Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-6001

Back references in regular expressions should only refer to capturing groups that are matched before the reference

    XMLWordPrintable

    Details

    • Type: Bug Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Hide
      Change this back reference, so that it refers to a group that can be matched before it.
      Or:
      Fix this back reference - it refers to a capturing group that doesn't exist.
      Show
      Change this back reference, so that it refers to a group that can be matched before it. Or: Fix this back reference - it refers to a capturing group that doesn't exist.
    • Highlighting:
      • Primary: The impossible back reference.
      • Secondary: The capturing group to which it refers (if any)
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      PHP
    • Covered Languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      10min
    • Analysis Scope:
      Main Sources, Test Sources

      Description

      When a back reference in a regex refers to a capturing group that hasn't been defined yet (or at all), it can never be matched. Named back references throw a PatternSyntaxException in that case; numeric back references fail silently when they can't match, simply making the match fail.

      When the group is defined before the back reference but on a different control path (like in (.)|\1 for example), this also leads to a situation where the back reference can never match.

      Noncompliant Code Example

      Pattern.compile("\\1(.)"); // Noncompliant, group 1 is defined after the back reference
      Pattern.compile("(.)\\2"); // Noncompliant, group 2 isn't defined at all
      Pattern.compile("(.)|\\1"); // Noncompliant, group 1 and the back reference are in different branches
      Pattern.compile("(?<x>.)|\\k<x>"); // Noncompliant, group x and the back reference are in different branches
      

      Compliant Solution

      Pattern.compile("(.)\\1");
      Pattern.compile("(?<x>.)\\k<x>");
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              sebastian.hungerecker Sebastian Hungerecker
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: