CodeQL documentation
CodeQL resources

Backspace escape in regular expression

ID: py/regex/backspace-escape Kind: problem Security severity: Severity: recommendation Precision: very-high Tags: - quality - maintainability - readability Query suites: - python-code-quality.qls - python-security-and-quality.qls

Click to see the query in the CodeQL repository

The meaning of the \b escape sequence inside a regular expression depends on its syntactic context: inside a character class, it matches the backspace character; outside of a character class, it matches a word boundary. This context dependency makes regular expressions hard to read, so the \b escape sequence should not be used inside character classes.

Recommendation

Replace \b in character classes with the semantically identical escape sequence \x08.

Example

In the following example, the regular expression contains two uses of \b: in the first case, it matches a word boundary, in the second case it matches a backspace character.

import re matcher = re.compile(r"\b[\t\b]") def match_data(data): return bool(matcher.match(data))

You can make the regular expression easier for other developers to interpret, by rewriting it as r"\b[\t\x08]".

References