fix: clean up sonar cube medium high and critical security

[debermudez]

Summary by CodeRabbit

Bug Fixes

• Enhanced input validation in metrics configuration modules for improved error handling.
• Improved numeric pattern recognition in distribution sequence models for better accuracy.
• Strengthened tag extraction logic in documentation parsing to handle edge cases more reliably.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

Try out this PR

Quick install:

pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@8876ea314e335e98371edff99ee1d45261a292b2

Recommended with virtual environment (using uv):

uv venv --python 3.12 && source .venv/bin/activate
uv pip install --upgrade --force-reinstall git+https://github.com/ai-dynamo/aiperf.git@8876ea314e335e98371edff99ee1d45261a292b2

---

Last updated for commit: 8876ea3 • Browse code

[coderabbitai]

Walkthrough

This pull request hardens regular expressions across four files to mitigate ReDoS (Regular Expression Denial of Service) vulnerabilities. Changes introduce safer numeric patterns, tighten character class restrictions in unit-extraction regexes, and replace problematic HTML comment parsing with safer alternatives. All modifications preserve existing functionality while improving pattern robustness.

Changes

Cohort / File(s)	Summary
Numeric Pattern Centralization src/aiperf/common/models/sequence_distribution.py	Introduces dedicated _NUM pattern for integers, decimals, and leading-dot formats. Updates SEMICOLON_PATTERN and BRACKET_PATTERN to reference this pattern, eliminating redundant numeric regex definitions and reducing ReDoS surface. Copyright year updated.
Unit Extraction Pattern Hardening src/aiperf/gpu_telemetry/metrics_config.py, src/aiperf/server_metrics/units.py	Tightens character classes in unit-capture regexes from [^)]+ to [^\s)]+, restricting captured units to non-whitespace tokens. Prevents catastrophic backtracking in _infer_unit_from_help and _PARENTHETICAL_IN_UNIT_PATTERN respectively.
HTML Comment Tag Extraction tests/ci/test_docs_end_to_end/parser.py	Replaces ambiguous comment regex with safer pattern using fixed character constraints. New pattern ensures tag names start with non-dash, non-space character followed by non-spaces, eliminating overlapping quantifier risks.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A regex rabbit hops with glee,
Tightening patterns wild and free,
No backtracking loops to bind,
Safer syntax, peace of mind!
ReDoS dangers? Cast away,
Patterns hardened here to stay! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective of the PR: addressing Sonar Cube security vulnerabilities by fixing ReDoS (Regular Expression Denial of Service) risks across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!