Example 1 with ASTAssignmentExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression in project pmd by pmd.
the class ApexCRUDViolationRule method checkForAccessibility.
private void checkForAccessibility(final ASTSoqlExpression node, Object data) {
final boolean isCount = node.getNode().getCanonicalQuery().startsWith("SELECT COUNT()");
final Set<String> typesFromSOQL = getTypesFromSOQLQuery(node);
final Set<ASTMethodCallExpression> prevCalls = getPreviousMethodCalls(node);
for (ASTMethodCallExpression prevCall : prevCalls) {
collectCRUDMethodLevelChecks(prevCall);
}
boolean isGetter = false;
String returnType = null;
final ASTMethod wrappingMethod = node.getFirstParentOfType(ASTMethod.class);
final ASTUserClass wrappingClass = node.getFirstParentOfType(ASTUserClass.class);
if (isCount || wrappingClass != null && Helper.isTestMethodOrClass(wrappingClass) || wrappingMethod != null && Helper.isTestMethodOrClass(wrappingMethod)) {
return;
}
if (wrappingMethod != null) {
isGetter = isMethodAGetter(wrappingMethod);
returnType = getReturnType(wrappingMethod);
}
final ASTVariableDeclaration variableDecl = node.getFirstParentOfType(ASTVariableDeclaration.class);
if (variableDecl != null) {
String type = variableDecl.getNode().getLocalInfo().getType().getApexName();
type = getSimpleType(type);
StringBuilder typeCheck = new StringBuilder().append(variableDecl.getNode().getDefiningType().getApexName()).append(":").append(type);
if (!isGetter) {
if (typesFromSOQL.isEmpty()) {
validateCRUDCheckPresent(node, data, ANY, typeCheck.toString());
} else {
for (String typeFromSOQL : typesFromSOQL) {
validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
}
}
}
}
final ASTAssignmentExpression assignment = node.getFirstParentOfType(ASTAssignmentExpression.class);
if (assignment != null) {
final ASTVariableExpression variable = assignment.getFirstChildOfType(ASTVariableExpression.class);
if (variable != null) {
String variableWithClass = Helper.getFQVariableName(variable);
if (varToTypeMapping.containsKey(variableWithClass)) {
String type = varToTypeMapping.get(variableWithClass);
if (!isGetter) {
if (typesFromSOQL.isEmpty()) {
validateCRUDCheckPresent(node, data, ANY, type);
} else {
for (String typeFromSOQL : typesFromSOQL) {
validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
}
}
}
}
}
}
final ASTReturnStatement returnStatement = node.getFirstParentOfType(ASTReturnStatement.class);
if (returnStatement != null) {
if (!isGetter) {
if (typesFromSOQL.isEmpty()) {
validateCRUDCheckPresent(node, data, ANY, returnType);
} else {
for (String typeFromSOQL : typesFromSOQL) {
validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
}
}
}
}
}
Also used :
ASTUserClass(net.sourceforge.pmd.lang.apex.ast.ASTUserClass)
ASTAssignmentExpression(net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTMethod(net.sourceforge.pmd.lang.apex.ast.ASTMethod)
ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)
ASTReturnStatement(net.sourceforge.pmd.lang.apex.ast.ASTReturnStatement)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Example 2 with ASTAssignmentExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression in project pmd by pmd.
the class ApexSOQLInjectionRule method visit.
@Override
public Object visit(ASTUserClass node, Object data) {
if (Helper.isTestMethodOrClass(node) || Helper.isSystemLevelClass(node)) {
// stops all the rules
return data;
}
final List<ASTMethod> methodExpr = node.findDescendantsOfType(ASTMethod.class);
for (ASTMethod m : methodExpr) {
findSafeVariablesInSignature(m);
}
final List<ASTFieldDeclaration> fieldExpr = node.findDescendantsOfType(ASTFieldDeclaration.class);
for (ASTFieldDeclaration a : fieldExpr) {
findSanitizedVariables(a);
findSelectContainingVariables(a);
}
// String foo = String.escapeSignleQuotes(...);
final List<ASTVariableDeclaration> variableDecl = node.findDescendantsOfType(ASTVariableDeclaration.class);
for (ASTVariableDeclaration a : variableDecl) {
findSanitizedVariables(a);
findSelectContainingVariables(a);
}
// baz = String.escapeSignleQuotes(...);
final List<ASTAssignmentExpression> assignmentCalls = node.findDescendantsOfType(ASTAssignmentExpression.class);
for (ASTAssignmentExpression a : assignmentCalls) {
findSanitizedVariables(a);
findSelectContainingVariables(a);
}
// Database.query(...) check
final List<ASTMethodCallExpression> potentialDbQueryCalls = node.findDescendantsOfType(ASTMethodCallExpression.class);
for (ASTMethodCallExpression m : potentialDbQueryCalls) {
if (!Helper.isTestMethodOrClass(m) && Helper.isMethodName(m, DATABASE, QUERY)) {
reportStrings(m, data);
reportVariables(m, data);
}
}
safeVariables.clear();
selectContainingVariables.clear();
return data;
}
Also used :
ASTAssignmentExpression(net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)
ASTMethod(net.sourceforge.pmd.lang.apex.ast.ASTMethod)
ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)
ASTFieldDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Example 3 with ASTAssignmentExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression in project pmd by pmd.
the class ApexOpenRedirectRule method findSafeLiterals.
private void findSafeLiterals(AbstractApexNode<?> node) {
ASTBinaryExpression binaryExp = node.getFirstChildOfType(ASTBinaryExpression.class);
if (binaryExp != null) {
findSafeLiterals(binaryExp);
}
ASTLiteralExpression literal = node.getFirstChildOfType(ASTLiteralExpression.class);
if (literal != null) {
int index = literal.jjtGetChildIndex();
if (index == 0) {
if (node instanceof ASTVariableDeclaration) {
addVariable((ASTVariableDeclaration) node);
} else if (node instanceof ASTBinaryExpression) {
ASTVariableDeclaration parent = node.getFirstParentOfType(ASTVariableDeclaration.class);
if (parent != null) {
addVariable(parent);
}
ASTAssignmentExpression assignment = node.getFirstParentOfType(ASTAssignmentExpression.class);
if (assignment != null) {
ASTVariableExpression var = assignment.getFirstChildOfType(ASTVariableExpression.class);
if (var != null) {
addVariable(var);
}
}
}
}
} else {
if (node instanceof ASTField) {
/*
* sergey.gorbaty: Apex Jorje parser is returning a null from
* Field.getFieldInfo(), but the info is available from an inner
* field. DO NOT attempt to optimize this block without checking
* that Jorje parser actually fixed its bug.
*
*/
try {
final Field f = node.getNode().getClass().getDeclaredField("fieldInfo");
f.setAccessible(true);
final StandardFieldInfo fieldInfo = (StandardFieldInfo) f.get(node.getNode());
if (fieldInfo.getType().getApexName().equalsIgnoreCase("String")) {
if (fieldInfo.getValue() != null) {
addVariable(fieldInfo);
}
}
} catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
throw new RuntimeException(e);
}
}
}
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTField(net.sourceforge.pmd.lang.apex.ast.ASTField)
ASTField(net.sourceforge.pmd.lang.apex.ast.ASTField)
Field(java.lang.reflect.Field)
ASTAssignmentExpression(net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)
ASTLiteralExpression(net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)
ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)
StandardFieldInfo(apex.jorje.semantic.symbol.member.variable.StandardFieldInfo)
Example 4 with ASTAssignmentExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression in project pmd by pmd.
the class ApexOpenRedirectRule method visit.
@Override
public Object visit(ASTUserClass node, Object data) {
if (Helper.isTestMethodOrClass(node) || Helper.isSystemLevelClass(node)) {
// stops all the rules
return data;
}
List<ASTAssignmentExpression> assignmentExprs = node.findDescendantsOfType(ASTAssignmentExpression.class);
for (ASTAssignmentExpression assignment : assignmentExprs) {
findSafeLiterals(assignment);
}
List<ASTVariableDeclaration> variableDecls = node.findDescendantsOfType(ASTVariableDeclaration.class);
for (ASTVariableDeclaration varDecl : variableDecls) {
findSafeLiterals(varDecl);
}
List<ASTField> fieldDecl = node.findDescendantsOfType(ASTField.class);
for (ASTField fDecl : fieldDecl) {
findSafeLiterals(fDecl);
}
List<ASTNewObjectExpression> newObjects = node.findDescendantsOfType(ASTNewObjectExpression.class);
for (ASTNewObjectExpression newObj : newObjects) {
checkNewObjects(newObj, data);
}
listOfStringLiteralVariables.clear();
return data;
}
Also used :
ASTAssignmentExpression(net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)
ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)
ASTNewObjectExpression(net.sourceforge.pmd.lang.apex.ast.ASTNewObjectExpression)
ASTField(net.sourceforge.pmd.lang.apex.ast.ASTField)
Aggregations
ASTAssignmentExpression (net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)4
ASTVariableDeclaration (net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)4
ASTField (net.sourceforge.pmd.lang.apex.ast.ASTField)2
ASTMethod (net.sourceforge.pmd.lang.apex.ast.ASTMethod)2
ASTMethodCallExpression (net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)2
ASTVariableExpression (net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)2
StandardFieldInfo (apex.jorje.semantic.symbol.member.variable.StandardFieldInfo)1
Field (java.lang.reflect.Field)1
ASTBinaryExpression (net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)1
ASTFieldDeclaration (net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration)1
ASTLiteralExpression (net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)1
ASTNewObjectExpression (net.sourceforge.pmd.lang.apex.ast.ASTNewObjectExpression)1
ASTReturnStatement (net.sourceforge.pmd.lang.apex.ast.ASTReturnStatement)1
ASTUserClass (net.sourceforge.pmd.lang.apex.ast.ASTUserClass)1
