[codex] harden formatter regex replacements

[Sean-Kenneth-Doherty]

Summary

• replace backtracking-prone formatter regex captures with delimiter-aware captures
• use linear scanners for quoted literal replacement and missing function return inference instead of ReDoS-shaped broad regexes
• add adversarial formatter and missing-parentheses inputs covering the ReDoS-shaped patterns from ReDoS Vulnerable Regular Expressions - unlikely to be triggered #187

Fixes #187

Validation

• npm run build --workspace @pretty-ts-errors/utils
• npm run test --workspace @pretty-ts-errors/formatter
• npm run lint --workspace @pretty-ts-errors/formatter
• npm run build --workspace @pretty-ts-errors/formatter
• npm run test --workspace @pretty-ts-errors/vscode-formatter
• npx prettier --check packages/formatter/src/addMissingParentheses.ts packages/formatter/test/formatter.vitest.ts
• git diff --check

Notes

• Attempted xvfb-run -a npm test; formatter and vscode-formatter Vitest suites passed and the extension pretest compiled/linted, but the local VS Code 1.77 Electron integration harness exited with X connection/GPU errors under Xvfb.

Prepared with OpenAI Codex.

[Sean-Kenneth-Doherty]

Moved this out of draft after pushing follow-up commit d2c3e42, which removes another backtracking-prone formatter regex path in addMissingParentheses and adds adversarial coverage.

Validation after the follow-up:

• Built workspace dependencies first because clean checkouts have no dist for local workspace packages:
  • npm run build --workspace @pretty-ts-errors/utils
  • npm run build --workspace @pretty-ts-errors/vscode-formatter
• npm run test --workspace @pretty-ts-errors/formatter -> 30 passed
• npm run lint --workspace @pretty-ts-errors/formatter
• npm run build --workspace @pretty-ts-errors/formatter
• git diff --check

Wide test note: xvfb-run -a npm test ran the formatter and vscode-formatter package tests successfully, then the VS Code extension runner became unresponsive in this headless environment. Re-running the same compiled extension test harness with --disable-gpu --disable-dev-shm-usage --no-sandbox exited 0, but that extension suite currently reports 0 tests, so I’m treating the formatter workspace tests as the meaningful coverage for this formatter-only PR.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d2c3e42d24

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Prevent quoted-literal scan from spanning across newlines

The new replaceQuotedStringLiteralTypes scanner searches for the closing "' with indexOf and never stops at \n, so it now matches across line boundaries where the previous regex did not. In any multi-line diagnostic that contains '" on one line and "' later, this rule can consume unrelated lines into one replacement and also drop the next character via matchEnd + 1, which corrupts the rendered message rather than just formatting one literal.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Allow apostrophes in quoted module/file names

This character class now forbids ' inside the captured module/file name, so diagnostics like module "C:/Users/O'Connor/project/file.ts" no longer match this formatting rule at all. The previous (.*?) pattern handled apostrophes when the outer quotes were double quotes; this change drops that common path-name case and regresses formatting for valid TypeScript messages.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

[Sean-Kenneth-Doherty]

Pushed follow-up commit fc92d1f to address the two review findings and keep #208 as the canonical ReDoS fix:

• replaceQuotedStringLiteralTypes now stops scanning at CR/LF before a closing "', so it cannot join unrelated diagnostic lines. It also no longer consumes the character after the closing literal. Added regressions for both the multiline case and separator preservation.
• The module/file/file name/imported via rule now matches by quote style, so double-quoted paths can contain apostrophes like C:/Users/O'Connor/.... Added a regression for that path shape.
• Folded the broader malformed quote-heavy/adversarial fixture shapes from Fix formatter ReDoS regexes #210 into this PR so the duplicate PR can be closed.

Validation after the follow-up:

• npm run build --workspace @pretty-ts-errors/utils
• npm run lint --workspace @pretty-ts-errors/formatter
• npm run build --workspace @pretty-ts-errors/formatter
• npm run test --workspace @pretty-ts-errors/formatter -> 33 passed
• npx prettier --check packages/formatter/src/errorMessagePrettifier.ts packages/formatter/test/formatter.vitest.ts
• git diff --check