-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Rules
-
Labels:None
Currently, only string literals present in the following method invocation are supported by Regex rules extending AbstractRegexCheck:
java.lang.String.matches java.lang.String.replaceAll java.lang.String.replaceFirst java.util.regex.Pattern.compile java.util.regex.Pattern.matches
We should align this list with SonarSecurity by adding:
java.lang.String.split javax.validation.constraints.Pattern javax.validation.constraints.Email org.hibernate.validator.constraints.URL org.apache.commons.lang3.RegExUtils (all the methods taking a regexp as parameter)
We could also add some web framework like:
// The regular expression is inside { } with a name prefix: {name: expression} @org.springframework.web.util.pattern.PathPattern("/resources/{filename: [a-z]\\w+}.dat") @javax.ws.rs.Path("/users/{id: [a-zA-Z][a-zA-Z_0-9]}")