Backspace escape in regular expression¶
ID: py/regex/backspace-escapeKind: problemSecurity severity: Severity: recommendationPrecision: very-highTags: - quality - maintainability - readabilityQuery suites: - python-security-and-quality.qls
Click to see the query in the CodeQL repository
The meaning of the\b escape sequence inside a regular expression depends on its syntactic context: inside a character class, it matches the backspace character; outside of a character class, it matches a word boundary. This context dependency makes regular expressions hard to read, so the\b escape sequence should not be used inside character classes.
Recommendation¶
Replace\b in character classes with the semantically identical escape sequence\x08.
Example¶
In the following example, the regular expression contains two uses of\b: in the first case, it matches a word boundary, in the second case it matches a backspace character.
importrematcher=re.compile(r"\b[\t\b]")defmatch_data(data):returnbool(matcher.match(data))
You can make the regular expression easier for other developers to interpret, by rewriting it asr"\b[\t\x08]".
References¶
Python Standard Library:Regular expression operations.