Fix NewDateRegex in StringExtensions restsharp#1556 (restsharp#1557)

* Fix NewDateRegex in StringExtensions restsharp#1556

Previously it had exponential worst-case complexity and was vulnerable to REDoS.

* Simple test for new Date(123)

Author: b-c-ds

src/RestSharp/Extensions/StringExtensions.cs

@@ -25,7 +25,7 @@ namespace RestSharp.Extensions
     public static class StringExtensions
     {
         static readonly Regex DateRegex    = new Regex(@"\\?/Date\((-?\d+)(-|\+)?([0-9]{4})?\)\\?/");
-        static readonly Regex NewDateRegex = new Regex(@"newDate\((-?\d+)*\)");
+        static readonly Regex NewDateRegex = new Regex(@"newDate\((-?\d+)\)");
 
         static readonly Regex IsUpperCaseRegex = new Regex(@"^[A-Z]+$");
 

test/RestSharp.Tests/JsonTests.cs

@@ -116,6 +116,28 @@ public void Can_Deserialize_DateTimeOffset()
             );
         }
 
+        [Test]
+        public void Can_Deserialize_NewDateTime()
+        {
+            var payload = GetPayLoad<NewDateTimeTestStructure>("newdatetimes.json");
+
+            Assert.AreEqual(
+                new DateTime(2011, 6, 30, 8, 15, 46, 929, DateTimeKind.Utc),
+                payload.DateTime
+            );
+        }
+
+        [Test]
+        public void Can_Deserialize_Negative_NewDateTime()
+        {
+            var payload = GetPayLoad<NewDateTimeTestStructure>("newdatetimes.json");
+
+            Assert.AreEqual(
+                new DateTime(1969, 12, 31, 23, 59, 59, 999, DateTimeKind.Utc),
+                payload.DateTimeNegative
+            );
+        }
+
         [Test]
         public void Can_Deserialize_Decimal_With_Four_Zeros_After_Floating_Point()
         {

test/RestSharp.Tests/RestSharp.Tests.csproj

@@ -84,6 +84,9 @@
     <None Update="SampleData\NestedListSample.xml">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Update="SampleData\newdatetimes.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="SampleData\objectproperty.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>

test/RestSharp.Tests/SampleClasses/misc.cs

@@ -222,6 +222,13 @@ public class Iso8601DateTimeTestStructure
         public DateTime DateTimeWithOffset { get; set; }
     }
 
+    public class NewDateTimeTestStructure
+    {
+        public DateTime DateTime { get; set; }
+
+        public DateTime DateTimeNegative { get; set; }
+    }
+
     public class TimeSpanTestStructure
     {
         public TimeSpan Tick { get; set; }

test/RestSharp.Tests/SampleData/newdatetimes.json

@@ -0,0 +1,4 @@
+{
+    "DateTime": "new Date(1309421746929)",
+    "DateTimeNegative": "new Date(-1)"
+}