Move a specific regex to static variable

internal/cachedregexp/regex.go

@@ -0,0 +1,17 @@
+package cachedregexp
+
+import (
+ "regexp"
+ "sync"
+)
+
+var cache sync.Map
+
+func MustCompile(exp string) *regexp.Regexp {
+ compiled, ok := cache.Load(exp)
+ if !ok {
+ compiled, _ = cache.LoadOrStore(exp, regexp.MustCompile(exp))
+ }
+
+ return compiled.(*regexp.Regexp)
+}

internal/semantic/version-maven.go

@@ -2,9 +2,10 @@ package semantic
 
 import (
  "fmt"
- "regexp"
  "sort"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 type mavenVersionToken struct {
@@ -175,11 +176,11 @@ func (mv MavenVersion) lessThan(mw MavenVersion) bool {
 // According to Maven's implementation, any non-digit is a "character":
 // https://github.com/apache/maven/blob/965aaa53da5c2d814e94a41d37142d0d6830375d/maven-artifact/src/main/java/org/apache/maven/artifact/versioning/ComparableVersion.java#L627
 func mavenFindTransitions(token string) (ints []int) {
- for _, span := range regexp.MustCompile(`\D\d`).FindAllStringIndex(token, -1) {
+ for _, span := range cachedregexp.MustCompile(`\D\d`).FindAllStringIndex(token, -1) {
  ints = append(ints, span[0]+1)
  }
 
- for _, span := range regexp.MustCompile(`\d\D`).FindAllStringIndex(token, -1) {
+ for _, span := range cachedregexp.MustCompile(`\d\D`).FindAllStringIndex(token, -1) {
  ints = append(ints, span[0]+1)
  }
 

internal/semantic/version-packagist.go

@@ -1,9 +1,10 @@
 package semantic
 
 import (
- "regexp"
  "strconv"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 func canonicalizePackagistVersion(v string) string {
@@ -15,9 +16,9 @@ func canonicalizePackagistVersion(v string) string {
  // the trimming...)
  v = strings.TrimPrefix(strings.TrimPrefix(v, "v"), "V")
 
- v = regexp.MustCompile(`[-_+]`).ReplaceAllString(v, ".")
- v = regexp.MustCompile(`([^\d.])(\d)`).ReplaceAllString(v, "$1.$2")
- v = regexp.MustCompile(`(\d)([^\d.])`).ReplaceAllString(v, "$1.$2")
+ v = cachedregexp.MustCompile(`[-_+]`).ReplaceAllString(v, ".")
+ v = cachedregexp.MustCompile(`([^\d.])(\d)`).ReplaceAllString(v, "$1.$2")
+ v = cachedregexp.MustCompile(`(\d)([^\d.])`).ReplaceAllString(v, "$1.$2")
 
  return v
 }

internal/semantic/version-pypi.go

@@ -3,8 +3,9 @@ package semantic
 import (
  "fmt"
  "math/big"
- "regexp"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 type PyPIVersion struct {
@@ -67,7 +68,7 @@ func parseLetterVersion(letter, number string) letterAndNumber {
 }
 
 func parseLocalVersion(local string) (parts []string) {
- for _, part := range regexp.MustCompile(`[._-]`).Split(local, -1) {
+ for _, part := range cachedregexp.MustCompile(`[._-]`).Split(local, -1) {
  parts = append(parts, strings.ToLower(part))
  }
 
@@ -88,7 +89,7 @@ func normalizePyPILegacyPart(part string) string {
  part = "@"
  }
 
- if regexp.MustCompile(`\d`).MatchString(part[:1]) {
+ if cachedregexp.MustCompile(`\d`).MatchString(part[:1]) {
  // pad for numeric comparison
  return fmt.Sprintf("%08s", part)
  }
@@ -97,7 +98,7 @@ func normalizePyPILegacyPart(part string) string {
 }
 
 func parsePyPIVersionParts(str string) (parts []string) {
- re := regexp.MustCompile(`(\d+|[a-z]+|\.|-)`)
+ re := cachedregexp.MustCompile(`(\d+|[a-z]+|\.|-)`)
 
  splits := re.FindAllString(str, -1)
  splits = append(splits, "final")
@@ -137,7 +138,7 @@ func parsePyPIVersion(str string) PyPIVersion {
  str = strings.ToLower(str)
 
  // from https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
- re := regexp.MustCompile(`^\s*v?(?:(?:(?P<epoch>[0-9]+)!)?(?P<release>[0-9]+(?:\.[0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(a|b|c|rc|alpha|beta|pre|preview))[-_\.]?(?P<pre_n>[0-9]+)?)?(?P<post>(?:-(?P<post_n1>[0-9]+))|(?:[-_\.]?(?P<post_l>post|rev|r)[-_\.]?(?P<post_n2>[0-9]+)?))?(?P<dev>[-_\.]?(?P<dev_l>dev)[-_\.]?(?P<dev_n>[0-9]+)?)?)(?:\+(?P<local>[a-z0-9]+(?:[-_\.][a-z0-9]+)*))?\s*$`)
+ re := cachedregexp.MustCompile(`^\s*v?(?:(?:(?P<epoch>[0-9]+)!)?(?P<release>[0-9]+(?:\.[0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(a|b|c|rc|alpha|beta|pre|preview))[-_\.]?(?P<pre_n>[0-9]+)?)?(?P<post>(?:-(?P<post_n1>[0-9]+))|(?:[-_\.]?(?P<post_l>post|rev|r)[-_\.]?(?P<post_n2>[0-9]+)?))?(?P<dev>[-_\.]?(?P<dev_l>dev)[-_\.]?(?P<dev_n>[0-9]+)?)?)(?:\+(?P<local>[a-z0-9]+(?:[-_\.][a-z0-9]+)*))?\s*$`)
  match := re.FindStringSubmatch(str)
 
  if len(match) == 0 {

internal/semantic/version-semver-like.go

@@ -3,8 +3,9 @@ package semantic
 import (
  "fmt"
  "math/big"
- "regexp"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 // SemverLikeVersion is a version that is _like_ a version as defined by the
@@ -55,7 +56,7 @@ func parseSemverLike(line string) SemverLikeVersion {
  var components []*big.Int
  originStr := line
 
- numberReg := regexp.MustCompile(`\d`)
+ numberReg := cachedregexp.MustCompile(`\d`)
 
  currentCom := ""
  foundBuild := false

pkg/lockfile/dpkg-status.go

@@ -4,9 +4,10 @@ import (
  "bufio"
  "fmt"
  "os"
- "regexp"
  "sort"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 const DebianEcosystem Ecosystem = "Debian"
@@ -38,7 +39,7 @@ func groupDpkgPackageLines(scanner *bufio.Scanner) [][]string {
 // Return name and version if "Source" field contains them
 func parseSourceField(source string) (string, string) {
  // Pattern: name (version)
- re := regexp.MustCompile(`^(.*)\((.*)\)`)
+ re := cachedregexp.MustCompile(`^(.*)\((.*)\)`)
  matches := re.FindStringSubmatch(source)
  if len(matches) == 3 {
  return strings.TrimSpace(matches[1]), strings.TrimSpace(matches[2])

pkg/lockfile/parse-gemfile-lock.go

@@ -4,8 +4,9 @@ import (
  "fmt"
  "log"
  "os"
- "regexp"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 const BundlerEcosystem Ecosystem = "RubyGems"
@@ -55,8 +56,8 @@ func (parser *gemfileLockfileParser) addDependency(name string, version string)
 }
 
 func (parser *gemfileLockfileParser) parseSpec(line string) {
- // nameVersionReg := regexp.MustCompile(`^( {2}| {4}| {6})(?! )(.*?)(?: \(([^-]*)(?:-(.*))?\))?(!)?$`)
- nameVersionReg := regexp.MustCompile(`^( +)(.*?)(?: \(([^-]*)(?:-(.*))?\))?(!)?$`)
+ // nameVersionReg := cachedregexp.MustCompile(`^( {2}| {4}| {6})(?! )(.*?)(?: \(([^-]*)(?:-(.*))?\))?(!)?$`)
+ nameVersionReg := cachedregexp.MustCompile(`^( +)(.*?)(?: \(([^-]*)(?:-(.*))?\))?(!)?$`)
 
  results := nameVersionReg.FindStringSubmatch(line)
 
@@ -82,7 +83,7 @@ func (parser *gemfileLockfileParser) parseSource(line string) {
  }
 
  // OPTIONS = /^ ([a-z]+): (.*)$/i.freeze
- optionsRegexp := regexp.MustCompile(`(?i)^ {2}([a-z]+): (.*)$`)
+ optionsRegexp := cachedregexp.MustCompile(`(?i)^ {2}([a-z]+): (.*)$`)
 
  // todo: support
  options := optionsRegexp.FindStringSubmatch(line)
@@ -105,7 +106,7 @@ func (parser *gemfileLockfileParser) parseSource(line string) {
 }
 
 func isNotIndented(line string) bool {
- re := regexp.MustCompile(`^\S`)
+ re := cachedregexp.MustCompile(`^\S`)
 
  return re.MatchString(line)
 }
@@ -127,7 +128,7 @@ func (parser *gemfileLockfileParser) parseLineBasedOnState(line string) {
 }
 
 func (parser *gemfileLockfileParser) parse(contents string) {
- lineMatcher := regexp.MustCompile(`(?:\r?\n)+`)
+ lineMatcher := cachedregexp.MustCompile(`(?:\r?\n)+`)
 
  lines := lineMatcher.Split(contents, -1)
 

pkg/lockfile/parse-maven-lock.go

@@ -4,7 +4,8 @@ import (
  "encoding/xml"
  "fmt"
  "os"
- "regexp"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 type MavenLockDependency struct {
@@ -15,7 +16,7 @@ type MavenLockDependency struct {
 }
 
 func (mld MavenLockDependency) parseResolvedVersion(version string) string {
- versionRequirementReg := regexp.MustCompile(`[[(]?(.*?)(?:,|[)\]]|$)`)
+ versionRequirementReg := cachedregexp.MustCompile(`[[(]?(.*?)(?:,|[)\]]|$)`)
 
  results := versionRequirementReg.FindStringSubmatch(version)
 
@@ -27,7 +28,7 @@ func (mld MavenLockDependency) parseResolvedVersion(version string) string {
 }
 
 func (mld MavenLockDependency) resolveVersionValue(lockfile MavenLockFile) string {
- interpolationReg := regexp.MustCompile(`\${(.+)}`)
+ interpolationReg := cachedregexp.MustCompile(`\${(.+)}`)
 
  results := interpolationReg.FindStringSubmatch(mld.Version)
 

pkg/lockfile/parse-mix-lock.go

@@ -4,8 +4,9 @@ import (
  "bufio"
  "fmt"
  "os"
- "regexp"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 const MixEcosystem Ecosystem = "Hex"
@@ -17,7 +18,7 @@ func ParseMixLock(pathToLockfile string) ([]PackageDetails, error) {
  }
  defer file.Close()
 
- re := regexp.MustCompile(`^ +"(\w+)": \{.+,$`)
+ re := cachedregexp.MustCompile(`^ +"(\w+)": \{.+,$`)
 
  scanner := bufio.NewScanner(file)
 

pkg/lockfile/parse-pnpm-lock.go

@@ -3,10 +3,10 @@ package lockfile
 import (
  "fmt"
  "os"
- "regexp"
  "strconv"
  "strings"
 
+ "github.com/google/osv-scanner/internal/cachedregexp"
  "gopkg.in/yaml.v3"
 )
 
@@ -55,7 +55,7 @@ func (l *PnpmLockfile) UnmarshalYAML(unmarshal func(interface{}) error) error {
 const PnpmEcosystem = NpmEcosystem
 
 func startsWithNumber(str string) bool {
- matcher := regexp.MustCompile(`^\d`)
+ matcher := cachedregexp.MustCompile(`^\d`)
 
  return matcher.MatchString(str)
 }
@@ -108,7 +108,7 @@ func extractPnpmPackageNameAndVersion(dependencyPath string) (string, string) {
 
 func parseNameAtVersion(value string) (name string, version string) {
  // look for pattern "name@version", where name is allowed to contain zero or more "@"
- matches := regexp.MustCompile(`^(.+)@([\d.]+)$`).FindStringSubmatch(value)
+ matches := cachedregexp.MustCompile(`^(.+)@([\d.]+)$`).FindStringSubmatch(value)
 
  if len(matches) != 3 {
  return name, ""
@@ -142,7 +142,7 @@ func parsePnpmLock(lockfile PnpmLockfile) []PackageDetails {
  commit := pkg.Resolution.Commit
 
  if strings.HasPrefix(pkg.Resolution.Tarball, "https://codeload.github.com") {
- re := regexp.MustCompile(`https://codeload\.github\.com(?:/[\w-.]+){2}/tar\.gz/(\w+)$`)
+ re := cachedregexp.MustCompile(`https://codeload\.github\.com(?:/[\w-.]+){2}/tar\.gz/(\w+)$`)
  matched := re.FindStringSubmatch(pkg.Resolution.Tarball)
 
  if matched != nil {

pkg/lockfile/parse-requirements-txt.go

@@ -5,8 +5,9 @@ import (
  "fmt"
  "os"
  "path/filepath"
- "regexp"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 const PipEcosystem Ecosystem = "PyPI"
@@ -67,15 +68,15 @@ func parseLine(line string) PackageDetails {
 // than false negatives, and can be dealt with when/if it actually happens.
 func normalizedRequirementName(name string) string {
  // per https://www.python.org/dev/peps/pep-0503/#normalized-names
- name = regexp.MustCompile(`[-_.]+`).ReplaceAllString(name, "-")
+ name = cachedregexp.MustCompile(`[-_.]+`).ReplaceAllString(name, "-")
  name = strings.ToLower(name)
  name = strings.Split(name, "[")[0]
 
  return name
 }
 
 func removeComments(line string) string {
- var re = regexp.MustCompile(`(^|\s+)#.*$`)
+ var re = cachedregexp.MustCompile(`(^|\s+)#.*$`)
 
  return strings.TrimSpace(re.ReplaceAllString(line, ""))
 }

pkg/lockfile/parse-yarn-lock.go

@@ -5,8 +5,9 @@ import (
  "fmt"
  "net/url"
  "os"
- "regexp"
  "strings"
+
+ "github.com/google/osv-scanner/internal/cachedregexp"
 )
 
 const YarnEcosystem = NpmEcosystem
@@ -63,7 +64,7 @@ func extractYarnPackageName(str string) string {
 }
 
 func determineYarnPackageVersion(group []string) string {
- re := regexp.MustCompile(`^ {2}"?version"?:? "?([\w-.]+)"?$`)
+ re := cachedregexp.MustCompile(`^ {2}"?version"?:? "?([\w-.]+)"?$`)
 
  for _, s := range group {
  matched := re.FindStringSubmatch(s)
@@ -78,7 +79,7 @@ func determineYarnPackageVersion(group []string) string {
 }
 
 func determineYarnPackageResolution(group []string) string {
- re := regexp.MustCompile(`^ {2}"?(?:resolution:|resolved)"? "([^ '"]+)"$`)
+ re := cachedregexp.MustCompile(`^ {2}"?(?:resolution:|resolved)"? "([^ '"]+)"$`)
 
  for _, s := range group {
  matched := re.FindStringSubmatch(s)
@@ -111,7 +112,7 @@ func tryExtractCommit(resolution string) string {
  }
 
  for _, matcher := range matchers {
- re := regexp.MustCompile(matcher)
+ re := cachedregexp.MustCompile(matcher)
  matched := re.FindStringSubmatch(resolution)
 
  if matched != nil {