Example 1 with CFFunctionExpression
use of cfml.parsing.cfscript.CFFunctionExpression in project CFLint by cflint.
the class CFLint method process.
private void process(final CFExpression expression, final Element elem, Context oldcontext) {
if (expression != null) {
final Context context = oldcontext.subContext(elem);
for (final CFLintScanner plugin : extensions) {
try {
plugin.expression(expression, context, bugs);
for (final ContextMessage message : context.getMessages()) {
reportRule(elem, expression, context, plugin, message);
}
context.getMessages().clear();
} catch (final Exception e) {
printException(e);
reportRule(elem, expression, context, plugin, PLUGIN_ERROR);
fireCFLintException(e, PLUGIN_ERROR, context.getFilename(), null, null, null, null);
}
}
// Handle a few expression types in a special fashion.
if (expression instanceof CFVarDeclExpression) {
handler.addVariable(((CFVarDeclExpression) expression).getName());
}
//CFIdentifier should not decompose
if (expression instanceof CFIdentifier) {
final String name = ((CFIdentifier) expression).getName();
handler.checkVariable(name);
}
if (expression instanceof CFAssignmentExpression && !(expression instanceof CFTernaryExpression)) {
final Context assignmentContext = context.subContext(elem);
assignmentContext.setInAssignmentExpression(true);
process(((CFAssignmentExpression) expression).getLeft(), elem, assignmentContext);
// Right hand side is handled below. Left hand side gets a
// special context.
process(((CFAssignmentExpression) expression).getRight(), elem, context);
//Only process function call expressions
} else if (expression instanceof CFFullVarExpression) {
final CFFullVarExpression fullVarExpression = (CFFullVarExpression) expression;
if (context.isInAssignmentExpression() && new CFScopes().isScoped(fullVarExpression, "local") && fullVarExpression.getExpressions().size() > 1) {
handler.addVariable(fullVarExpression.getExpressions().get(1).Decompile(0));
}
for (final CFExpression expr : fullVarExpression.getExpressions()) {
if (expr instanceof CFFunctionExpression) {
process(expr, elem, context);
}
if (expr instanceof CFMember) {
process(((CFMember) expr).getExpression(), elem, context);
}
}
} else {
// Loop into all relevant nested (child) expressions.
for (CFExpression child : expression.decomposeExpression()) {
process(child, elem, context);
}
}
}
}
Also used :
Context(com.cflint.plugins.Context)
CFFunctionExpression(cfml.parsing.cfscript.CFFunctionExpression)
CFLintScanner(com.cflint.plugins.CFLintScanner)
CFAssignmentExpression(cfml.parsing.cfscript.CFAssignmentExpression)
CFIdentifier(cfml.parsing.cfscript.CFIdentifier)
RecognitionException(org.antlr.runtime.RecognitionException)
ParseException(cfml.parsing.reporting.ParseException)
IOException(java.io.IOException)
CFScopes(com.cflint.plugins.core.CFScopes)
CFExpression(cfml.parsing.cfscript.CFExpression)
ContextMessage(com.cflint.plugins.Context.ContextMessage)
CFMember(cfml.parsing.cfscript.CFMember)
CFVarDeclExpression(cfml.parsing.cfscript.CFVarDeclExpression)
CFTernaryExpression(cfml.parsing.cfscript.CFTernaryExpression)
CFFullVarExpression(cfml.parsing.cfscript.CFFullVarExpression)
Example 2 with CFFunctionExpression
use of cfml.parsing.cfscript.CFFunctionExpression in project CFLint by cflint.
the class FunctionXChecker method expression.
@Override
public void expression(final CFExpression expression, final Context context, final BugList bugs) {
if (expression instanceof CFFunctionExpression) {
final String cfmlFunctionCheck = getParameter("functionName");
final CFFunctionExpression functionExpression = (CFFunctionExpression) expression;
if (functionExpression.getName().equalsIgnoreCase(cfmlFunctionCheck)) {
// int lineNo = expression.getLine() + context.startLine() - 1;
// structNew(lineNo, context, bugs);
context.addMessage("AVOID_USING_" + cfmlFunctionCheck.toUpperCase(), cfmlFunctionCheck);
}
}
}
Also used :
CFFunctionExpression(cfml.parsing.cfscript.CFFunctionExpression)
Example 3 with CFFunctionExpression
use of cfml.parsing.cfscript.CFFunctionExpression in project CFLint by cflint.
the class QueryParamChecker method expression.
@Override
public void expression(final CFExpression expression, final Context context, final BugList bugs) {
if (expression instanceof CFFunctionExpression) {
final CFFunctionExpression functionExpression = (CFFunctionExpression) expression;
if (functionExpression.getFunctionName().equalsIgnoreCase("setSql") && !functionExpression.getArgs().isEmpty()) {
final CFExpression argsExpression = functionExpression.getArgs().get(0);
final Pattern p = Pattern.compile(".*#[^#].*", Pattern.DOTALL);
if (p.matcher(argsExpression.Decompile(0)).matches()) {
context.addMessage("QUERYPARAM_REQ", functionExpression.getName());
}
}
}
}
Also used :
Pattern(java.util.regex.Pattern)
CFFunctionExpression(cfml.parsing.cfscript.CFFunctionExpression)
CFExpression(cfml.parsing.cfscript.CFExpression)
Aggregations
CFFunctionExpression (cfml.parsing.cfscript.CFFunctionExpression)3
CFExpression (cfml.parsing.cfscript.CFExpression)2
CFAssignmentExpression (cfml.parsing.cfscript.CFAssignmentExpression)1
CFFullVarExpression (cfml.parsing.cfscript.CFFullVarExpression)1
CFIdentifier (cfml.parsing.cfscript.CFIdentifier)1
CFMember (cfml.parsing.cfscript.CFMember)1
CFTernaryExpression (cfml.parsing.cfscript.CFTernaryExpression)1
CFVarDeclExpression (cfml.parsing.cfscript.CFVarDeclExpression)1
ParseException (cfml.parsing.reporting.ParseException)1
CFLintScanner (com.cflint.plugins.CFLintScanner)1
Context (com.cflint.plugins.Context)1
ContextMessage (com.cflint.plugins.Context.ContextMessage)1
CFScopes (com.cflint.plugins.core.CFScopes)1
IOException (java.io.IOException)1
Pattern (java.util.regex.Pattern)1
RecognitionException (org.antlr.runtime.RecognitionException)1
