SONARPY-982 Rule S6331: Regular expressions should not contain empty groups (#1107)

Author: nils-werner-sonarsource

its/ruling/src/test/resources/expected/python-S6331.json

@@ -0,0 +1,5 @@
+{
+'project:numpy-1.16.4/numpy/f2py/crackfortran.py':[
+1393,
+],
+}

python-checks/src/main/java/org/sonar/python/checks/CheckList.java

@@ -51,16 +51,17 @@
 import org.sonar.python.checks.hotspots.UnverifiedHostnameCheck;
 import org.sonar.python.checks.regex.AnchorPrecedenceCheck;
 import org.sonar.python.checks.regex.DuplicatesInCharacterClassCheck;
+import org.sonar.python.checks.regex.EmptyGroupCheck;
 import org.sonar.python.checks.regex.EmptyStringRepetitionCheck;
-import org.sonar.python.checks.regex.ImpossibleBoundariesCheck;
 import org.sonar.python.checks.regex.GraphemeClustersInClassesCheck;
+import org.sonar.python.checks.regex.ImpossibleBoundariesCheck;
 import org.sonar.python.checks.regex.InvalidRegexCheck;
-import org.sonar.python.checks.regex.RegexComplexityCheck;
-import org.sonar.python.checks.regex.SingleCharacterAlternationCheck;
 import org.sonar.python.checks.regex.RedundantRegexAlternativesCheck;
-import org.sonar.python.checks.regex.ReluctantQuantifierCheck;
+import org.sonar.python.checks.regex.RegexComplexityCheck;
 import org.sonar.python.checks.regex.RegexLookaheadCheck;
+import org.sonar.python.checks.regex.ReluctantQuantifierCheck;
 import org.sonar.python.checks.regex.ReluctantQuantifierWithEmptyContinuationCheck;
+import org.sonar.python.checks.regex.SingleCharacterAlternationCheck;
 import org.sonar.python.checks.regex.StringReplaceCheck;
 
 public final class CheckList {
@@ -120,6 +121,7 @@ public static Iterable<Class> getChecks() {
       DynamicCodeExecutionCheck.class,
       ElseAfterLoopsWithoutBreakCheck.class,
       EmailSendingCheck.class,
+      EmptyGroupCheck.class,
       EmptyFunctionCheck.class,
       EmptyNestedBlockCheck.class,
       EmptyStringRepetitionCheck.class,

python-checks/src/main/java/org/sonar/python/checks/regex/EmptyGroupCheck.java

@@ -0,0 +1,34 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonarsource.analyzer.commons.regex.RegexParseResult;
+import org.sonarsource.analyzer.commons.regex.finders.EmptyGroupFinder;
+
+@Rule(key = "S6331")
+public class EmptyGroupCheck extends AbstractRegexCheck {
+
+  @Override
+  public void checkRegex(RegexParseResult regexParseResult, CallExpression regexFunctionCall) {
+    new EmptyGroupFinder(this::addIssue).visit(regexParseResult);
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6331.html

@@ -0,0 +1,17 @@
+<p>There are several reasons to use a group in a regular expression:</p>
+<ul>
+  <li> to change the precedence (e.g. <code>do(g|or)</code> will match 'dog' and 'door') </li>
+  <li> to remember parenthesised part of the match in the case of capturing group </li>
+  <li> to improve readability </li>
+</ul>
+<p>In any case, having an empty group is most probably a mistake. Either it is a leftover after refactoring and should be removed, or the actual
+parentheses were intended and were not escaped.</p>
+<h2>Noncompliant Code Example</h2>
+<pre>
+r"foo()" # Noncompliant, will match only 'foo'
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
+r"foo\(\)" # Matches 'foo()'
+</pre>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6331.json

@@ -0,0 +1,17 @@
+{
+  "title": "Regular expressions should not contain empty groups",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "regex"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6331",
+  "sqKey": "S6331",
+  "scope": "Main",
+  "quickfix": "unknown"
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -151,6 +151,7 @@
     "S5996",
     "S6002",
     "S6019",
-    "S6035"
+    "S6035",
+    "S6331"
   ]
 }

python-checks/src/test/java/org/sonar/python/checks/regex/EmptyGroupCheckTest.java

@@ -0,0 +1,32 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.junit.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+public class EmptyGroupCheckTest {
+
+  @Test
+  public void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/regex/emptyGroupCheck.py", new EmptyGroupCheck());
+  }
+
+}

python-checks/src/test/resources/checks/regex/emptyGroupCheck.py

@@ -0,0 +1,61 @@
+import re
+
+
+def non_compliant(input):
+    re.match(r"foo()bar", input)  # Noncompliant {{Remove this empty group.}}
+    #             ^^
+    re.match(r"foo(?:)bar", input)  # Noncompliant
+    #             ^^^^
+    re.match(r"foo(?=)bar", input)  # Noncompliant
+    #             ^^^^
+    re.match(r"foo(?!)bar", input)  # Noncompliant
+    #             ^^^^
+    re.match(r"foo(?<=)bar", input)  # Noncompliant
+    #             ^^^^^
+    re.match(r"foo(?<!)bar", input)  # Noncompliant
+    #             ^^^^^
+
+    re.match(r"(foo()bar)", input)  # Noncompliant
+    #              ^^
+    re.match(r"(foo(?:)bar)", input)  # Noncompliant
+    #              ^^^^
+    re.match(r"(foo(?=)bar)", input)  # Noncompliant
+    #              ^^^^
+    re.match(r"(foo(?!)bar)", input)  # Noncompliant
+    #              ^^^^
+    re.match(r"(foo(?<=)bar)", input)  # Noncompliant
+    #              ^^^^^
+    re.match(r"(foo(?<!)bar)", input)  # Noncompliant
+    #              ^^^^^
+
+
+def compliant(input):
+    re.match(r"foo(?-)bar", input)
+    re.match(r"foo(?-x)bar", input)
+    re.match(r"(foo(?-)bar)", input)
+
+    re.match(r"foo(x)bar", input)
+    re.match(r"foo(?:x)bar", input)
+    re.match(r"foo(?>x)bar", input)
+    re.match(r"foo(?=x)bar", input)
+    re.match(r"foo(?!x)bar", input)
+    re.match(r"foo(?<=x)bar", input)
+    re.match(r"foo(?<!x)bar", input)
+
+    re.match(r"[foo()bar]", input)
+    re.match(r"[foo(?-)bar]", input)
+    re.match(r"[foo(?:)bar]", input)
+    re.match(r"[foo(?>)bar]", input)
+    re.match(r"[foo(?=x)bar]", input)
+    re.match(r"[foo(?!x)bar]", input)
+    re.match(r"[foo(?<=x)bar]", input)
+    re.match(r"[foo(?<!x)bar]", input)
+
+    re.match(r"(foo(|)bar)", input)
+    re.match(r"(foo(?-|)bar)", input)
+    re.match(r"(foo(?:|)bar)", input)
+    re.match(r"(foo(?>|)bar)", input)
+    re.match(r"(foo(?=|)bar)", input)
+    re.match(r"(foo(?!|)bar)", input)
+    re.match(r"(foo(?<=|)bar)", input)
+    re.match(r"(foo(?<!|)bar)", input)