QL code and tests for C#/C++/JavaScript.

2026-04-29 18:55:14 +02:00 · 2018-08-02 17:53:23 +01:00
commit b55526aa58
10684 changed files with 581163 additions and 0 deletions
--- a/csharp/ql/src/Performance/StringConcatenationInLoop.ql
+++ b/csharp/ql/src/Performance/StringConcatenationInLoop.ql
@@ -0,0 +1,55 @@
+/**
+ * @name String concatenation in loop
+ * @description Finds code that performs string concatenation in a loop using the + operator.
+ * @kind problem
+ * @problem.severity recommendation
+ * @precision very-high
+ * @id cs/string-concatenation-in-loop
+ * @tags efficiency
+ *       maintainability
+ */
+import csharp
+
+// any use of + that has string type
+class StringCat extends AddExpr {
+  StringCat() {
+    this.getType() instanceof StringType
+  }
+}
+
+/* an assignment of the form
+     v = ... + ... v ...
+   where v is a simple variable (and not, for example, a property)
+*/
+predicate isSelfConcatAssignExpr(AssignExpr e, Variable v) {
+  not e = any(AssignAddExpr a).getExpandedAssignment()
+  and
+  exists(VariableAccess use |
+    stringCatContains(e.getRValue(), use) and
+    use.getTarget() = e.getTargetVariable() and
+    v = use.getTarget()
+  )
+}
+
+predicate stringCatContains(StringCat expr, Expr child) {
+  child = expr or
+  stringCatContains(expr, child.getParent())
+}
+
+/* an assignment of the form
+     v += ...
+   where v is a simple variable (and not, for example, a property)
+*/
+predicate isConcatExpr(AssignAddExpr e, Variable v) {
+  e.getLValue().getType() instanceof StringType and
+  v = e.getTargetVariable()
+}
+
+
+from Expr e
+where exists(LoopStmt loop, Variable v |
+  e.getEnclosingStmt().getParent*() = loop and
+  (isSelfConcatAssignExpr(e, v) or isConcatExpr(e, v)) and
+  forall(LocalVariableDeclExpr l | l.getVariable() = v | not l.getParent*() = loop)
+)
+select e, "String concatenation in loop: use 'StringBuilder'."