CodeQL documentation

Unmatchable caret in regular expression

ID: js/regex/unmatchable-caret
Kind: problem
Security severity: 
Severity: error
Precision: very-high
Tags:
   - reliability
   - correctness
   - regular-expressions
   - external/cwe/cwe-561
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

The caret character ^ in a regular expression only matches at the beginning of the input, or (for multi-line regular expressions) at the beginning of a line. If it is preceded by a pattern that must match a non-empty sequence of (non-newline) input characters, it cannot possibly match, rendering the entire regular expression unmatchable.

Recommendation

Examine the regular expression to find and correct any typos.

Example

In the following example, the regular expression /\[^.]*\.css/ cannot match any string, since it contains a caret assertion preceded by an escape sequence that matches an opening bracket.

if (file.match(/\[^.]*\.css/))
	console.log("Found it.");

References

  • © GitHub, Inc.
  • Terms
  • Privacy