Examples with ASTVariableExpression net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression used on opensource projects

Search in sources :

Example 6 with ASTVariableExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.

the class ApexOpenRedirectRule method getObjectValue.

/**
 * Finds any variables being present in PageReference constructor
 *
 * @param node
 *            - PageReference
 * @param data
 */
private void getObjectValue(ApexNode<?> node, Object data) {
    // PageReference(foo);
    final List<ASTVariableExpression> variableExpressions = node.findChildrenOfType(ASTVariableExpression.class);
    for (ASTVariableExpression variable : variableExpressions) {
        if (variable.jjtGetChildIndex() == 0 && !listOfStringLiteralVariables.contains(Helper.getFQVariableName(variable))) {
            addViolation(data, variable);
        }
    }
    // PageReference(foo + bar)
    final List<ASTBinaryExpression> binaryExpressions = node.findChildrenOfType(ASTBinaryExpression.class);
    for (ASTBinaryExpression z : binaryExpressions) {
        getObjectValue(z, data);
    }
}
Also used : ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression) ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)

Example 7 with ASTVariableExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.

the class ApexOpenRedirectRule method addVariable.

private void addVariable(ASTVariableDeclaration node) {
    ASTVariableExpression variable = node.getFirstChildOfType(ASTVariableExpression.class);
    addVariable(variable);
}
Also used : ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)

Example 8 with ASTVariableExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.

the class ApexSOQLInjectionRule method findSelectContainingVariables.

private void findSelectContainingVariables(AbstractApexNode<?> node) {
    final ASTVariableExpression left = node.getFirstChildOfType(ASTVariableExpression.class);
    final ASTBinaryExpression right = node.getFirstChildOfType(ASTBinaryExpression.class);
    if (left != null && right != null) {
        recursivelyCheckForSelect(left, right);
    }
}
Also used : ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression) ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)

Example 9 with ASTVariableExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.

the class ApexSOQLInjectionRule method reportStrings.

private void reportStrings(ASTMethodCallExpression m, Object data) {
    final HashSet<ASTVariableExpression> setOfSafeVars = new HashSet<>();
    final List<ASTStandardCondition> conditions = m.findDescendantsOfType(ASTStandardCondition.class);
    for (ASTStandardCondition c : conditions) {
        List<ASTVariableExpression> vars = c.findDescendantsOfType(ASTVariableExpression.class);
        setOfSafeVars.addAll(vars);
    }
    final List<ASTBinaryExpression> binaryExpr = m.findChildrenOfType(ASTBinaryExpression.class);
    for (ASTBinaryExpression b : binaryExpr) {
        List<ASTVariableExpression> vars = b.findDescendantsOfType(ASTVariableExpression.class);
        for (ASTVariableExpression v : vars) {
            String fqName = Helper.getFQVariableName(v);
            if (selectContainingVariables.containsKey(fqName)) {
                boolean isLiteral = selectContainingVariables.get(fqName);
                if (isLiteral) {
                    continue;
                }
            }
            if (setOfSafeVars.contains(v) || safeVariables.contains(fqName)) {
                continue;
            }
            final ASTMethodCallExpression parentCall = v.getFirstParentOfType(ASTMethodCallExpression.class);
            boolean isSafeMethod = Helper.isMethodName(parentCall, STRING, ESCAPE_SINGLE_QUOTES) || Helper.isMethodName(parentCall, STRING, JOIN);
            if (!isSafeMethod) {
                addViolation(data, v);
            }
        }
    }
}
Also used : ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression) ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression) ASTStandardCondition(net.sourceforge.pmd.lang.apex.ast.ASTStandardCondition) ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression) HashSet(java.util.HashSet)

Example 10 with ASTVariableExpression

use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.

the class ApexXSSFromURLParamRule method findTaintedVariables.

private void findTaintedVariables(AbstractApexNode<?> node, Object data) {
    final ASTMethodCallExpression right = node.getFirstChildOfType(ASTMethodCallExpression.class);
    if (right != null) {
        if (Helper.isMethodCallChain(right, URL_PARAMETER_METHOD)) {
            ASTVariableExpression left = node.getFirstChildOfType(ASTVariableExpression.class);
            String varType = null;
            if (node instanceof ASTVariableDeclaration) {
                varType = ((ASTVariableDeclaration) node).getNode().getLocalInfo().getType().getApexName();
            }
            if (left != null) {
                if (varType == null || !"id".equalsIgnoreCase(varType)) {
                    urlParameterStrings.add(Helper.getFQVariableName(left));
                }
            }
        }
        processEscapingMethodCalls(right, data);
    }
}
Also used : ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression) ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration) ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)

Aggregations

ASTVariableExpression (net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)19 ASTMethodCallExpression (net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)10 ASTBinaryExpression (net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)9 ASTLiteralExpression (net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)5 ASTVariableDeclaration (net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)5 ASTAssignmentExpression (net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)2 ASTMethod (net.sourceforge.pmd.lang.apex.ast.ASTMethod)2 ASTReferenceExpression (net.sourceforge.pmd.lang.apex.ast.ASTReferenceExpression)2 ASTUserClass (net.sourceforge.pmd.lang.apex.ast.ASTUserClass)2 Identifier (apex.jorje.data.Identifier)1 VariableExpression (apex.jorje.semantic.ast.expression.VariableExpression)1 VariableDeclaration (apex.jorje.semantic.ast.statement.VariableDeclaration)1 StandardFieldInfo (apex.jorje.semantic.symbol.member.variable.StandardFieldInfo)1 Field (java.lang.reflect.Field)1 HashSet (java.util.HashSet)1 List (java.util.List)1 ASTField (net.sourceforge.pmd.lang.apex.ast.ASTField)1 ASTNewKeyValueObjectExpression (net.sourceforge.pmd.lang.apex.ast.ASTNewKeyValueObjectExpression)1 ASTReturnStatement (net.sourceforge.pmd.lang.apex.ast.ASTReturnStatement)1 ASTStandardCondition (net.sourceforge.pmd.lang.apex.ast.ASTStandardCondition)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial