SONARPY-884 Rule S6035 Single-character alternations in regular expressions should be replaced with character classes (#964)

nils-werner-sonarsource · web-flow · commit 2444d650ffca · 2021-10-29T10:22:51.000+02:00
* SONARPY-884 Rule S6035 Single-character alternations in regular expressions should be replaced with character classes * Update ruling
diff --git a/its/ruling/src/test/resources/expected/python-S6035.json b/its/ruling/src/test/resources/expected/python-S6035.json
@@ -0,0 +1,35 @@
+{
+'project:buildbot-0.8.6p1/buildbot/__init__.py':[
+33,
+],
+'project:buildbot-slave-0.8.6p1/buildslave/__init__.py':[
+33,
+],
+'project:mypy-0.782/test-data/stdlib-samples/3.2/test/support.py':[
+1048,
+],
+'project:numpy-1.16.4/numpy/distutils/from_template.py':[
+56,
+58,
+],
+'project:numpy-1.16.4/numpy/f2py/capi_maps.py':[
+307,
+307,
+],
+'project:numpy-1.16.4/numpy/f2py/crackfortran.py':[
+350,
+350,
+],
+'project:tensorflow/python/debug/cli/command_parser.py':[
+187,
+],
+'project:tensorflow/python/debug/cli/tensor_format.py':[
+32,
+],
+'project:tornado-2.3/demos/appengine/markdown.py':[
+1319,
+],
+'project:tornado-2.3/demos/blog/markdown.py':[
+1319,
+],
+}
diff --git a/python-checks/src/main/java/org/sonar/python/checks/CheckList.java b/python-checks/src/main/java/org/sonar/python/checks/CheckList.java
@@ -50,6 +50,7 @@
 import org.sonar.python.checks.hotspots.UnsafeHttpMethodsCheck;
 import org.sonar.python.checks.hotspots.UnverifiedHostnameCheck;
 import org.sonar.python.checks.regex.EmptyStringRepetitionCheck;
+import org.sonar.python.checks.regex.SingleCharacterAlternationCheck;
 import org.sonar.python.checks.regex.RedundantRegexAlternativesCheck;
 import org.sonar.python.checks.regex.RegexLookaheadCheck;
 import org.sonar.python.checks.regex.ReluctantQuantifierWithEmptyContinuationCheck;
@@ -201,6 +202,7 @@ public static Iterable<Class> getChecks() {
       SetDuplicateKeyCheck.class,
       SillyEqualityCheck.class,
       SillyIdentityCheck.class,
+      SingleCharacterAlternationCheck.class,
       SpecialMethodParamListCheck.class,
       SQLQueriesCheck.class,
       StandardInputCheck.class,
diff --git a/python-checks/src/main/java/org/sonar/python/checks/regex/SingleCharacterAlternationCheck.java b/python-checks/src/main/java/org/sonar/python/checks/regex/SingleCharacterAlternationCheck.java
@@ -0,0 +1,34 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2021 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonarsource.analyzer.commons.regex.RegexParseResult;
+import org.sonarsource.analyzer.commons.regex.finders.SingleCharacterAlternationFinder;
+
+@Rule(key = "S6035")
+public class SingleCharacterAlternationCheck extends AbstractRegexCheck {
+
+  @Override
+  public void checkRegex(RegexParseResult regexParseResult, CallExpression regexFunctionCall) {
+    new SingleCharacterAlternationFinder(this::addIssue).visit(regexParseResult);
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6035.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6035.html
@@ -0,0 +1,13 @@
+<p>When an alternation contains multiple alternatives that consist of a single character, it can be rewritten as a character class. This should be
+preferred because it is more efficient and can even help prevent stack overflows when used inside a repetition (see rule {rule:python:S5998}).</p>
+<h2>Noncompliant Code Example</h2>
+<pre>
+r"a|b|c" # Noncompliant
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
+r"[abc]"
+# or
+r"[a-c]"
+</pre>
+
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6035.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6035.json
@@ -0,0 +1,17 @@
+{
+  "title": "Single-character alternations in regular expressions should be replaced with character classes",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "regex"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6035",
+  "sqKey": "S6035",
+  "scope": "Main",
+  "quickfix": "unknown"
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
@@ -138,7 +138,8 @@
     "S5864",
     "S5886",
     "S5890",
-    "S6002"
-    "S6019"
+    "S6002",
+    "S6019",
+    "S6035"
   ]
 }
diff --git a/python-checks/src/test/java/org/sonar/python/checks/regex/SingleCharacterAlternationCheckTest.java b/python-checks/src/test/java/org/sonar/python/checks/regex/SingleCharacterAlternationCheckTest.java
@@ -0,0 +1,33 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2021 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.junit.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+
+public class SingleCharacterAlternationCheckTest {
+
+  @Test
+  public void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/regex/singleCharacterAlternationCheck.py", new SingleCharacterAlternationCheck());
+  }
+
+}
diff --git a/python-checks/src/test/resources/checks/regex/singleCharacterAlternationCheck.py b/python-checks/src/test/resources/checks/regex/singleCharacterAlternationCheck.py
@@ -0,0 +1,21 @@
+import re
+
+
+def non_compliant(input):
+    re.match(r"a|b|c", input)  # Noncompliant {{Replace this alternation with a character class.}}
+    #          ^^^^^
+    re.match(r"a|(b|c)", input)  # Noncompliant
+    re.match(r"abcd|(e|f)gh", input)  # Noncompliant
+    re.match(r"(a|b|c)*", input)  # Noncompliant
+    re.match(r"\d|x", input)  # Noncompliant
+    re.match(r"\u1234|\x{12345}", input)  # Noncompliant
+    re.match(r"😂|😊", input)  # Noncompliant
+    re.match(r"\ud800\udc00|\udbff\udfff", input)  # Noncompliant
+
+
+def compliant(input):
+    re.match(r"[abc]", input)
+    re.match(r"[a-c]", input)
+    re.match(r"ab|cd", input)
+    re.match(r"^|$", input)
+    re.match(r"|", input)

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,8 @@`
`138`	`138`	`"S5864",`
`139`	`139`	`"S5886",`
`140`	`140`	`"S5890",`
`141`		`- "S6002"`
`142`		`- "S6019"`
	`141`	`+ "S6002",`
	`142`	`+ "S6019",`
	`143`	`+ "S6035"`
`143`	`144`	`]`
`144`	`145`	`}`