private static boolean isSuspiciousGlobalConfiguration(String lowerCaseQualifiedName, SeparatedList<ExpressionTree> arguments) { return GLOBAL_CONFIGURATION_FUNCTIONS.contains(lowerCaseQualifiedName) && arguments.size() == 2 && isSuspiciousDirective(getStringValue(arguments.get(0)), arguments.get(1)); }
@Nullable private static ExpressionTree retrieveArgumentFromIsNullCall(FunctionCallTree functionCall) { if ("is_null".equalsIgnoreCase(functionCall.callee().toString()) && functionCall.arguments().size() == 1) { return functionCall.arguments().get(0); } else { return null; } }
private static boolean httpOnlySetToFalse(FunctionCallTree tree) { if (tree.arguments().size() > HTTP_ONLY_PARAMETER_INDEX) { ExpressionTree httpOnlyArgument = tree.arguments().get(HTTP_ONLY_PARAMETER_INDEX); return httpOnlyArgument.is(Kind.BOOLEAN_LITERAL) && ((LiteralTree) httpOnlyArgument).value().equals("false"); } return false; } }
private static boolean httpOnlySetToFalse(FunctionCallTree tree) { if (tree.arguments().size() > HTTP_ONLY_PARAMETER_INDEX) { ExpressionTree httpOnlyArgument = tree.arguments().get(HTTP_ONLY_PARAMETER_INDEX); return httpOnlyArgument.is(Kind.BOOLEAN_LITERAL) && ((LiteralTree) httpOnlyArgument).value().equals("false"); } return false; } }
@Nullable public static ExpressionTree getForCondition(ForStatementTree tree) { if (tree.condition().isEmpty()) { return null; } // in a loop, all conditions are evaluated but only the last one is used as the result return tree.condition().get(tree.condition().size() - 1); }
private static boolean argumentSetToFalse(FunctionCallTree tree, int argumentIndex) { if (tree.arguments().size() > argumentIndex) { ExpressionTree secureArgument = tree.arguments().get(argumentIndex); return CheckUtils.isFalseValue(secureArgument); } return true; }
private static boolean isVariableLengthParameterList(ParameterListTree parameterList) { SeparatedList<ParameterTree> parameters = parameterList.parameters(); if (!parameters.isEmpty()) { ParameterTree lastParameter = parameters.get(parameters.size() - 1); return lastParameter.ellipsisToken() != null; } return false; }
private static boolean argumentSetToFalse(FunctionCallTree tree, int argumentIndex) { if (tree.arguments().size() > argumentIndex) { ExpressionTree secureArgument = tree.arguments().get(argumentIndex); return CheckUtils.isFalseValue(secureArgument); } return true; }
private void checkAssertArguments(FunctionCallTree tree) { SeparatedList<ExpressionTree> arguments = tree.arguments(); if (!arguments.isEmpty() && arguments.get(0).is(Kind.REGULAR_STRING_LITERAL, Kind.EXPANDABLE_STRING_LITERAL)) { context().newIssue(this, tree, "Change this call to \"assert\" to not pass a string argument."); } }
private void checkPasswordArgument(FunctionCallTree functionCall, int argumentIndex) { SeparatedList<ExpressionTree> arguments = functionCall.arguments(); if (arguments.size() > argumentIndex) { ExpressionTree passwordArgument = arguments.get(argumentIndex); if (hasEmptyValue(passwordArgument)) { context().newIssue(this, passwordArgument, MESSAGE); } } }
private boolean argumentIsNullOrEmptyString(FunctionCallTree tree, int argumentIndex) { if (tree.arguments().size() > argumentIndex) { ExpressionTree valueArgument = getAssignedValue(tree.arguments().get(argumentIndex)); return CheckUtils.isNullOrEmptyString(valueArgument); } return true; }
private boolean argumentIsNullOrEmptyString(FunctionCallTree tree, int argumentIndex) { if (tree.arguments().size() > argumentIndex) { ExpressionTree valueArgument = getAssignedValue(tree.arguments().get(argumentIndex)); return CheckUtils.isNullOrEmptyString(valueArgument); } return true; }
private void checkSqlServer(FunctionCallTree functionCall) { SeparatedList<ExpressionTree> arguments = functionCall.arguments(); int argumentIndex = 1; if (arguments.size() > argumentIndex) { ExpressionTree connectionInfo = arguments.get(argumentIndex); ExpressionTree password = sqlServerPassword(connectionInfo); if (password != null && hasEmptyValue(password)) { context().newIssue(this, password, MESSAGE); } } }
@Test public void multiple() throws Exception { LexicalVariablesTree tree = parse("use ($a, $b)", Kind.LEXICAL_VARIABLES); assertThat(tree.is(Kind.LEXICAL_VARIABLES)).isTrue(); assertThat(expressionToString(tree.useToken())).isEqualTo("use"); assertThat(tree.openParenthesisToken().text()).isEqualTo("("); assertThat(tree.variables()).hasSize(2); assertThat(expressionToString(tree.variables().get(0))).isEqualTo("$a"); assertThat(expressionToString(tree.variables().get(1))).isEqualTo("$b"); assertThat(tree.closeParenthesisToken().text()).isEqualTo(")"); }
@Test public void test() throws Exception { StaticStatementTree tree = parse("static $a, $b = $c;", PHPLexicalGrammar.STATIC_STATEMENT); assertThat(tree.is(Kind.STATIC_STATEMENT)).isTrue(); assertThat(tree.staticToken().text()).isEqualTo("static"); assertThat(tree.variables()).hasSize(2); assertThat(tree.variables().get(0).equalToken()).isNull(); assertThat(tree.variables().get(1).equalToken()).isNotNull(); assertThat(tree.eosToken().text()).isEqualTo(";"); }
@Test public void single() throws Exception { LexicalVariablesTree tree = parse("use ($a)", Kind.LEXICAL_VARIABLES); assertThat(tree.is(Kind.LEXICAL_VARIABLES)).isTrue(); assertThat(expressionToString(tree.useToken())).isEqualTo("use"); assertThat(tree.openParenthesisToken().text()).isEqualTo("("); assertThat(tree.variables()).hasSize(1); assertThat(expressionToString(tree.variables().get(0))).isEqualTo("$a"); assertThat(tree.closeParenthesisToken().text()).isEqualTo(")"); }
@Override protected void createIssue(FunctionCallTree tree) { if (tree.arguments().size() > PADDING_ARGUMENT_INDEX) { ExpressionTree padding = tree.arguments().get(PADDING_ARGUMENT_INDEX); if (padding.is(Kind.NAMESPACE_NAME) && !((NamespaceNameTree) padding).fullName().equals(SECURE_PADDING)) { context().newIssue(this, padding, MESSAGE); } } else { context().newIssue(this, tree.callee(), MESSAGE); } }
@Override protected void createIssue(FunctionCallTree tree) { if (tree.arguments().size() > PADDING_ARGUMENT_INDEX) { ExpressionTree padding = tree.arguments().get(PADDING_ARGUMENT_INDEX); if (padding.is(Kind.NAMESPACE_NAME) && !((NamespaceNameTree) padding).fullName().equals(SECURE_PADDING)) { context().newIssue(this, padding, MESSAGE); } } else { context().newIssue(this, tree.callee(), MESSAGE); } }
@Override public void visitFunctionCall(FunctionCallTree tree) { if (isSetCookie(tree) && httpOnlySetToFalse(tree)) { context().newIssue(this, tree.callee(), MESSAGE).secondary(tree.arguments().get(HTTP_ONLY_PARAMETER_INDEX), null); } super.visitFunctionCall(tree); }
@Override public void visitFunctionCall(FunctionCallTree tree) { SyntaxToken echoToken = ((NamespaceNameTree) tree.callee()).name().token(); SyntaxToken literalToken = ((LiteralTree) tree.arguments().get(0)).token(); context().newIssue(this, echoToken, "Precise issue") .secondary(literalToken, "Wrong message"); super.visitFunctionCall(tree); } });