[SONARJAVA-3552] Rule S5996: Regex boundaries should not be used in a way that can never match - SonarSource

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.10
Component/s: Rules
Labels:
- regex

Description

1. Find all relevant boundaries (^, $, \A, \Z, \z) in the regex using a visitation of the AST.
2. For each boundary check whether it can reach the end-of-the-regex state without consuming input using the linked helper method.
3. If it can't, report an issue.

Compared to the current implementation of S5840 this will avoid false positives if the boundary is nested inside other syntactic constructs (like in a look around).

Attachments

Issue Links

contributes to

MMF-2182 Help Java developers writing regexp running fast, with the correct amount of resources and really doing what developers intended

Resolved

depends upon

SONARJAVA-3549 Add support for automata-based analyses for regular expressions

Closed

SONARJAVA-3551 Implement helper to find whether state in regex automaton is reachable without consuming input

Closed

implements

RSPEC-5996 Regex boundaries should not be used in a way that can never be matched

Active

Activity

People

Assignee:

Sebastian Hungerecker

Reporter:

Sebastian Hungerecker

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Due:

23/Nov/20

Created:

06/Oct/20 5:02 PM

Updated:

07/Dec/20 8:27 PM

Resolved:

07/Dec/20 8:27 PM