Update analyzer commons to don't suggest possessive quantifiers (#980)

nils-werner-sonarsource · web-flow · commit 2db67cb7abfd · 2021-11-04T14:13:26.000+01:00
diff --git a/pom.xml b/pom.xml
@@ -91,7 +91,7 @@
     <mockito.version>3.9.0</mockito.version>
     <sonar.version>8.9.0.43852</sonar.version>
     <sonar.orchestrator.version>3.35.1.2719</sonar.orchestrator.version>
-    <sonar-analyzer-commons.version>1.21.0.809</sonar-analyzer-commons.version>
+    <sonar-analyzer-commons.version>1.21.0.818</sonar-analyzer-commons.version>
     <sonarlint-core.version>6.0.0.32513</sonarlint-core.version>
     <sslr.version>1.23</sslr.version>
     <protobuf.version>3.17.3</protobuf.version>
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5857.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5857.html
@@ -1,20 +1,15 @@
 <p>Using reluctant quantifiers (also known as lazy or non-greedy quantifiers) in patterns can often lead to needless backtracking, making the regex
 needlessly inefficient and potentially vulnerable to <a href="https://www.regular-expressions.info/catastrophic.html">catastrophic backtracking</a>.
 Particularly when using <code>.*?</code> or <code>.+?</code> to match anything up to some terminating character, it is usually a better idea to
-instead use a greedily or possessively quantified negated character class containing the terminating character. For example <code>&lt;.+?&gt;</code>
-should be replaced with <code>&lt;[^&gt;]++&gt;</code>.</p>
+instead use a greedily or quantified negated character class containing the terminating character. For example <code>&lt;.+?&gt;</code> should be
+replaced with <code>&lt;[^&gt;]*&gt;</code> or <code>&lt;[^&gt;]+&gt;</code>.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
 r'&lt;.+?&gt;'
 r'".*?"'
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
-r'&lt;[^&gt;]++&gt;'
-r'"[^"]*+"'
-</pre>
-<p>or</p>
-<pre>
 r'&lt;[^&gt;]+&gt;'
 r'"[^"]*"'
 </pre>
diff --git a/python-checks/src/test/resources/checks/regex/reluctantQuantifierCheck.py b/python-checks/src/test/resources/checks/regex/reluctantQuantifierCheck.py
@@ -2,52 +2,52 @@
 
 
 def non_compliant(input):
-    re.match(r"<.+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]++".}}
-    re.match(r"<\S+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\s]++".}}
-    re.match(r"<\D+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\d]++".}}
-    re.match(r"<\W+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\w]++".}}
-
-    re.match(r"<.{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]{2,5}+".}}
-    re.match(r"<\S{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\s]{2,5}+".}}
-    re.match(r"<\D{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\d]{2,5}+".}}
-    re.match(r"<\W{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\w]{2,5}+".}}
-
-    re.match(r"<.{2,}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]{2,}+".}}
-    re.match(r"\".*?\"", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^\"]*+".}}
-    re.match(r".*?\w", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "\W*+".}}
-    re.match(r".*?\W", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "\w*+".}}
-    re.match(r"\[.*?\]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^\]]*+".}}
-    re.match(r".+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc]++".}}
+    re.match(r"<.+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]+".}}
+    re.match(r"<\S+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\s]+".}}
+    re.match(r"<\D+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\d]+".}}
+    re.match(r"<\W+?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\w]+".}}
+
+    re.match(r"<.{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]{2,5}".}}
+    re.match(r"<\S{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\s]{2,5}".}}
+    re.match(r"<\D{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\d]{2,5}".}}
+    re.match(r"<\W{2,5}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>\w]{2,5}".}}
+
+    re.match(r"<.{2,}?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]{2,}".}}
+    re.match(r"\".*?\"", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^\"]*".}}
+    re.match(r".*?\w", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "\W*".}}
+    re.match(r".*?\W", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "\w*".}}
+    re.match(r"\[.*?\]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^\]]*".}}
+    re.match(r".+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc]+".}}
     re.match(r"(?-U:\s)*?\S", input)
-    re.match(r"(?U:\s)*?\S", input, re.ASCII)  # Noncompliant {{Replace this use of a reluctant quantifier with "[\s\S]*+".}}
+    re.match(r"(?U:\s)*?\S", input, re.ASCII)  # Noncompliant {{Replace this use of a reluctant quantifier with "[\s\S]*".}}
     re.match(r"(?U:a|\s)*?\S", input)
     re.match(r"\S*?\s", input)
     re.match(r"\S*?(?-U:\s)", input)
-    re.match(r"\S*?(?U:\s)", input, re.ASCII)  # Noncompliant {{Replace this use of a reluctant quantifier with "[\S\s]*+".}}
-    re.match(r"\S*?(?U)\s", input, re.ASCII)  # Noncompliant {{Replace this use of a reluctant quantifier with "[\S\s]*+".}}
+    re.match(r"\S*?(?U:\s)", input, re.ASCII)  # Noncompliant {{Replace this use of a reluctant quantifier with "[\S\s]*".}}
+    re.match(r"\S*?(?U)\s", input, re.ASCII)  # Noncompliant {{Replace this use of a reluctant quantifier with "[\S\s]*".}}
 
     # coverage
     re.match(r"(?:(?m))*?a", input)
     re.match(r"(?:(?m:.))*?(?:(?m))", input)
 
     # This replacement might not be equivalent in case of full match, but is equivalent in case of split
-    re.match(r".+?[^abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[abc]++".}}
+    re.match(r".+?[^abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[abc]+".}}
 
-    re.match(r".+?\x{1F4A9}", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^\x{1F4A9}]++".}}
-    re.match(r"<abc.*?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]*+".}}
-    re.match(r"<.+?>|otherstuff", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]++".}}
-    re.match(r"(<.+?>)*", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]++".}}
+    re.match(r".+?\x{1F4A9}", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^\x{1F4A9}]+".}}
+    re.match(r"<abc.*?>", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]*".}}
+    re.match(r"<.+?>|otherstuff", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]+".}}
+    re.match(r"(<.+?>)*", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^>]+".}}
 
-    re.match(r"\S+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\s]++".}}
-    re.match(r"\D+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\d]++".}}
-    re.match(r"\w+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\W]++".}}
+    re.match(r"\S+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\s]+".}}
+    re.match(r"\D+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\d]+".}}
+    re.match(r"\w+?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\W]+".}}
 
-    re.match(r"\S*?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\s]*+".}}
-    re.match(r"\D*?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\d]*+".}}
-    re.match(r"\w*?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\W]*+".}}
+    re.match(r"\S*?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\s]*".}}
+    re.match(r"\D*?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\d]*".}}
+    re.match(r"\w*?[abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[^abc\W]*".}}
 
-    re.match(r"\S+?[^abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[abc\S]++".}}
-    re.match(r"\s+?[^abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[abc\s]++".}}
+    re.match(r"\S+?[^abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[abc\S]+".}}
+    re.match(r"\s+?[^abc]", input)  # Noncompliant {{Replace this use of a reluctant quantifier with "[abc\s]+".}}
 
 
 def compliant(input):
@@ -70,6 +70,7 @@ def compliant(input):
     re.match(r"\S*?(?U:\s)", input)
     re.match(r"\S*?(?U)\s", input)
 
+
 def no_intersection(input):
     re.match(r"<\d+?>", input)
     re.match(r"<\s+?>", input)
