ddf55c7f81
Addresses the general issue raised in https://github.com/pmd/pmd/issues/1092 This commit removes false positives from expressions in apex tags. The specific use case raised in 1092 isn't reproducible and represents a false negative that will be fixed separately. The existing Visualforce rules don't have any information about the data types referenced in the Visualforce page. This results in false positives when attempting to identify expressions that are vulnerable to XSS attacks. The rules should not warn about XSS attacks when the expression refers to a type such as Integer or Boolean. The VfExpressionTypeVisitor visits the Visualforce page and extracts the datatypes from Salesforce metadata. Data type information can come from either Apex classes or Object Fields. The Salesforce metadata is generally located in a sibling directory of the Visualforce directory. By default the code looks in directories relative to the Visualforce file to find the metadata. The conventional locations for the metadata are "../classes" and "../objects", the user can override this default with other directories if required.
103 lines
3.8 KiB
XML
103 lines
3.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<artifactId>pmd-visualforce</artifactId>
|
|
<name>PMD Visualforce</name>
|
|
|
|
<parent>
|
|
<groupId>net.sourceforge.pmd</groupId>
|
|
<artifactId>pmd</artifactId>
|
|
<version>6.29.0-SNAPSHOT</version>
|
|
<relativePath>../</relativePath>
|
|
</parent>
|
|
|
|
<build>
|
|
<resources>
|
|
<resource>
|
|
<directory>${basedir}/src/main/resources</directory>
|
|
<filtering>true</filtering>
|
|
</resource>
|
|
</resources>
|
|
<plugins>
|
|
<plugin>
|
|
<artifactId>maven-resources-plugin</artifactId>
|
|
<configuration>
|
|
<useDefaultDelimiters>false</useDefaultDelimiters>
|
|
<delimiters>
|
|
<delimiter>${*}</delimiter>
|
|
</delimiters>
|
|
</configuration>
|
|
</plugin>
|
|
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-antrun-plugin</artifactId>
|
|
<inherited>true</inherited>
|
|
<executions>
|
|
<execution>
|
|
<id>generate-sources</id>
|
|
<phase>generate-sources</phase>
|
|
<configuration>
|
|
<target>
|
|
<ant antfile="src/main/ant/alljavacc.xml">
|
|
<property name="target" value="${project.build.directory}/generated-sources/javacc" />
|
|
<property name="javacc.jar" value="${settings.localRepository}/net/java/dev/javacc/javacc/${javacc.version}/javacc-${javacc.version}.jar" />
|
|
</ant>
|
|
</target>
|
|
</configuration>
|
|
<goals>
|
|
<goal>run</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>build-helper-maven-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>add-javacc-generated-sources</id>
|
|
<goals>
|
|
<goal>add-source</goal>
|
|
</goals>
|
|
<configuration>
|
|
<sources>
|
|
<source>${project.build.directory}/generated-sources/javacc</source>
|
|
</sources>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>net.sourceforge.pmd</groupId>
|
|
<artifactId>pmd-core</artifactId>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>net.sourceforge.pmd</groupId>
|
|
<artifactId>pmd-apex</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>net.sourceforge.pmd</groupId>
|
|
<artifactId>pmd-test</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>net.sourceforge.pmd</groupId>
|
|
<artifactId>pmd-lang-test</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
</project>
|