Examples with ASTMethodCallExpression net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression used on opensource projects

Example 1 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexCRUDViolationRule method checkForAccessibility.

private void checkForAccessibility(final ASTSoqlExpression node, Object data) {
    final boolean isCount = node.getNode().getCanonicalQuery().startsWith("SELECT COUNT()");
    final Set<String> typesFromSOQL = getTypesFromSOQLQuery(node);
    final Set<ASTMethodCallExpression> prevCalls = getPreviousMethodCalls(node);
    for (ASTMethodCallExpression prevCall : prevCalls) {
        collectCRUDMethodLevelChecks(prevCall);
    }
    boolean isGetter = false;
    String returnType = null;
    final ASTMethod wrappingMethod = node.getFirstParentOfType(ASTMethod.class);
    final ASTUserClass wrappingClass = node.getFirstParentOfType(ASTUserClass.class);
    if (isCount || wrappingClass != null && Helper.isTestMethodOrClass(wrappingClass) || wrappingMethod != null && Helper.isTestMethodOrClass(wrappingMethod)) {
        return;
    }
    if (wrappingMethod != null) {
        isGetter = isMethodAGetter(wrappingMethod);
        returnType = getReturnType(wrappingMethod);
    }
    final ASTVariableDeclaration variableDecl = node.getFirstParentOfType(ASTVariableDeclaration.class);
    if (variableDecl != null) {
        String type = variableDecl.getNode().getLocalInfo().getType().getApexName();
        type = getSimpleType(type);
        StringBuilder typeCheck = new StringBuilder().append(variableDecl.getNode().getDefiningType().getApexName()).append(":").append(type);
        if (!isGetter) {
            if (typesFromSOQL.isEmpty()) {
                validateCRUDCheckPresent(node, data, ANY, typeCheck.toString());
            } else {
                for (String typeFromSOQL : typesFromSOQL) {
                    validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
                }
            }
        }
    }
    final ASTAssignmentExpression assignment = node.getFirstParentOfType(ASTAssignmentExpression.class);
    if (assignment != null) {
        final ASTVariableExpression variable = assignment.getFirstChildOfType(ASTVariableExpression.class);
        if (variable != null) {
            String variableWithClass = Helper.getFQVariableName(variable);
            if (varToTypeMapping.containsKey(variableWithClass)) {
                String type = varToTypeMapping.get(variableWithClass);
                if (!isGetter) {
                    if (typesFromSOQL.isEmpty()) {
                        validateCRUDCheckPresent(node, data, ANY, type);
                    } else {
                        for (String typeFromSOQL : typesFromSOQL) {
                            validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
                        }
                    }
                }
            }
        }
    }
    final ASTReturnStatement returnStatement = node.getFirstParentOfType(ASTReturnStatement.class);
    if (returnStatement != null) {
        if (!isGetter) {
            if (typesFromSOQL.isEmpty()) {
                validateCRUDCheckPresent(node, data, ANY, returnType);
            } else {
                for (String typeFromSOQL : typesFromSOQL) {
                    validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
                }
            }
        }
    }
}

Example 2 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexCRUDViolationRule method checkForCRUD.

private void checkForCRUD(final AbstractApexNode<?> node, final Object data, final String crudMethod) {
    final Set<ASTMethodCallExpression> prevCalls = getPreviousMethodCalls(node);
    for (ASTMethodCallExpression prevCall : prevCalls) {
        collectCRUDMethodLevelChecks(prevCall);
    }
    final ASTMethod wrappingMethod = node.getFirstParentOfType(ASTMethod.class);
    final ASTUserClass wrappingClass = node.getFirstParentOfType(ASTUserClass.class);
    if (wrappingClass != null && Helper.isTestMethodOrClass(wrappingClass) || wrappingMethod != null && Helper.isTestMethodOrClass(wrappingMethod)) {
        return;
    }
    final ASTNewKeyValueObjectExpression newObj = node.getFirstChildOfType(ASTNewKeyValueObjectExpression.class);
    if (newObj != null) {
        final String type = Helper.getFQVariableName(newObj);
        validateCRUDCheckPresent(node, data, crudMethod, type);
    }
    final ASTVariableExpression variable = node.getFirstChildOfType(ASTVariableExpression.class);
    if (variable != null) {
        final String type = varToTypeMapping.get(Helper.getFQVariableName(variable));
        if (type != null) {
            StringBuilder typeCheck = new StringBuilder().append(node.getNode().getDefiningType().getApexName()).append(":").append(type);
            validateCRUDCheckPresent(node, data, crudMethod, typeCheck.toString());
        }
    }
}

Example 3 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexCRUDViolationRule method recursivelyEvaluateCRUDMethodCalls.

private void recursivelyEvaluateCRUDMethodCalls(final AbstractApexNode<?> self, final Set<ASTMethodCallExpression> innerMethodCalls, final ASTBlockStatement blockStatement) {
    if (blockStatement != null) {
        int numberOfStatements = blockStatement.jjtGetNumChildren();
        for (int i = 0; i < numberOfStatements; i++) {
            Node n = blockStatement.jjtGetChild(i);
            if (n instanceof ASTIfElseBlockStatement) {
                List<ASTBlockStatement> innerBlocks = n.findDescendantsOfType(ASTBlockStatement.class);
                for (ASTBlockStatement innerBlock : innerBlocks) {
                    recursivelyEvaluateCRUDMethodCalls(self, innerMethodCalls, innerBlock);
                }
            }
            AbstractApexNode<?> match = n.getFirstDescendantOfType(self.getClass());
            if (Objects.equal(match, self)) {
                break;
            }
            ASTMethodCallExpression methodCall = n.getFirstDescendantOfType(ASTMethodCallExpression.class);
            if (methodCall != null) {
                mapCallToMethodDecl(self, innerMethodCalls, Arrays.asList(methodCall));
            }
        }
    }
}

Example 4 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexCRUDViolationRule method collectCRUDMethodLevelChecks.

private void collectCRUDMethodLevelChecks(final ASTMethodCallExpression node) {
    final String method = node.getNode().getMethodName();
    final ASTReferenceExpression ref = node.getFirstChildOfType(ASTReferenceExpression.class);
    if (ref == null) {
        return;
    }
    List<Identifier> a = ref.getNode().getNames();
    if (!a.isEmpty()) {
        extractObjectAndFields(a, method, node.getNode().getDefiningType().getApexName());
    } else {
        // see if ESAPI
        if (Helper.isMethodCallChain(node, ESAPI_ISAUTHORIZED_TO_VIEW)) {
            extractObjectTypeFromESAPI(node, IS_ACCESSIBLE);
        }
        if (Helper.isMethodCallChain(node, ESAPI_ISAUTHORIZED_TO_CREATE)) {
            extractObjectTypeFromESAPI(node, IS_CREATEABLE);
        }
        if (Helper.isMethodCallChain(node, ESAPI_ISAUTHORIZED_TO_UPDATE)) {
            extractObjectTypeFromESAPI(node, IS_UPDATEABLE);
        }
        if (Helper.isMethodCallChain(node, ESAPI_ISAUTHORIZED_TO_DELETE)) {
            extractObjectTypeFromESAPI(node, IS_DELETABLE);
        }
        // see if getDescribe()
        final ASTMethodCallExpression nestedMethodCall = ref.getFirstChildOfType(ASTMethodCallExpression.class);
        if (nestedMethodCall != null) {
            if (isLastMethodName(nestedMethodCall, S_OBJECT_TYPE, GET_DESCRIBE)) {
                String resolvedType = getType(nestedMethodCall);
                if (!typeToDMLOperationMapping.get(resolvedType).contains(method)) {
                    typeToDMLOperationMapping.put(resolvedType, method);
                }
            }
        }
    }
}

Example 5 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexSOQLInjectionRule method visit.

@Override
public Object visit(ASTUserClass node, Object data) {
    if (Helper.isTestMethodOrClass(node) || Helper.isSystemLevelClass(node)) {
        // stops all the rules
        return data;
    }
    final List<ASTMethod> methodExpr = node.findDescendantsOfType(ASTMethod.class);
    for (ASTMethod m : methodExpr) {
        findSafeVariablesInSignature(m);
    }
    final List<ASTFieldDeclaration> fieldExpr = node.findDescendantsOfType(ASTFieldDeclaration.class);
    for (ASTFieldDeclaration a : fieldExpr) {
        findSanitizedVariables(a);
        findSelectContainingVariables(a);
    }
    // String foo = String.escapeSignleQuotes(...);
    final List<ASTVariableDeclaration> variableDecl = node.findDescendantsOfType(ASTVariableDeclaration.class);
    for (ASTVariableDeclaration a : variableDecl) {
        findSanitizedVariables(a);
        findSelectContainingVariables(a);
    }
    // baz = String.escapeSignleQuotes(...);
    final List<ASTAssignmentExpression> assignmentCalls = node.findDescendantsOfType(ASTAssignmentExpression.class);
    for (ASTAssignmentExpression a : assignmentCalls) {
        findSanitizedVariables(a);
        findSelectContainingVariables(a);
    }
    // Database.query(...) check
    final List<ASTMethodCallExpression> potentialDbQueryCalls = node.findDescendantsOfType(ASTMethodCallExpression.class);
    for (ASTMethodCallExpression m : potentialDbQueryCalls) {
        if (!Helper.isTestMethodOrClass(m) && Helper.isMethodName(m, DATABASE, QUERY)) {
            reportStrings(m, data);
            reportVariables(m, data);
        }
    }
    safeVariables.clear();
    selectContainingVariables.clear();
    return data;
}