Example 16 with ASTVariableExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.
the class ApexXSSFromURLParamRule method processEscapingMethodCalls.
private void processEscapingMethodCalls(ASTMethodCallExpression methodNode, Object data) {
ASTMethodCallExpression nestedCall = methodNode.getFirstChildOfType(ASTMethodCallExpression.class);
if (nestedCall != null) {
processEscapingMethodCalls(nestedCall, data);
}
final ASTVariableExpression variable = methodNode.getFirstChildOfType(ASTVariableExpression.class);
if (variable != null) {
if (urlParameterStrings.contains(Helper.getFQVariableName(variable))) {
if (!isEscapingMethod(methodNode)) {
addViolation(data, variable);
}
}
}
}
Also used :
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Example 17 with ASTVariableExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.
the class ApexXSSFromURLParamRule method visit.
@Override
public Object visit(ASTReturnStatement node, Object data) {
ASTBinaryExpression binaryExpression = node.getFirstChildOfType(ASTBinaryExpression.class);
if (binaryExpression != null) {
processBinaryExpression(binaryExpression, data);
}
ASTMethodCallExpression methodCall = node.getFirstChildOfType(ASTMethodCallExpression.class);
if (methodCall != null) {
String retType = getReturnType(node);
if ("string".equalsIgnoreCase(retType)) {
processInlineMethodCalls(methodCall, data, true);
}
}
List<ASTVariableExpression> nodes = node.findChildrenOfType(ASTVariableExpression.class);
for (ASTVariableExpression varExpression : nodes) {
if (urlParameterStrings.contains(Helper.getFQVariableName(varExpression))) {
addViolation(data, nodes.get(0));
}
}
return data;
}
Also used :
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Example 18 with ASTVariableExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.
the class ApexXSSFromURLParamRule method processVariableAssignments.
private void processVariableAssignments(AbstractApexNode<?> node, Object data, final boolean reverseOrder) {
ASTMethodCallExpression methodCallAssignment = node.getFirstChildOfType(ASTMethodCallExpression.class);
if (methodCallAssignment != null) {
String varType = null;
if (node instanceof ASTVariableDeclaration) {
varType = ((ASTVariableDeclaration) node).getNode().getLocalInfo().getType().getApexName();
}
if (varType == null || !"id".equalsIgnoreCase(varType)) {
processInlineMethodCalls(methodCallAssignment, data, false);
}
}
List<ASTVariableExpression> nodes = node.findChildrenOfType(ASTVariableExpression.class);
switch(nodes.size()) {
case 1:
{
// Look for: foo + bar
final List<ASTBinaryExpression> ops = node.findChildrenOfType(ASTBinaryExpression.class);
if (!ops.isEmpty()) {
for (ASTBinaryExpression o : ops) {
processBinaryExpression(o, data);
}
}
}
break;
case 2:
{
// Look for: foo = bar;
final ASTVariableExpression right = reverseOrder ? nodes.get(0) : nodes.get(1);
if (urlParameterStrings.contains(Helper.getFQVariableName(right))) {
addViolation(data, right);
}
}
break;
default:
break;
}
}
Also used :
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
ASTBinaryExpression(net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)
ASTVariableDeclaration(net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)
List(java.util.List)
ASTMethodCallExpression(net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)
Example 19 with ASTVariableExpression
use of net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression in project pmd by pmd.
the class Helper method getFQVariableName.
static String getFQVariableName(final ASTVariableExpression variable) {
final ASTReferenceExpression ref = variable.getFirstChildOfType(ASTReferenceExpression.class);
String objectName = "";
if (ref != null) {
if (ref.getNode().getNames().size() == 1) {
objectName = ref.getNode().getNames().get(0).getValue() + ".";
}
}
VariableExpression n = variable.getNode();
StringBuilder sb = new StringBuilder().append(n.getDefiningType().getApexName()).append(":").append(objectName).append(n.getIdentifier().getValue());
return sb.toString();
}
Also used :
ASTReferenceExpression(net.sourceforge.pmd.lang.apex.ast.ASTReferenceExpression)
VariableExpression(apex.jorje.semantic.ast.expression.VariableExpression)
ASTVariableExpression(net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)
Aggregations
ASTVariableExpression (net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression)19
ASTMethodCallExpression (net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression)10
ASTBinaryExpression (net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression)9
ASTLiteralExpression (net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression)5
ASTVariableDeclaration (net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration)5
ASTAssignmentExpression (net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression)2
ASTMethod (net.sourceforge.pmd.lang.apex.ast.ASTMethod)2
ASTReferenceExpression (net.sourceforge.pmd.lang.apex.ast.ASTReferenceExpression)2
ASTUserClass (net.sourceforge.pmd.lang.apex.ast.ASTUserClass)2
Identifier (apex.jorje.data.Identifier)1
VariableExpression (apex.jorje.semantic.ast.expression.VariableExpression)1
VariableDeclaration (apex.jorje.semantic.ast.statement.VariableDeclaration)1
StandardFieldInfo (apex.jorje.semantic.symbol.member.variable.StandardFieldInfo)1
Field (java.lang.reflect.Field)1
HashSet (java.util.HashSet)1
List (java.util.List)1
ASTField (net.sourceforge.pmd.lang.apex.ast.ASTField)1
ASTNewKeyValueObjectExpression (net.sourceforge.pmd.lang.apex.ast.ASTNewKeyValueObjectExpression)1
ASTReturnStatement (net.sourceforge.pmd.lang.apex.ast.ASTReturnStatement)1
ASTStandardCondition (net.sourceforge.pmd.lang.apex.ast.ASTStandardCondition)1
