forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUseOfSystemOutputStream.ql
More file actions
55 lines (48 loc) · 1.6 KB
/
UseOfSystemOutputStream.ql
File metadata and controls
55 lines (48 loc) · 1.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
/**
* @name Poor logging: use of system output stream
* @description Finds uses of system output streams instead of proper logging
* @kind problem
* @problem.severity recommendation
* @precision medium
* @id cs/console-output
* @tags quality
* reliability
* error-handling
*/
import csharp
import semmle.code.csharp.commons.Util
predicate isConsoleOutRedefinedSomewhere() {
exists(MethodCall mc |
mc.getTarget().hasName("SetOut") and
mc.getTarget().getDeclaringType().hasFullyQualifiedName("System", "Console")
)
}
predicate isConsoleErrorRedefinedSomewhere() {
exists(MethodCall mc |
mc.getTarget().hasName("SetError") and
mc.getTarget().getDeclaringType().hasFullyQualifiedName("System", "Console")
)
}
predicate isCallToConsoleWrite(MethodCall mc) {
mc.getTarget().getName().matches("Write%") and
mc.getTarget().getDeclaringType().hasFullyQualifiedName("System", "Console")
}
predicate isAccessToConsoleOut(PropertyAccess pa) {
pa.getTarget().hasName("Out") and
pa.getTarget().getDeclaringType().hasFullyQualifiedName("System", "Console")
}
predicate isAccessToConsoleError(PropertyAccess pa) {
pa.getTarget().hasName("Error") and
pa.getTarget().getDeclaringType().hasFullyQualifiedName("System", "Console")
}
from Expr e
where
(
isCallToConsoleWrite(e) and not isConsoleOutRedefinedSomewhere()
or
isAccessToConsoleOut(e) and not isConsoleOutRedefinedSomewhere()
or
isAccessToConsoleError(e) and not isConsoleErrorRedefinedSomewhere()
) and
not e.getEnclosingCallable() instanceof MainMethod
select e, "Poor logging: use of system output stream."