Extend Constant Condition query with String.IsNullOrEmpty.

JarLob · JarLob · commit 74ee1015923b · 2022-11-07T13:05:37.000+01:00
diff --git a/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql b/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
@@ -15,6 +15,7 @@
 import csharp
 import semmle.code.csharp.commons.Assertions
 import semmle.code.csharp.commons.Constants
+private import semmle.code.csharp.frameworks.System
 
 /** A constant condition. */
 abstract class ConstantCondition extends Expr {
@@ -72,6 +73,30 @@ class ConstantIfCondition extends ConstantBooleanCondition {
   }
 }
 
+/** A constant return value from a function with constant input expression. */
+class ConstantReturnValueCondition extends ConstantCondition {
+  boolean b;
+
+  ConstantReturnValueCondition() {
+    exists(Method m, Call c, Expr expr |
+      m = any(SystemStringClass s).getIsNullOrEmptyMethod() and
+      c.getTarget() = m and
+      this = c and
+      expr = c.getArgument(0) and
+      expr.hasValue() and
+      if expr.getValue().length() > 0 and not expr instanceof NullLiteral
+      then b = false
+      else b = true
+    )
+  }
+
+  override string getMessage() {
+    if b = true
+    then result = "Expression is always 'true'."
+    else result = "Expression is always 'false'."
+  }
+}
+
 /** A constant loop condition. */
 class ConstantLoopCondition extends ConstantBooleanCondition {
   ConstantLoopCondition() { this = any(LoopStmt ls).getCondition() }
diff --git a/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md b/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `Constant Condition` query was extended to catch cases when `String.IsNullOrEmpty` returns a constant value. 
diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected
@@ -19,6 +19,10 @@
 | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. |
 | ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. |
 | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. |
+| ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | Expression is always 'false'. |
+| ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | Expression is always 'true'. |
+| ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | Expression is always 'true'. |
+| ConstantIsNullOrEmpty.cs:54:21:54:45 | call to method IsNullOrEmpty | Expression is always 'false'. |
 | ConstantNullCoalescingLeftHandOperand.cs:11:24:11:34 | access to constant NULL_OBJECT | Expression is never 'null'. |
 | ConstantNullCoalescingLeftHandOperand.cs:12:24:12:27 | null | Expression is always 'null'. |
 | ConstantWhileCondition.cs:12:20:12:32 | ... == ... | Condition always evaluates to 'true'. |
diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs
@@ -0,0 +1,60 @@
+using System.Threading.Tasks;
+
+namespace ConstantIsNullOrEmpty
+{
+    internal class Program
+    {
+        static void Main(string[] args)
+        {
+            {
+                if (string.IsNullOrEmpty(nameof(args))) // bad: always false
+                {
+                }
+
+                string? x = null;
+                if (string.IsNullOrEmpty(x)) // would be nice... bad: always true
+                {
+                }
+
+                string y = "";
+                if (string.IsNullOrEmpty(y)) // would be nice... bad: always true
+                {
+                }
+
+                if (args[1] != null)
+                    y = "b";
+                if (string.IsNullOrEmpty(y)) // good: non-constant
+                {
+                }
+
+                string z = " ";
+                if (string.IsNullOrEmpty(z)) // would be nice... bad: always false
+                {
+                }
+
+                string a = "a";
+                if (string.IsNullOrEmpty(a)) // would be nice... bad: always false
+                {
+                }
+
+                if (args[1] != null)
+                    a = "";
+                if (string.IsNullOrEmpty(a)) // good: non-constant
+                {
+                }
+
+                if (string.IsNullOrEmpty(null)) // bad: always true
+                {
+                }
+
+                if (string.IsNullOrEmpty("")) // bad: always true
+                {
+                }
+
+                if (string.IsNullOrEmpty(" ")) // bad: always false
+                {
+                }
+            }
+        }
+    }
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The `Constant Condition` query was extended to catch cases when `String.IsNullOrEmpty` returns a constant value.