Merge pull request github#27 from pavel/imp/csharp

Add C# code

Author: Max Schaefer

csharp/ql/src/.project

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>semmlecode-csharp-queries</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.pde.PluginNature</nature>
+		<nature>com.semmle.plugin.qdt.core.qlnature</nature>
+	</natures>
+</projectDescription>

csharp/ql/src/.qlpath

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns:qlpath xmlns:ns="https://semmle.com/schemas/qlpath">
+    <librarypath></librarypath>
+    <dbscheme kind="WORKSPACE">semmlecode-csharp-queries/semmlecode.csharp.dbscheme</dbscheme>
+    <defaultImports><defaultImport>csharp</defaultImport></defaultImports>
+</ns:qlpath>

csharp/ql/src/.vs/VSWorkspaceSettings.json

@@ -0,0 +1,8 @@
+{
+    "ql.projects" : {
+        "." : {
+            "dbScheme" : "semmlecode.csharp.dbscheme",
+            "libraryPath" : []
+        }
+    }
+}

csharp/ql/src/API Abuse/CallToGCCollect.qhelp

@@ -0,0 +1,28 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>Explicitly forcing garbage collection is not efficient and is almost never necessary outside of 
+benchmarking scenarios.</p>
+
+</overview>
+<recommendation>
+<p>Remove the explicit call to <code>GC.Collect()</code> and run a memory profiler to optimize your 
+application's memory usage. If your application uses unmanaged resources and calls <code>
+GC.Collect()</code> to force finalizers to run, it is better to implement the <code>IDisposable
+</code> pattern and use <code>try</code>/<code>finally</code> clauses to make sure that unmanaged
+resources are disposed of even if an exception interrupts your application.</p>
+
+</recommendation>
+<example>
+<sample src="CallToGCCollectBad.cs" />
+
+</example>
+<references>
+
+  <li>MSDN: <a href="http://msdn.microsoft.com/en-us/library/system.idisposable.aspx">The IDisposable interface</a>.</li>
+  <li>Microsoft: <a href="https://docs.microsoft.com/en-us/visualstudio/profiling/memory-usage">Profile Memory Usage in Visual Studio</a>.</li>
+
+</references>
+</qhelp>

csharp/ql/src/API Abuse/CallToGCCollect.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Call to GC.Collect()
+ * @description Explicit requests for garbage collection often indicate performance problems and memory leaks.
+ * @kind problem
+ * @problem.severity warning
+ * @precision very-high
+ * @id cs/call-to-gc
+ * @tags efficiency
+ *       maintainability
+ */
+import csharp
+
+from MethodCall c, Method gcCollect
+where
+  c.getTarget() = gcCollect
+  and gcCollect.hasName("Collect")
+  and gcCollect.hasNoParameters()
+  and gcCollect.getDeclaringType().hasQualifiedName("System.GC")
+select c, "Call to 'GC.Collect()'."

csharp/ql/src/API Abuse/CallToGCCollectBad.cs

@@ -0,0 +1,9 @@
+using System;
+
+class Bad
+{
+    void M()
+    {
+        GC.Collect();
+    }
+}

csharp/ql/src/API Abuse/CallToObsoleteMethod.qhelp

@@ -0,0 +1,37 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>Methods with the <code>[Obsolete]</code> attribute are obsolete and should not be used. 
+Obsolete methods are no longer supported and maintained, may not work correctly, and may be removed in the future.</p>
+
+</overview>
+<recommendation>
+<p>Replace the method call with a call to a different method. The <code>[Obsolete]</code>
+attribute should suggest a replacement method to call. If the <code>[Obsolete]</code> attribute 
+does not suggest a replacement, then read the class documentation and list of methods to find
+a suitable replacement.</p>
+
+</recommendation>
+<example>
+<p>The following example shows some code which calls an obsolete method in a <code>Logger</code> class.
+The <code>Log</code> method has the attribute 
+<code>[Obsolete("Use Log(LogLevel level, string s) instead")]</code>
+showing that it is obsolete.</p>
+
+<sample src="CallToObsoleteMethodBad.cs" />
+
+<p>The code is fixed by calling a different method in the <code>Logger</code> class as suggested
+by the attribute.</p>
+
+<sample src="CallToObsoleteMethodGood.cs" />
+
+</example>
+<references>
+
+  <li>MSDN: <a href="https://msdn.microsoft.com/en-us/library/system.obsoleteattribute(v=vs.110).aspx">ObsoleteAttribute Class</a>.</li>
+
+
+</references>
+</qhelp>

csharp/ql/src/API Abuse/CallToObsoleteMethod.ql

@@ -0,0 +1,26 @@
+/**
+ * @name Call to obsolete method
+ * @description Calls to methods marked as [Obsolete] should be replaced because the method is
+ *              no longer maintained and may be removed in the future.
+ * @kind problem
+ * @problem.severity warning
+ * @precision very-high
+ * @id cs/call-to-obsolete-method
+ * @tags changeability
+ *       maintainability
+ *       external/cwe/cwe-477
+ */
+
+import csharp
+
+class ObsoleteAttribute extends Attribute {
+  ObsoleteAttribute() {
+    this.getType().hasQualifiedName("System", "ObsoleteAttribute")
+  }
+}
+
+from MethodCall c, Method m
+where m = c.getTarget()
+and m.getAnAttribute() instanceof ObsoleteAttribute
+and not c.getEnclosingCallable().(Attributable).getAnAttribute() instanceof ObsoleteAttribute
+select c, "Call to obsolete method $@.", m, m.getName()

csharp/ql/src/API Abuse/CallToObsoleteMethodBad.cs

@@ -0,0 +1,30 @@
+using System;
+
+class Bad
+{
+    void M()
+    {
+        Logger.Log("Hello, World!");
+    }
+
+    static class Logger
+    {
+        [Obsolete("Use Log(LogLevel level, string s) instead")]
+        public static void Log(string s)
+        {
+            // ...
+        }
+
+        public static void Log(LogLevel level, string s)
+        {
+            // ...
+        }
+    }
+
+    enum LogLevel
+    {
+        Info,
+        Warning,
+        Error
+    }
+}

csharp/ql/src/API Abuse/CallToObsoleteMethodGood.cs

@@ -0,0 +1,30 @@
+using System;
+
+class Good
+{
+    void M()
+    {
+        Logger.Log(LogLevel.Info, "Hello, World!");
+    }
+
+    static class Logger
+    {
+        [Obsolete("Use Log(LogLevel level, string s) instead")]
+        public static void Log(string s)
+        {
+            // ...
+        }
+
+        public static void Log(LogLevel level, string s)
+        {
+            // ...
+        }
+    }
+
+    enum LogLevel
+    {
+        Info,
+        Warning,
+        Error
+    }
+}

csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.qhelp

@@ -0,0 +1,39 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>When the class of the object on which <code>Equals(object)</code> is called does not define its own 
+<code>Equals(object)</code> method, an <code>Equals(object)</code> method defined in one of its base
+classes will be called instead. In the worst case, the <code>Equals(object)</code> method of
+<code>System.Object</code> will be called, resulting in a reference equality check. This is probably
+not what was intended.</p>
+
+<p>Classes that implement the <code>==</code> operator should also override the <code>Equals(object)</code>
+method, because otherwise the two forms of equality will behave differently, leading to unexpected behavior.</p>
+</overview>
+<recommendation>
+<p>Implement an <code>Equals(object)</code> method for the highlighted class. Examine subclasses of the
+class highlighted to determine if they should implement their own equals method too.</p>
+
+</recommendation>
+<example>
+<p>The output of this example states that "car1 does equal car2" despite the fact that one is a 
+leaded version and one is an unleaded version. This is because the <code>GasolineCar</code> class 
+is inheriting <code>Equals(object)</code> from <code>Car</code> and that method states that two
+<code>Car</code>s are equal if their make and model are the same.</p>
+<sample src="ClassDoesNotImplementEqualsBad.cs" />
+
+<p>
+In the revised example, <code>GasolineCar</code> overrides <code>Equals(object)</code>, and the output
+is "car1 does not equal car2", as expected.
+</p>
+<sample src="ClassDoesNotImplementEqualsGood.cs" />
+</example>
+
+<references>
+  <li>Microsoft: <a href="https://docs.microsoft.com/en-us/dotnet/standard/design-guidelines/equality-operators">Equality Operators</a>, 
+  <a href="https://docs.microsoft.com/en-us/dotnet/csharp/programming-guide/statements-expressions-operators/equality-comparisons">Equality Comparisons (C# Programming Guide)</a>.</li>
+</references>
+
+</qhelp>

csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql

@@ -0,0 +1,43 @@
+/**
+ * @name Class does not implement Equals(object)
+ * @description The class does not implement the 'Equals(object)' method, which can cause
+ *              unexpected behavior. The default 'Equals(object)' method performs reference
+ *              comparison, which may not be what was intended.
+ * @kind problem
+ * @problem.severity error
+ * @precision medium
+ * @id cs/class-missing-equals
+ * @tags reliability
+ *       maintainability
+ */
+
+import csharp
+import semmle.code.csharp.frameworks.System
+
+from Class c, Element item, string message, string itemText
+where
+  c.isSourceDeclaration()
+  and not implementsEquals(c)
+  and not c.isAbstract()
+  and
+  (
+    exists(MethodCall callToEquals |
+      callToEquals.getTarget() instanceof EqualsMethod
+      and callToEquals.getQualifier().getType() = c
+      and message = "but it is called $@"
+      and item = callToEquals
+      and itemText = "here" )
+    or
+    ( item = c.getAnOperator().(EQOperator)
+      and message = "but it implements $@"
+      and itemText = "operator ==" )
+    or
+    exists(IEquatableEqualsMethod eq | item = eq
+      and eq = c.getAMethod()
+      and message = "but it implements $@"
+      and itemText = "IEquatable<" + eq.getParameter(0).getType() + ">.Equals"
+    )
+  )
+
+select c, "Class '" + c.getName() + "' does not implement Equals(object), " + message + ".",
+  item, itemText

csharp/ql/src/API Abuse/ClassDoesNotImplementEqualsBad.cs

@@ -0,0 +1,40 @@
+using System;
+
+class Bad
+{
+    class Car
+    {
+        protected string make;
+        protected string model;
+
+        public Car(string make, string model)
+        {
+            this.make = make;
+            this.model = model;
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (obj is Car c && c.GetType() == typeof(Car))
+                return make == c.make && model == c.model;
+            return false;
+        }
+    }
+
+    class GasolineCar : Car
+    {
+        protected bool unleaded;
+
+        public GasolineCar(string make, string model, bool unleaded) : base(make, model)
+        {
+            this.unleaded = unleaded;
+        }
+    }
+
+    public static void Main(string[] args)
+    {
+        var car1 = new GasolineCar("Ford", "Focus", true);
+        var car2 = new GasolineCar("Ford", "Focus", false);
+        Console.WriteLine("car1 " + (car1.Equals(car2) ? "does" : "does not") + " equal car2.");
+    }
+}

csharp/ql/src/API Abuse/ClassDoesNotImplementEqualsGood.cs

@@ -0,0 +1,47 @@
+using System;
+
+class Good
+{
+    class Car
+    {
+        protected string make;
+        protected string model;
+
+        public Car(string make, string model)
+        {
+            this.make = make;
+            this.model = model;
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (obj is Car c && c.GetType() == typeof(Car))
+                return make == c.make && model == c.model;
+            return false;
+        }
+    }
+
+    class GasolineCar : Car
+    {
+        protected bool unleaded;
+
+        public GasolineCar(string make, string model, bool unleaded) : base(make, model)
+        {
+            this.unleaded = unleaded;
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (obj is GasolineCar gc && gc.GetType() == typeof(GasolineCar))
+                return make == gc.make && model == gc.model && unleaded == gc.unleaded;
+            return false;
+        }
+    }
+
+    public static void Main(string[] args)
+    {
+        var car1 = new GasolineCar("Ford", "Focus", true);
+        var car2 = new GasolineCar("Ford", "Focus", false);
+        Console.WriteLine("car1 " + (car1.Equals(car2) ? "does" : "does not") + " equal car2.");
+    }
+}