CodeQL documentation

Unmatchable dollar in regular expression

ID: js/regex/unmatchable-dollar
Kind: problem
Security severity: 
Severity: error
Precision: very-high
Tags:
   - reliability
   - correctness
   - regular-expressions
   - external/cwe/cwe-561
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

The dollar character $ in a regular expression only matches at the end of the input, or (for multi-line regular expressions) at the end of a line. If it is followed by a pattern that must match a non-empty sequence of (non-newline) input characters, it cannot possibly match, rendering the entire regular expression unmatchable.

Recommendation

Examine the regular expression to find and correct any typos.

Example

In the following example, the regular expression /\.\(\w+$\)/ cannot match any string, since it contains a dollar assertion followed by an escape sequence that matches a closing parenthesis.

if (file.match(/\.\(\w+$\)/))
	console.log("Found it.");

References

  • © GitHub, Inc.
  • Terms
  • Privacy