Merge pull request #96 from yoeunes/dev

Configures regex optimization suggestions

Author: yoeunes

README.md

@@ -487,16 +487,29 @@ services:
   * Validate regex syntax at analysis time.
   * Optionally report ReDoS risks as PHPStan errors or warnings.
 
-Configuration is done via the provided `extension.neon`, with options such as:
+ Configuration is done via the provided `extension.neon`, with options such as:
 
 ```neon
 parameters:
     regexParser:
         ignoreParseErrors: true
         reportRedos: true
         redosThreshold: 'high'
+        suggestOptimizations: false
+        optimizationConfig:
+            digits: true
+            word: true
 ```
 
+* Options mirror the PHPStan bridge:
+
+  * `ignoreParseErrors` — skip likely partial regex strings (default: `true`).
+  * `reportRedos` — emit ReDoS issues (default: `true`).
+  * `redosThreshold` — minimum severity to report (`low`, `medium`, `high`, `critical`; default: `high`).
+  * `suggestOptimizations` — surface shorter equivalent patterns when found (default: `false`).
+  * `optimizationConfig.digits` — enable `[0-9]` → `\d` optimization suggestions (default: `true`).
+  * `optimizationConfig.word` — enable `[a-zA-Z0-9_]` → `\w` optimization suggestions (default: `true`).
+
 ### Psalm
 
 * Psalm plugin uses the same RegexParser validation and ReDoS checks for `preg_*` calls (including `preg_replace_callback_array` keys).

extension.neon

@@ -7,7 +7,12 @@ parametersSchema:
         # Minimum severity level to report: 'low', 'medium', 'high', 'critical'
         redosThreshold: string(),
         # Enable/disable regex optimization suggestions
-        suggestOptimizations: bool()
+        suggestOptimizations: bool(),
+        # Configuration for specific optimizations
+        optimizationConfig: structure([
+            digits: bool(),
+            word: bool()
+        ])
     ])
 
 parameters:
@@ -25,6 +30,11 @@ parameters:
         # Enable regex optimization suggestions
         suggestOptimizations: false
 
+        # Configuration for specific optimizations (both default to true for BC)
+        optimizationConfig:
+            digits: true
+            word: true
+
 services:
     # Main regex validation rule for PHPStan
     -
@@ -34,5 +44,6 @@ services:
             reportRedos: %regexParser.reportRedos%
             redosThreshold: %regexParser.redosThreshold%
             suggestOptimizations: %regexParser.suggestOptimizations%
+            optimizationConfig: %regexParser.optimizationConfig%
         tags:
             - phpstan.rules.rule

src/Bridge/PHPStan/PregValidationRule.php

@@ -85,15 +85,17 @@ final class PregValidationRule implements Rule
     private ?ReDoSAnalyzer $redosAnalyzer = null;
 
     /**
-     * @param bool   $ignoreParseErrors Ignore parse errors for partial regex strings
-     * @param bool   $reportRedos       Report ReDoS vulnerability analysis
-     * @param string $redosThreshold    Minimum ReDoS severity level to report
+     * @param bool                            $ignoreParseErrors  Ignore parse errors for partial regex strings
+     * @param bool                            $reportRedos        Report ReDoS vulnerability analysis
+     * @param string                          $redosThreshold     Minimum ReDoS severity level to report
+     * @param array{digits: bool, word: bool} $optimizationConfig
      */
     public function __construct(
         private readonly bool $ignoreParseErrors = true,
         private readonly bool $reportRedos = true,
         private readonly string $redosThreshold = 'high',
         private readonly bool $suggestOptimizations = false,
+        private readonly array $optimizationConfig = ['digits' => true, 'word' => true],
     ) {}
 
     public function getNodeType(): string
@@ -262,7 +264,15 @@ private function validatePattern(string $pattern, int $lineNumber): array
 
         if ($this->suggestOptimizations) {
             try {
-                $optimized = $this->getRegex()->optimize($pattern);
+                $ast = $this->getRegex()->parse($pattern);
+                $optimizer = new \RegexParser\NodeVisitor\OptimizerNodeVisitor(
+                    optimizeDigits: (bool) ($this->optimizationConfig['digits'] ?? true),
+                    optimizeWord: (bool) ($this->optimizationConfig['word'] ?? true),
+                );
+                $optimizedAst = $ast->accept($optimizer);
+                // Use compiler to get string back
+                $compiler = new \RegexParser\NodeVisitor\CompilerNodeVisitor();
+                $optimized = $optimizedAst->accept($compiler);
                 if ($optimized !== $pattern && \strlen($optimized) < \strlen($pattern)) {
                     // Safeguard: Validate that the optimized pattern is still valid
                     try {

src/NodeVisitor/OptimizerNodeVisitor.php

@@ -32,8 +32,10 @@ final class OptimizerNodeVisitor extends AbstractNodeVisitor
 
     private bool $isInsideQuantifier = false;
 
-    public function __construct()
-    {
+    public function __construct(
+        private readonly bool $optimizeDigits = true,
+        private readonly bool $optimizeWord = true
+    ) {
         $this->charSetAnalyzer = new CharSetAnalyzer();
     }
 
@@ -258,7 +260,7 @@ public function visitCharClass(Node\CharClassNode $node): Node\NodeInterface
         $isUnicode = str_contains($this->flags, 'u');
         $parts = $node->expression instanceof Node\AlternationNode ? $node->expression->alternatives : [$node->expression];
 
-        if (!$isUnicode && !$node->isNegated && 1 === \count($parts)) {
+        if ($this->optimizeDigits && !$isUnicode && !$node->isNegated && 1 === \count($parts)) {
             $part = $parts[0];
             if ($part instanceof Node\RangeNode && $part->start instanceof Node\LiteralNode && $part->end instanceof Node\LiteralNode) {
                 if ('0' === $part->start->value && '9' === $part->end->value) {
@@ -267,7 +269,7 @@ public function visitCharClass(Node\CharClassNode $node): Node\NodeInterface
             }
         }
 
-        if (!$isUnicode && !$node->isNegated && 4 === \count($parts)) {
+        if ($this->optimizeWord && !$isUnicode && !$node->isNegated && 4 === \count($parts)) {
             if ($this->isFullWordClass($parts)) {
                 return new Node\CharTypeNode('w', $node->startPosition, $node->endPosition);
             }

tests/NodeVisitor/OptimizerNodeVisitorTest.php

@@ -502,4 +502,35 @@ public static function optimizationProvider(): \Iterator
         // Inner group stays because in quantified context
         yield 'Nested Sequence' => ['/(?:(?:abc))?/', '/(?:(?:abc))?/'];
     }
+
+    public function test_optimizations_can_be_disabled(): void
+    {
+        $regex = Regex::create();
+        $compiler = new CompilerNodeVisitor();
+
+        // Test disabling digits optimization
+        $ast = $regex->parse('/[0-9]/');
+        $optimizerDisabled = new OptimizerNodeVisitor(optimizeDigits: false);
+        $optimizedDisabled = $ast->accept($optimizerDisabled);
+        $resultDisabled = $optimizedDisabled->accept($compiler);
+        $this->assertSame('/[0-9]/', $resultDisabled, 'Digits optimization should be disabled');
+
+        $optimizerEnabled = new OptimizerNodeVisitor(optimizeDigits: true);
+        $optimizedEnabled = $ast->accept($optimizerEnabled);
+        $resultEnabled = $optimizedEnabled->accept($compiler);
+        $this->assertSame('/\d/', $resultEnabled, 'Digits optimization should work when enabled');
+
+        // Test disabling word optimization
+        $ast2 = $regex->parse('/[a-zA-Z0-9_]/');
+        $optimizerWordDisabled = new OptimizerNodeVisitor(optimizeWord: false);
+        $optimizedWordDisabled = $ast2->accept($optimizerWordDisabled);
+        $resultWordDisabled = $optimizedWordDisabled->accept($compiler);
+        $this->assertNotSame('/\w/', $resultWordDisabled, 'Word optimization should be disabled');
+        $this->assertStringStartsWith('/[', $resultWordDisabled, 'Should remain as char class');
+
+        $optimizerWordEnabled = new OptimizerNodeVisitor(optimizeWord: true);
+        $optimizedWordEnabled = $ast2->accept($optimizerWordEnabled);
+        $resultWordEnabled = $optimizedWordEnabled->accept($compiler);
+        $this->assertSame('/\w/', $resultWordEnabled, 'Word optimization should work when enabled');
+    }
 }