views:

35

answers:

3

I am currently working on a security audit/code review of our system. This requires me to check all pages in the system and make sure that the code behind contains two methods that are used to check security.

Sometimes the code in these methods get commented out to make testing easier.

So, my question is does anyone know an easy way to search code, make sure the methods are present, and to determine which ones have no code or have all the code commented out.

It would make my job much easier if I can get a list instead of having to look at every file...

I'm sure I could write this myself, but I thought someone may know of something that already exists.

Thanks!

A: 

I'm not a regex guy, but lots of programs allow you to search text based on regex (notepad++, textpad, plenty of others i bet) Maybe you could do something like this:

assumption: the regex (/\*([^*]|[\r\n]|(\*+([^*/]|[\r\n])))*\*+/)|(//.*) I found on the interwebs successfully matches comments

--start of method one time-- --match comments surrounded by white space 0 or more times-- --end of method one time--

so my crappy regex attempt that might need tweaking because i'm not good at regex

{((\s*)(/\*([^*]|[\r\n]|(\*+([^*/]|[\r\n])))*\*+/)|(//.*)))*(\s*)}

I hope this at least points you in the right direction =)

glowcoder
A: 

what language is the code written in? for java, perhaps checkstyle with a custom set of preferences could do the job.

for c++, you could run the preprocessor to strip all comments and then grep for empty methods (or a combination of sed/grep).

or use an existing grammar to parse your program (have a look at ANTLR) and add a rule to log empty functions/methods. this would probably require some work, though.

Axel
It's written in C#.
Brian McCord
+2  A: 

I ended up using NDepend and it's CQL feature to find these methods. I tried the regular expression method but gave up after a couple of hours (sorry to all you regular expression masters out there).

Brian McCord