Examples with ASTMethodCallExpression net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression used on opensource projects

Example 6 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexSOQLInjectionRule method reportStrings.

private void reportStrings(ASTMethodCallExpression m, Object data) {
    final HashSet<ASTVariableExpression> setOfSafeVars = new HashSet<>();
    final List<ASTStandardCondition> conditions = m.findDescendantsOfType(ASTStandardCondition.class);
    for (ASTStandardCondition c : conditions) {
        List<ASTVariableExpression> vars = c.findDescendantsOfType(ASTVariableExpression.class);
        setOfSafeVars.addAll(vars);
    }
    final List<ASTBinaryExpression> binaryExpr = m.findChildrenOfType(ASTBinaryExpression.class);
    for (ASTBinaryExpression b : binaryExpr) {
        List<ASTVariableExpression> vars = b.findDescendantsOfType(ASTVariableExpression.class);
        for (ASTVariableExpression v : vars) {
            String fqName = Helper.getFQVariableName(v);
            if (selectContainingVariables.containsKey(fqName)) {
                boolean isLiteral = selectContainingVariables.get(fqName);
                if (isLiteral) {
                    continue;
                }
            }
            if (setOfSafeVars.contains(v) || safeVariables.contains(fqName)) {
                continue;
            }
            final ASTMethodCallExpression parentCall = v.getFirstParentOfType(ASTMethodCallExpression.class);
            boolean isSafeMethod = Helper.isMethodName(parentCall, STRING, ESCAPE_SINGLE_QUOTES) || Helper.isMethodName(parentCall, STRING, JOIN);
            if (!isSafeMethod) {
                addViolation(data, v);
            }
        }
    }
}

Example 7 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexSuggestUsingNamedCredRule method visit.

@Override
public Object visit(ASTUserClass node, Object data) {
    if (Helper.isTestMethodOrClass(node)) {
        return data;
    }
    List<ASTVariableDeclaration> variableDecls = node.findDescendantsOfType(ASTVariableDeclaration.class);
    for (ASTVariableDeclaration varDecl : variableDecls) {
        findAuthLiterals(varDecl);
    }
    List<ASTField> fieldDecl = node.findDescendantsOfType(ASTField.class);
    for (ASTField fDecl : fieldDecl) {
        findFieldLiterals(fDecl);
    }
    List<ASTMethodCallExpression> methodCalls = node.findDescendantsOfType(ASTMethodCallExpression.class);
    for (ASTMethodCallExpression method : methodCalls) {
        flagAuthorizationHeaders(method, data);
    }
    listOfAuthorizationVariables.clear();
    return data;
}

Example 8 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexXSSFromURLParamRule method findTaintedVariables.

private void findTaintedVariables(AbstractApexNode<?> node, Object data) {
    final ASTMethodCallExpression right = node.getFirstChildOfType(ASTMethodCallExpression.class);
    if (right != null) {
        if (Helper.isMethodCallChain(right, URL_PARAMETER_METHOD)) {
            ASTVariableExpression left = node.getFirstChildOfType(ASTVariableExpression.class);
            String varType = null;
            if (node instanceof ASTVariableDeclaration) {
                varType = ((ASTVariableDeclaration) node).getNode().getLocalInfo().getType().getApexName();
            }
            if (left != null) {
                if (varType == null || !"id".equalsIgnoreCase(varType)) {
                    urlParameterStrings.add(Helper.getFQVariableName(left));
                }
            }
        }
        processEscapingMethodCalls(right, data);
    }
}

Example 9 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexXSSFromURLParamRule method processBinaryExpression.

private void processBinaryExpression(AbstractApexNode<?> node, Object data) {
    ASTBinaryExpression nestedBinaryExpression = node.getFirstChildOfType(ASTBinaryExpression.class);
    if (nestedBinaryExpression != null) {
        processBinaryExpression(nestedBinaryExpression, data);
    }
    ASTMethodCallExpression methodCallAssignment = node.getFirstChildOfType(ASTMethodCallExpression.class);
    if (methodCallAssignment != null) {
        processInlineMethodCalls(methodCallAssignment, data, true);
    }
    final List<ASTVariableExpression> nodes = node.findChildrenOfType(ASTVariableExpression.class);
    for (ASTVariableExpression n : nodes) {
        if (urlParameterStrings.contains(Helper.getFQVariableName(n))) {
            addViolation(data, n);
        }
    }
}

Example 10 with ASTMethodCallExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression in project pmd by pmd.

the class ApexCRUDViolationRule method getPreviousMethodCalls.

private Set<ASTMethodCallExpression> getPreviousMethodCalls(final AbstractApexNode<?> self) {
    final Set<ASTMethodCallExpression> innerMethodCalls = new HashSet<>();
    final ASTMethod outerMethod = self.getFirstParentOfType(ASTMethod.class);
    if (outerMethod != null) {
        final ASTBlockStatement blockStatement = outerMethod.getFirstChildOfType(ASTBlockStatement.class);
        recursivelyEvaluateCRUDMethodCalls(self, innerMethodCalls, blockStatement);
        final List<ASTMethod> constructorMethods = findConstructorlMethods();
        for (ASTMethod method : constructorMethods) {
            innerMethodCalls.addAll(method.findDescendantsOfType(ASTMethodCallExpression.class));
        }
        // some methods might be within this class
        mapCallToMethodDecl(self, innerMethodCalls, new ArrayList<ASTMethodCallExpression>(innerMethodCalls));
    }
    return innerMethodCalls;
}