CPP: Detect commented preprocessor code.

2026-04-30 19:26:02 +02:00 · 2019-04-08 18:17:23 +01:00
parent 4d67bd32dd
commit 48fff334da
2 changed files with 22 additions and 12 deletions
--- a/cpp/ql/src/Documentation/CommentedOutCode.qll
+++ b/cpp/ql/src/Documentation/CommentedOutCode.qll
@@ -12,19 +12,26 @@ private predicate looksLikeCode(string line) {
    //  * HTML entities in hexadecimal notation (e.g. &amp;#x705F;)
    trimmed = line.regexpReplaceAll("(?i)(^\\s+|&#?[a-z0-9]{1,31};|\\s+$)", "")
  |
-    // Match comment lines ending with '{', '}' or ';'
-    trimmed.regexpMatch(".*[{};]") and
    (
-      // If this line looks like code because it ends with a closing
-      // brace that's preceded by something other than whitespace ...
-      trimmed.regexpMatch(".*.\\}")
-      implies
-      // ... then there has to be ") {" (or some variation)
-      // on the line, suggesting it's a statement like `if`
-      // or a function declaration. Otherwise it's likely to be a
-      // benign use of braces such as a JSON example or explanatory
-      // pseudocode.
-      trimmed.regexpMatch(".*(\\)|const|volatile|override|final|noexcept|&)\\s*\\{.*")
+      (
+        // Match comment lines ending with '{', '}' or ';'
+        trimmed.regexpMatch(".*[{};]") and
+        (
+          // If this line looks like code because it ends with a closing
+          // brace that's preceded by something other than whitespace ...
+          trimmed.regexpMatch(".*.\\}")
+          implies
+          // ... then there has to be ") {" (or some variation)
+          // on the line, suggesting it's a statement like `if`
+          // or a function declaration. Otherwise it's likely to be a
+          // benign use of braces such as a JSON example or explanatory
+          // pseudocode.
+          trimmed.regexpMatch(".*(\\)|const|volatile|override|final|noexcept|&)\\s*\\{.*")
+        )
+      ) or (
+        // Match comment lines that look like preprocessor code
+        trimmed.regexpMatch("#(include|define|undef|if|ifdef|ifndef|elif|else|endif|error)(\\s.*|)")
+      )
    ) and (
      // Exclude lines that start with '>' or contain '@{' or '@}'.
      // To account for the code generated by protobuf, we also insist that the comment
--- a/cpp/ql/test/query-tests/Documentation/CommentedOutCode/CommentedOutCode.expected
+++ b/cpp/ql/test/query-tests/Documentation/CommentedOutCode/CommentedOutCode.expected
@@ -1,6 +1,9 @@
 | test2.cpp:37:1:37:39 | // int myFunction() { return myValue; } | This comment appears to contain commented-out code |
 | test2.cpp:39:1:39:45 | // int myFunction() const { return myValue; } | This comment appears to contain commented-out code |
 | test2.cpp:41:1:41:54 | // int myFunction() const noexcept { return myValue; } | This comment appears to contain commented-out code |
+| test2.cpp:43:1:43:18 | // #define MYMACRO | This comment appears to contain commented-out code |
+| test2.cpp:45:1:45:23 | // #include "include.h" | This comment appears to contain commented-out code |
+| test2.cpp:47:1:51:2 | /*\n#ifdef\nvoid myFunction();\n#endif\n*/ | This comment appears to contain commented-out code |
 | test.c:2:1:2:22 | // commented out code; | This comment appears to contain commented-out code |
 | test.c:4:1:7:8 | // some; | This comment appears to contain commented-out code |
 | test.c:9:1:13:8 | // also; | This comment appears to contain commented-out code |