patterns

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: GPL-3.0 Imports: 2 Imported by: 0

Documentation

Overview

Package patterns provides centralized regex patterns for code analysis.

Package patterns provides centralized regex patterns for code analysis. This file contains patterns used by symbolic execution engine.

Package patterns provides centralized regex patterns for code analysis.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// SuperglobalAccessPattern matches $_SUPERGLOBAL['key'] or $_SUPERGLOBAL["key"]
	// e.g., $_GET['id'], $_POST["name"], $_REQUEST[$var]
	SuperglobalAccessPattern = regexp.MustCompile(`^\$_(GET|POST|COOKIE|REQUEST|SERVER|FILES|ENV|SESSION)\[['"]?(\w+)['"]?\]$`)

	// StaticPropertyPattern matches Class::$property or Class::CONSTANT
	// e.g., MyClass::$instance, Config::DEBUG
	StaticPropertyPattern = regexp.MustCompile(`^(\w+)::\$?(\w+)$`)

	// PropertyAccessPattern matches $var->property or $var->property['key']
	// e.g., $obj->data, $request->params['id']
	PropertyAccessPattern = regexp.MustCompile(`^\$(\w+)->(\w+)(?:\[['"]?(\w+)['"]?\])?$`)

	// LocalVariablePattern matches simple variable $varname
	// e.g., $id, $username, $data
	LocalVariablePattern = regexp.MustCompile(`^\$(\w+)$`)

	// ChainPropertyWithKeyPattern matches chain property with array access ->property['key']
	// e.g., ->input['id'], ->data["name"]
	ChainPropertyWithKeyPattern = regexp.MustCompile(`^->(\w+)\[['"]?(\w+)['"]?\]`)

	// ChainSimplePropertyPattern matches simple chain property access ->property
	// e.g., ->input, ->data
	ChainSimplePropertyPattern = regexp.MustCompile(`^->(\w+)`)
)
View Source 
var (
	// WordPattern matches word characters only (identifier validation)
	// e.g., className, method_name, var123
	WordPattern = regexp.MustCompile(`^\w+$`)

	// DollarVariablePattern matches PHP variable with dollar sign
	// e.g., $var, $myVariable
	DollarVariablePattern = regexp.MustCompile(`^\$\w+$`)
)
View Source 
var (
	// ReturnStatementPattern matches return statements
	// e.g., return $value;, return $this->prop;
	ReturnStatementPattern = regexp.MustCompile(`return\s+([^;]+);`)

	// TypeCastPropertyReturnPattern matches (type)$this->property[$param]
	// e.g., (int)$this->input[$name], (string)$this->data[$key]
	TypeCastPropertyReturnPattern = regexp.MustCompile(`\((\w+)\)\s*\$this->(\w+)\[\$(\w+)\]`)

	// PropertyWithParamKeyPattern matches $this->property[$param] without cast
	// e.g., $this->input[$name], $this->data[$key]
	PropertyWithParamKeyPattern = regexp.MustCompile(`\$this->(\w+)\[\$(\w+)\]`)

	// NullCoalescePropertyPattern matches $this->property[$param] ??
	// e.g., $this->input[$name] ?? $default
	NullCoalescePropertyPattern = regexp.MustCompile(`\$this->(\w+)\[\$(\w+)\]\s*\?\?`)

	// TernaryIssetPattern matches isset($this->property[$param]) ? $this->property[$param] : default
	// e.g., isset($this->data[$key]) ? $this->data[$key] : null
	TernaryIssetPattern = regexp.MustCompile(`isset\s*\(\s*\$this->(\w+)\[\$(\w+)\]\s*\)\s*\?\s*\$this->(\w+)\[\$(\w+)\]`)

	// DirectPropertyReturnPattern matches return $this->property
	// e.g., return $this->data;, return $this->input;
	DirectPropertyReturnPattern = regexp.MustCompile(`^\$this->(\w+)$`)
)
View Source 
var (
	// BackingPropertyPattern matches return $this->property[$name] in __get
	// e.g., return $this->phrases[$name];
	BackingPropertyPattern = regexp.MustCompile(`return\s+\$this->(\w+)\[\$\w+\]`)

	// DynamicPropertyAssignPattern matches $this->$key = $val
	// e.g., $this->$name = $value;
	DynamicPropertyAssignPattern = regexp.MustCompile(`\$this->\$(\w+)\s*=\s*\$(\w+)`)

	// ForeachWithKVPattern matches foreach($array as $key => $val)
	// e.g., foreach($data as $k => $v)
	ForeachWithKVPattern = regexp.MustCompile(`foreach\s*\(\s*\$(\w+)\s+as\s+\$\w+\s*=>\s*\$\w+`)
)
View Source 
var (
	// ReturnNewPattern matches return new ClassName(
	// e.g., return new User(, return new Response(
	ReturnNewPattern = regexp.MustCompile(`return\s+new\s+(\w+)\(`)

	// PHPDocReturnPattern matches @return TypeName in PHPDoc
	// e.g., @return User, @return Response
	PHPDocReturnPattern = regexp.MustCompile(`@return\s+(\w+)`)
)
View Source 
var ComparisonPattern = regexp.MustCompile(`[<>=!]=?`)

ComparisonPattern matches comparison operators

View Source 
var ConditionExpressionPatterns = map[string]*regexp.Regexp{
	"if_paren":    regexp.MustCompile(`if\s*\((.+)\)\s*[{:]?`),
	"if_python":   regexp.MustCompile(`if\s+(.+?)\s*:\s*$`),
	"elif_python": regexp.MustCompile(`elif\s+(.+?)\s*:\s*$`),
	"elseif":      regexp.MustCompile(`(?:else\s*if|elseif)\s*\((.+)\)\s*[{:]?`),
	"switch":      regexp.MustCompile(`switch\s*\((.+?)\)\s*{?`),
	"case":        regexp.MustCompile(`case\s+(.+?)\s*:`),
	"ternary":     regexp.MustCompile(`(.+?)\s*\?\s*.+\s*:`),
}

ConditionExpressionPatterns extract condition expressions from code

View Source 
var ConditionLinePatterns = []*regexp.Regexp{
	regexp.MustCompile(`^\s*if\s*\(`),
	regexp.MustCompile(`^\s*if\s+[^(].*:`),
	regexp.MustCompile(`^\s*}\s*else\s*if\s*\(`),
	regexp.MustCompile(`^\s*else\s*if\s*\(`),
	regexp.MustCompile(`^\s*elif\s+`),
	regexp.MustCompile(`^\s*elseif\s*\(`),
	regexp.MustCompile(`^\s*}\s*elseif\s*\(`),
	regexp.MustCompile(`\?\s*.*\s*:`),
	regexp.MustCompile(`^\s*switch\s*\(`),
	regexp.MustCompile(`^\s*case\s+`),
}

ConditionLinePatterns matches lines containing condition statements

View Source 
var DefaultVariablePattern = regexp.MustCompile(
	`\$[a-zA-Z_][a-zA-Z0-9_]*` +
		`|` +
		`@{1,2}[a-zA-Z_][a-zA-Z0-9_]*` +
		`|` +
		`\b[a-zA-Z_][a-zA-Z0-9_]*\b`,
)

DefaultVariablePattern is used when language is not recognized

View Source 
var (
	// FunctionCallPattern matches functionName(args)
	// e.g., strlen($str), generate_post_check()
	FunctionCallPattern = regexp.MustCompile(`^(\w+)\(([^)]*)\)$`)
)
View Source 
var LanguageVariablePatterns = map[string][]*regexp.Regexp{
	"php": {
		regexp.MustCompile(`\$[a-zA-Z_][a-zA-Z0-9_]*`),
		regexp.MustCompile(`\$_[A-Z]+\s*\[\s*['"]([^'"]+)['"]\s*\]`),
	},
	"javascript": {
		regexp.MustCompile(`\b[a-zA-Z_$][a-zA-Z0-9_$]*\b`),
	},
	"typescript": {
		regexp.MustCompile(`\b[a-zA-Z_$][a-zA-Z0-9_$]*\b`),
	},
	"python": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
	"go": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
	"java": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
	"c": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
	"cpp": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
	"c_sharp": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
	"ruby": {
		regexp.MustCompile(`[@$]?[a-zA-Z_][a-zA-Z0-9_]*`),
	},
	"rust": {
		regexp.MustCompile(`\b[a-zA-Z_][a-zA-Z0-9_]*\b`),
	},
}

LanguageVariablePatterns provides language-specific patterns for extracting variables

View Source 
var LengthCheckPattern = regexp.MustCompile(`(?i)(strlen|length|count|size)\s*\(`)

LengthCheckPattern matches length/count check expressions

View Source 
var LogicalOperatorPattern = regexp.MustCompile(`(&&|\|\||!|and|or|not)`)

LogicalOperatorPattern matches logical operators

View Source 
var NullCheckPattern = regexp.MustCompile(`(?i)(isset|empty|is_null|null|\bnil\b|undefined)`)

NullCheckPattern matches null/empty check expressions

View Source 
var TypeCheckPattern = regexp.MustCompile(`(?i)(is_string|is_int|is_array|instanceof|typeof)`)

TypeCheckPattern matches type check expressions

Functions

func BuildPropertyArrayExternalAssignPattern 

func BuildPropertyArrayExternalAssignPattern(varName, propertyName string) *regexp.Regexp

BuildPropertyArrayExternalAssignPattern creates a pattern for $var->property['key'] = something;

func BuildPropertyAssignInLoopPattern 

func BuildPropertyAssignInLoopPattern(keyVar, valVar string) *regexp.Regexp

BuildPropertyAssignInLoopPattern creates a pattern for $this->property[$keyVar] = $valVar

func BuildPropertyExternalAssignPattern 

func BuildPropertyExternalAssignPattern(varName, propertyName string) *regexp.Regexp

BuildPropertyExternalAssignPattern creates a pattern for $var->property = something;

func BuildVariableAssignPattern 

func BuildVariableAssignPattern(varName string) *regexp.Regexp

BuildVariableAssignPattern creates a pattern for $varname = something;

func ExtractConditionExpression 

func ExtractConditionExpression(line string) string

ExtractConditionExpression extracts the condition from a line

func GetVariablePatterns 

func GetVariablePatterns(language string) []*regexp.Regexp

GetVariablePatterns returns the variable patterns for a language

func IsConditionLine 

func IsConditionLine(line string) bool

IsConditionLine checks if a line matches any condition pattern

func VariableBoundaryPattern 

func VariableBoundaryPattern(varName string) string

VariableBoundaryPattern builds a regex that matches varName as a standalone reference. Standard \b word boundaries fail for $-prefixed (PHP) and @-prefixed (Ruby) variables because $ and @ are non-word characters. Both pkg/ast and pkg/tracer use this to avoid substring false positives.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.