Examples with ASTVariableDeclaration net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration used on opensource projects

Example 6 with ASTVariableDeclaration

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration in project pmd by pmd.

the class Helper method getFQVariableName.

static String getFQVariableName(final ASTVariableDeclaration variable) {
    VariableDeclaration n = variable.getNode();
    StringBuilder sb = new StringBuilder().append(n.getDefiningType().getApexName()).append(":").append(n.getLocalInfo().getName());
    return sb.toString();
}

Example 7 with ASTVariableDeclaration

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration in project pmd by pmd.

the class ApexOpenRedirectRule method findSafeLiterals.

private void findSafeLiterals(AbstractApexNode<?> node) {
    ASTBinaryExpression binaryExp = node.getFirstChildOfType(ASTBinaryExpression.class);
    if (binaryExp != null) {
        findSafeLiterals(binaryExp);
    }
    ASTLiteralExpression literal = node.getFirstChildOfType(ASTLiteralExpression.class);
    if (literal != null) {
        int index = literal.jjtGetChildIndex();
        if (index == 0) {
            if (node instanceof ASTVariableDeclaration) {
                addVariable((ASTVariableDeclaration) node);
            } else if (node instanceof ASTBinaryExpression) {
                ASTVariableDeclaration parent = node.getFirstParentOfType(ASTVariableDeclaration.class);
                if (parent != null) {
                    addVariable(parent);
                }
                ASTAssignmentExpression assignment = node.getFirstParentOfType(ASTAssignmentExpression.class);
                if (assignment != null) {
                    ASTVariableExpression var = assignment.getFirstChildOfType(ASTVariableExpression.class);
                    if (var != null) {
                        addVariable(var);
                    }
                }
            }
        }
    } else {
        if (node instanceof ASTField) {
            /*
                 * sergey.gorbaty: Apex Jorje parser is returning a null from
                 * Field.getFieldInfo(), but the info is available from an inner
                 * field. DO NOT attempt to optimize this block without checking
                 * that Jorje parser actually fixed its bug.
                 * 
                 */
            try {
                final Field f = node.getNode().getClass().getDeclaredField("fieldInfo");
                f.setAccessible(true);
                final StandardFieldInfo fieldInfo = (StandardFieldInfo) f.get(node.getNode());
                if (fieldInfo.getType().getApexName().equalsIgnoreCase("String")) {
                    if (fieldInfo.getValue() != null) {
                        addVariable(fieldInfo);
                    }
                }
            } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
                throw new RuntimeException(e);
            }
        }
    }
}

Example 8 with ASTVariableDeclaration

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration in project pmd by pmd.

the class ApexOpenRedirectRule method visit.

@Override
public Object visit(ASTUserClass node, Object data) {
    if (Helper.isTestMethodOrClass(node) || Helper.isSystemLevelClass(node)) {
        // stops all the rules
        return data;
    }
    List<ASTAssignmentExpression> assignmentExprs = node.findDescendantsOfType(ASTAssignmentExpression.class);
    for (ASTAssignmentExpression assignment : assignmentExprs) {
        findSafeLiterals(assignment);
    }
    List<ASTVariableDeclaration> variableDecls = node.findDescendantsOfType(ASTVariableDeclaration.class);
    for (ASTVariableDeclaration varDecl : variableDecls) {
        findSafeLiterals(varDecl);
    }
    List<ASTField> fieldDecl = node.findDescendantsOfType(ASTField.class);
    for (ASTField fDecl : fieldDecl) {
        findSafeLiterals(fDecl);
    }
    List<ASTNewObjectExpression> newObjects = node.findDescendantsOfType(ASTNewObjectExpression.class);
    for (ASTNewObjectExpression newObj : newObjects) {
        checkNewObjects(newObj, data);
    }
    listOfStringLiteralVariables.clear();
    return data;
}

Example 9 with ASTVariableDeclaration

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration in project pmd by pmd.

the class ApexSOQLInjectionRule method findSanitizedVariables.

private void findSanitizedVariables(AbstractApexNode<?> node) {
    final ASTVariableExpression left = node.getFirstChildOfType(ASTVariableExpression.class);
    final ASTLiteralExpression literal = node.getFirstChildOfType(ASTLiteralExpression.class);
    final ASTMethodCallExpression right = node.getFirstChildOfType(ASTMethodCallExpression.class);
    // look for String a = 'b';
    if (literal != null) {
        if (left != null) {
            Object o = literal.getNode().getLiteral();
            if (o instanceof Integer || o instanceof Boolean || o instanceof Double) {
                safeVariables.add(Helper.getFQVariableName(left));
            }
            if (o instanceof String) {
                if (SELECT_PATTERN.matcher((String) o).matches()) {
                    selectContainingVariables.put(Helper.getFQVariableName(left), Boolean.TRUE);
                } else {
                    safeVariables.add(Helper.getFQVariableName(left));
                }
            }
        }
    }
    // look for String a = String.escapeSingleQuotes(foo);
    if (right != null) {
        if (Helper.isMethodName(right, STRING, ESCAPE_SINGLE_QUOTES)) {
            if (left != null) {
                safeVariables.add(Helper.getFQVariableName(left));
            }
        }
    }
    if (node instanceof ASTVariableDeclaration) {
        VariableDeclaration o = (VariableDeclaration) node.getNode();
        switch(o.getLocalInfo().getType().getApexName().toLowerCase(Locale.ROOT)) {
            case INTEGER:
            case ID:
            case BOOLEAN:
            case DECIMAL:
            case LONG:
            case DOUBLE:
                safeVariables.add(Helper.getFQVariableName(left));
                break;
            default:
                break;
        }
    }
}

Example 10 with ASTVariableDeclaration

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration in project pmd by pmd.

the class ApexXSSFromURLParamRule method processVariableAssignments.

private void processVariableAssignments(AbstractApexNode<?> node, Object data, final boolean reverseOrder) {
    ASTMethodCallExpression methodCallAssignment = node.getFirstChildOfType(ASTMethodCallExpression.class);
    if (methodCallAssignment != null) {
        String varType = null;
        if (node instanceof ASTVariableDeclaration) {
            varType = ((ASTVariableDeclaration) node).getNode().getLocalInfo().getType().getApexName();
        }
        if (varType == null || !"id".equalsIgnoreCase(varType)) {
            processInlineMethodCalls(methodCallAssignment, data, false);
        }
    }
    List<ASTVariableExpression> nodes = node.findChildrenOfType(ASTVariableExpression.class);
    switch(nodes.size()) {
        case 1:
            {
                // Look for: foo + bar
                final List<ASTBinaryExpression> ops = node.findChildrenOfType(ASTBinaryExpression.class);
                if (!ops.isEmpty()) {
                    for (ASTBinaryExpression o : ops) {
                        processBinaryExpression(o, data);
                    }
                }
            }
            break;
        case 2:
            {
                // Look for: foo = bar;
                final ASTVariableExpression right = reverseOrder ? nodes.get(0) : nodes.get(1);
                if (urlParameterStrings.contains(Helper.getFQVariableName(right))) {
                    addViolation(data, right);
                }
            }
            break;
        default:
            break;
    }
}