You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Several linter rules compile regexes from user configuration with unwrap / expect, or convert compilation errors into None / fallback behavior. Invalid regex config should not panic during linting, and it should not silently disable or change rule behavior.
This issue tracks the affected sites and should be closed once they either report a configuration error consistently, escape user input before building generated regexes, or have explicitly documented literal-fallback semantics with tests.
Panic sites
crates/oxc_linter/src/utils/jest.rs:324
matches_assert_function_name does Regex::new(pattern).unwrap() on converted assertFunctionNames patterns.
Reached by jest/prefer-ending-with-an-expect and shared jest / vitestexpect-expect logic.
User-provided values flow through convert_pattern; malformed regex metacharacters can become a runtime panic.
checkTypesPattern is compiled with .expect("config.checkTypesPattern should be a valid regex pattern").
Invalid user config can panic instead of returning a config error.
crates/oxc_linter/src/rules/react/jsx_handler_names.rs:161 and :177cancelled, see comment
Dynamic regexes are built with RegexBuilder::new(...).build().expect(...).
Inputs are escaped first, so this is probably lower risk than the config-regex cases, but it is still dynamic regex construction with a panic path and should be reviewed.
Several linter rules compile regexes from user configuration with
unwrap/expect, or convert compilation errors intoNone/ fallback behavior. Invalid regex config should not panic during linting, and it should not silently disable or change rule behavior.This issue tracks the affected sites and should be closed once they either report a configuration error consistently, escape user input before building generated regexes, or have explicitly documented literal-fallback semantics with tests.
Panic sites
crates/oxc_linter/src/utils/jest.rs:324matches_assert_function_namedoesRegex::new(pattern).unwrap()on convertedassertFunctionNamespatterns.jest/prefer-ending-with-an-expectand sharedjest/vitestexpect-expectlogic.convert_pattern; malformed regex metacharacters can become a runtime panic.crates/oxc_linter/src/rules/typescript/no_require_imports.rs:126allowpatterns are documented as regexes and compiled withRegex::new(pattern).unwrap()during matching.crates/oxc_linter/src/rules/jsdoc/require_param.rs:185checkTypesPatternis compiled with.expect("config.checkTypesPatternshould be a valid regex pattern").cancelled, see commentcrates/oxc_linter/src/rules/react/jsx_handler_names.rs:161and:177RegexBuilder::new(...).build().expect(...).Silent invalid-pattern handling
crates/oxc_linter/src/rules/shared/jest_vitest/valid_title.rs:369,:375,:386,:389compile_matcher_patternusesRegex::new(...).ok()?.crates/oxc_linter/src/rules/shared/jest_vitest/valid_title.rs:411fix(linter/valid-title): escape disallowed words regex #23742disallowedWordsare interpolated into a generated regex andlet Ok(...) = ... else { return; }silently skips the check if compilation fails..), so other regex metacharacters can alter or break the generated regex.crates/oxc_linter/src/rules/typescript/ban_ts_comment.rs:153descriptionFormatcompiles toNone, silently changingDescriptionFormatbehavior.crates/oxc_linter/src/rules/vitest/consistent_test_filename.rs:115and:119allTestPattern/patternconfig returnsNone; callers then fall back to defaults.crates/oxc_linter/src/rules/eslint/capitalized_comments.rs:87fix(linter): report invalid capitalized-comments ignore patterns #23608ignorePatternbecomesNone, so configured comments are no longer ignored without any config error.crates/oxc_linter/src/rules/eslint/no_param_reassign.rs:109ignorePropertyModificationsForRegexare skipped viaif let Ok(regex).crates/oxc_linter/src/rules/vue/prop_name_casing.rs:244is_ok_and.crates/oxc_linter/src/rules/node/handle_callback_err.rs:53fix(refactor/node/handle-callback-err): reject invalid regex config #23740^are treated as regexes, but invalid regexes fall back to plain string matching.crates/oxc_linter/src/rules/shared/jest_vitest/no_large_snapshots.rs:272cancelled, see commentcrates/oxc_linter/src/rules/eslint/no_warning_comments.rs:231.ok()insidefilter_map.