hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add initial version of string replaceAll with no regex query

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-03-21 16:28:20 +00:00
parent d2a4f1e17a
commit 041adcd63a
5 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
java/ql/src/Performance/StringReplaceAllWithNonRegex.md Normal file
View File

@@ -0,0 +1,28 @@
# J-STR-001: Use of `String.replaceAll` with a first argument of a non regular expression
Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression.
## Overview
The underlying implementation of `String.replaceAll` uses `Pattern.compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String.replace` may be more performant as it does not need to compile the regular expression.
## Recommendation
Use `String.replace` instead where a `replaceAll` call uses a trivial string as its first argument.
## Example
```java
public class Test {
void f() {
String s1 = "test";
s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT
s1 = s1.replaceAll(".*", "x"); // COMPLIANT
}
}
```
## References
- [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String))