,7 @@ public bool IsValidFilterExpression(string filter)
       if (filter.EndsWith("]"))
         return false;
 
-      if (new Regex(@"[^\w*]", s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(filter.Replace(".", "").Replace("?", "").Replace("[", "").Replace("]", "")))
+      if (new Regex(@"[^\w*]", s_regexOptions, TimeSpan.FromSeconds(10)).IsMatch(filter.Replace(".", "").Replace("?", "").Replace("[", "").Replace("]", "")))
         return false;
 
       return true;
@@ -360,7 +360,7 @@ public bool IsModuleExcluded(string module, string[] excludeFilters)
 #pragma warning restore IDE0057 // Use range operator
         modulePattern = WildcardToRegex(modulePattern);
 
-        var regex = new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(1));
+        var regex = new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(10));
 
         if (regex.IsMatch(module))
           return true;
@@ -389,7 +389,7 @@ public bool IsModuleIncluded(string module, string[] includeFilters)
 
         modulePattern = WildcardToRegex(modulePattern);
 
-        var regex = new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(1));
+        var regex = new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(10));
 
         if (regex.IsMatch(module))
           return true;

From c53326068fa0f44936e9e36dffabe7c95e721edd Mon Sep 17 00:00:00 2001
From: mokarchi <mokarchi@gmail.com>
Date: Mon, 26 Feb 2024 12:07:05 +0330
Subject: [PATCH 3/4] increase  anti-DoS timeout

---
 src/coverlet.core/Helpers/InstrumentationHelper.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/coverlet.core/Helpers/InstrumentationHelper.cs b/src/coverlet.core/Helpers/InstrumentationHelper.cs
index 88182a8ae..6750a8fb2 100644
--- a/src/coverlet.core/Helpers/InstrumentationHelper.cs
+++ b/src/coverlet.core/Helpers/InstrumentationHelper.cs
@@ -423,7 +423,7 @@ public bool IsTypeIncluded(string module, string type, string[] includeFilters)
     }
 
     public bool IsLocalMethod(string method)
-        => new Regex(WildcardToRegex("<*>*__*|*"), s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(method);
+        => new Regex(WildcardToRegex("<*>*__*|*"), s_regexOptions, TimeSpan.FromSeconds(10)).IsMatch(method);
 
     public void SetLogger(ILogger logger)
     {
@@ -445,7 +445,7 @@ private static bool IsTypeFilterMatch(string module, string type, string[] filte
         typePattern = WildcardToRegex(typePattern);
         modulePattern = WildcardToRegex(modulePattern);
 
-        if (new Regex(typePattern, s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(type) && new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(module))
+        if (new Regex(typePattern, s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(type) && new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(10)).IsMatch(module))
           return true;
       }
 

From e78c68348af8aa042285daa6dd97a3b76ac97b4a Mon Sep 17 00:00:00 2001
From: mokarchi <mokarchi@gmail.com>
Date: Mon, 26 Feb 2024 12:08:14 +0330
Subject: [PATCH 4/4] increase anti-DoS timeout

---
 src/coverlet.core/Helpers/InstrumentationHelper.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/coverlet.core/Helpers/InstrumentationHelper.cs b/src/coverlet.core/Helpers/InstrumentationHelper.cs
index 6750a8fb2..f6a35f73a 100644
--- a/src/coverlet.core/Helpers/InstrumentationHelper.cs
+++ b/src/coverlet.core/Helpers/InstrumentationHelper.cs
@@ -445,7 +445,7 @@ private static bool IsTypeFilterMatch(string module, string type, string[] filte
         typePattern = WildcardToRegex(typePattern);
         modulePattern = WildcardToRegex(modulePattern);
 
-        if (new Regex(typePattern, s_regexOptions, TimeSpan.FromSeconds(1)).IsMatch(type) && new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(10)).IsMatch(module))
+        if (new Regex(typePattern, s_regexOptions, TimeSpan.FromSeconds(10)).IsMatch(type) && new Regex(modulePattern, s_regexOptions, TimeSpan.FromSeconds(10)).IsMatch(module))
           return true;
       }