Code rules: Do not allow console.log in the source code (#235)

* Add console.log semgrep rule * make sure the error is a warning
grafana · Jul 22, 2024 · 188d54f · 188d54f
1 parent ac28776
commit 188d54f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 1 deletion.
diff --git a/pkg/analysis/passes/coderules/coderules_test.go b/pkg/analysis/passes/coderules/coderules_test.go
@@ -110,5 +110,43 @@ func TestUseSyscall(t *testing.T) {
 	_, err := Analyzer.Run(pass)
 	require.NoError(t, err)
 	require.Len(t, interceptor.Diagnostics, 1)
-	require.Equal(t, "It is not permitted to use the syscall module. Using syscall.Getcwd is not permitted", interceptor.Diagnostics[0].Title)
+	require.Equal(
+		t,
+		"It is not permitted to use the syscall module. Using syscall.Getcwd is not permitted",
+		interceptor.Diagnostics[0].Title,
+	)
+}
+
+func TestJSConsoleLog(t *testing.T) {
+	if !isSemgrepInstalled() {
+		t.Skip("semgrep not installed, skipping test")
+		return
+	}
+	var interceptor testpassinterceptor.TestPassInterceptor
+	pass := &analysis.Pass{
+		RootDir: filepath.Join("./"),
+		ResultOf: map[*analysis.Analyzer]interface{}{
+			sourcecode.Analyzer: filepath.Join("testdata", "console-log"),
+		},
+		Report: interceptor.ReportInterceptor(),
+	}
+
+	_, err := Analyzer.Run(pass)
+	require.NoError(t, err)
+	require.Len(t, interceptor.Diagnostics, 1)
+	require.Equal(
+		t,
+		"Console logging detected. Plugins should not log to the console.",
+		interceptor.Diagnostics[0].Title,
+	)
+	require.Equal(
+		t,
+		interceptor.Diagnostics[0].Detail,
+		"Code rule violation found in testdata/console-log/index.ts at line 2",
+	)
+	require.Equal(
+		t,
+		interceptor.Diagnostics[0].Severity,
+		analysis.Warning,
+	)
 }
diff --git a/pkg/analysis/passes/coderules/semgrep-rules.yaml b/pkg/analysis/passes/coderules/semgrep-rules.yaml
@@ -110,3 +110,13 @@ rules:
     message: It is not permitted to use the syscall module. Using syscall.$F is not permitted
     languages: [go]
     severity: ERROR
+
+  - id: detect-console-logs
+    pattern-either:
+      - pattern: console.log(...)
+      - pattern: console.info(...)
+      - pattern: console.table(...)
+      - pattern: console.error(...)
+    message: "Console logging detected. Plugins should not log to the console."
+    languages: [javascript, typescript]
+    severity: WARNING
diff --git a/pkg/analysis/passes/coderules/testdata/console-log/index.ts b/pkg/analysis/passes/coderules/testdata/console-log/index.ts
@@ -0,0 +1,3 @@
+function test() {
+  console.log("test");
+}