JS-1179 Fix FP on S5850 for complementary anchor patterns in trimming regexes #6293
+171
−129
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tests cover the scenario where two-alternative regex patterns with complementary anchors (^first|second$) are incorrectly flagged. These are valid trimming idioms where the first alternative starts with ^ and the second ends with $ - a common pattern for matching at the start OR end of strings. Test cases include: - Symmetric trimming patterns: whitespace, hyphens, quotes, underscores, slashes - Asymmetric complementary anchors: protocol/extension stripping, mixed quotes, validation patterns Relates to JS-1179
Add early-exit check for complementary anchor patterns in regex. When exactly 2 alternatives exist where the first starts with ^ and the second ends with $, this represents a valid "match at start OR end" idiom commonly used for trimming operations (e.g., /^\s+|\s+$/g). The fix recognizes this established pattern and suppresses the warning, while continuing to flag patterns with 3+ alternatives or ambiguous single-end anchoring. Implementation follows the approved proposal algorithm: - Check if exactly 2 alternatives exist - Check if first alternative starts with ^ (start anchor) - Check if second alternative ends with $ (end anchor) - If both conditions are true, return early without reporting Relates to JS-1179
Add additional test cases derived from ruling analysis to improve coverage of the complementary anchor pattern detection. The ruling analysis confirmed that the implementation correctly handles 47 cases: - 10 true positives (correctly flagged patterns with 3+ alternatives or non-complementary anchors) - 37 true negatives (correctly not flagged complementary anchor patterns used for trimming and validation) New valid test cases include: - Table block matching patterns with empty/whitespace alternatives - Git ref parsing with SHA or ref alternatives - Double caret patterns (redundant but valid) - Complex rtrim with capturing groups New invalid test cases include: - User status patterns with unanchored middle alternatives - Path exclusion patterns with unanchored alternatives - Line matching with multiple alternatives - Event patterns with unanchored click alternative No implementation changes were needed as the existing logic correctly identifies complementary anchor patterns (exactly 2 alternatives where first starts with ^ and second ends with $). Relates to JS-1179
Synced expected ruling files from actual results and removed orphaned expected files that no longer have corresponding actual ruling files. Ruling Status: PASS (rule-specific projects refined successfully) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Contributor
Ruling ReportCode no longer flagged (40 issues)S5850Ghost/core/server/api/index.js:56 54 | */
55 | cacheInvalidationHeader = function cacheInvalidationHeader(req, result) {
> 56 | var parsedUrl = req._parsedUrl.pathname.replace(/^\/|\/$/g, '').split('/'),
57 | method = req.method,
58 | endpoint = parsedUrl[0],Ghost/core/server/api/utils.js:112 110 | validateOptions: function validateOptions(options) {
111 | var globalValidations = {
> 112 | id: {matches: /^\d+|me$/},
113 | uuid: {isUUID: true},
114 | slug: {isSlug: true},Ghost/core/server/api/utils.js:116 114 | slug: {isSlug: true},
115 | page: {matches: /^\d+$/},
> 116 | limit: {matches: /^\d+|all$/},
117 | fields: {matches: /^[\w, ]+$/},
118 | order: {matches: /^[a-z0-9_,\. ]+$/i},Ghost/core/shared/ghost-url.js:47 45 | if (args.length) {
46 | args.forEach(function (el) {
> 47 | requestUrl += el.replace(/^\/|\/$/g, '') + '/';
48 | });
49 | }TypeScript/lib/tsc.js:7384 7382 | function writeTrimmedCurrentLine(text, commentEnd, writer, newLine, pos, nextLineStart) {
7383 | var end = Math.min(commentEnd, nextLineStart - 1);
> 7384 | var currentLineText = text.substring(pos, end).replace(/^\s+|\s+$/g, "");
7385 | if (currentLineText) {
7386 | writer.write(currentLineText);TypeScript/lib/tsc.js:55763 55761 | }
55762 | function trimString(s) {
> 55763 | return typeof s.trim === "function" ? s.trim() : s.replace(/^[\s]+|[\s]+$/g, "");
55764 | }
55765 | var invalidTrailingRecursionPattern = /(^|\/)\*\*\/?$/;TypeScript/lib/typingsInstaller.js:6100 6098 | }
6099 | function trimString(s) {
> 6100 | return typeof s.trim === "function" ? s.trim() : s.replace(/^[\s]+|[\s]+$/g, "");
6101 | }
6102 | var invalidTrailingRecursionPattern = /(^|\/)\*\*\/?$/;TypeScript/src/compiler/commandLineParser.ts:1399 1397 |
1398 | function trimString(s: string) {
> 1399 | return typeof s.trim === "function" ? s.trim() : s.replace(/^[\s]+|[\s]+$/g, "");
1400 | }
1401 | TypeScript/src/compiler/utilities.ts:3002 3000 | function writeTrimmedCurrentLine(text: string, commentEnd: number, writer: EmitTextWriter, newLine: string, pos: number, nextLineStart: number) {
3001 | const end = Math.min(commentEnd, nextLineStart - 1);
> 3002 | const currentLineText = text.substring(pos, end).replace(/^\s+|\s+$/g, "");
3003 | if (currentLineText) {
3004 | // trimmed forward and ending spaces textace/lib/ace/mode/html/saxparser.js:9777 9775 | return ctx.stylize('undefined', 'undefined');
9776 | if (isString(value)) {
> 9777 | var simple = '\'' + JSON.stringify(value).replace(/^"|"$/g, '')
9778 | .replace(/'/g, "\\'")
9779 | .replace(/\\"/g, '"') + '\'';...and 30 more (see ruling JSON files for full list) |
Contributor
Author
|
github-actions[bot] 2026-01-30T07:55:03Z addressed Examples from the report:
All of these match the pattern described in the Jira ticket and proposed approach. |
francois-mora-sonarsource
force-pushed
the
fix/JS-1179-fix-fp-on-s5850-regex-anchors-with-alternation-for-trimming-operations-opus
branch
from
ef992f4 to
79f724c
Compare
Contributor
|
I reverted the last commit made by the vibe bot because it incorrectly added NOSONAR to test files. |
|
Contributor
Author
|
francois-mora-sonarsource 2026-01-30T15:14:51Z addressed |
vdiez
approved these changes
Jan 30, 2026
Contributor
vdiez
left a comment
vdiez
left a comment
There was a problem hiding this comment.
LGTM! we should add this to the rule description as an exception to the rule
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a false positive in rule S5850 where two-alternative regex patterns with complementary anchors (e.g.,
/^\s+|\s+$/g) were incorrectly flagged. These patterns are valid trimming idioms where the first alternative starts with^and the second ends with$, commonly used for matching at the start OR end of strings.Key Changes
^and the second ends with$, suppress the warningValidation
Ruling analysis confirmed the implementation correctly handles 47 cases:
Relates to JS-1179