SONARPY-980 Rule S6353: Regular expression quantifiers and character classes should be used concisely (#1108)

nils-werner-sonarsource · web-flow · commit 974683503d67 · 2022-03-25T15:58:55.000+01:00
diff --git a/its/ruling/src/test/resources/expected/python-S6353.json b/its/ruling/src/test/resources/expected/python-S6353.json
@@ -0,0 +1,161 @@
+{
+'project:biopython/Bio/Application/__init__.py':[
+33,
+],
+'project:biopython/Bio/FSSP/__init__.py':[
+51,
+51,
+53,
+53,
+53,
+],
+'project:biopython/Bio/GenBank/Scanner.py':[
+1101,
+],
+'project:biopython/Bio/Phylo/PAML/_parse_codeml.py':[
+23,
+80,
+],
+'project:biopython/Bio/Phylo/PhyloXML.py':[
+542,
+1053,
+1478,
+],
+'project:biopython/Bio/PopGen/GenePop/Controller.py':[
+654,
+654,
+654,
+],
+'project:buildbot-0.8.6p1/buildbot/process/mtrlogobserver.py':[
+85,
+86,
+88,
+89,
+89,
+],
+'project:buildbot-0.8.6p1/buildbot/status/builder.py':[
+243,
+244,
+],
+'project:buildbot-0.8.6p1/buildbot/status/web/change_hook.py':[
+101,
+],
+'project:buildbot-0.8.6p1/buildbot/steps/shell.py':[
+382,
+382,
+],
+'project:buildbot-0.8.6p1/buildbot/steps/source/oldsource.py':[
+977,
+977,
+978,
+978,
+979,
+979,
+],
+'project:buildbot-0.8.6p1/buildbot/steps/vstudio.py':[
+41,
+42,
+],
+'project:buildbot-slave-0.8.6p1/buildslave/runprocess.py':[
+300,
+],
+'project:django-2.2.3/django/views/static.py':[
+125,
+],
+'project:docker-compose-1.24.1/compose/config/interpolation.py':[
+195,
+],
+'project:docker-compose-1.24.1/script/release/release/utils.py':[
+10,
+10,
+10,
+10,
+10,
+10,
+],
+'project:mypy-0.782/misc/upload-pypi.py':[
+36,
+],
+'project:mypy-0.782/mypy/messages.py':[
+1954,
+],
+'project:mypy-0.782/mypy/stubdoc.py':[
+21,
+],
+'project:mypy-0.782/mypy/test/data.py':[
+82,
+87,
+92,
+100,
+106,
+285,
+289,
+],
+'project:mypy-0.782/mypy/test/testfinegrained.py':[
+195,
+318,
+],
+'project:numpy-1.16.4/numpy/distutils/mingw32ccompiler.py':[
+53,
+],
+'project:numpy-1.16.4/numpy/lib/polynomial.py':[
+977,
+],
+'project:numpy-1.16.4/numpy/testing/_private/parameterized.py':[
+490,
+],
+'project:numpy-1.16.4/numpy/tests/test_numpy_version.py':[
+12,
+12,
+12,
+12,
+12,
+12,
+],
+'project:numpy-1.16.4/pavement.py':[
+234,
+],
+'project:numpy-1.16.4/tools/c_coverage/c_coverage_report.py':[
+124,
+124,
+125,
+125,
+],
+'project:tensorflow/python/debug/cli/tensor_format.py':[
+32,
+],
+'project:tensorflow/python/module/module.py':[
+306,
+],
+'project:tensorflow/python/ops/structured/structured_tensor.py':[
+790,
+],
+'project:tensorflow/tools/ci_build/update_version.py':[
+126,
+126,
+157,
+158,
+159,
+],
+'project:tensorflow/tools/docs/parser.py':[
+1132,
+],
+'project:tornado-2.3/tornado/simple_httpclient.py':[
+341,
+],
+'project:tornado-2.3/tornado/test/web_test.py':[
+210,
+],
+'project:twisted-12.1.0/twisted/persisted/aot.py':[
+159,
+],
+'project:twisted-12.1.0/twisted/web/test/test_static.py':[
+1054,
+1054,
+1054,
+],
+'project:twisted-12.1.0/twisted/words/xish/xpathparser.py':[
+339,
+343,
+],
+}
diff --git a/python-checks/src/main/java/org/sonar/python/checks/CheckList.java b/python-checks/src/main/java/org/sonar/python/checks/CheckList.java
@@ -65,6 +65,7 @@
 import org.sonar.python.checks.regex.SingleCharacterAlternationCheck;
 import org.sonar.python.checks.regex.StringReplaceCheck;
 import org.sonar.python.checks.regex.UnquantifiedNonCapturingGroupCheck;
+import org.sonar.python.checks.regex.VerboseRegexCheck;
 
 public final class CheckList {
 
@@ -261,6 +262,7 @@ public static Iterable<Class> getChecks() {
       UselessParenthesisCheck.class,
       UselessStatementCheck.class,
       UseOfEmptyReturnValueCheck.class,
+      VerboseRegexCheck.class,
       VerifiedSslTlsCertificateCheck.class,
       WeakSSLProtocolCheck.class,
       WildcardImportCheck.class,
diff --git a/python-checks/src/main/java/org/sonar/python/checks/regex/VerboseRegexCheck.java b/python-checks/src/main/java/org/sonar/python/checks/regex/VerboseRegexCheck.java
@@ -0,0 +1,34 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonarsource.analyzer.commons.regex.RegexParseResult;
+import org.sonarsource.analyzer.commons.regex.finders.VerboseRegexFinder;
+
+@Rule(key = "S6353")
+public class VerboseRegexCheck extends AbstractRegexCheck {
+
+  @Override
+  public void checkRegex(RegexParseResult regexParseResult, CallExpression regexFunctionCall) {
+    new VerboseRegexFinder(this::addIssue).visit(regexParseResult);
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.html
@@ -0,0 +1,28 @@
+<p>With regular expressions syntax, it’s possible to express the same thing in many ways. For example, to match a two-digit number, one could write
+<code>[0-9]{2,2}</code> or <code>\d{2}</code>. Latter is not only shorter in terms of expression length, but also easier to read and thus to maintain.
+This rule recommends to replace some bulky quantifiers and character classes with more concise equivalents:</p>
+<ul>
+  <li> <code>\d</code> for <code>[0-9]</code> and <code>\D</code> for <code>[^0-9]</code> </li>
+  <li> <code>\w</code> for <code>[A-Za-z0-9_]</code> and <code>\W</code> for <code>[^A-Za-z0-9_]</code> </li>
+  <li> <code>.</code> for character classes matching everything (e.g. <code>[\w\W]</code>, <code>[\d\D]</code>, or <code>[\s\S]</code> with
+  <code>s</code> flag) </li>
+  <li> <code>x?</code> for <code>x{0,1}</code>, <code>x*</code> for <code>x{0,}</code>, <code>x+</code> for <code>x{1,}</code>, <code>x{N}</code> for
+  <code>x{N,N}</code> </li>
+</ul>
+<h2>Noncompliant Code Example</h2>
+<pre>
+r"[0-9]" # Noncompliant - same as r"\d"
+r"[^0-9]" # Noncompliant - same as r"\D"
+r"[A-Za-z0-9_]" # Noncompliant - same as r"\w"
+r"[\w\W]" # Noncompliant - same as r"."
+r"a{0,}" # Noncompliant - same as r"a*"
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
+r"\d"
+r"\D"
+r"\w"
+r"."
+r"a*"
+</pre>
+
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6353.json
@@ -0,0 +1,17 @@
+{
+  "title": "Regular expression quantifiers and character classes should be used concisely",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "regex"
+  ],
+  "defaultSeverity": "Minor",
+  "ruleSpecification": "RSPEC-6353",
+  "sqKey": "S6353",
+  "scope": "Main",
+  "quickfix": "unknown"
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
@@ -151,9 +151,9 @@
     "S5996",
     "S6002",
     "S6019",
-    "S6035",
     "S6323",
     "S6331",
+    "S6035",
     "S6395"
   ]
 }
diff --git a/python-checks/src/test/java/org/sonar/python/checks/regex/VerboseRegexCheckTest.java b/python-checks/src/test/java/org/sonar/python/checks/regex/VerboseRegexCheckTest.java
@@ -0,0 +1,31 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks.regex;
+
+import org.junit.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+public class VerboseRegexCheckTest {
+
+  @Test
+  public void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/regex/verboseRegexCheck.py", new VerboseRegexCheck());
+  }
+}
diff --git a/python-checks/src/test/resources/checks/regex/verboseRegexCheck.py b/python-checks/src/test/resources/checks/regex/verboseRegexCheck.py
@@ -0,0 +1,46 @@
+import re
+
+
+def non_compliant(input):
+    re.match(r"[\s\S]", input, re.DOTALL)  # Noncompliant {{Use concise character class syntax '.' instead of '[\s\S]'.}}
+    #          ^^^^^^
+    re.match(r"[\d\D]", input)  # Noncompliant {{Use concise character class syntax '.' instead of '[\d\D]'.}}
+    re.match(r"[\w\W]", input)  # Noncompliant {{Use concise character class syntax '.' instead of '[\w\W]'.}}
+    re.match(r"[0-9]", input)  # Noncompliant {{Use concise character class syntax '\d' instead of '[0-9]'.}}
+    re.match(r"foo[0-9]barr", input)  # Noncompliant
+    #             ^^^^^
+    re.match(r"[^0-9]", input)  # Noncompliant {{Use concise character class syntax '\D' instead of '[^0-9]'.}}
+    re.match(r"[A-Za-z0-9_]",input)  # Noncompliant {{Use concise character class syntax '\w' instead of '[A-Za-z0-9_]'.}}
+    re.match(r"[0-9_A-Za-z]", input)  # Noncompliant
+    re.match(r"[^A-Za-z0-9_]", input)  # Noncompliant {{Use concise character class syntax '\W' instead of '[^A-Za-z0-9_]'.}}
+    re.match(r"[^0-9_A-Za-z]", input)  # Noncompliant
+    re.match(r"x{0,1}", input)  # Noncompliant {{Use concise quantifier syntax '?' instead of '{0,1}'.}}
+    re.match(r"x{0,1}?", input)  # Noncompliant
+    re.match(r"x{0,}", input)  # Noncompliant {{Use concise quantifier syntax '*' instead of '{0,}'.}}
+    re.match(r"x{0,}?", input)  # Noncompliant
+    re.match(r"x{1,}", input)  # Noncompliant {{Use concise quantifier syntax '+' instead of '{1,}'.}}
+    re.match(r"x{1,}?", input)  # Noncompliant
+    re.match(r"x{2,2}", input)  # Noncompliant {{Use concise quantifier syntax '{2}' instead of '{2,2}'.}}
+    re.match(r"x{2,2}?", input)  # Noncompliant
+
+
+def compliant(input):
+    re.match(r"[x]", input)
+    re.match(r"[12]", input)
+    re.match(r"[1234]", input)
+    re.match(r"[1-3]", input)
+    re.match(r"[1-9abc]", input)
+    re.match(r"[1-9a-bAB]", input)
+    re.match(r"[1-9a-bA-Z!]", input)
+    re.match(r"[1-2[a][b][c]]", input)
+    re.match(r"[0-9[a][b][c]]", input)
+    re.match(r"[0-9a-z[b][c]]", input)
+    re.match(r"[0-9a-zA-Z[c]]", input)
+    re.match(r"x?", input)
+    re.match(r"x*", input)
+    re.match(r"x+", input)
+    re.match(r"x{2}", input)
+    re.match(r"[\s\S]", input)
+    re.match(r"[\w\S]", input)
+    re.match(r"[\d\S]", input)
+    re.match(r"[\s\d]", input)

Original file line number	Diff line number	Diff line change
`@@ -151,9 +151,9 @@`
`151`	`151`	`"S5996",`
`152`	`152`	`"S6002",`
`153`	`153`	`"S6019",`
`154`		`- "S6035",`
`155`	`154`	`"S6323",`
`156`	`155`	`"S6331",`
	`156`	`+ "S6035",`
`157`	`157`	`"S6395"`
`158`	`158`	`]`
`159`	`159`	`}`