Rule S1134 and Rule S1135: Track uses of 'FIXME' and 'TODO' (#2250)

Fix #2041 and Fix #2042

sonaranalyzer-dotnet/its/expected/Ember-MM/EmberAPI-{208AA35E-C6AE-4D2D-A9DD-B6EFD19A4279}-S1135.json

@@ -0,0 +1,30 @@
+{
+"issues":  [
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\EmberAPI\clsAPIImages.vb",
+"region":  {
+"startLine":  458,
+"startColumn":  7,
+"endLine":  458,
+"endColumn":  11
+}
+}
+},
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\EmberAPI\clsAPIModules.vb",
+"region":  {
+"startLine":  781,
+"startColumn":  40,
+"endLine":  781,
+"endColumn":  44
+}
+}
+}
+]
+}

sonaranalyzer-dotnet/its/expected/Ember-MM/generic.EmberCore.MediaFileManager-{F6CACA89-E8E4-45D9-B942-97FBD4ADD106}-S1135.json

@@ -0,0 +1,30 @@
+{
+"issues":  [
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\Addons\generic.EmberCore.MediaFileManager\Module.MediaFileManagerModule.vb",
+"region":  {
+"startLine":  231,
+"startColumn":  38,
+"endLine":  231,
+"endColumn":  42
+}
+}
+},
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\Addons\generic.EmberCore.MediaFileManager\Module.MediaFileManagerModule.vb",
+"region":  {
+"startLine":  239,
+"startColumn":  38,
+"endLine":  239,
+"endColumn":  42
+}
+}
+}
+]
+}

sonaranalyzer-dotnet/its/expected/Ember-MM/generic.EmberCore.NMT-{84B2143A-D04F-4262-923D-21AEDF86E2B7}-S1135.json

@@ -0,0 +1,30 @@
+{
+"issues":  [
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\Addons\generic.EmberCore.NMT\dlgNMTMovies.vb",
+"region":  {
+"startLine":  1634,
+"startColumn":  27,
+"endLine":  1634,
+"endColumn":  31
+}
+}
+},
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\Addons\generic.EmberCore.NMT\Module.NMT.vb",
+"region":  {
+"startLine":  97,
+"startColumn":  23,
+"endLine":  97,
+"endColumn":  27
+}
+}
+}
+]
+}

sonaranalyzer-dotnet/its/expected/Ember-MM/scraper.EmberCore-{EF6A550E-DD76-4F4D-8250-8598140F828B}-S1135.json

@@ -0,0 +1,30 @@
+{
+"issues":  [
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\Addons\scraper.EmberCore\TVScraper\dlgTVImageSelect.vb",
+"region":  {
+"startLine":  21,
+"startColumn":  2,
+"endLine":  21,
+"endColumn":  6
+}
+}
+},
+{
+"id":  "S1135",
+"message":  "Complete the task associated to this 'TODO' comment.",
+"location":  {
+"uri":  "sources\Ember-MM\Addons\scraper.EmberCore\TVScraper\dlgTVImageSelect.vb",
+"region":  {
+"startLine":  22,
+"startColumn":  2,
+"endLine":  22,
+"endColumn":  6
+}
+}
+}
+]
+}

sonaranalyzer-dotnet/rspec/vbnet/S1134_vb.net.html

@@ -0,0 +1,14 @@
+<p><code>FIXME</code> tags are commonly used to mark places where a bug is suspected, but which the developer wants to deal with later.</p>
+<p>Sometimes the developer will not have the time or will simply forget to get back to that tag.</p>
+<p>This rule is meant to track those tags and to ensure that they do not go unnoticed.</p>
+<h2>Noncompliant Code Example</h2>
+<pre>
+Function Divide(ByVal numerator As Integer, ByVal denominator As Integer) As Integer
+    Return numerator / denominator  ' FIXME denominator value might be  0
+End Function
+</pre>
+<h2>See</h2>
+<ul>
+  <li> <a href="http://cwe.mitre.org/data/definitions/546.html">MITRE, CWE-546</a> - Suspicious Comment </li>
+</ul>
+

sonaranalyzer-dotnet/rspec/vbnet/S1134_vb.net.json

@@ -0,0 +1,20 @@
+{
+  "title": "Track uses of \"FIXME\" tags",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "tags": [
+    "cwe"
+  ],
+  "standards": [
+    "CWE"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-1134",
+  "sqKey": "S1134",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      546
+    ]
+  }
+}

sonaranalyzer-dotnet/rspec/vbnet/S1135_vb.net.html

@@ -0,0 +1,14 @@
+<p><code>TODO</code> tags are commonly used to mark places where some more code is required, but which the developer wants to implement later.</p>
+<p>Sometimes the developer will not have the time or will simply forget to get back to that tag.</p>
+<p>This rule is meant to track those tags and to ensure that they do not go unnoticed.</p>
+<h2>Noncompliant Code Example</h2>
+<pre>
+Sub DoSomething()
+    ' TODO
+End Sub
+</pre>
+<h2>See</h2>
+<ul>
+  <li> <a href="http://cwe.mitre.org/data/definitions/546.html">MITRE, CWE-546</a> - Suspicious Comment </li>
+</ul>
+

sonaranalyzer-dotnet/rspec/vbnet/S1135_vb.net.json

@@ -0,0 +1,20 @@
+{
+  "title": "Track uses of \"TODO\" tags",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "tags": [
+    "cwe"
+  ],
+  "standards": [
+    "CWE"
+  ],
+  "defaultSeverity": "Info",
+  "ruleSpecification": "RSPEC-1135",
+  "sqKey": "S1135",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      546
+    ]
+  }
+}

sonaranalyzer-dotnet/rspec/vbnet/Sonar_way_profile.json

@@ -7,6 +7,8 @@
     "S117",
     "S1048",
     "S1075",
+    "S1134",
+    "S1135",
     "S1186",
     "S1197",
     "S1313",

sonaranalyzer-dotnet/rspec/vbnet/Sonar_way_profile_no_hotspot.json

@@ -7,6 +7,8 @@
                      "S117",
                      "S1048",
                      "S1075",
+                     "S1134",
+                     "S1135",
                      "S1186",
                      "S1197",
                      "S1479",

sonaranalyzer-dotnet/src/SonarAnalyzer.CSharp/Helpers/CSharpSyntaxHelper.cs

@@ -346,5 +346,20 @@ public static bool IsLeftSideOfAssignment(this ExpressionSyntax expression)
                 topParenthesizedExpression.Parent is AssignmentExpressionSyntax assignment &&
                 assignment.Left == topParenthesizedExpression;
         }
+
+        public static bool IsComment(this SyntaxTrivia trivia)
+        {
+            switch (trivia.Kind())
+            {
+                case SyntaxKind.SingleLineCommentTrivia:
+                case SyntaxKind.MultiLineCommentTrivia:
+                case SyntaxKind.SingleLineDocumentationCommentTrivia:
+                case SyntaxKind.MultiLineDocumentationCommentTrivia:
+                    return true;
+
+                default:
+                    return false;
+            }
+        }
     }
 }

sonaranalyzer-dotnet/src/SonarAnalyzer.CSharp/Metrics/CSharpMetrics.cs

@@ -74,20 +74,7 @@ protected override bool IsClass(SyntaxNode node)
             }
         }
 
-        protected override bool IsCommentTrivia(SyntaxTrivia trivia)
-        {
-            switch (trivia.Kind())
-            {
-                case SyntaxKind.SingleLineCommentTrivia:
-                case SyntaxKind.MultiLineCommentTrivia:
-                case SyntaxKind.SingleLineDocumentationCommentTrivia:
-                case SyntaxKind.MultiLineDocumentationCommentTrivia:
-                    return true;
-
-                default:
-                    return false;
-            }
-        }
+        protected override bool IsCommentTrivia(SyntaxTrivia trivia) => trivia.IsComment();
 
         protected override bool IsDocumentationCommentTrivia(SyntaxTrivia trivia)
         {

sonaranalyzer-dotnet/src/SonarAnalyzer.CSharp/Rules/CommentFixme.cs → sonaranalyzer-dotnet/src/SonarAnalyzer.CSharp/Rules/CommentKeyword.cs

@@ -1,43 +1,47 @@
-/*
- * SonarAnalyzer for .NET
- * Copyright (C) 2015-2019 SonarSource SA
- * mailto: contact AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-using System.Collections.Immutable;
-using Microsoft.CodeAnalysis;
-using Microsoft.CodeAnalysis.Diagnostics;
-using SonarAnalyzer.Common;
-using SonarAnalyzer.Helpers;
-
-namespace SonarAnalyzer.Rules.CSharp
-{
-    [DiagnosticAnalyzer(LanguageNames.CSharp)]
-    [Rule(DiagnosticId)]
-    public sealed class CommentFixme : CommentWordBase
-    {
-        protected override string Word => "FIXME";
-
-        internal const string DiagnosticId = "S1134";
-        private const string MessageFormat =
-            "Take the required action to fix the issue indicated by this 'FIXME' comment.";
-
-        private static readonly DiagnosticDescriptor rule =
-            DiagnosticDescriptorBuilder.GetDescriptor(DiagnosticId, MessageFormat, RspecStrings.ResourceManager);
-        public override ImmutableArray<DiagnosticDescriptor> SupportedDiagnostics { get; } = ImmutableArray.Create(rule);
-    }
-}
+/*
+ * SonarAnalyzer for .NET
+ * Copyright (C) 2015-2019 SonarSource SA
+ * mailto: contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.Diagnostics;
+using SonarAnalyzer.Common;
+using SonarAnalyzer.Helpers;
+using SonarAnalyzer.Helpers.CSharp;
+
+namespace SonarAnalyzer.Rules.CSharp
+{
+    [DiagnosticAnalyzer(LanguageNames.CSharp)]
+    [Rule(FixMeDiagnosticId)]
+    [Rule(TodoDiagnosticId)]
+    public sealed class CommentKeyword : CommentKeywordBase
+    {
+        internal static readonly DiagnosticDescriptor TODO_Descriptor =
+            DiagnosticDescriptorBuilder.GetDescriptor(TodoDiagnosticId, TodoMessageFormat, RspecStrings.ResourceManager);
+        protected override DiagnosticDescriptor TodoDiagnostic { get; } = TODO_Descriptor;
+
+        internal static readonly DiagnosticDescriptor FIXME_Descriptor =
+            DiagnosticDescriptorBuilder.GetDescriptor(FixMeDiagnosticId, FixMeMessageFormat, RspecStrings.ResourceManager);
+        protected override DiagnosticDescriptor FixMeDiagnostic { get; } = FIXME_Descriptor;
+
+        protected override GeneratedCodeRecognizer GeneratedCodeRecognizer
+            => CSharpGeneratedCodeRecognizer.Instance;
+
+        protected override bool IsComment(SyntaxTrivia trivia) => trivia.IsComment();
+    }
+}