mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-08 23:18:05 -05:00
54 lines
2.0 KiB
YAML
54 lines
2.0 KiB
YAML
name: Detect Non-RE2 Regex
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
jobs:
|
|
check-non-re2-regex:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Get diff of backend/*
|
|
run: |
|
|
git diff --unified=0 "origin/${{ github.base_ref }}"...HEAD -- backend/ > diff.txt
|
|
|
|
- name: Scan backend diff for non-RE2 regex
|
|
run: |
|
|
# Extract only added lines (excluding file headers)
|
|
grep '^+' diff.txt | grep -v '^+++' | sed 's/^\+//' > added_lines.txt
|
|
|
|
if [ ! -s added_lines.txt ]; then
|
|
echo "✅ No added lines in backend/ to check for regex usage."
|
|
exit 0
|
|
fi
|
|
|
|
regex_usage_pattern='(^|[^A-Za-z0-9_"'"'"'`\.\/\\])(\/(?:\\.|[^\/\n\\])+\/[gimsuyv]*(?=\s*[\.\(;,)\]}:]|$)|new RegExp\()'
|
|
|
|
# Find all added lines that contain regex patterns
|
|
if grep -E "$regex_usage_pattern" added_lines.txt > potential_violations.txt 2>/dev/null; then
|
|
# Filter out lines that contain 'new RE2' (allowing for whitespace variations)
|
|
if grep -v -E 'new\s+RE2\s*\(' potential_violations.txt > actual_violations.txt 2>/dev/null && [ -s actual_violations.txt ]; then
|
|
echo "🚨 ERROR: Found forbidden regex pattern in added/modified backend code."
|
|
echo ""
|
|
echo "The following lines use raw regex literals (/.../) or new RegExp(...):"
|
|
echo "Please replace with 'new RE2(...)' for RE2 compatibility."
|
|
echo ""
|
|
echo "Offending lines:"
|
|
cat actual_violations.txt
|
|
exit 1
|
|
else
|
|
echo "✅ All identified regex usages are correctly using 'new RE2(...)'."
|
|
fi
|
|
else
|
|
echo "✅ No regex patterns found in added/modified backend lines."
|
|
fi
|
|
|
|
- name: Cleanup temporary files
|
|
if: always()
|
|
run: |
|
|
rm -f diff.txt added_lines.txt potential_violations.txt actual_violations.txt
|