From 0df432a73ca6facb0888d6a2a799e4a1bac4b602 Mon Sep 17 00:00:00 2001
From: Sergey Gorbaty <sergey.gorbaty@salesforce.com>
Date: Wed, 1 Feb 2017 13:24:44 -0800
Subject: [PATCH 1/2] Add support for fields

---
 .../rule/security/ApexCRUDViolationRule.java  | 22 +++++++++++++++++++
 .../pmd/lang/apex/rule/security/Helper.java   | 21 ++++++++++++++++++
 .../rule/security/xml/ApexCRUDViolation.xml   | 17 +++++++++++++-
 3 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.java b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.java
index c0d7a9511b..322287798c 100644
--- a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.java
+++ b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.java
@@ -4,6 +4,7 @@
 
 package net.sourceforge.pmd.lang.apex.rule.security;
 
+import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -26,6 +27,7 @@ import net.sourceforge.pmd.lang.apex.ast.ASTDmlUpsertStatement;
 import net.sourceforge.pmd.lang.apex.ast.ASTDottedExpression;
 import net.sourceforge.pmd.lang.apex.ast.ASTField;
 import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
+import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclarationStatements;
 import net.sourceforge.pmd.lang.apex.ast.ASTIfElseBlockStatement;
 import net.sourceforge.pmd.lang.apex.ast.ASTMethod;
 import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
@@ -42,6 +44,7 @@ import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;
 import net.sourceforge.pmd.lang.ast.Node;
 
 import apex.jorje.data.ast.Identifier;
+import apex.jorje.data.ast.TypeRef;
 import com.google.common.collect.ArrayListMultimap;
 import com.google.common.collect.ListMultimap;
 
@@ -162,6 +165,25 @@ public class ApexCRUDViolationRule extends AbstractApexRule {
 
     @Override
     public Object visit(final ASTFieldDeclaration node, Object data) {
+        ASTFieldDeclarationStatements field = node.getFirstParentOfType(ASTFieldDeclarationStatements.class);
+        if (field != null) {
+            try {
+                TypeRef a = field.getNode().getTypeName();
+                Field f = a.getClass().getDeclaredField("className");
+                f.setAccessible(true);
+                if (f.get(a) instanceof ArrayList<?>) {
+                    @SuppressWarnings("unchecked")
+                    ArrayList<Identifier> innerField = (ArrayList<Identifier>) f.get(a);
+                    if (!innerField.isEmpty()) {
+                        String type = innerField.get(0).value;
+                        addVariableToMapping(Helper.getFQVariableName(node), type);
+                    }
+                }
+
+            } catch (NoSuchFieldException | IllegalArgumentException | IllegalAccessException | SecurityException e) {
+            }
+
+        }
         final ASTSoqlExpression soql = node.getFirstChildOfType(ASTSoqlExpression.class);
         if (soql != null) {
             checkForAccessibility(soql, data);
diff --git a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java
index 27c16b7e9f..55375cf514 100644
--- a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java
+++ b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java
@@ -15,6 +15,7 @@ import net.sourceforge.pmd.lang.apex.ast.ASTDmlUpdateStatement;
 import net.sourceforge.pmd.lang.apex.ast.ASTDmlUpsertStatement;
 import net.sourceforge.pmd.lang.apex.ast.ASTDottedExpression;
 import net.sourceforge.pmd.lang.apex.ast.ASTField;
+import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
 import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
 import net.sourceforge.pmd.lang.apex.ast.ASTModifierNode;
 import net.sourceforge.pmd.lang.apex.ast.ASTNewNameValueObjectExpression;
@@ -25,11 +26,13 @@ import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
 import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
 import net.sourceforge.pmd.lang.apex.ast.ApexNode;
 
+import apex.jorje.data.ast.Identifier;
 import apex.jorje.data.ast.TypeRef.ClassTypeRef;
 import apex.jorje.semantic.ast.expression.MethodCallExpression;
 import apex.jorje.semantic.ast.expression.NewNameValueObjectExpression;
 import apex.jorje.semantic.ast.expression.VariableExpression;
 import apex.jorje.semantic.ast.member.Field;
+import apex.jorje.semantic.ast.statement.FieldDeclaration;
 import apex.jorje.semantic.ast.statement.VariableDeclaration;
 
 /**
@@ -175,6 +178,24 @@ public final class Helper {
         return sb.toString();
     }
 
+    static String getFQVariableName(final ASTFieldDeclaration variable) {
+        FieldDeclaration n = variable.getNode();
+        String name = "";
+
+        try {
+            java.lang.reflect.Field f = n.getClass().getDeclaredField("name");
+            f.setAccessible(true);
+            Identifier nameField = (Identifier) f.get(n);
+            name = nameField.value;
+
+        } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
+            e.printStackTrace();
+        }
+
+        StringBuilder sb = new StringBuilder().append(n.getDefiningType().getApexName()).append(":").append(name);
+        return sb.toString();
+    }
+
     static String getFQVariableName(final ASTNewNameValueObjectExpression variable) {
         NewNameValueObjectExpression n = variable.getNode();
         String objType = "";
diff --git a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexCRUDViolation.xml b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexCRUDViolation.xml
index 8ced37f6d1..700bb7e371 100644
--- a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexCRUDViolation.xml
+++ b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexCRUDViolation.xml
@@ -622,7 +622,7 @@ public class Foo {
 	</test-code> 
 
 	<test-code>
-		<description>Control flow with nested statementsL</description>
+		<description>Control flow with nested statements</description>
 		<expected-problems>0</expected-problems>
 		<code><![CDATA[ 
 public class Foo { 	
@@ -644,5 +644,20 @@ public class Foo {
 	
 ]]></code>
 	</test-code>	
+	
+	<test-code>
+		<description>Field detection</description>
+		<expected-problems>1</expected-problems>
+		<code><![CDATA[ 
+public class MyProfilePageController { 	
+	private User currentUser;
 
+    public MyProfilePageController() {
+        currentUser = [SELECT id FROM User WHERE id = :UserInfo.getUserId()];
+    } 
+}
+	
+]]></code>
+	</test-code>
+	
 </test-data>

From fdfdbd891ad5244af02bd889902471a4680daa7c Mon Sep 17 00:00:00 2001
From: Sergey Gorbaty <sergey.gorbaty@salesforce.com>
Date: Wed, 1 Feb 2017 13:28:25 -0800
Subject: [PATCH 2/2] Removing printing

---
 .../java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java
index 55375cf514..164859d9ba 100644
--- a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java
+++ b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/Helper.java
@@ -189,7 +189,6 @@ public final class Helper {
             name = nameField.value;
 
         } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
-            e.printStackTrace();
         }
 
         StringBuilder sb = new StringBuilder().append(n.getDefiningType().getApexName()).append(":").append(name);