Example 6 with ASTBinaryExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression in project pmd by pmd.
the class ApexInsecureEndpointRule method processInsecureEndpoint.
private void processInsecureEndpoint(ASTMethodCallExpression node, Object data) {
if (!Helper.isMethodName(node, SET_ENDPOINT)) {
return;
}
ASTBinaryExpression binaryNode = node.getFirstChildOfType(ASTBinaryExpression.class);
if (binaryNode != null) {
runChecks(binaryNode, data);
}
runChecks(node, data);
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
Example 7 with ASTBinaryExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression in project pmd by pmd.
the class ApexOpenRedirectRule method findSafeLiterals.
private void findSafeLiterals(AbstractApexNode<?> node) {
ASTBinaryExpression binaryExp = node.getFirstChildOfType(ASTBinaryExpression.class);
if (binaryExp != null) {
findSafeLiterals(binaryExp);
}
ASTLiteralExpression literal = node.getFirstChildOfType(ASTLiteralExpression.class);
if (literal != null) {
int index = literal.jjtGetChildIndex();
if (index == 0) {
if (node instanceof ASTVariableDeclaration) {
addVariable((ASTVariableDeclaration) node);
} else if (node instanceof ASTBinaryExpression) {
ASTVariableDeclaration parent = node.getFirstParentOfType(ASTVariableDeclaration.class);
if (parent != null) {
addVariable(parent);
}
ASTAssignmentExpression assignment = node.getFirstParentOfType(ASTAssignmentExpression.class);
if (assignment != null) {
ASTVariableExpression var = assignment.getFirstChildOfType(ASTVariableExpression.class);
if (var != null) {
addVariable(var);
}
}
}
}
} else {
if (node instanceof ASTField) {
/*
* sergey.gorbaty: Apex Jorje parser is returning a null from
* Field.getFieldInfo(), but the info is available from an inner
* field. DO NOT attempt to optimize this block without checking
* that Jorje parser actually fixed its bug.
*
*/
try {
final Field f = node.getNode().getClass().getDeclaredField("fieldInfo");
f.setAccessible(true);
final StandardFieldInfo fieldInfo = (StandardFieldInfo) f.get(node.getNode());
if (fieldInfo.getType().getApexName().equalsIgnoreCase("String")) {
if (fieldInfo.getValue() != null) {
addVariable(fieldInfo);
}
}
} catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
throw new RuntimeException(e);
}
}
}
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTField(net.sourceforge.pmd.lang.apex.ast.ASTField)
ASTField(net.sourceforge.pmd.lang.apex.ast.ASTField)
Field(java.lang.reflect.Field)
ASTAssignmentExpression(net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)
ASTLiteralExpression(net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)
ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)
StandardFieldInfo(apex.jorje.semantic.symbol.member.variable.StandardFieldInfo)
Example 8 with ASTBinaryExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression in project pmd by pmd.
the class ApexSOQLInjectionRule method recursivelyCheckForSelect.
private void recursivelyCheckForSelect(final ASTVariableExpression var, final ASTBinaryExpression node) {
final ASTBinaryExpression right = node.getFirstChildOfType(ASTBinaryExpression.class);
if (right != null) {
recursivelyCheckForSelect(var, right);
}
final ASTVariableExpression concatenatedVar = node.getFirstChildOfType(ASTVariableExpression.class);
boolean isSafeVariable = false;
if (concatenatedVar != null) {
if (safeVariables.contains(Helper.getFQVariableName(concatenatedVar))) {
isSafeVariable = true;
}
}
final ASTMethodCallExpression methodCall = node.getFirstChildOfType(ASTMethodCallExpression.class);
if (methodCall != null) {
if (Helper.isMethodName(methodCall, STRING, ESCAPE_SINGLE_QUOTES)) {
isSafeVariable = true;
}
}
final ASTLiteralExpression literal = node.getFirstChildOfType(ASTLiteralExpression.class);
if (literal != null) {
Object o = literal.getNode().getLiteral();
if (o instanceof String) {
if (SELECT_PATTERN.matcher((String) o).matches()) {
if (!isSafeVariable) {
// select literal + other unsafe vars
selectContainingVariables.put(Helper.getFQVariableName(var), Boolean.FALSE);
} else {
safeVariables.add(Helper.getFQVariableName(var));
}
}
}
} else {
if (!isSafeVariable) {
selectContainingVariables.put(Helper.getFQVariableName(var), Boolean.FALSE);
}
}
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTLiteralExpression(net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Example 9 with ASTBinaryExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression in project pmd by pmd.
the class ApexSuggestUsingNamedCredRule method flagAuthorizationHeaders.
private void flagAuthorizationHeaders(final ASTMethodCallExpression node, Object data) {
if (!Helper.isMethodName(node, SET_HEADER)) {
return;
}
final ASTBinaryExpression binaryNode = node.getFirstChildOfType(ASTBinaryExpression.class);
if (binaryNode != null) {
runChecks(binaryNode, data);
}
runChecks(node, data);
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
Example 10 with ASTBinaryExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression in project pmd by pmd.
the class ApexXSSFromURLParamRule method visit.
@Override
public Object visit(ASTReturnStatement node, Object data) {
ASTBinaryExpression binaryExpression = node.getFirstChildOfType(ASTBinaryExpression.class);
if (binaryExpression != null) {
processBinaryExpression(binaryExpression, data);
}
ASTMethodCallExpression methodCall = node.getFirstChildOfType(ASTMethodCallExpression.class);
if (methodCall != null) {
String retType = getReturnType(node);
if ("string".equalsIgnoreCase(retType)) {
processInlineMethodCalls(methodCall, data, true);
}
}
List<ASTVariableExpression> nodes = node.findChildrenOfType(ASTVariableExpression.class);
for (ASTVariableExpression varExpression : nodes) {
if (urlParameterStrings.contains(Helper.getFQVariableName(varExpression))) {
addViolation(data, nodes.get(0));
}
}
return data;
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Aggregations
ASTBinaryExpression (net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)11
ASTVariableExpression (net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)9
ASTMethodCallExpression (net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)5
ASTLiteralExpression (net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)2
ASTVariableDeclaration (net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)2
StandardFieldInfo (apex.jorje.semantic.symbol.member.variable.StandardFieldInfo)1
Field (java.lang.reflect.Field)1
HashSet (java.util.HashSet)1
List (java.util.List)1
ASTAssignmentExpression (net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)1
ASTField (net.sourceforge.pmd.lang.apex.ast.ASTField)1
ASTStandardCondition (net.sourceforge.pmd.lang.apex.ast.ASTStandardCondition)1
