[javascript] New rule AvoidConsoleStatements (#5126)

Merge pull request #5126 from adangel:js-rule-avoidconsolestatements

.all-contributorsrc

@@ -7745,6 +7745,15 @@
       "contributions": [
         "bug"
       ]
+    },
+    {
+      "login": "dschach",
+      "name": "David Schach",
+      "avatar_url": "https://avatars.githubusercontent.com/u/636977?v=4",
+      "profile": "https://github.com/dschach",
+      "contributions": [
+        "bug"
+      ]
     }
   ],
   "contributorsPerLine": 7,

docs/pages/release_notes.md

@@ -40,6 +40,8 @@ are no longer available.
 #### New Rules
 * The new Java rule {%rule java/multithreading/AvoidSynchronizedStatement %} finds synchronization blocks that
   could cause performance issues with virtual threads due to pinning.
+* The new JavaScript rule {%rule ecmascript/performance/AvoidConsoleStatements %} finds any function calls
+  on the Console API (e.g. `console.log`). Using these in production code might negatively impact performance.
 
 ### 🐛 Fixed Issues
 * apex-performance
@@ -59,6 +61,8 @@ are no longer available.
   * [#5162](https://github.com/pmd/pmd/issues/5162): \[java] SingularField: False-positive when preceded by synchronized block
 * java-multithreading
   * [#5175](https://github.com/pmd/pmd/issues/5175): \[java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
+* javascript-performance
+  * [#5105](https://github.com/pmd/pmd/issues/5105): \[javascript] Prohibit any console methods
 * plsql
   * [#5125](https://github.com/pmd/pmd/pull/5125): \[plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
 * plsql-bestpractices

pmd-javascript/src/main/resources/category/ecmascript/categories.properties

@@ -5,7 +5,8 @@
 rulesets.filenames=\
     category/ecmascript/bestpractices.xml,\
     category/ecmascript/codestyle.xml,\
-    category/ecmascript/errorprone.xml
+    category/ecmascript/errorprone.xml,\
+    category/ecmascript/performance.xml
 
 #
 #empty categories:
@@ -13,5 +14,4 @@ rulesets.filenames=\
 #category/ecmascript/design.xml,
 #category/ecmascript/documentation.xml,
 #category/ecmascript/multithreading.xml,
-#category/ecmascript/performance.xml,
 #category/ecmascript/security.xml,

pmd-javascript/src/main/resources/category/ecmascript/performance.xml

@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <ruleset name="Performance"
          xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -9,4 +8,42 @@
 Rules that flag suboptimal code.
     </description>
 
+    <rule name="AvoidConsoleStatements"
+          language="ecmascript"
+          since="7.5.0"
+          message="Avoid console statements since they negatively impact performance"
+          class="net.sourceforge.pmd.lang.rule.xpath.XPathRule"
+          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_ecmascript_performance.html#avoidconsolestatements">
+        <description>
+Using the console for logging in production might negatively impact performance.
+In addition, logging could expose sensitive data.
+        </description>
+        <priority>3</priority>
+        <properties>
+            <property name="xpath">
+                <value>
+                    <![CDATA[
+//FunctionCall[PropertyGet
+    [Name[1][@Identifier = 'console']]
+    [Name[2][@Identifier]]
+  ]
+|
+//FunctionCall[PropertyGet
+    [PropertyGet[1]
+        [Name[1][@Identifier = 'window']]
+        [Name[2][@Identifier = 'console']]
+    ]
+    [Name[1][@Identifier]]
+  ]
+
+]]>
+                </value>
+            </property>
+        </properties>
+        <example><![CDATA[
+var myObj = getData();
+console.log(myObj); // bad
+console.debug("myObj:", myObj); // bad
+]]></example>
+    </rule>
 </ruleset>

pmd-javascript/src/test/java/net/sourceforge/pmd/lang/ecmascript/rule/performance/AvoidConsoleStatementsTest.java

@@ -0,0 +1,11 @@
+/*
+ * BSD-style license; for more info see http://pmd.sourceforge.net/license.html
+ */
+
+package net.sourceforge.pmd.lang.ecmascript.rule.performance;
+
+import net.sourceforge.pmd.test.PmdRuleTst;
+
+class AvoidConsoleStatementsTest extends PmdRuleTst {
+    // no additional unit tests
+}

pmd-javascript/src/test/resources/net/sourceforge/pmd/lang/ecmascript/rule/performance/xml/AvoidConsoleStatements.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<test-data
+        xmlns="http://pmd.sourceforge.net/rule-tests"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests https://pmd.github.io/schema/rule-tests_1_0_0.xsd">
+
+    <test-code>
+        <description>Any console method should be flagged</description>
+        <expected-problems>9</expected-problems>
+        <code><![CDATA[
+console.log('foo');
+console.error('foo');
+console.info('foo');
+console.warn('foo');
+console.debug('foo');
+console.trace('foo');
+console.assert(false, 'foo');
+console.dir(myObj);
+console.group('label');
+]]></code>
+    </test-code>
+
+    <test-code>
+        <description>Any console method via window.console should be flagged</description>
+        <expected-problems>9</expected-problems>
+        <code><![CDATA[
+window.console.log('foo');
+window.console.error('foo');
+window.console.info('foo');
+window.console.warn('foo');
+window.console.debug('foo');
+window.console.trace('foo');
+window.console.assert(false, 'foo');
+window.console.dir(myObj);
+window.console.group('label');
+]]></code>
+    </test-code>
+
+    <test-code>
+        <description>Other similar methods shouldn't be flagged</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+var MyFoo = {
+    debug: function(a) {
+        // ...
+    },
+    console: {
+        debug: function(a) {
+            // ...
+        }
+    }
+};
+
+MyFoo.debug('bar'); // ok, it is not console.debug
+MyFoo.console.debug('bar'); // ok, it is not console.debug
+]]></code>
+    </test-code>
+</test-data>