Java: Add query to detect special characters in string literals #19875
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -0,0 +1 @@ | |||
| Violations of Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.ql | |||
Check warning
Code scanning / CodeQL
Query test without inline test expectations Warning test
There was a problem hiding this comment.
Did you consider an inline expectations test?
There was a problem hiding this comment.
Yes, I quickly turned it into an inline expectations test, but it failed, I think due to the fact that the strings contain multiple special characters. So then I reverted it, and kept it as it is.
tamasvajk
force-pushed
the
quality/spec_chars
branch
3 times, most recently
from
e1b966e to
9db9200
Compare
tamasvajk
force-pushed
the
quality/spec_chars
branch
2 times, most recently
from
eeaaa87 to
834cb1b
Compare
| * correctness | ||
| * maintainability | ||
| * readability |
There was a problem hiding this comment.
Just checking: you believe this matches both the correctness and readability categories?
There was a problem hiding this comment.
I think readability is definitely okay. correctness might/could be challenged. What do you think?
There was a problem hiding this comment.
I think it can belong to both. But between maintainability and reliability, you think it's better to choose maintainability, because readability is definitely an issue whereas correctness is only occasionally an issue?
There was a problem hiding this comment.
I haven't given it this much thought. I simply thought maintainability goes together with readability. I think we could remove the correctness tag, and then it fully matches the guidelines, of having one top level tag and one subcategory from that tag.
There was a problem hiding this comment.
Eh, I think it's fine as it is actually.
There was a problem hiding this comment.
Hmm, I just read the description of this PR and it says that we shouldn't use subcategories from different top-level categories. I will discuss the issue on that PR. Maybe wait until that discussion is complete to see if we should remove correctness.
There was a problem hiding this comment.
You don't need to remove correctness.
There was a problem hiding this comment.
I already removed it. I think it's okay if we keep the tags to a minimum for the time being.
| @@ -0,0 +1 @@ | |||
| Violations of Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.ql | |||
There was a problem hiding this comment.
Did you consider an inline expectations test?
tamasvajk
added
the
ready-for-doc-review
| - [Unicode Control Characters](https://www.unicode.org/charts/PDF/U0000.pdf). | ||
| - [Unicode C0 control codes](https://en.wikipedia.org/wiki/C0_and_C1_control_codes). | ||
| - [Unicode characters with property "WSpace=yes" or "White_Space=yes"](https://en.wikipedia.org/wiki/Unicode_character_property#Whitespace). | ||
| - [Java String Literals](https://docs.oracle.com/javase/tutorial/java/data/characters.html). | ||
| - [Java Class Charset](https://docs.oracle.com/javase/8/docs/api///?java/nio/charset/Charset.html). |
There was a problem hiding this comment.
It's a bit pedantic, but these don't follow the style guide for references. Examples:
- Java API Specification: [Pattern.MULTILINE](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html#MULTILINE)
- Wikipedia: [Template method pattern](https://en.wikipedia.org/wiki/Template_method_pattern).
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
... Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.md
Outdated
Show resolved
Hide resolved
| * @tags quality | ||
| * maintainability | ||
| * readability |
There was a problem hiding this comment.
@michaelnebel and I concluded that you can keep correctness, btw.
tamasvajk
force-pushed
the
quality/spec_chars
branch
from
4fcbdc6 to
14a91dc
Compare
|
I just noticed that this is |
I think we can increase the precision. There are 139 alerts on the top 1000 MRVA repos. |
tamasvajk
force-pushed
the
quality/spec_chars
branch
from
14a91dc to
ddfd774
Compare
tamasvajk
force-pushed
the
quality/spec_chars
branch
from
ddfd774 to
ccbf705
Compare
This pull request introduces a new query to detect non-explicit control and whitespace characters in Java literals, improving code readability and reducing potential bugs caused by invisible or hard-to-recognize characters.
Manually testing autofix works, the special characters are replaced with
\u0....