From c8e2421aa242d5385b795f236e5928b9b1c70082 Mon Sep 17 00:00:00 2001
From: Justin Mclean <justin@classsoftware.com>
Date: Sun, 11 Oct 2015 13:30:00 +1100
Subject: [PATCH 1/5] add method to get starting line number of element

---
 src/main/java/com/cflint/plugins/Context.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/com/cflint/plugins/Context.java b/src/main/java/com/cflint/plugins/Context.java
index 48c94c911..5381c1a82 100644
--- a/src/main/java/com/cflint/plugins/Context.java
+++ b/src/main/java/com/cflint/plugins/Context.java
@@ -143,6 +143,10 @@ public Context subContext(final Element elem){
 		return context2;
 	}
 
+	public int startLine() {
+		return element.getSource().getRow(element.getBegin());
+	}
+
 	protected String componentFromFile(String filename) {
 		int dotPosition = filename.lastIndexOf(".");
 		String separator = System.getProperty("file.separator");

From 29d0364c670cb0a9552a80ed8d0c4e1db784b0d2 Mon Sep 17 00:00:00 2001
From: Justin Mclean <justin@classsoftware.com>
Date: Sun, 11 Oct 2015 13:57:01 +1100
Subject: [PATCH 2/5] Rule to check for writeDump in cfset tags and script
 blocks

---
 .../java/com/cflint/TestWriteDumpChecker.java | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 src/test/java/com/cflint/TestWriteDumpChecker.java

diff --git a/src/test/java/com/cflint/TestWriteDumpChecker.java b/src/test/java/com/cflint/TestWriteDumpChecker.java
new file mode 100644
index 000000000..03c0a554c
--- /dev/null
+++ b/src/test/java/com/cflint/TestWriteDumpChecker.java
@@ -0,0 +1,59 @@
+package com.cflint;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import cfml.parsing.reporting.ParseException;
+
+import com.cflint.config.CFLintPluginInfo.PluginInfoRule;
+import com.cflint.config.CFLintPluginInfo.PluginInfoRule.PluginMessage;
+import com.cflint.config.ConfigRuntime;
+import com.cflint.plugins.core.WriteDumpChecker;
+
+public class TestWriteDumpChecker {
+
+	private CFLint cfBugs;
+
+	@Before
+	public void setUp() {
+		final ConfigRuntime conf = new ConfigRuntime();
+		final PluginInfoRule pluginRule = new PluginInfoRule();
+		pluginRule.setName("WriteDumpChecker");
+		conf.getRules().add(pluginRule);
+		final PluginMessage pluginMessage = new PluginMessage("AVOID_USING_WRITEDUMP");
+		pluginMessage.setSeverity("INFO");
+		cfBugs = new CFLint(conf, new WriteDumpChecker());
+	}
+
+	@Test
+	public void testWriteDumpinScript() throws ParseException, IOException {
+		final String scriptSrc = "<cfscript>\r\n"
+			+ "var a = 23;\r\n"
+			+ "writeDump(a);\r\n"
+			+ "</cfscript>";
+			
+		cfBugs.process(scriptSrc, "test");
+		final List<BugInfo> result = cfBugs.getBugs().getBugList().values().iterator().next();
+		assertEquals(1, result.size());
+		assertEquals("AVOID_USING_WRITEDUMP", result.get(0).getMessageCode());
+		assertEquals(3, result.get(0).getLine());
+	}
+
+	@Test
+	public void testWriteDumpInTag() throws ParseException, IOException {
+		final String tagSrc = "<cfset a = 23>\r\n"
+			+ "<cfset writeDump(a)>";
+			
+		cfBugs.process(tagSrc, "test");
+		final List<BugInfo> result = cfBugs.getBugs().getBugList().values().iterator().next();
+		assertEquals(1, result.size());
+		assertEquals("AVOID_USING_WRITEDUMP", result.get(0).getMessageCode());
+		assertEquals(2, result.get(0).getLine());
+	}
+
+}

From 4aeddcb0ddc8f8e41c96bfd4247f72898802685b Mon Sep 17 00:00:00 2001
From: Justin Mclean <justin@classsoftware.com>
Date: Sun, 11 Oct 2015 13:58:07 +1100
Subject: [PATCH 3/5] rule to check for writeDump calls

---
 .../cflint/plugins/core/WriteDumpChecker.java | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 src/main/java/com/cflint/plugins/core/WriteDumpChecker.java

diff --git a/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java b/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java
new file mode 100644
index 000000000..dcb8ee3e5
--- /dev/null
+++ b/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java
@@ -0,0 +1,50 @@
+package com.cflint.plugins.core;
+
+import ro.fortsoft.pf4j.Extension;
+import net.htmlparser.jericho.Element;
+
+import cfml.parsing.cfscript.CFExpression;
+import cfml.parsing.cfscript.script.CFExpressionStatement;
+import cfml.parsing.cfscript.script.CFScriptStatement;
+
+import com.cflint.BugInfo;
+import com.cflint.BugList;
+import com.cflint.plugins.CFLintScannerAdapter;
+import com.cflint.plugins.Context;
+
+@Extension
+public class WriteDumpChecker extends CFLintScannerAdapter {
+	final String severity = "INFO";
+
+	@Override
+	public void expression(final CFScriptStatement expression, final Context context, final BugList bugs) {
+	
+		if (expression instanceof CFExpressionStatement) {
+			String code = ((CFExpressionStatement) expression).getExpression().Decompile(0);
+			int lineNo = ((CFExpressionStatement) expression).getLine() + context.startLine() - 1;
+
+			if (code.toLowerCase().contains("writedump(")) {
+				writeDump(lineNo, context, bugs);
+			}
+		}
+	}
+
+	@Override
+	public void element(final Element element, final Context context, final BugList bugs) {
+		if (element.getName().equals("cfset")) {
+			String content = element.getStartTag().getTagContent().toString();
+			int lineNo = element.getSource().getRow(element.getBegin());
+
+			if (content.toLowerCase().contains("writedump(")) {
+				writeDump(lineNo, context, bugs);
+			}
+		}
+	}
+
+	protected void writeDump(final int lineNo, final Context context, final BugList bugs) {
+		bugs.add(new BugInfo.BugInfoBuilder().setLine(lineNo).setMessageCode("AVOID_USING_WRITEDUMP")
+			.setSeverity(severity).setFilename(context.getFilename())
+			.setMessage("WriteDump statement at line " + lineNo + ". Avoid using writeDump in production code.")
+			.build());
+	}
+}
\ No newline at end of file

From 5bd0363c17e9cc51e6b1aa87468d9ec39fa81b32 Mon Sep 17 00:00:00 2001
From: Justin Mclean <justin@classsoftware.com>
Date: Sun, 11 Oct 2015 14:22:27 +1100
Subject: [PATCH 4/5] remove blank line

---
 src/main/java/com/cflint/plugins/core/WriteDumpChecker.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java b/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java
index dcb8ee3e5..0aeea0eea 100644
--- a/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java
+++ b/src/main/java/com/cflint/plugins/core/WriteDumpChecker.java
@@ -18,7 +18,6 @@ public class WriteDumpChecker extends CFLintScannerAdapter {
 
 	@Override
 	public void expression(final CFScriptStatement expression, final Context context, final BugList bugs) {
-	
 		if (expression instanceof CFExpressionStatement) {
 			String code = ((CFExpressionStatement) expression).getExpression().Decompile(0);
 			int lineNo = ((CFExpressionStatement) expression).getLine() + context.startLine() - 1;

From a6fbc616f200cf7cb8e50a547296e97d097b76d5 Mon Sep 17 00:00:00 2001
From: Justin Mclean <justin@classsoftware.com>
Date: Sun, 11 Oct 2015 14:28:47 +1100
Subject: [PATCH 5/5] Added WriteDumpChecker

---
 src/main/resources/cflint.definition.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/resources/cflint.definition.xml b/src/main/resources/cflint.definition.xml
index f12e7ddc2..bcefedf71 100644
--- a/src/main/resources/cflint.definition.xml
+++ b/src/main/resources/cflint.definition.xml
@@ -168,4 +168,9 @@
 		</message>
 		<parameter name="maximum" />
 	</ruleImpl>
+	<ruleImpl name="WriteDumpChecker" className="WriteDumpChecker">
+		<message code="AVOID_USING_WRITEDUMP">
+			<severity>INFO</severity>
+		</message>
+	</ruleImpl>
 </CFLint-Plugin>