QL code and tests for C#/C++/JavaScript.

javascript/ql/src/Comments/CommentedOut.qll

@@ -0,0 +1,148 @@
+/** Provides predicates for recognizing commented-out code. */
+
+import semmle.javascript.Comments
+
+/** Gets a line in comment `c` that looks like commented-out code. */
+private string getALineOfCommentedOutCode(Comment c) {
+  result = c.getLine(_) and
+  // line ends with ';', '{', or '}', optionally followed by a comma,
+  ((result.regexpMatch(".*[;{}],?\\s*") and
+    // but it doesn't look like a JSDoc-like annotation
+    not result.regexpMatch(".*@\\w+\\s*\\{.*\\}\\s*") and
+    // and it does not contain three consecutive words (which is uncommon in code)
+    not result.regexpMatch("[^'\\\"]*\\w\\s++\\w++\\s++\\w[^'\\\"]*")) or
+  // line is part of a block comment and ends with something that looks
+  // like a line comment; character before '//' must not be ':' to
+  // avoid matching URLs
+  (not c instanceof SlashSlashComment and
+   result.regexpMatch("(.*[^:]|^)//.*[^/].*")) or
+  // similar, but don't be fooled by '//// this kind of comment' and
+  // '//// this kind of comment ////'
+  (c instanceof SlashSlashComment and
+   result.regexpMatch("/*([^/].*[^:]|[^:/])//.*[^/].*") and
+   // exclude externalization comments
+   not result.regexpMatch(".*\\$NON-NLS-\\d+\\$.*")))
+}
+
+/**
+ * Holds if `c` is a comment containing code examples, and hence should be
+ * disregarded when looking for commented-out code.
+ */
+private predicate containsCodeExample(Comment c) {
+  exists (string text | text = c.getText() |
+    text.matches("%<pre>%</pre>%") or
+    text.matches("%<code>%</code>%") or
+    text.matches("%@example%") or
+    text.matches("%```%")
+  )
+}
+
+/**
+ * Gets a comment that belongs to a run of consecutive comments in file `f`
+ * starting with `c`, where `c` itself contains commented-out code, but the comment
+ * preceding it, if any, does not.
+ */
+private Comment getCommentInRun(File f, Comment c) {
+  exists (int n |
+    c.onLines(f, n, _) and
+    countCommentedOutLines(c) > 0 and
+    not exists (Comment d | d.onLines(f, _, n-1) |
+      countCommentedOutLines(d) > 0
+    )
+  ) and
+  (result = c or
+   exists (Comment prev, int n |
+     prev = getCommentInRun(f, c) and
+     prev.onLines(f, _, n) and
+     result.onLines(f, n+1, _)
+   )
+  )
+}
+
+/**
+ * Gets a comment that follows `c` in a run of consecutive comments and
+ * does not contain a code example.
+ */
+private Comment getRelevantCommentInRun(Comment c) {
+  result = getCommentInRun(_, c) and not containsCodeExample(result)
+}
+
+/** Gets the number of lines in comment `c` that look like commented-out code. */
+private int countCommentedOutLines(Comment c) {
+  result = count(getALineOfCommentedOutCode(c))
+}
+
+/** Gets the number of non-blank lines in comment `c`. */
+private int countNonBlankLines(Comment c) {
+  result = count(string line | line = c.getLine(_) and not line.regexpMatch("\\s*"))
+}
+
+/**
+ * Gets the number of lines in comment `c` and subsequent comments that look like
+ * they contain commented-out code.
+ */
+private int countCommentedOutLinesInRun(Comment c) {
+  result = sum(Comment d | d = getRelevantCommentInRun(c) | countCommentedOutLines(d))
+}
+
+/** Gets the number of non-blank lines in `c` and subsequent comments. */
+private int countNonBlankLinesInRun(Comment c) {
+  result = sum(Comment d | d = getRelevantCommentInRun(c) | countNonBlankLines(d))
+}
+
+/**
+ * A run of consecutive comments containing a high percentage of lines
+ * that look like commented-out code.
+ *
+ * This is represented by the comment that starts the run, with a special
+ * `hasLocationInfo` implementation that assigns it the entire run as its location.
+ */
+class CommentedOutCode extends Comment {
+  CommentedOutCode(){
+    exists(int codeLines, int nonBlankLines |
+      countCommentedOutLines(this) > 0 and
+      not exists(Comment prev | this = getCommentInRun(_, prev) and this != prev) and
+      nonBlankLines = countNonBlankLinesInRun(this) and
+      codeLines = countCommentedOutLinesInRun(this) and
+      nonBlankLines > 0 and
+      2*codeLines > nonBlankLines
+    )
+  }
+
+  /**
+   * Gets the number of lines in this run of comments
+   * that look like they contain commented-out code.
+   */
+  int getNumCodeLines() {
+    result = countCommentedOutLinesInRun(this)
+  }
+
+  /**
+   * Gets the number of non-blank lines in this run of comments.
+   */
+  int getNumNonBlankLines() {
+    result = countNonBlankLinesInRun(this)
+  }
+
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [LGTM locations](https://lgtm.com/help/ql/locations).
+   */
+  predicate hasLocationInfo(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
+    exists (Location loc, File f | loc = getLocation() and f = loc.getFile() |
+      filepath = f.getAbsolutePath() and
+      startline = loc.getStartLine() and
+      startcolumn = loc.getStartColumn() and
+      exists(Location last |
+        last = getCommentInRun(f, this).getLocation() and
+        last.getEndLine() = max(getCommentInRun(f, this).getLocation().getEndLine()) |
+        endline = last.getEndLine() and
+        endcolumn = last.getEndColumn()
+      )
+    )
+  }
+}
+

javascript/ql/src/Comments/CommentedOutCode.qhelp

@@ -0,0 +1,7 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+  <include src="CommentedOutCodeQuery.qhelp" />
+  <include src="CommentedOutCodeCommon.qhelp" />
+</qhelp>

javascript/ql/src/Comments/CommentedOutCode.ql

@@ -0,0 +1,26 @@
+/**
+ * @name Commented-out code
+ * @description Comments that contain commented-out code should be avoided.
+ * @kind problem
+ * @problem.severity recommendation
+ * @id js/commented-out-code
+ * @tags maintainability
+ *       statistical
+ *       non-attributable
+ * @precision medium
+ */
+
+import javascript
+import CommentedOut
+
+/**
+ * Holds if comment `c` looks like an annotation for the [Flow](https://flowtype.org/)
+ * type checker.
+ */
+predicate isFlowAnnotation(SlashStarComment c) {
+  c.getText().regexpMatch("^(?s)\\s*(: |::|flow-include ).*")
+}
+
+from CommentedOutCode c
+where not isFlowAnnotation(c)
+select c, "This comment appears to contain commented-out code."

javascript/ql/src/Comments/CommentedOutCodeCommon.qhelp

@@ -0,0 +1,17 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<example>
+<p>
+In the following example, a <code>console.log</code> method call, perhaps originally used
+for debugging, is left in the code, but commented out. It should be removed altogether.
+</p>
+
+<sample src="examples/CommentedOutCode.js" />
+
+</example>
+
+<include src="CommentedOutCodeReferences.qhelp" />
+
+</qhelp>

javascript/ql/src/Comments/FCommentedOutCode.qhelp

@@ -0,0 +1,7 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+  <include src="CommentedOutCodeMetricOverview.qhelp" />
+  <include src="CommentedOutCodeCommon.qhelp" />
+</qhelp>

javascript/ql/src/Comments/FCommentedOutCode.ql

@@ -0,0 +1,18 @@
+/**
+ * @name Lines of commented-out code in files
+ * @description Measures the number of commented-out lines of code in each file.
+ * @kind treemap
+ * @treemap.warnOn highValues
+ * @metricType file
+ * @metricAggregate avg sum max
+ * @precision high
+ * @id js/lines-of-commented-out-code-in-files
+ * @tags maintainability
+ */
+
+import CommentedOut
+
+from File f
+select f, sum(CommentedOutCode comment |
+              comment.getFile() = f |
+              comment.getNumCodeLines())

javascript/ql/src/Comments/TodoComments.qhelp

@@ -0,0 +1,52 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>
+A comment that includes the words <code>TODO</code>, <code>FIXME</code> or similar words 
+often indicates code that is incomplete or broken, or highlights ambiguities in the
+software's specification.
+</p>
+
+</overview>
+<recommendation>
+
+<p>
+Address the problem indicated by the comment.
+</p>
+
+</recommendation>
+<example>
+
+<p>
+In the following example, the programmer has not yet implemented the correct behavior for
+the case where parameter <code>a</code> is zero: the function will return <code>Infinity</code>
+or <code>NaN</code> (depending on the values of <code>b</code> and <code>c</code>) in this case.
+</p>
+
+<sample src="examples/TodoComments.js" />
+
+<p>
+As a first step to fixing this problem, a check could be introduced that compares <code>a</code>
+to zero and throws an exception if this is the case. A better solution would be to use a different
+formula that does not rely on <code>a</code> being non-zero. Regardless of the solution
+adopted, the <code>TODO</code> comment should then be removed.
+</p>
+
+</example>
+<references>
+
+
+<li>
+Approxion:
+    <a href="http://www.approxion.com/?p=39">TODO or not TODO</a>.
+</li>
+<li>
+Wikipedia:
+<a href="http://en.wikipedia.org/wiki/Comment_%28computer_programming%29#Tags">Comment tags</a>.
+</li>
+
+
+</references>
+</qhelp>

javascript/ql/src/Comments/TodoComments.ql

@@ -0,0 +1,17 @@
+/**
+ * @name TODO comment
+ * @description A comment that contains 'TODO' or similar keywords may indicate code that is incomplete or
+ *              broken, or it may highlight an ambiguity in the software's specification.
+ * @kind problem
+ * @problem.severity recommendation
+ * @id js/todo-comment
+ * @tags maintainability
+ *       external/cwe/cwe-546
+ * @precision medium
+ */
+
+import javascript
+
+from Comment c
+where c.getText().regexpMatch("(?s).*FIXME.*|.*TODO.*|.*(?<!=)\\s*XXX.*")
+select c, "TODO comments should be addressed."

javascript/ql/src/Comments/examples/CommentedOutCode.js

@@ -0,0 +1,4 @@
+function area(r) {
+	// console.log("Got r: " + r);
+	return r.length * r.width;
+}

javascript/ql/src/Comments/examples/TodoComments.js

@@ -0,0 +1,4 @@
+function solveQuadratic(a, b, c) {
+	// TODO: handle case where a === 0
+	return (-b + Math.sqrt(b*b - 4*a*c))/(2*a);
+}