Open jedwards1211 opened 5 years ago
Yes, JavaScript regular expressions are supported too.
I see, how much does the file scanning support JS? I don't see anything in the readme about how it would scan JS files for regexes or what the limitations would be on dynamically constructed regexes like new RegExp(foo + bar)
where foo
and bar
are just constants initialized to string literals
Regex extraction and regex analysis are separate problems.
The extraction relies on simple static analysis. It only finds regexes declared /like this/
or as constant strings in the constructor, like new Regexp("foo")
. See section 5.A."Extraction through static analysis" of this paper.
PRs to improve the static extraction are welcome. I'm not sure if the static analysis framework I used for JS handles dataflow analysis.
The super-linear regex detection ensemble exposed by this project is much more powerful than safe-regex's heuristic.
I saw in your fork of
safe-regex
that you recommend this project instead. But is it designed to work on Node regular expressions? And in any case, maybe we should make a Node.js version to use with tools like ESLint?