Merge pull request #89 from cflint/writeDump

Rule to check for writeDump in cfset tags and script blocks
cflint · Oct 11, 2015 · 28cee79 · 28cee79
2 parents 5518d5a + a6fbc61
commit 28cee79
Show file tree

Hide file tree

Showing 4 changed files with 117 additions and 0 deletions.
diff --git a/src/main/java/com/cflint/plugins/Context.java b/src/main/java/com/cflint/plugins/Context.java
@@ -143,6 +143,10 @@ public Context subContext(final Element elem){
 		return context2;
 	}
 
+	public int startLine() {
+		return element.getSource().getRow(element.getBegin());
+	}
+
 	protected String componentFromFile(String filename) {
 		int dotPosition = filename.lastIndexOf(".");
 		String separator = System.getProperty("file.separator");

diff --git a/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java b/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java
@@ -0,0 +1,49 @@
+package com.cflint.plugins.core;
+
+import ro.fortsoft.pf4j.Extension;
+import net.htmlparser.jericho.Element;
+
+import cfml.parsing.cfscript.CFExpression;
+import cfml.parsing.cfscript.script.CFExpressionStatement;
+import cfml.parsing.cfscript.script.CFScriptStatement;
+
+import com.cflint.BugInfo;
+import com.cflint.BugList;
+import com.cflint.plugins.CFLintScannerAdapter;
+import com.cflint.plugins.Context;
+
+@Extension
+public class WriteDumpChecker extends CFLintScannerAdapter {
+	final String severity = "INFO";
+
+	@Override
+	public void expression(final CFScriptStatement expression, final Context context, final BugList bugs) {
+		if (expression instanceof CFExpressionStatement) {
+			String code = ((CFExpressionStatement) expression).getExpression().Decompile(0);
+			int lineNo = ((CFExpressionStatement) expression).getLine() + context.startLine() - 1;
+
+			if (code.toLowerCase().contains("writedump(")) {
+				writeDump(lineNo, context, bugs);
+			}
+		}
+	}
+
+	@Override
+	public void element(final Element element, final Context context, final BugList bugs) {
+		if (element.getName().equals("cfset")) {
+			String content = element.getStartTag().getTagContent().toString();
+			int lineNo = element.getSource().getRow(element.getBegin());
+
+			if (content.toLowerCase().contains("writedump(")) {
+				writeDump(lineNo, context, bugs);
+			}
+		}
+	}
+
+	protected void writeDump(final int lineNo, final Context context, final BugList bugs) {
+		bugs.add(new BugInfo.BugInfoBuilder().setLine(lineNo).setMessageCode("AVOID_USING_WRITEDUMP")
+			.setSeverity(severity).setFilename(context.getFilename())
+			.setMessage("WriteDump statement at line " + lineNo + ". Avoid using writeDump in production code.")
+			.build());
+	}
+}
diff --git a/src/main/resources/cflint.definition.xml b/src/main/resources/cflint.definition.xml
@@ -168,4 +168,9 @@
 		</message>
 		<parameter name="maximum" />
 	</ruleImpl>
+	<ruleImpl name="WriteDumpChecker" className="WriteDumpChecker">
+		<message code="AVOID_USING_WRITEDUMP">
+			<severity>INFO</severity>
+		</message>
+	</ruleImpl>
 </CFLint-Plugin>
diff --git a/src/test/java/com/cflint/TestWriteDumpChecker.java b/src/test/java/com/cflint/TestWriteDumpChecker.java
@@ -0,0 +1,59 @@
+package com.cflint;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import cfml.parsing.reporting.ParseException;
+
+import com.cflint.config.CFLintPluginInfo.PluginInfoRule;
+import com.cflint.config.CFLintPluginInfo.PluginInfoRule.PluginMessage;
+import com.cflint.config.ConfigRuntime;
+import com.cflint.plugins.core.WriteDumpChecker;
+
+public class TestWriteDumpChecker {
+
+	private CFLint cfBugs;
+
+	@Before
+	public void setUp() {
+		final ConfigRuntime conf = new ConfigRuntime();
+		final PluginInfoRule pluginRule = new PluginInfoRule();
+		pluginRule.setName("WriteDumpChecker");
+		conf.getRules().add(pluginRule);
+		final PluginMessage pluginMessage = new PluginMessage("AVOID_USING_WRITEDUMP");
+		pluginMessage.setSeverity("INFO");
+		cfBugs = new CFLint(conf, new WriteDumpChecker());
+	}
+
+	@Test
+	public void testWriteDumpinScript() throws ParseException, IOException {
+		final String scriptSrc = "<cfscript>\r\n"
+			+ "var a = 23;\r\n"
+			+ "writeDump(a);\r\n"
+			+ "</cfscript>";
+
+		cfBugs.process(scriptSrc, "test");
+		final List<BugInfo> result = cfBugs.getBugs().getBugList().values().iterator().next();
+		assertEquals(1, result.size());
+		assertEquals("AVOID_USING_WRITEDUMP", result.get(0).getMessageCode());
+		assertEquals(3, result.get(0).getLine());
+	}
+
+	@Test
+	public void testWriteDumpInTag() throws ParseException, IOException {
+		final String tagSrc = "<cfset a = 23>\r\n"
+			+ "<cfset writeDump(a)>";
+
+		cfBugs.process(tagSrc, "test");
+		final List<BugInfo> result = cfBugs.getBugs().getBugList().values().iterator().next();
+		assertEquals(1, result.size());
+		assertEquals("AVOID_USING_WRITEDUMP", result.get(0).getMessageCode());
+		assertEquals(2, result.get(0).getLine());
+	}
+
+}