Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3712

Support boundaries in RegexTreeHelper.intersects and supersetOf methods

    Details

    • Type: False Negative
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Rules
    • Labels:

      Description

      Currently RegexTreeHelper.intersects and .supersetOf don't support boundaries appearing within the sub-expressions being compared. This can lead to false negatives in the linked rules.

      Example:

      Pattern.compile("\\w\\b|\\d\\b"); // FN, should raise S5855 "Remove or rework this redundant alternative"
      Pattern.compile(".*\\b.*X"); // FN should raise S5852 "Make sure the regex used here, which is vulnerable to quadratic runtime due to backtracking, cannot lead to denial of service."
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                sebastian.hungerecker Sebastian Hungerecker
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: