From d12c1f7fe4c26d8ba80d1266370e90709c3760da Mon Sep 17 00:00:00 2001 From: Sergey Date: Thu, 2 Mar 2017 17:47:56 -0800 Subject: [PATCH] Iterative DotExpression evaluation instead of checking the first one --- .../vf/rule/security/VfUnescapeElRule.java | 4 +++- .../lang/vf/rule/security/xml/VfUnescapeEl.xml | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java index a8cd61eded..d76e40d088 100644 --- a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java +++ b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java @@ -392,7 +392,9 @@ public class VfUnescapeElRule extends AbstractVfRule { } if (child instanceof ASTDotExpression) { - return containsSafeFields((ASTDotExpression) child); + if (containsSafeFields((ASTDotExpression) child)) { + return true; + }; } } diff --git a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml index 6e49f6e617..17deaf49be 100644 --- a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml +++ b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml @@ -1,6 +1,24 @@ + + + 0 + + + + + + +]]> + vf + + +