QL code and tests for C#/C++/JavaScript.

2026-04-27 09:45:15 +02:00 · 2018-08-02 17:53:23 +01:00
commit b55526aa58
10684 changed files with 581163 additions and 0 deletions
--- a/Practices/UseOfSystemOutputStream.ql
+++ b/Practices/UseOfSystemOutputStream.ql
@@ -0,0 +1,43 @@
+/**
+ * @name Poor logging: use of system output stream
+ * @description Finds uses of system output streams instead of proper logging
+ * @kind problem
+ * @problem.severity recommendation
+ * @precision medium
+ * @id cs/console-output
+ * @tags maintainability
+ */
+import csharp
+import semmle.code.csharp.commons.Util
+
+predicate isConsoleOutRedefinedSomewhere() {
+  exists(MethodCall mc | mc.getTarget().hasName("SetOut") and
+                         mc.getTarget().getDeclaringType().hasQualifiedName("System.Console"))
+}
+
+predicate isConsoleErrorRedefinedSomewhere() {
+  exists(MethodCall mc | mc.getTarget().hasName("SetError") and
+                         mc.getTarget().getDeclaringType().hasQualifiedName("System.Console"))
+}
+
+predicate isCallToConsoleWrite(MethodCall mc) {
+  mc.getTarget().getName().matches("Write%") and
+  mc.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+}
+
+predicate isAccessToConsoleOut(PropertyAccess pa) {
+  pa.getTarget().hasName("Out") and
+  pa.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+}
+
+predicate isAccessToConsoleError(PropertyAccess pa) {
+  pa.getTarget().hasName("Error") and
+  pa.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+}
+
+from Expr e
+where (isCallToConsoleWrite(e) and not isConsoleOutRedefinedSomewhere()
+   or isAccessToConsoleOut(e) and not isConsoleOutRedefinedSomewhere()
+   or isAccessToConsoleError(e) and not isConsoleErrorRedefinedSomewhere())
+   and not e.getEnclosingCallable() instanceof MainMethod
+select e, "Poor logging: use of system output stream."