[javascript] New rule AvoidConsoleStatements

Fixes pmd#5105

docs/pages/release_notes.md

@@ -20,6 +20,8 @@ This is a {{ site.pmd.release_type }} release.
 
 * The new Apex rule {%rule apex/performance/AvoidNonRestrictiveQueries %} finds SOQL and SOSL queries without a where
   or limit statement. This can quickly cause governor limit exceptions.
+* The new JavaScript rule {%rule ecmascript/performance/AvoidConsoleStatements %} finds usages of `console.log` and
+  similar function calls. Using these in production code might negatively impact performance.
 
 #### Changed rules
 * {%rule apex/codestyle/ClassNamingConventions %}: Two new properties to configure different patterns
@@ -40,6 +42,8 @@ This is a {{ site.pmd.release_type }} release.
   * [#1488](https://github.com/pmd/pmd/issues/1488): \[java] MissingStaticMethodInNonInstantiatableClass: False positive with Lombok Builder on Constructor
 * javascript-errorprone
   * [#4716](https://github.com/pmd/pmd/issues/4716): \[javascript] InaccurateNumericLiteral with number 259200000
+* javascript-performance
+  * [#5105](https://github.com/pmd/pmd/issues/5105): \[javascript] Prohibit any console methods
 * plsql
   * [#5086](https://github.com/pmd/pmd/pull/5086): \[plsql] Fixed issue with missing optional table alias in MERGE usage
   * [#5087](https://github.com/pmd/pmd/pull/5087): \[plsql] Add support for SQL_MACRO

pmd-javascript/src/main/resources/category/ecmascript/categories.properties

@@ -5,13 +5,13 @@
 rulesets.filenames=\
     category/ecmascript/bestpractices.xml,\
     category/ecmascript/codestyle.xml,\
-    category/ecmascript/errorprone.xml
+    category/ecmascript/errorprone.xml,\
+    category/ecmascript/performance.xml
 
 #
 #empty categories:
 #
 #category/ecmascript/design.xml,
 #category/ecmascript/documentation.xml,
 #category/ecmascript/multithreading.xml,
-#category/ecmascript/performance.xml,
 #category/ecmascript/security.xml,

pmd-javascript/src/main/resources/category/ecmascript/performance.xml

@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <ruleset name="Performance"
          xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -9,4 +8,38 @@
 Rules that flag suboptimal code.
     </description>
 
+    <rule name="AvoidConsoleStatements"
+          language="ecmascript"
+          since="7.4.0"
+          message="Avoid console statements since they negatively impact performance"
+          class="net.sourceforge.pmd.lang.rule.xpath.XPathRule"
+          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_ecmascript_performance.html#avoidconsolestatements">
+        <description>
+Using the console for logging in production might negatively impact performance.
+In addition, logging could expose sensitive data.
+        </description>
+        <priority>3</priority>
+        <properties>
+            <property name="methods" type="List[String]" value="log,error,info,warn,debug,trace" description="The methods of the console object that should be flagged."/>
+            <property name="xpath">
+                <value>
+                    <![CDATA[
+//FunctionCall[PropertyGet
+    [Name[1][@Identifier = 'console']]
+    [Name[2][@Identifier = $methods]]
+  ]
+|
+//FunctionCall[PropertyGet
+    [PropertyGet[1]
+        [Name[1][@Identifier = 'window']]
+        [Name[2][@Identifier = 'console']]
+    ]
+    [Name[1][@Identifier = $methods]]
+  ]
+
+]]>
+                </value>
+            </property>
+        </properties>
+    </rule>
 </ruleset>

pmd-javascript/src/test/java/net/sourceforge/pmd/lang/ecmascript/rule/performance/AvoidConsoleStatementsTest.java

@@ -0,0 +1,11 @@
+/*
+ * BSD-style license; for more info see http://pmd.sourceforge.net/license.html
+ */
+
+package net.sourceforge.pmd.lang.ecmascript.rule.performance;
+
+import net.sourceforge.pmd.test.PmdRuleTst;
+
+class AvoidConsoleStatementsTest extends PmdRuleTst {
+    // no additional unit tests
+}

pmd-javascript/src/test/resources/net/sourceforge/pmd/lang/ecmascript/rule/performance/xml/AvoidConsoleStatements.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<test-data
+        xmlns="http://pmd.sourceforge.net/rule-tests"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests https://pmd.github.io/schema/rule-tests_1_0_0.xsd">
+
+    <test-code>
+        <description>Default console methods should be flagged</description>
+        <expected-problems>6</expected-problems>
+        <code><![CDATA[
+console.log('foo'); // bad
+console.error('foo'); // bad
+console.info('foo'); // bad
+console.warn('foo'); // bad
+console.debug('foo'); // bad
+console.trace('foo'); // bad
+]]></code>
+    </test-code>
+
+    <test-code>
+        <description>Default console methods via window.console should be flagged</description>
+        <expected-problems>6</expected-problems>
+        <code><![CDATA[
+window.console.log('foo'); // bad
+window.console.error('foo'); // bad
+window.console.info('foo'); // bad
+window.console.warn('foo'); // bad
+window.console.debug('foo'); // bad
+window.console.trace('foo'); // bad
+]]></code>
+    </test-code>
+
+    <test-code>
+        <description>Other similar methods shouldn't be flagged</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+var MyFoo = {
+    debug: function(a) {
+        // ...
+    }
+};
+
+MyFoo.debug('bar'); // ok, it is not console.debug
+]]></code>
+    </test-code>
+</test-data>