| CPC G06F 11/3616 (2013.01) [G06F 11/3608 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for scanning a source code file, the method comprising:
obtaining, by a code scanning service implemented as code executed by one or more processers of a cloud provider network, a string analysis rule definition, the string analysis rule definition including a first search pattern, a second search pattern, and a first test criterion, wherein the first search pattern is a regular expression and wherein the first test criterion is a logical expression evaluated against at least a portion of a string matching the first search pattern;
compiling, by the code scanning service, objects within the source code file;
obtaining, by the code scanning service, a request to perform a code scan on the source code file using the string analysis rule definition;
generating a string structure of a first string in the source code file, the string structure including a plurality of string pieces, each string piece having zero or more properties, wherein the first string is a sequence of characters, and wherein each string piece is a sequence of characters;
determining that a first portion of the first string is a first match to the first search pattern, wherein the first string is associated with a first string piece of the plurality of string pieces;
determining that a second portion of the first string is a second match to the second search pattern;
evaluating the first test criterion against a property of the first string piece, wherein the first test criterion evaluates a relative position of the first match to the second match within the first string; and
providing an indication of a result of the evaluation of the first test criterion.
|