public bool ProcessRegex(string target, string regexExpression) { if (target == null) { target = String.Empty; } // Adding timeout for Regex in case of malicious string causing DoS Regex regex = RegexUtil.CreateRegex(regexExpression, RegexOptions.ExplicitCapture); Match match = regex.Match(target); if (match.Success == false) { return(false); } string[] groups = regex.GetGroupNames(); if (groups.Length > 0) { if (_groups == null) { _groups = new Hashtable(); } for (int i = 0; i < groups.Length; i++) { _groups[groups[i]] = match.Groups[i].Value; } } return(true); }
/// <summary> /// Overrider of <see cref="ValidationAttribute.IsValid(object,validationContext)"/>. /// </summary> /// <remarks> /// Checks if the given value meets the password requirements such as minimum length, minimum number of non-alpha numeric characters /// and password strength regular expression set in current <see cref="Membership.Provider"/> /// </remarks> /// <param name="value">The value to validate.</param> /// <param name="validationContext">A <see cref="ValidationContext"/> instance that provides /// context about the validation operation, such as the object and member being validated.</param> /// <returns> /// When validation is valid, <see cref="ValidationResult.Success"/>. /// <para> /// When validation is invalid, an instance of <see cref="ValidationResult"/>. /// </para> /// </returns> protected override ValidationResult IsValid(object value, ValidationContext validationContext) { string valueAsString = value as string; string name = (validationContext != null) ? validationContext.DisplayName : String.Empty; string[] memberNames = (validationContext != null) ? new[] { validationContext.MemberName } : null; string errorMessage; if (String.IsNullOrEmpty(valueAsString)) { return(ValidationResult.Success); } if (valueAsString.Length < MinRequiredPasswordLength) { errorMessage = GetMinPasswordLengthError(); return(new ValidationResult(FormatErrorMessage(errorMessage, name, MinRequiredPasswordLength), memberNames)); } int nonAlphanumericCharacters = valueAsString.Count(c => !Char.IsLetterOrDigit(c)); if (nonAlphanumericCharacters < MinRequiredNonAlphanumericCharacters) { errorMessage = GetMinNonAlphanumericCharactersError(); return(new ValidationResult(FormatErrorMessage(errorMessage, name, MinRequiredNonAlphanumericCharacters), memberNames)); } string passwordStrengthRegularExpression = PasswordStrengthRegularExpression; if (passwordStrengthRegularExpression != null) { Regex passwordStrengthRegex; try { // Adding timeout for Regex in case of malicious string causing DoS passwordStrengthRegex = RegexUtil.CreateRegex(passwordStrengthRegularExpression, RegexOptions.None, PasswordStrengthRegexTimeout); } catch (ArgumentException ex) { throw new InvalidOperationException(SR.GetString(SR.MembershipPasswordAttribute_InvalidRegularExpression), ex); } if (!passwordStrengthRegex.IsMatch(valueAsString)) { errorMessage = GetPasswordStrengthError(); return(new ValidationResult(FormatErrorMessage(errorMessage, name, additionalArgument: String.Empty), memberNames)); } } return(ValidationResult.Success); }