Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3562

Improve Regex rules to consider more string literals as Pattern

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Rules
    • Labels:
      None

      Description

      Currently, only string literals present in the following method invocation are supported by Regex rules extending AbstractRegexCheck:

      java.lang.String.matches
      java.lang.String.replaceAll
      java.lang.String.replaceFirst
      java.util.regex.Pattern.compile
      java.util.regex.Pattern.matches
      

      We should align this list with SonarSecurity by adding:

      java.lang.String.split
      javax.validation.constraints.Pattern
      javax.validation.constraints.Email
      org.hibernate.validator.constraints.URL
      org.apache.commons.lang3.RegExUtils (all the methods taking a regexp as parameter)
      

      We could also add some web framework like:

      // The regular expression is inside { } with a name prefix: {name: expression}
      @org.springframework.web.util.pattern.PathPattern("/resources/{filename: [a-z]\\w+}.dat")
      @javax.ws.rs.Path("/users/{id: [a-zA-Z][a-zA-Z_0-9]}")
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alban.auzeill Alban Auzeill
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: