fix: SonarCloud quality gate — regex DoS, dict fromkeys, vulture whitelist

nikolay-e · nikolay-e · commit eb099310fbe8 · 2026-04-09T00:27:27.000+02:00
diff --git a/src/treemapper/diffctx/edges/semantic/rust.py b/src/treemapper/diffctx/edges/semantic/rust.py
@@ -8,7 +8,7 @@
 from ...types import Fragment, FragmentId
 from ..base import EdgeBuilder, EdgeDict
 
-_RUST_USE_STMT_RE = re.compile(r"^\s*use\s+(.+?)\s*;", re.MULTILINE)
+_RUST_USE_STMT_RE = re.compile(r"^\s*use\s+([^;\n]+?)\s*;", re.MULTILINE)
 _RUST_MOD_RE = re.compile(r"^\s*(?:pub(?:\([^)]*\))?\s+)?mod\s+([a-z_][a-z0-9_]*)\s*[;{]", re.MULTILINE)
 
 _RUST_FN_RE = re.compile(r"^\s*(?:pub(?:\([^)]*\))?\s+)?(?:async\s+)?fn\s+([a-z_][a-z0-9_]*)", re.MULTILINE)
@@ -126,45 +126,54 @@ def _is_rust_file(path: Path) -> bool:
 _MAX_USE_TREE_DEPTH = 10
 
 
-def _parse_use_tree(text: str, _depth: int = 0) -> list[str]:
-    if _depth > _MAX_USE_TREE_DEPTH:
-        return []
-    text = re.sub(r"^(?:crate|self|super)::", "", text.strip())
-    if "{" not in text:
-        return [text] if text else []
-    brace_pos = text.index("{")
-    prefix = text[:brace_pos].rstrip(":")
-    inner = text[brace_pos + 1 :]
+def _find_matching_brace(inner: str) -> int:
     depth = 1
-    end = 0
     for i, ch in enumerate(inner):
         if ch == "{":
             depth += 1
         elif ch == "}":
             depth -= 1
             if depth == 0:
-                end = i
-                break
-    items_str = inner[:end]
-    results: list[str] = []
+                return i
+    return 0
+
+
+def _split_brace_items(items_str: str) -> list[str]:
+    items: list[str] = []
     current: list[str] = []
-    d = 0
+    depth = 0
     for ch in items_str:
         if ch == "{":
-            d += 1
+            depth += 1
             current.append(ch)
         elif ch == "}":
-            d -= 1
+            depth -= 1
             current.append(ch)
-        elif ch == "," and d == 0:
+        elif ch == "," and depth == 0:
             item = "".join(current).strip()
             if item and item != "self":
-                results.extend(_parse_use_tree(f"{prefix}::{item}" if prefix else item, _depth + 1))
+                items.append(item)
             current = []
         else:
             current.append(ch)
     item = "".join(current).strip()
     if item and item != "self":
+        items.append(item)
+    return items
+
+
+def _parse_use_tree(text: str, _depth: int = 0) -> list[str]:
+    if _depth > _MAX_USE_TREE_DEPTH:
+        return []
+    text = re.sub(r"^(?:crate|self|super)::", "", text.strip())
+    if "{" not in text:
+        return [text] if text else []
+    brace_pos = text.index("{")
+    prefix = text[:brace_pos].rstrip(":")
+    inner = text[brace_pos + 1 :]
+    end = _find_matching_brace(inner)
+    results: list[str] = []
+    for item in _split_brace_items(inner[:end]):
         results.extend(_parse_use_tree(f"{prefix}::{item}" if prefix else item, _depth + 1))
     return results
 
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -733,7 +733,7 @@ def _write_score_histogram(terminalreporter, results):
         return
 
     bucket_labels = ["0-10", "10-20", "20-30", "30-40", "40-50", "50-60", "60-70", "70-80", "80-90", "90-100", "100"]
-    counts = {b: 0 for b in bucket_labels}
+    counts = dict.fromkeys(bucket_labels, 0)
     for s in scores:
         if s >= 100.0:
             counts["100"] += 1
diff --git a/whitelist_vulture.py b/whitelist_vulture.py
@@ -35,8 +35,8 @@
 is_nlp_available
 Graph.add_node
 QuotientNode.fragment_count
-ProjectGraph.edges_of_type  # NOSONAR(python:S905)
-ProjectGraph.subgraph  # NOSONAR(python:S905)
+_ = ProjectGraph.edges_of_type
+_ = ProjectGraph.subgraph
 AnsibleEdgeBuilder
 BazelEdgeBuilder
 CargoEdgeBuilder
