Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3733

ReDoS: Don't call cubic and worse runtimes quadratic

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.14
    • Component/s: Rules
    • Labels:

      Description

      Currently the ReDoS rules refers to (super-linear) polynomial runtimes (i.e. `O(n^c)` with c >= 2) as "quadratic" even if they are actually cubic or worse.

      Since there's actually a significant difference between quadratic and cubic runtimes in terms of how big the input needs to be to cause performance problems, it should be fixed to report the correct runtime.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sebastian.hungerecker Sebastian Hungerecker
                Reporter:
                sebastian.hungerecker Sebastian Hungerecker
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: