Create rule S6646: Boolean expressions should not be gratuitous (#2223)

2024-08-08 17:28:53 +02:00 · 2024-08-08 17:28:53 +02:00 · 8f7fcf7047
commit 8f7fcf7047
parent 8630818ded
11 changed files with 171 additions and 0 deletions
--- a/rules/S6646/java/description-common.adoc
+++ b/rules/S6646/java/description-common.adoc
@ -0,0 +1,7 @@
+include::introduction.adoc[]
+
+include::why-is-this-an-issue.adoc[]
+
+include::what-is-the-potential-impact.adoc[]
+
+include::how-to-fix-it.adoc[]
--- a/rules/S6646/java/highlighting.adoc
+++ b/rules/S6646/java/highlighting.adoc
@ -0,0 +1,3 @@
+=== Highlighting
+
+Primary: the gratuitous expression
--- a/rules/S6646/java/how-to-fix-it.adoc
+++ b/rules/S6646/java/how-to-fix-it.adoc
@ -0,0 +1,9 @@
+== How to fix it
+
+Gratuitous boolean expressions are suspicious and should be carefully removed from the code.
+
+First, the boolean expression in question should be closely inspected for logical errors.
+If a mistake was made, it can be corrected so the condition is no longer gratuitous.
+
+If it becomes apparent that the condition is actually unnecessary, it can be removed. The associated control flow construct
+(e.g., the `if`-statement containing the condition) will be adapted or even removed, leaving only the necessary branches.
--- a/rules/S6646/java/introduction.adoc
+++ b/rules/S6646/java/introduction.adoc
@ -0,0 +1,4 @@
+Gratuitous boolean expressions are conditions that do not change the evaluation
+of a program.
+This issue can indicate logical errors and affect the correctness of an
+application, as well as its maintainability.
--- a/rules/S6646/java/message.adoc
+++ b/rules/S6646/java/message.adoc
@ -0,0 +1,3 @@
+=== Message
+
+* Fix this expression which always evaluates to "[true|false]".
--- a/rules/S6646/java/metadata.json
+++ b/rules/S6646/java/metadata.json
@ -0,0 +1,42 @@
+{
+  "title": "Boolean expressions should not be gratuitous",
+  "type": "CODE_SMELL",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "MEDIUM"
+    },
+    "attribute": "LOGICAL"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "10min"
+  },
+  "tags": [
+    "cwe",
+    "suspicious",
+    "redundant",
+    "symbolic-execution"
+  ],
+  "extra": {
+    "replacementRules": [
+
+    ],
+    "legacyKeys": [
+
+    ]
+  },
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6646",
+  "sqKey": "S6646",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      489,
+      571,
+      570
+    ]
+  },
+  "defaultQualityProfiles": [],
+  "quickfix": "unknown"
+}
--- a/rules/S6646/java/rule.adoc
+++ b/rules/S6646/java/rule.adoc
@ -0,0 +1,74 @@
+include::./description-common.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,java,diff-id=1,diff-type=noncompliant]
+----
+public class MyClass {
+    public void doThings(boolean b, boolean c) {
+        boolean a = true;
+        if (a) {                // Noncompliant
+          doSomething();
+        }
+
+        if (b && a) {           // Noncompliant; "a" is always "true"
+          doSomething();
+        }
+
+        if (c || !a) {          // Noncompliant; "!a" is always "false"
+          doSomething();
+        }
+
+        if (c || (!c && b)) {   // Noncompliant; c || (!c && b) is equal to c || b
+          doSomething();
+        }
+    }
+}
+----
+
+==== Compliant solution
+
+[source,java,diff-id=1,diff-type=compliant]
+----
+public class MyClass {
+    public void doThings(boolean b, boolean c) {
+        a = true;
+        if (foo(a)) {
+          doSomething();
+        }
+
+        if (b) {
+          doSomething();
+        }
+
+        if (c) {
+          doSomething();
+        }
+
+        if (c || b) {
+          doSomething();
+        }
+    }
+}
+----
+
+include::./see.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::./message.adoc[]
+
+include::./highlighting.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+
+endif::env-github,rspecator-view[]
--- a/rules/S6646/java/see.adoc
+++ b/rules/S6646/java/see.adoc
@ -0,0 +1,6 @@
+== Resources
+
+=== Articles & blog posts
+
+* CWE - https://cwe.mitre.org/data/definitions/571[CWE-571 - Expression is Always True]
+* CWE - https://cwe.mitre.org/data/definitions/570[CWE-570 - Expression is Always False]
--- a/rules/S6646/java/what-is-the-potential-impact.adoc
+++ b/rules/S6646/java/what-is-the-potential-impact.adoc
@ -0,0 +1,13 @@
+=== What is the potential impact?
+
+The presence of gratuitous conditions can indicate a logical error.
+For example, the programmer _intended_ to have the program branch into different
+paths but made a mistake when formulating the branching condition.
+In this case, this issue might result in a bug and thus affect the reliability
+of the application.
+For instance, it might lead to the computation of incorrect results.
+
+Additionally, gratuitous conditions and control flow constructs introduce
+unnecessary complexity.
+The source code becomes harder to understand, and thus, the application becomes
+more difficult to maintain.
--- a/rules/S6646/java/why-is-this-an-issue.adoc
+++ b/rules/S6646/java/why-is-this-an-issue.adoc
@ -0,0 +1,8 @@
+== Why is this an issue?
+
+Control flow constructs like `if`-statements allow the programmer to direct the
+flow of a program depending on a boolean expression.
+However, if the condition is always true or always false, only one of the
+branches will ever be executed.
+In that case, the control flow construct and the condition no longer serve a
+purpose; they become _gratuitous_.
--- a/rules/S6646/metadata.json
+++ b/rules/S6646/metadata.json
@ -0,0 +1,2 @@
+{
+}