SA0035 : TODO,HACK or UNDONE phrase found in a comment |
 |
Code comments should not contain placeholder or temporary phrases like TODO, HACK, or UNDONE.
DescriptionIn SQL Server development, it’s important to maintain clear and professional code. This involves avoiding comments that suggest incomplete or interim work, such as using TODO, HACK, or UNDONE in your T-SQL scripts. Such comments can be misleading and may indicate areas in the code that need improvement, optimization, or finalization but haven’t been addressed yet.
For example:
1-- TODO: Replace this with a secured implementation 2SELECT * FROM Users WHERE name = 'admin';
This example highlights a section where a developer intended to implement security features but left a placeholder comment. This practice can result in security vulnerabilities, performance issues, or logic errors if left unresolved.
-
Unresolved placeholders can result in incomplete or suboptimal code being pushed to production.
-
Using temporary phrases in comments may lead to misunderstandings among development teams about the code’s maturity and readiness.
How to fixEnsure all code comments are meaningful and complete, avoiding placeholders like TODO, HACK, or UNDONE.
Follow these steps to address the issue:
-
Review the T-SQL script for any comments containing placeholder terms such as TODO, HACK, or UNDONE.
-
Replace these placeholder comments with detailed explanations or fully implement the required changes indicated by the comments. Ensure the code is tested and secure.
-
Remove any unnecessary comments that do not add value to the understanding of the code. Every comment should add clarity to why a piece of code exists.
For example, instead of leaving a TODO comment:
1-- TODO: Replace this with a secured implementation 2SELECT * FROM Users WHERE name = 'admin';
Update the comment to offer clarity and ensure the code is secure:
1-- Implemented security for user retrieval 2SELECT * FROM Users WHERE name = @UserName;
ScopeThe rule has a Batch scope and is applied only on the SQL script.
Parameters| Name | Description | Default Value |
|---|---|---|
| Tokens |
A comma separated list of tokens, which to be matched in comments and reported. |
HACK,TODO,UNDONE |
RemarksThe rule does not need Analysis Context or SQL Connection.
Effort To FixCategoriesDesign Rules, Bugs
Additional InformationThere is no additional info for this rule.
Example Test SQL|
SQL
1-- TODO: Replace hardcoded value with a parameter 2SELECT * 3FROM Customers 4WHERE CustomerID = 123; 5 6-- HACK: Quick fix for performance, needs optimization 7UPDATE Orders SET Status = 'Processed' 8WHERE OrderDate < '2024-01-01'; 9 10-- UNDONE: This logic needs to be reviewed 11DELETE FROM Logs 12WHERE LogDate < DATEADD( DAY, - 30, GETDATE( ) ); |
Analysis Results| Message | Line | Column | |
|---|---|---|---|
| 1 | SA0035 : Text `TODO` found inside comments. | 1 | 0 |
| 2 | SA0035 : Text `HACK` found inside comments. | 6 | 0 |
| 3 | SA0035 : Text `UNDONE` found inside comments. | 10 | 0 |
See Also