[BugFix]: Fix panic occurring for regex with incomplete groupings (#429)

* [BugFix]: fix to catch panic when handling regex that contains incomplete groupings * [Misc]: removed debugging statements
aws-cloudformation · Dec 7, 2023 · f624b46 · f624b46
1 parent 1369f67
commit f624b46
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 1 deletion.
diff --git a/guard/src/rules/parser.rs b/guard/src/rules/parser.rs
@@ -257,14 +257,39 @@ fn parse_regex_inner(input: Span) -> IResult<Span, Value> {
 
         regex.push_str(fragment);
 
-        for c in regex.chars() {
+        let mut stack = vec![];
+        let chars = regex.chars().collect::<Vec<_>>();
+
+        for (i, c) in chars.iter().enumerate() {
             if c.is_control() {
                 return Err(nom::Err::Error(ParserError {
                     context: "Could not parse regular expression".to_string(),
                     kind: ErrorKind::RegexpMatch,
                     span: input,
                 }));
             }
+            if *c == '(' {
+                if i == 0 || *chars.get(i - 1).unwrap() != '\\' {
+                    stack.push(c);
+                }
+            } else if *c == ')'
+                && (i == 0 || *chars.get(i - 1).unwrap() != '\\')
+                && stack.pop().is_none()
+            {
+                return Err(nom::Err::Error(ParserError {
+                    context: "Could not parse regular expression".to_string(),
+                    kind: ErrorKind::RegexpMatch,
+                    span: input,
+                }));
+            }
+        }
+
+        if !stack.is_empty() {
+            return Err(nom::Err::Error(ParserError {
+                context: "Could not parse regular expression".to_string(),
+                kind: ErrorKind::RegexpMatch,
+                span: input,
+            }));
         }
 
         return match Regex::try_from(regex.as_str()) {

diff --git a/guard/src/rules/parser_tests.rs b/guard/src/rules/parser_tests.rs
@@ -4623,6 +4623,24 @@ fn test_parse_regex_inner_when_regex_is_valid() {
     assert!(parse_regex_inner(valid_cmp).is_ok())
 }
 
+#[test]
+fn test_parse_regex_when_regex_contains_incomplete_group_structure() {
+    std::env::set_var("RUST_BACKTRACE", "1");
+
+    let invalid = r#"/!w(?()"Kuz>/"#;
+
+    let invalid_cmp = unsafe { Span::new_from_raw_offset(invalid.len(), 1, invalid, "") };
+    assert!(parse_regex(invalid_cmp).is_err());
+}
+
+#[test]
+fn test_parse_regex_when_regex_contains_complete_group_structure_and_escaped_opening_paren() {
+    let invalid = r#"/!w\(?()"Kuz>/"#;
+
+    let invalid_cmp = unsafe { Span::new_from_raw_offset(invalid.len(), 1, invalid, "") };
+    assert!(parse_regex(invalid_cmp).is_ok());
+}
+
 #[test]
 fn test_parse_regex_when_regex_contains_control_characters() {
     let invalid = r#"t(/(FF()!t	(?(