Add StringBuilder-append-String-repeat.ql

Marcono1234 · Marcono1234 · commit ee732e99a8c6 · 2024-10-16T23:36:00.000+02:00
diff --git a/codeql-custom-queries-java/queries/performance/StringBuilder-append-String-repeat.ql b/codeql-custom-queries-java/queries/performance/StringBuilder-append-String-repeat.ql
@@ -0,0 +1,26 @@
+/**
+ * Finds code which first repeats a String using `String#repeat` and then appends it to
+ * a `StringBuilder` or `StringBuffer`.
+ *
+ * Since Java 21 `StringBuilder` and `StringBuffer` have new `repeat` methods, which can
+ * be used instead and likely provide better performance.
+ *
+ * @id TODO
+ * @kind problem
+ */
+
+import java
+
+from MethodAccess stringRepeatCall, Method stringRepeatMethod, MethodAccess stringBuilderAppendCall
+where
+  stringRepeatCall.getMethod() = stringRepeatMethod and
+  stringRepeatMethod.getDeclaringType() instanceof TypeString and
+  stringRepeatMethod.hasStringSignature("repeat(int)") and
+  stringBuilderAppendCall.getReceiverType() instanceof StringBuildingType and
+  stringBuilderAppendCall.getMethod().hasName("append") and
+  // For now only cover `repeat` result directly being used as argument for `append`; that already has
+  // a lot of findings. Could instead use local dataflow, but this causes false positives then if `repeat`
+  // result is used multiple times and cannot be replaced with `StringBuilder#repeat`.
+  stringRepeatCall = stringBuilderAppendCall.getAnArgument()
+select stringRepeatCall,
+  "Can instead use " + stringBuilderAppendCall.getReceiverType().getName() + "#repeat"
