Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-2182

Help Java developers writing regexp running fast, with the correct amount of resources and really doing what developers intended

    Details

    • Type: MMF
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Labels:

      Description

      WHY

      As a developer, I know that regular expressions are powerful and can help to solve tricky problems elegantly. I also know that writing regular expressions is an art in itself and it's easy to fall into traps. It takes years to become a regular expressions master.
      As a developer, I need rules to help me write regular expressions that really do what I expect them to do. I also want to avoid to have my software looping for ever or taking ages to run because I did a mistake in regular expressions.

      WHAT

      SonarQube 8.5 introduced a set of rules to help developers write efficient, error-free and safe regular expressions (MMF-2059).
      The goal of this MMF is to go a step further and provide rules dedicated to:

      • regexp that perform slowly
      • regexp that but the machine on his knees
      • regexp that are simply buggy because by definition they can't match anything

      We expect to deliver these new rules:

      • SONARJAVA-3554 Rule S5998: Regular expressions should not overflow the stack
      • SONARJAVA-3552 Rule S5996: Regex boundaries should not be used in a way that can never match
      • SONARJAVA-3550 Rule S5994: Regex patterns following a possessive quantifier should not always fail
      • SONARJAVA-3557 Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
      • SONARJAVA-3560 Rule S6002: Regex lookahead assertions should not be contradictory

      HOW

      We will develop:

      • a new model by adding automaton states to our existing regular expression AST
      • a common search methods in states graph, like finding the shortest path or the intersection

      All the research about how to implement the automaton has already been done and exhaustively described in:

      • SONARJAVA-3549 Add support for automata-based analyses for regular expressions

      Common helper methods have also been described in:

      • SONARJAVA-3551 Implement helper to find shortest path in regex automata
      • SONARJAVA-3564 Implement intersects and supersetOf helper for regex automata

        Attachments

          Issue Links

          breaks down into

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3550 Rule S5994: Regex patterns following a possessive quantifier should not always fail

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3552 Rule S5996: Regex boundaries should not be used in a way that can never match

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3554 Rule S5998: Regular expressions should not overflow the stack

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3557 Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3560 Rule S6002: Regex lookahead assertions should not be contradictory

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3566 Rule S5855: Regex alternatives should not be redundant

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3567 Rule S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3572 Rule S6035: Single-character alternations in regular expressions should be replaced with character classes

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-3610 Rule S6070: The regex escape sequence \cX should only be used with characters in the @-_ range

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SONARJAVA-3549 Add support for automata-based analyses for regular expressions

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SONARJAVA-3551 Implement helper to find whether state in regex automaton is reachable without consuming input

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SONARJAVA-3564 Implement intersects and supersetOf helper for regex automata

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-3561 AbstractRegexCheck should target more regex providers

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-3569 Improve issue locations of S5869

          • Major - Major loss of function.
          • Closed

          False Negative - True issue, expected to be covered by a rule, but ultimately not reported SONARJAVA-3483 FN in S5869 with escaped character classes

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-3568 S5852 should use automata to increase its accuracy

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-3624 Regex FP/FN with Supplementary Multilingual Plane

          • Major - Major loss of function.
          • Closed
          relates to

          MMF - Minimum Marketable Feature MMF-2059 SQ/SC help Java developers writing efficient, error-free and safe regular expressions

          • Major - Major loss of function.
          • Resolved

          MMF - Minimum Marketable Feature MMF-2271 [PHP] Help developers writing better regular expressions

          • Major - Major loss of function.
          • To Do

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                alexandre.gigleux Alexandre Gigleux
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: