• CodeQL query help documentation »
• CodeQL query help for Python »

Backspace escape in regular expression

ID: py/regex/backspace-escape
Kind: problem
Security severity: 
Severity: recommendation
Precision: very-high
Tags:
   - maintainability
Query suites:
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

The meaning of the \b escape sequence inside a regular expression depends on its syntactic context: inside a character class, it matches the backspace character; outside of a character class, it matches a word boundary. This context dependency makes regular expressions hard to read, so the \b escape sequence should not be used inside character classes.

Recommendation

Replace \b in character classes with the semantically identical escape sequence \x08.

Example

In the following example, the regular expression contains two uses of \b: in the first case, it matches a word boundary, in the second case it matches a backspace character.

import re
matcher = re.compile(r"\b[\t\b]")

def match_data(data):
    return bool(matcher.match(data))

You can make the regular expression easier for other developers to interpret, by rewriting it as r"\b[\t\x08]".

References

• Python Standard Library: Regular expression operations.

• © GitHub, Inc.
• Terms
• Privacy