SONARPY-983 Rule S6395: Non-capturing groups without quantifier should not be used (#1109)

nils-werner-sonarsource · web-flow · commit 2b591e3c18e8 · 2022-03-25T15:36:26.000+01:00
diff --git a/its/ruling/src/test/resources/expected/python-S6395.json b/its/ruling/src/test/resources/expected/python-S6395.json
@@ -0,0 +1,43 @@
+{
+'project:biopython/Bio/SearchIO/ExonerateIO/exonerate_text.py':[
+32,
+32,
+36,
+36,
+],
+'project:buildbot-0.8.6p1/buildbot/changes/mail.py':[
+212,
+212,
+214,
+214,
+],
+'project:django-2.2.3/django/db/backends/sqlite3/introspection.py':[
+204,
+204,
+],
+'project:django-2.2.3/django/utils/text.py':[
+308,
+],
+'project:django-2.2.3/django/utils/translation/template.py':[
+20,
+20,
+29,
+29,
+32,
+32,
+],
+'project:mypy-0.782/test-data/stdlib-samples/3.2/textwrap.py':[
+338,
+],
+'project:tornado-2.3/demos/appengine/markdown.py':[
+721,
+],
+'project:tornado-2.3/demos/blog/markdown.py':[
+721,
+],
+'project:tornado-2.3/tornado/escape.py':[
+235,
+235,
+235,
+],
+}
diff --git a/python-checks/src/main/java/org/sonar/python/checks/CheckList.java b/python-checks/src/main/java/org/sonar/python/checks/CheckList.java
@@ -64,6 +64,7 @@
 import org.sonar.python.checks.regex.ReluctantQuantifierWithEmptyContinuationCheck;
 import org.sonar.python.checks.regex.SingleCharacterAlternationCheck;
 import org.sonar.python.checks.regex.StringReplaceCheck;
+import org.sonar.python.checks.regex.UnquantifiedNonCapturingGroupCheck;
 
 public final class CheckList {
 
@@ -245,6 +246,7 @@ public static Iterable<Class> getChecks() {
       RegexComplexityCheck.class,
       RegexLookaheadCheck.class,
       UndefinedNameAllPropertyCheck.class,
+      UnquantifiedNonCapturingGroupCheck.class,
       UnreachableExceptCheck.class,
       UnreadPrivateAttributesCheck.class,
       UnreadPrivateInnerClassesCheck.class,
diff --git a/python-checks/src/main/java/org/sonar/python/checks/regex/UnquantifiedNonCapturingGroupCheck.java b/python-checks/src/main/java/org/sonar/python/checks/regex/UnquantifiedNonCapturingGroupCheck.java
@@ -0,0 +1,34 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonarsource.analyzer.commons.regex.RegexParseResult;
+import org.sonarsource.analyzer.commons.regex.finders.UnquantifiedNonCapturingGroupFinder;
+
+@Rule(key = "S6395")
+public class UnquantifiedNonCapturingGroupCheck extends AbstractRegexCheck {
+
+  @Override
+  public void checkRegex(RegexParseResult regexParseResult, CallExpression regexFunctionCall) {
+    new UnquantifiedNonCapturingGroupFinder(this::addIssue).visit(regexParseResult);
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.html
@@ -0,0 +1,20 @@
+<p>Sub-patterns can be wrapped by parentheses to build a group. This enables to restrict alternations, back reference the group or apply a quantifier
+to the sub-pattern.</p>
+<p>If this group should not be part of the match result or if no reference to this group is required, a non-capturing group can be created by adding
+<code>:?</code> behind the opening parenthesis.</p>
+<p>However, if this non-capturing group does not have a quantifier, or does not wrap an alternation, then imaging this group is redundant.</p>
+<h2>Noncompliant Code Example</h2>
+<pre>
+r"(?:number)\d{2}"
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
+r"number\d{2}"
+r"(?:number)?\d{2}"
+</pre>
+<h2>Exceptions</h2>
+<p>This rule does not report an issue if the non-capturing group is an alternation.</p>
+<pre>
+r"(?:number|string)"
+</pre>
+
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6395.json
@@ -0,0 +1,17 @@
+{
+  "title": "Non-capturing groups without quantifier should not be used",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "regex"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6395",
+  "sqKey": "S6395",
+  "scope": "All",
+  "quickfix": "unknown"
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
@@ -153,6 +153,7 @@
     "S6019",
     "S6035",
     "S6323",
-    "S6331"
+    "S6331",
+    "S6395"
   ]
 }
diff --git a/python-checks/src/test/java/org/sonar/python/checks/regex/UnquantifiedNonCapturingGroupCheckTest.java b/python-checks/src/test/java/org/sonar/python/checks/regex/UnquantifiedNonCapturingGroupCheckTest.java
@@ -0,0 +1,31 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.junit.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+public class UnquantifiedNonCapturingGroupCheckTest {
+
+  @Test
+  public void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/regex/unquantifiedNonCapturingGroupCheck.py", new UnquantifiedNonCapturingGroupCheck());
+  }
+}
diff --git a/python-checks/src/test/resources/checks/regex/unquantifiedNonCapturingGroupCheck.py b/python-checks/src/test/resources/checks/regex/unquantifiedNonCapturingGroupCheck.py
@@ -0,0 +1,20 @@
+import re
+
+
+def non_compliant(input):
+    re.match(r"(?:number)", input)  # Noncompliant {{Unwrap this unnecessarily grouped subpattern.}}
+    #          ^^^^^^^^^^
+    re.match(r"(?:number)\d{2}", input)  # Noncompliant
+    re.match(r"(?:number(?:two){2})", input)  # Noncompliant
+    #          ^^^^^^^^^^^^^^^^^^^^
+    re.match(r"(?:number(?:two)){2}", input)  # Noncompliant
+    #                   ^^^^^^^
+    re.match(r"foo(?:number)bar", input)  # Noncompliant
+    re.match(r"(?:)", input)  # Noncompliant
+
+
+def compliant(input):
+    re.match(r"(?:number)?+", input)
+    re.match(r"number\d{2}", input)
+    re.match(r"(?:number)?\d{2}", input)
+    re.match(r"(?:number|string)", input)

Original file line number	Diff line number	Diff line change
`@@ -153,6 +153,7 @@`
`153`	`153`	`"S6019",`
`154`	`154`	`"S6035",`
`155`	`155`	`"S6323",`
`156`		`- "S6331"`
	`156`	`+ "S6331",`
	`157`	`+ "S6395"`
`157`	`158`	`]`
`158`	`159`	`}`