forked from phoedos/pmd
Refactoring other rules for FQvariableName
This commit is contained in:
Sergey Gorbaty
committed by
Juan Martín Sotuyo Dodero
Juan Martín Sotuyo Dodero
parent
06ef5abf9e
commit
f9f4a7f1a1
@ -67,9 +67,9 @@ public class ApexBadCryptoRule extends AbstractApexRule {
|
||||
ASTMethodCallExpression methodCall = var.getFirstChildOfType(ASTMethodCallExpression.class);
|
||||
if (methodCall != null && Helper.isMethodName(methodCall, BLOB, VALUE_OF)) {
|
||||
ASTVariableExpression variable = var.getFirstChildOfType(ASTVariableExpression.class);
|
||||
StringBuilder sb = new StringBuilder().append(variable.getNode().getDefiningType()).append(":")
|
||||
.append(variable.getNode().getIdentifier().value);
|
||||
potentiallyStaticBlob.add(sb.toString());
|
||||
if (variable != null) {
|
||||
potentiallyStaticBlob.add(Helper.getFQVariableName(variable));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -98,12 +98,9 @@ public class ApexBadCryptoRule extends AbstractApexRule {
|
||||
private void reportIfHardCoded(Object data, Object potentialIV) {
|
||||
if (potentialIV instanceof ASTVariableExpression) {
|
||||
ASTVariableExpression variable = (ASTVariableExpression) potentialIV;
|
||||
StringBuilder sb = new StringBuilder().append(variable.getNode().getDefiningType()).append(":")
|
||||
.append(variable.getNode().getIdentifier().value);
|
||||
if (potentiallyStaticBlob.contains(sb.toString())) {
|
||||
if (potentiallyStaticBlob.contains(Helper.getFQVariableName(variable))) {
|
||||
addViolation(data, variable);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -145,17 +145,17 @@ public class ApexCRUDViolationRule extends AbstractApexRule {
|
||||
checkForCRUD(node, data, IS_MERGEABLE);
|
||||
return data;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Object visit(final ASTAssignmentExpression node, Object data) {
|
||||
final ASTSoqlExpression soql = node.getFirstChildOfType(ASTSoqlExpression.class);
|
||||
if (soql != null) {
|
||||
checkForAccessibility(soql, data);
|
||||
}
|
||||
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Object visit(final ASTVariableDeclaration node, Object data) {
|
||||
final ASTSoqlExpression soql = node.getFirstChildOfType(ASTSoqlExpression.class);
|
||||
@ -250,10 +250,7 @@ public class ApexCRUDViolationRule extends AbstractApexRule {
|
||||
|
||||
final ASTVariableExpression variable = node.getFirstChildOfType(ASTVariableExpression.class);
|
||||
if (variable != null) {
|
||||
StringBuilder sb = new StringBuilder().append(node.getNode().getDefiningType().getApexName()).append(":")
|
||||
.append(variable.getNode().getIdentifier().value);
|
||||
|
||||
final String type = varToTypeMapping.get(sb.toString());
|
||||
final String type = varToTypeMapping.get(Helper.getFQVariableName(variable));
|
||||
if (type != null) {
|
||||
StringBuilder typeCheck = new StringBuilder().append(node.getNode().getDefiningType()).append(":")
|
||||
.append(type);
|
||||
@ -344,18 +341,14 @@ public class ApexCRUDViolationRule extends AbstractApexRule {
|
||||
final ASTAssignmentExpression assignment = node.getFirstParentOfType(ASTAssignmentExpression.class);
|
||||
if (assignment != null) {
|
||||
final ASTVariableExpression variable = assignment.getFirstChildOfType(ASTVariableExpression.class);
|
||||
|
||||
StringBuilder variableWithClass = new StringBuilder()
|
||||
.append(variable.getNode().getDefiningType().getApexName()).append(":")
|
||||
.append(variable.getNode().getIdentifier().value);
|
||||
|
||||
if (varToTypeMapping.containsKey(variableWithClass.toString())) {
|
||||
String type = varToTypeMapping.get(variableWithClass.toString());
|
||||
|
||||
validateCRUDCheckPresent(node, data, ANY, type);
|
||||
|
||||
if (variable != null) {
|
||||
String variableWithClass = Helper.getFQVariableName(variable);
|
||||
if (varToTypeMapping.containsKey(variableWithClass)) {
|
||||
String type = varToTypeMapping.get(variableWithClass);
|
||||
validateCRUDCheckPresent(node, data, ANY, type);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,7 +58,6 @@ public class ApexInsecureEndpointRule extends AbstractApexRule {
|
||||
|
||||
ASTBinaryExpression binaryNode = node.getFirstChildOfType(ASTBinaryExpression.class);
|
||||
if (binaryNode != null) {
|
||||
|
||||
findInnerInsecureEndpoints(binaryNode, variableNode);
|
||||
}
|
||||
|
||||
@ -66,16 +65,13 @@ public class ApexInsecureEndpointRule extends AbstractApexRule {
|
||||
|
||||
private void findInnerInsecureEndpoints(AbstractApexNode<?> node, ASTVariableExpression variableNode) {
|
||||
ASTLiteralExpression literalNode = node.getFirstChildOfType(ASTLiteralExpression.class);
|
||||
|
||||
|
||||
if (literalNode != null && variableNode != null) {
|
||||
Object o = literalNode.getNode().getLiteral();
|
||||
if (o instanceof String) {
|
||||
String literal = (String) o;
|
||||
if (PATTERN.matcher(literal).matches()) {
|
||||
VariableExpression varExpression = variableNode.getNode();
|
||||
StringBuilder sb = new StringBuilder().append(varExpression.getDefiningType()).append(":")
|
||||
.append(varExpression.getIdentifier().value);
|
||||
httpEndpointStrings.add(sb.toString());
|
||||
httpEndpointStrings.add(Helper.getFQVariableName(variableNode));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -115,14 +111,10 @@ public class ApexInsecureEndpointRule extends AbstractApexRule {
|
||||
|
||||
ASTVariableExpression variableNode = node.getFirstChildOfType(ASTVariableExpression.class);
|
||||
if (variableNode != null) {
|
||||
VariableExpression varExpression = variableNode.getNode();
|
||||
StringBuffer sb = new StringBuffer().append(varExpression.getDefiningType()).append(":")
|
||||
.append(varExpression.getIdentifier().value);
|
||||
if (httpEndpointStrings.contains(sb.toString())) {
|
||||
if (httpEndpointStrings.contains(Helper.getFQVariableName(variableNode))) {
|
||||
addViolation(data, variableNode);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -49,9 +49,7 @@ public class ApexOpenRedirectRule extends AbstractApexRule {
|
||||
if (literal != null) {
|
||||
ASTVariableExpression variable = node.getFirstChildOfType(ASTVariableExpression.class);
|
||||
if (variable != null) {
|
||||
StringBuilder sb = new StringBuilder().append(variable.getNode().getDefiningType()).append(":")
|
||||
.append(variable.getNode().getIdentifier().value);
|
||||
listOfStringLiteralVariables.add(sb.toString());
|
||||
listOfStringLiteralVariables.add(Helper.getFQVariableName(variable));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -89,15 +89,12 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
|
||||
// look for String a = 'b';
|
||||
if (literal != null) {
|
||||
if (left != null) {
|
||||
final VariableExpression l = left.getNode();
|
||||
StringBuilder sb = new StringBuilder().append(l.getDefiningType()).append(":")
|
||||
.append(l.getIdentifier().value);
|
||||
Object o = literal.getNode().getLiteral();
|
||||
if (o instanceof String) {
|
||||
if (pattern.matcher((String) o).matches()) {
|
||||
selectContainingVariables.put(sb.toString(), Boolean.TRUE);
|
||||
selectContainingVariables.put(Helper.getFQVariableName(left), Boolean.TRUE);
|
||||
} else {
|
||||
safeVariables.add(sb.toString());
|
||||
safeVariables.add(Helper.getFQVariableName(left));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -107,10 +104,7 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
|
||||
if (right != null) {
|
||||
if (Helper.isMethodName(right, STRING, ESCAPE_SINGLE_QUOTES)) {
|
||||
if (left != null) {
|
||||
final VariableExpression var = left.getNode();
|
||||
StringBuilder sb = new StringBuilder().append(var.getDefiningType().getApexName()).append(":")
|
||||
.append(var.getIdentifier().value);
|
||||
safeVariables.add(sb.toString());
|
||||
safeVariables.add(Helper.getFQVariableName(left));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -134,9 +128,7 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
|
||||
boolean isSafeVariable = false;
|
||||
|
||||
if (concatenatedVar != null) {
|
||||
StringBuilder sb = new StringBuilder().append(concatenatedVar.getNode().getDefiningType().getApexName())
|
||||
.append(":").append(concatenatedVar.getNode().getIdentifier().value);
|
||||
if (safeVariables.contains(sb.toString())) {
|
||||
if (safeVariables.contains(Helper.getFQVariableName(concatenatedVar))) {
|
||||
isSafeVariable = true;
|
||||
}
|
||||
}
|
||||
@ -147,11 +139,9 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
|
||||
Object o = literal.getNode().getLiteral();
|
||||
if (o instanceof String) {
|
||||
if (pattern.matcher((String) o).matches()) {
|
||||
StringBuilder sb = new StringBuilder().append(var.getNode().getDefiningType().getApexName())
|
||||
.append(":").append(var.getNode().getIdentifier().value);
|
||||
if (!isSafeVariable) {
|
||||
// select literal + other unsafe vars
|
||||
selectContainingVariables.put(sb.toString(), Boolean.FALSE);
|
||||
selectContainingVariables.put(Helper.getFQVariableName(var), Boolean.FALSE);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -163,18 +153,16 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
|
||||
for (ASTBinaryExpression b : binaryExpr) {
|
||||
List<ASTVariableExpression> vars = b.findDescendantsOfType(ASTVariableExpression.class);
|
||||
for (ASTVariableExpression v : vars) {
|
||||
final VariableExpression var = v.getNode();
|
||||
StringBuilder sb = new StringBuilder().append(var.getDefiningType().getApexName()).append(":")
|
||||
.append(var.getIdentifier().value);
|
||||
String fqName = Helper.getFQVariableName(v);
|
||||
|
||||
if (selectContainingVariables.containsKey(sb.toString())) {
|
||||
boolean isLiteral = selectContainingVariables.get(sb.toString());
|
||||
if (selectContainingVariables.containsKey(fqName)) {
|
||||
boolean isLiteral = selectContainingVariables.get(fqName);
|
||||
if (isLiteral) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (safeVariables.contains(sb.toString())) {
|
||||
if (safeVariables.contains(fqName)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -192,15 +180,13 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
|
||||
private void reportVariables(final ASTMethodCallExpression m, Object data) {
|
||||
final ASTVariableExpression var = m.getFirstChildOfType(ASTVariableExpression.class);
|
||||
if (var != null) {
|
||||
StringBuilder sb = new StringBuilder().append(var.getNode().getDefiningType().getApexName()).append(":")
|
||||
.append(var.getNode().getIdentifier().value);
|
||||
if (selectContainingVariables.containsKey(sb.toString())) {
|
||||
boolean isLiteral = selectContainingVariables.get(sb.toString());
|
||||
String nameFQ = Helper.getFQVariableName(var);
|
||||
if (selectContainingVariables.containsKey(nameFQ)) {
|
||||
boolean isLiteral = selectContainingVariables.get(nameFQ);
|
||||
if (!isLiteral) {
|
||||
addViolation(data, var);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -25,10 +25,10 @@ public class ApexXSSFromEscapeFalseRule extends AbstractApexRule {
|
||||
|
||||
@Override
|
||||
public Object visit(ASTUserClass node, Object data) {
|
||||
if (Helper.isTestMethodOrClass(node)){
|
||||
if (Helper.isTestMethodOrClass(node)) {
|
||||
return data;
|
||||
}
|
||||
|
||||
|
||||
List<ASTMethodCallExpression> methodCalls = node.findDescendantsOfType(ASTMethodCallExpression.class);
|
||||
for (ASTMethodCallExpression methodCall : methodCalls) {
|
||||
if (Helper.isMethodName(methodCall, ADD_ERROR)) {
|
||||
|
||||
Reference in New Issue
Block a user