CodeQL documentation

Empty character class

ID: js/regex/empty-character-class
Kind: problem
Security severity: 
Severity: warning
Precision: very-high
Tags:
   - quality
   - reliability
   - correctness
   - regular-expressions
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

An empty character class in a regular expression does not match anything and may indicate missing code.

Recommendation

Omit the empty character class. If the whole regular expression would become empty, use /(?:)/ to express a deliberately empty regular expression.

Example

In the following example, the programmer presumably meant to write a regular expression that matches an opening square bracket or curly brace, followed by one or more letters or digits, followed by a closing square bracket or curly brace. However, they forgot to escape the closing square bracket with a backslash, leading to an empty character class. The resulting regular expression is malformed and could be interpreted differently on different platforms.

if (!/[[{]\w+[]}]/.test(input))
	console.log("Malformed input.");

To fix this problem, the regular expression should be rewritten to /[[{]\w+[\]}]/.

References

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy