Unmatchable dollar in regular expression¶
ID: js/regex/unmatchable-dollar
Kind: problem
Security severity:
Severity: error
Precision: very-high
Tags:
- reliability
- correctness
- regular-expressions
- external/cwe/cwe-561
Query suites:
- javascript-security-and-quality.qls
Click to see the query in the CodeQL repository
The dollar character $
in a regular expression only matches at the end of the input, or (for multi-line regular expressions) at the end of a line. If it is followed by a pattern that must match a non-empty sequence of (non-newline) input characters, it cannot possibly match, rendering the entire regular expression unmatchable.
Recommendation¶
Examine the regular expression to find and correct any typos.
Example¶
In the following example, the regular expression /\.\(\w+$\)/
cannot match any string, since it contains a dollar assertion followed by an escape sequence that matches a closing parenthesis.
if (file.match(/\.\(\w+$\)/))
console.log("Found it.");
References¶
Mozilla Developer Network: JavaScript Regular Expressions.
Common Weakness Enumeration: CWE-561.