Write efficient, error-free and safe regular expressions (regex) in PHP

Hello PHP developers,

We just released a first set of rules to help you write efficient, error-free, and safe regular expressions. This is a continuation of the work we did for JS/TS and Java developers.

While using regular expressions is something quite usual for a developer nowadays, it does not make it something easy to handle. It’s even regularly considered as being something “hard” to do by developers. Writing regular expressions is error-prone, can take time, and once written, identifying errors in them can also be extremely difficult.

Here is the full list of the new rules dedicated to regex:

Bug Detections:

  • S5996: Regex boundaries should not be used in a way that can never be matched
  • S5994: Regex patterns following a possessive quantifier should not always fail
  • S5855: Regex alternatives should not be redundant
  • S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
  • S5842: Regex repetition pattern’s body should not match the empty String

Code Smell Detections:

  • S5361: str_replace should be preferred to preg_replace
  • S6035: Single-character alternations in regular expressions should be replaced with character classes
  • S5869: Character classes in regular expressions should not contain the same character twice

These rules are available now on SonarCloud and will be included in SonarQube 9.1


1 Like