From 6d7785a6c8c7b285e671a15d81972d93d3b22afe Mon Sep 17 00:00:00 2001 From: ryaneberly Date: Thu, 5 Nov 2015 21:50:58 -0500 Subject: [PATCH] #114 --- .../com/cflint/config/CFLintPluginInfo.java | 103 +- src/main/resources/cflint.definition.json | 1552 +++++++++-------- src/main/resources/cflint.definition.xml | 701 ++++---- .../com/cflint/config/TestCFLintConfig.java | 22 +- .../cflint/config/TestConfigUtilsJson.java | 2 + 5 files changed, 1269 insertions(+), 1111 deletions(-) diff --git a/src/main/java/com/cflint/config/CFLintPluginInfo.java b/src/main/java/com/cflint/config/CFLintPluginInfo.java index 1aa7f0c4f..6b84423b9 100644 --- a/src/main/java/com/cflint/config/CFLintPluginInfo.java +++ b/src/main/java/com/cflint/config/CFLintPluginInfo.java @@ -9,34 +9,69 @@ import javax.xml.bind.annotation.XmlTransient; import com.cflint.plugins.CFLintScanner; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; -import com.fasterxml.jackson.databind.annotation.JsonSerialize; @XmlRootElement(name = "CFLint-Plugin") @JsonInclude(Include.NON_NULL) public class CFLintPluginInfo { - List rules = new ArrayList(); + List groups = new ArrayList(); + @JsonIgnore public List getRules() { + List rules = new ArrayList(); + for (PluginInfoGroup group : groups) { + rules.addAll(group.getRules()); + } return rules; } - @XmlElement(name = "ruleImpl") - public void setRules(final List rules) { - this.rules = rules; + public List getGroups() { + return groups; + } + + @XmlElement(name = "group") + public void setGroups(final List groups) { + this.groups = groups; } - - public PluginInfoRule getRuleByName(String ruleName){ - for(PluginInfoRule rule: rules){ - if(ruleName != null && ruleName.equals(rule.getName())){ - return rule; + + public PluginInfoRule getRuleByName(String ruleName) { + for (PluginInfoGroup group : groups) { + for (PluginInfoRule rule : group.getRules()) { + if (ruleName != null && ruleName.equals(rule.getName())) { + return rule; + } } } return null; } + @JsonInclude(Include.NON_NULL) + public static class PluginInfoGroup { + String name; + List rules = new ArrayList(); + + public List getRules() { + return rules; + } + + public String getName() { + return name; + } + + @XmlAttribute(name = "name") + public void setName(String name) { + this.name = name; + } + + @XmlElement(name = "ruleImpl") + public void setRules(final List rules) { + this.rules = rules; + } + } + @JsonInclude(Include.NON_NULL) public static class PluginInfoRule { @@ -44,12 +79,13 @@ public static class PluginInfoRule { String className; List messages = new ArrayList(); List parameters = new ArrayList(); - //Associate the pluginInstance with the rule that created it + // Associate the pluginInstance with the rule that created it CFLintScanner pluginInstance; - + public CFLintScanner getPluginInstance() { return pluginInstance; } + @XmlTransient public void setPluginInstance(CFLintScanner pluginInstance) { this.pluginInstance = pluginInstance; @@ -59,7 +95,7 @@ public String getClassName() { return className; } - @XmlAttribute(name="className") + @XmlAttribute(name = "className") public void setClassName(String className) { this.className = className; } @@ -76,15 +112,15 @@ public void setParameters(List parameters) { public String getName() { return name; } - - public void addParameter(String name, String value){ + + public void addParameter(String name, String value) { PluginParameter p = new PluginParameter(); p.setName(name); p.setValue(value); parameters.add(p); } - @XmlAttribute(name="name") + @XmlAttribute(name = "name") public void setName(String name) { this.name = name; } @@ -122,30 +158,35 @@ public List getMessages() { public void setMessages(List messages) { this.messages = messages; } - - public PluginMessage getMessageByCode(String messageCode){ - for(PluginMessage message: messages){ - if(messageCode != null && messageCode.equals(message.getCode())){ + + public PluginMessage getMessageByCode(String messageCode) { + for (PluginMessage message : messages) { + if (messageCode != null + && messageCode.equals(message.getCode())) { return message; } } return null; } - + public static class PluginParameter { String name; String value; + public String getName() { return name; } - @XmlAttribute(name="name") + + @XmlAttribute(name = "name") public void setName(String name) { this.name = name; } + public String getValue() { return value; } - @XmlAttribute(name="value") + + @XmlAttribute(name = "value") public void setValue(String value) { this.value = value; } @@ -153,43 +194,55 @@ public void setValue(String value) { public static class PluginMessage { String code; + public PluginMessage(String code) { super(); this.code = code; } + public PluginMessage() { super(); } + String messageText; String severity; + public String getCode() { return code; } - @XmlAttribute(name="code") + + @XmlAttribute(name = "code") public void setCode(String code) { this.code = code; } + public String getMessageText() { return messageText; } + @XmlElement(name = "messageText") public void setMessageText(String messageText) { this.messageText = messageText; } + public String getSeverity() { return severity; } + @XmlElement(name = "severity") public void setSeverity(String severity) { this.severity = severity; } + @Override public int hashCode() { final int prime = 31; int result = 1; - result = prime * result + ((code == null) ? 0 : code.hashCode()); + result = prime * result + + ((code == null) ? 0 : code.hashCode()); return result; } + @Override public boolean equals(Object obj) { if (this == obj) diff --git a/src/main/resources/cflint.definition.json b/src/main/resources/cflint.definition.json index db26948f1..02d6eda88 100644 --- a/src/main/resources/cflint.definition.json +++ b/src/main/resources/cflint.definition.json @@ -1,744 +1,820 @@ { - "ruleImpl": [ - { - "name": "ArgDefChecker", - "message": [ - { - "code": "ARG_DEFAULT_MISSING", - "messageText": "Argument ${variable} is not required and does not define a default value.", - "severity": "WARNING" - } - ], - "parameter": [ - - ] - }, - { - "name": "ArgVarChecker", - "message": [ - { - "code": "ARG_VAR_CONFLICT", - "messageText": "Variable ${variable} should not be declared in both var and argument scopes.", - "severity": "ERROR" - }, - { - "code": "ARG_VAR_MIXED", - "messageText": "Variable ${variable} should not be referenced in local and argument scope.", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "CFSwitchDefaultChecker", - "message": [ - { - "code": "NO_DEFAULT_INSIDE_SWITCH", - "messageText": "Not having a Default statement defined for a switch could pose potential issues.", - "severity": "WARNING" - } - ], - "parameter": [ - - ] - }, - { - "name": "GlobalVarChecker", - "message": [ - { - "code": "GLOBAL_VAR", - "messageText": "Identifier ${variable} is global, referencing in a CFC or function should be avoided.", - "severity": "WARNING" - } - ], - "parameter": [ - - ] - }, - { - "name": "NestedCFOutput", - "message": [ - { - "code": "NESTED_CFOUTPUT", - "messageText": "Nested CFOutput, outer CFOutput has @query.", - "severity": "ERROR" - } - ], - "parameter": [ - - ] - }, - { - "name": "OutputParmMissing", - "message": [ - { - "code": "OUTPUT_ATTR", - "messageText": "<${tag} name=\"${variable}\"> should have @output='false'", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "QueryParamChecker", - "message": [ - { - "code": "QUERYPARAM_REQ", - "messageText": "setSql() statement should use .addParam() instead of #'s for security.", - "severity": "WARNING" - }, - { - "code": "CFQUERYPARAM_REQ", - "messageText": "<${tag} name=\"${variable}\"> should use for security reasons.", - "severity": "WARNING" - } - ], - "parameter": [ - - ] - }, - { - "name": "TypedQueryNew", - "message": [ - { - "code": "QUERYNEW_DATATYPE", - "messageText": "QueryNew statement should specify datatypes.", - "severity": "WARNING" - } - ], - "parameter": [ - - ] - }, - { - "name": "VarScoper", - "message": [ - { - "code": "MISSING_VAR", - "messageText": "Variable ${variable} is not declared with a var statement.", - "severity": "ERROR" - } - ], - "parameter": [ - - ] - }, - { - "name": "CFDumpChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFDUMP_TAG", - "messageText": "Avoid Leaving <${tagName}> tags in committed code. Debug information should be omitted from release code", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfdump" - } - ] - }, - { - "name": "CFExecuteChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFEXECUTE_TAG", - "messageText": "Avoid Leaving <${tagName}> tags in committed code. CFexecute can be use as an attack vector and is slow.", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfexecute" - } - ] - }, - { - "name": "CFAbortChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFABORT_TAG", - "messageText": "Avoid Leaving <${tagName}> tags in committed code. Did you accidently leave a cfabort in the code?", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfabort" - } - ] - }, - { - "name": "AbortChecker", - "className": "AbortChecker", - "message": [ - { - "code": "AVOID_USING_ABORT", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "CFInsertChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFINSERT_TAG", - "messageText": "Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead.", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfinsert" - } - ] - }, - { - "name": "CFModuleChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFMODULE_TAG", - "messageText": "Avoid using <${tagName}> tags.", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfmodule" - } - ] - }, - { - "name": "CFUpdateChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFUPDATE_TAG", - "messageText": "Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead.", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfupdate" - } - ] - }, - { - "name": "CFIncludeChecker", - "className": "CFXTagChecker", - "message": [ - { - "code": "AVOID_USING_CFINCUDE_TAG", - "messageText": "Avoid using <${tagName}> tags. Use components instead.", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "tagName", - "value": "cfinclude" - }, - { - "name": "scope", - "value": "component" - } - ] - }, - { - "name": "ComponentHintChecker", - "className": "ComponentHintChecker", - "message": [ - { - "code": "COMPONENT_HINT_MISSING", - "severity": "WARNING" - } - ], - "parameter": [ - - ] - }, - { - "name": "FunctionHintChecker", - "className": "FunctionHintChecker", - "message": [ - { - "code": "FUNCTION_HINT_MISSING", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "ArgumentHintChecker", - "className": "ArgHintChecker", - "message": [ - { - "code": "ARG_HINT_MISSING", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "ArgumentTypeChecker", - "className": "ArgTypeChecker", - "message": [ - { - "code": "ARG_TYPE_MISSING", - "severity": "WARNING" - }, - { - "code": "ARG_TYPE_ANY", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "FunctionLengthChecker", - "className": "FunctionLengthChecker", - "message": [ - { - "code": "EXCESSIVE_FUNCTION_LENGTH", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "length", - "value": "100" - } - ] - }, - { - "name": "ComponentLengthChecker", - "className": "ComponentLengthChecker", - "message": [ - { - "code": "EXCESSIVE_COMPONENT_LENGTH", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "length", - "value": "500" - } - ] - }, - { - "name": "FunctionTypeChecker", - "className": "FunctionTypeChecker", - "message": [ - { - "code": "FUNCTION_TYPE_MISSING", - "severity": "WARNING" - }, - { - "code": "FUNCTION_TYPE_ANY", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "TooManyArgumentsChecker", - "className": "TooManyArgumentsChecker", - "message": [ - { - "code": "EXCESSIVE_ARGUMENTS", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "maximum", - "value": "10" - } - ] - }, - { - "name": "TooManyFunctionsChecker", - "className": "TooManyArgumentsChecker", - "message": [ - { - "code": "EXCESSIVE_FUNCTIONS", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "maximum", - "value": "10" - } - ] - }, - { - "name": "SimpleComplexityChecker", - "className": "SimpleComplexityChecker", - "message": [ - { - "code": "FUNCTION_TOO_COMPLEX", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "maximum", - "value": "10" - } - ] - }, - { - "name": "WriteDumpChecker", - "className": "WriteDumpChecker", - "message": [ - { - "code": "AVOID_USING_WRITEDUMP", - "messageText": "Avoid using the ${functionName} function in production code.", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "functionName", - "value": "writeDump" - } - ] - }, - { - "name": "StructNewChecker", - "className": "FunctionXChecker", - "message": [ - { - "code": "AVOID_USING_STRUCTNEW", - "messageText": "Avoid using the ${functionName} function in production code.", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "functionName", - "value": "structNew" - } - ] - }, - { - "name": "IsDebugModeChecker", - "className": "FunctionXChecker", - "message": [ - { - "code": "AVOID_USING_ISDEBUGMODE", - "messageText": "Avoid using the ${functionName} function in production code.", - "severity": "WARNING" - } - ], - "parameter": [ - { - "name": "functionName", - "value": "IsDebugMode" - } - ] - }, - { - "name": "ArrayNewChecker", - "className": "ArrayNewChecker", - "message": [ - { - "code": "AVOID_USING_ARRAYNEW", - "severity": "INFO" - } - ], - "parameter": [] - }, - { - "name": "ComplexBooleanExpressionChecker", - "className": "ComplexBooleanExpressionChecker", - "message": [ - { - "code": "COMPLEX_BOOLEAN_CHECK", - "severity": "WARNING" - } - ], - "parameter": [] - }, - { - "name": "BooleanExpressionChecker", - "className": "BooleanExpressionChecker", - "message": [ - { - "code": "EXPLICIT_BOOLEAN_CHECK", - "severity": "INFO" - } - ], - "parameter": [] - }, - { - "name": "VariableNameChecker", - "className": "VariableNameChecker", - "message": [ - { - "code": "VAR_INVALID_NAME", - "severity": "INFO" - }, - { - "code": "VAR_ALLCAPS_NAME", - "severity": "INFO" - }, - { - "code": "VAR_TOO_SHORT", - "severity": "INFO" - }, - { - "code": "VAR_TOO_LONG", - "severity": "INFO" - }, - { - "code": "VAR_TOO_WORDY", - "severity": "INFO" - }, - { - "code": "VAR_IS_TEMPORARY", - "severity": "INFO" - }, - { - "code": "VAR_HAS_PREFIX_OR_POSTFIX", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "MinLength", - "value": "3" - }, - { - "name": "MaxLength", - "value": "20" - }, - { - "name": "MaxWords", - "value": "4" - } - ] - }, - { - "name": "ArgumentNameChecker", - "className": "ArgumentNameChecker", - "message": [ - { - "code": "ARGUMENT_INVALID_NAME", - "severity": "INFO" - }, - { - "code": "ARGUMENT_ALLCAPS_NAME", - "severity": "INFO" - }, - { - "code": "ARGUMENT_TOO_SHORT", - "severity": "INFO" - }, - { - "code": "ARGUMENT_TOO_LONG", - "severity": "INFO" - }, - { - "code": "ARGUMENT_TOO_WORDY", - "severity": "INFO" - }, - { - "code": "ARGUMENT_IS_TEMPORARY", - "severity": "INFO" - }, - { - "code": "ARGUMENT_HAS_PREFIX_OR_POSTFIX", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "MinLength", - "value": "3" - }, - { - "name": "MaxLength", - "value": "20" - }, - { - "name": "MaxWords", - "value": "4" + "group": [ + { + "name": "BUG_PRONE", + "ruleImpl": [ + { + "name": "ArgVarChecker", + "message": [ + { + "code": "ARG_VAR_CONFLICT", + "messageText": "Variable ${variable} should not be declared in both var and argument scopes.", + "severity": "ERROR" + } + ], + "parameter": [ + + ] + }, + { + "name": "CFSwitchDefaultChecker", + "message": [ + { + "code": "NO_DEFAULT_INSIDE_SWITCH", + "messageText": "Not having a Default statement defined for a switch could pose potential issues.", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "NestedCFOutput", + "message": [ + { + "code": "NESTED_CFOUTPUT", + "messageText": "Nested CFOutput, outer CFOutput has @query.", + "severity": "ERROR" + } + ], + "parameter": [ + + ] + }, + { + "name": "OutputParmMissing", + "message": [ + { + "code": "OUTPUT_ATTR", + "messageText": "<${tag} name=\"${variable}\"> should have @output='false'", + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "VarScoper", + "message": [ + { + "code": "MISSING_VAR", + "messageText": "Variable ${variable} is not declared with a var statement.", + "severity": "ERROR" + } + ], + "parameter": [ + + ] + }, + { + "name": "CFCompareVsAssignChecker", + "className": "CFCompareVsAssignChecker", + "message": [ + { + "code": "COMPARE_INSTEAD_OF_ASSIGN", + "messageText": "CWE-482: Comparing instead of Assigning", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + } + ] + }, + { + "name": "CORRECTNESS", + "ruleImpl": [ + { + "name": "ArgDefChecker", + "message": [ + { + "code": "ARG_DEFAULT_MISSING", + "messageText": "Argument ${variable} is not required and does not define a default value.", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "ArgVarChecker", + "message": [ + { + "code": "ARG_VAR_MIXED", + "messageText": "Variable ${variable} should not be referenced in local and argument scope.", + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "TypedQueryNew", + "message": [ + { + "code": "QUERYNEW_DATATYPE", + "messageText": "QueryNew statement should specify datatypes.", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "ArgumentTypeChecker", + "className": "ArgTypeChecker", + "message": [ + { + "code": "ARG_TYPE_MISSING", + "messageText": null, + "severity": "WARNING" + }, + { + "code": "ARG_TYPE_ANY", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + } + ] + }, + { + "name": "SECURITY", + "ruleImpl": [ + { + "name": "QueryParamChecker", + "message": [ + { + "code": "QUERYPARAM_REQ", + "messageText": "setSql() statement should use .addParam() instead of #'s for security.", + "severity": "WARNING" + }, + { + "code": "CFQUERYPARAM_REQ", + "messageText": "<${tag} name=\"${variable}\"> should use for security reasons.", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + } + ] + }, + { + "name": "BAD_PRACTICE", + "ruleImpl": [ + { + "name": "GlobalVarChecker", + "message": [ + { + "code": "GLOBAL_VAR", + "messageText": "Identifier ${variable} is global, referencing in a CFC or function should be avoided.", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "CFDumpChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFDUMP_TAG", + "messageText": "Avoid Leaving <${tagName}> tags in committed code. Debug information should be omitted from release code", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfdump" + } + ] + }, + { + "name": "CFExecuteChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFEXECUTE_TAG", + "messageText": "Avoid Leaving <${tagName}> tags in committed code. CFexecute can be use as an attack vector and is slow.", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfexecute" + } + ] + }, + { + "name": "CFAbortChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFABORT_TAG", + "messageText": "Avoid Leaving <${tagName}> tags in committed code. Did you accidently leave a cfabort in the code?", + "severity": "INFO" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfabort" + } + ] + }, + { + "name": "AbortChecker", + "className": "AbortChecker", + "message": [ + { + "code": "AVOID_USING_ABORT", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "CFInsertChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFINSERT_TAG", + "messageText": "Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead.", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfinsert" + } + ] + }, + { + "name": "CFModuleChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFMODULE_TAG", + "messageText": "Avoid using <${tagName}> tags.", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfmodule" + } + ] + }, + { + "name": "CFUpdateChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFUPDATE_TAG", + "messageText": "Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead.", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfupdate" + } + ] + }, + { + "name": "CFIncludeChecker", + "className": "CFXTagChecker", + "message": [ + { + "code": "AVOID_USING_CFINCLUDE_TAG", + "messageText": "Avoid using <${tagName}> tags. Use components instead.", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "tagName", + "value": "cfinclude" + }, + { + "name": "scope", + "value": "component" + } + ] + }, + { + "name": "WriteDumpChecker", + "className": "FunctionXChecker", + "message": [ + { + "code": "AVOID_USING_WRITEDUMP", + "messageText": "Avoid using the ${functionName} function in production code.", + "severity": "INFO" + } + ], + "parameter": [ + { + "name": "functionName", + "value": "writeDump" + } + ] + }, + { + "name": "IsDebugModeChecker", + "className": "FunctionXChecker", + "message": [ + { + "code": "AVOID_USING_ISDEBUGMODE", + "messageText": "Avoid using the ${functionName} function in production code.", + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "functionName", + "value": "IsDebugMode" + } + ] + }, + { + "name": "CFDebugAttributeChecker", + "className": "CFDebugAttributeChecker", + "message": [ + { + "code": "AVOID_USING_DEBUG_ATTR", + "messageText": "Avoid leaving debug attribute on tags.", + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "LiteralChecker", + "className": "LiteralChecker", + "message": [ + { + "code": "LOCAL_LITERAL_VALUE_USED_TOO_OFTEN", + "messageText": null, + "severity": "WARNING" + }, + { + "code": "GLOBAL_LITERAL_VALUE_USED_TOO_OFTEN", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + + ] + } + ] + }, + { + "name": "CODE_STYLE", + "ruleImpl": [ + { + "name": "ComponentHintChecker", + "className": "ComponentHintChecker", + "message": [ + { + "code": "COMPONENT_HINT_MISSING", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "FunctionHintChecker", + "className": "FunctionHintChecker", + "message": [ + { + "code": "FUNCTION_HINT_MISSING", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "ArgumentHintChecker", + "className": "ArgHintChecker", + "message": [ + { + "code": "ARG_HINT_MISSING", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "FunctionTypeChecker", + "className": "FunctionTypeChecker", + "message": [ + { + "code": "FUNCTION_TYPE_MISSING", + "messageText": null, + "severity": "WARNING" + }, + { + "code": "FUNCTION_TYPE_ANY", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "FileCaseChecker", + "className": "FileCaseChecker", + "message": [ + { + "code": "FILE_SHOULD_START_WITH_LOWERCASE", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "VariableNameChecker", + "className": "VariableNameChecker", + "message": [ + { + "code": "VAR_INVALID_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "VAR_ALLCAPS_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "VAR_TOO_SHORT", + "messageText": null, + "severity": "INFO" + }, + { + "code": "VAR_TOO_LONG", + "messageText": null, + "severity": "INFO" + }, + { + "code": "VAR_TOO_WORDY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "VAR_IS_TEMPORARY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "VAR_HAS_PREFIX_OR_POSTFIX", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "ArgumentNameChecker", + "className": "ArgumentNameChecker", + "message": [ + { + "code": "ARGUMENT_INVALID_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "ARGUMENT_ALLCAPS_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "ARGUMENT_TOO_SHORT", + "messageText": null, + "severity": "INFO" + }, + { + "code": "ARGUMENT_TOO_LONG", + "messageText": null, + "severity": "INFO" + }, + { + "code": "ARGUMENT_TOO_WORDY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "ARGUMENT_IS_TEMPORARY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "ARGUMENT_HAS_PREFIX_OR_POSTFIX", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "MethodNameChecker", + "className": "MethodNameChecker", + "message": [ + { + "code": "METHOD_INVALID_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "METHOD_ALLCAPS_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "METHOD_TOO_SHORT", + "messageText": null, + "severity": "INFO" + }, + { + "code": "METHOD_TOO_LONG", + "messageText": null, + "severity": "INFO" + }, + { + "code": "METHOD_TOO_WORDY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "METHOD_IS_TEMPORARY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "METHOD_HAS_PREFIX_OR_POSTFIX", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "ComponentNameChecker", + "className": "ComponentNameChecker", + "message": [ + { + "code": "COMPONENT_INVALID_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "COMPONENT_ALLCAPS_NAME", + "messageText": null, + "severity": "INFO" + }, + { + "code": "COMPONENT_TOO_SHORT", + "messageText": null, + "severity": "INFO" + }, + { + "code": "COMPONENT_TOO_LONG", + "messageText": null, + "severity": "INFO" + }, + { + "code": "COMPONENT_TOO_WORDY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "COMPONENT_IS_TEMPORARY", + "messageText": null, + "severity": "INFO" + }, + { + "code": "COMPONENT_HAS_PREFIX_OR_POSTFIX", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + } + ] + }, + { + "name": "DEPRECATION", + "ruleImpl": [ + { + "name": "StructNewChecker", + "className": "FunctionXChecker", + "message": [ + { + "code": "AVOID_USING_STRUCTNEW", + "messageText": "Avoid using the ${functionName} function. Use implicit structure construction instead (= {}).", + "severity": "INFO" + } + ], + "parameter": [ + { + "name": "functionName", + "value": "structNew" + } + ] + }, + { + "name": "ArrayNewChecker", + "className": "ArrayNewChecker", + "message": [ + { + "code": "AVOID_USING_ARRAYNEW", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "CreateObjectChecker", + "className": "CreateObjectChecker", + "message": [ + { + "code": "AVOID_USING_CREATEOBJECT", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + } + ] + }, + { + "name": "COMPLEXITY", + "ruleImpl": [ + { + "name": "FunctionLengthChecker", + "className": "FunctionLengthChecker", + "message": [ + { + "code": "EXCESSIVE_FUNCTION_LENGTH", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "length", + "value": "100" + } + ] + }, + { + "name": "ComponentLengthChecker", + "className": "ComponentLengthChecker", + "message": [ + { + "code": "EXCESSIVE_COMPONENT_LENGTH", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "length", + "value": "500" + } + ] + }, + { + "name": "TooManyArgumentsChecker", + "className": "TooManyArgumentsChecker", + "message": [ + { + "code": "EXCESSIVE_ARGUMENTS", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "maximum", + "value": "10" + } + ] + }, + { + "name": "ComplexBooleanExpressionChecker", + "className": "ComplexBooleanExpressionChecker", + "message": [ + { + "code": "COMPLEX_BOOLEAN_CHECK", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + + ] + }, + { + "name": "BooleanExpressionChecker", + "className": "BooleanExpressionChecker", + "message": [ + { + "code": "EXPLICIT_BOOLEAN_CHECK", + "messageText": null, + "severity": "INFO" + } + ], + "parameter": [ + + ] + }, + { + "name": "TooManyFunctionsChecker", + "className": "TooManyArgumentsChecker", + "message": [ + { + "code": "EXCESSIVE_FUNCTIONS", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "maximum", + "value": "10" + } + ] + }, + { + "name": "SimpleComplexityChecker", + "className": "SimpleComplexityChecker", + "message": [ + { + "code": "FUNCTION_TOO_COMPLEX", + "messageText": null, + "severity": "WARNING" + } + ], + "parameter": [ + { + "name": "maximum", + "value": "10" + } + ] } ] - }, - { - "name": "MethodNameChecker", - "className": "MethodNameChecker", - "message": [ - { - "code": "METHOD_INVALID_NAME", - "severity": "INFO" - }, - { - "code": "METHOD_ALLCAPS_NAME", - "severity": "INFO" - }, - { - "code": "METHOD_TOO_SHORT", - "severity": "INFO" - }, - { - "code": "METHOD_TOO_LONG", - "severity": "INFO" - }, - { - "code": "METHOD_TOO_WORDY", - "severity": "INFO" - }, - { - "code": "METHOD_IS_TEMPORARY", - "severity": "INFO" - }, - { - "code": "METHOD_HAS_PREFIX_OR_POSTFIX", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "MinLength", - "value": "3" - }, - { - "name": "MaxLength", - "value": "25" - }, - { - "name": "MaxWords", - "value": "5" - } - ] - }, - { - "name": "ComponentNameChecker", - "className": "ComponentNameChecker", - "message": [ - { - "code": "COMPONENT_INVALID_NAME", - "severity": "INFO" - }, - { - "code": "COMPONENT_ALLCAPS_NAME", - "severity": "INFO" - }, - { - "code": "COMPONENT_TOO_SHORT", - "severity": "INFO" - }, - { - "code": "COMPONENT_TOO_LONG", - "severity": "INFO" - }, - { - "code": "COMPONENT_TOO_WORDY", - "severity": "INFO" - }, - { - "code": "COMPONENT_IS_TEMPORARY", - "severity": "INFO" - }, - { - "code": "COMPONENT_HAS_PREFIX_OR_POSTFIX", - "severity": "INFO" - } - ], - "parameter": [ - { - "name": "MinLength", - "value": "3" - }, - { - "name": "MaxLength", - "value": "15" - }, - { - "name": "MaxWords", - "value": "3" - } - ] - }, - { - "name": "FileCaseChecker", - "className": "FileCaseChecker", - "message": [ - { - "code": "FILE_SHOULD_START_WITH_LOWERCASE", - "severity": "INFO" - } - ], - "parameter": [ - - ] - }, - { - "name": "CreateObjectChecker", - "className": "CreateObjectChecker", - "message": [ - { - "code": "AVOID_USING_CREATEOBJECT", - "severity": "INFO" - } - ], - "parameter": [] - }, - { - "name": "CFDebugAttributeChecker", - "className": "CFDebugAttributeChecker", - "message": [ - { - "code": "AVOID_USING_DEBUG_ATTR", - "messageText": "Avoid leaving debug attribute on tags.", - "severity": "WARNING" - } - ], - "parameter": [] - }, - { - "name": "CFCompareVsAssignChecker", - "className": "CFCompareVsAssignChecker", - "message": [ - { - "code": "COMPARE_INSTEAD_OF_ASSIGN", - "messageText": "CWE-482: Comparing instead of Assigning", - "severity": "WARNING" - } - ], - "parameter": [] } ] } \ No newline at end of file diff --git a/src/main/resources/cflint.definition.xml b/src/main/resources/cflint.definition.xml index 7eff52579..4d67cdd15 100644 --- a/src/main/resources/cflint.definition.xml +++ b/src/main/resources/cflint.definition.xml @@ -2,343 +2,364 @@ - - - - - WARNING - Argument ${variable} is not required and does not define a default value. - - - - - ERROR - Variable ${variable} should not be declared in both var and argument scopes. - - - INFO - Variable ${variable} should not be referenced in local and argument scope. - - - - - WARNING - Not having a Default statement defined for a switch could pose potential issues. - - - - - WARNING - Identifier ${variable} is global, referencing in a CFC or function should be avoided. - - - - - ERROR - Nested CFOutput, outer CFOutput has @query. - - - - - INFO - <${tag} name="${variable}"> should have @output='false' - - - - - WARNING - setSql() statement should use .addParam() instead of #'s for security. - - - WARNING - <${tag} name="${variable}"> should use <cfqueryparam/> for security reasons. - - - - - WARNING - QueryNew statement should specify datatypes. - - - - - ERROR - Variable ${variable} is not declared with a var statement. - - - - - Avoid Leaving <${tagName}> tags in committed code. Debug information should be omitted from release code - WARNING - - - - - - Avoid Leaving <${tagName}> tags in committed code. CFexecute can be use as an attack vector and is slow. - WARNING - - - - - - Avoid Leaving <${tagName}> tags in committed code. Did you accidently leave a cfabort in the code? - INFO - - - - - - INFO - - - - - Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead. - WARNING - - - - - - Avoid using <${tagName}> tags. - WARNING - - - - - - Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead. - WARNING - - - - - - Avoid using <${tagName}> tags. Use components instead. - WARNING - - - - - - - WARNING - - - - - INFO - - - - - INFO - - - - - WARNING - - - INFO - - - - - WARNING - - - - - - WARNING - - - - - - WARNING - - - INFO - - - - - WARNING - - - - - - WARNING - - - - - - WARNING - - - - - - Avoid using the ${functionName} function in production code. - INFO - - - - - - Avoid using the ${functionName} function. Use implicit structure construction instead (= {}). - INFO - - - - - - Avoid using the ${functionName} function in production code. - WARNING - - - - - - INFO - - - - - WARNING - - - - - INFO - - - - - WARNING - - - WARNING - - - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - INFO - - - - - INFO - - - - - INFO - - - - - WARNING - Avoid leaving debug attribute on tags. - - - - - WARNING - CWE-482: Comparing instead of Assigning - - - - + + + + + + ERROR + Variable ${variable} should not be declared in both var and argument scopes. + + + + + WARNING + Not having a Default statement defined for a switch could pose potential issues. + + + + + ERROR + Nested CFOutput, outer CFOutput has @query. + + + + + INFO + <${tag} name="${variable}"> should have @output='false' + + + + + ERROR + Variable ${variable} is not declared with a var statement. + + + + + WARNING + CWE-482: Comparing instead of Assigning + + + + + + + + WARNING + Argument ${variable} is not required and does not define a default value. + + + + + INFO + Variable ${variable} should not be referenced in local and argument scope. + + + + + WARNING + QueryNew statement should specify datatypes. + + + + + WARNING + + + INFO + + + + + + + + WARNING + setSql() statement should use .addParam() instead of #'s for security. + + + WARNING + <${tag} name="${variable}"> should use <cfqueryparam/> for security reasons. + + + + + + + + WARNING + Identifier ${variable} is global, referencing in a CFC or function should be avoided. + + + + + Avoid Leaving <${tagName}> tags in committed code. Debug information should be omitted from release code + WARNING + + + + + + Avoid Leaving <${tagName}> tags in committed code. CFexecute can be use as an attack vector and is slow. + WARNING + + + + + + Avoid Leaving <${tagName}> tags in committed code. Did you accidently leave a cfabort in the code? + INFO + + + + + + INFO + + + + + Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead. + WARNING + + + + + + Avoid using <${tagName}> tags. + WARNING + + + + + + Avoid using <${tagName}> tags. Use cfquery and cfstoredproc instead. + WARNING + + + + + + Avoid using <${tagName}> tags. Use components instead. + WARNING + + + + + + + Avoid using the ${functionName} function in production code. + INFO + + + + + + Avoid using the ${functionName} function in production code. + WARNING + + + + + + WARNING + Avoid leaving debug attribute on tags. + + + + + WARNING + + + WARNING + + + + + + + + WARNING + + + + + INFO + + + + + INFO + + + + + WARNING + + + INFO + + + + + INFO + + + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + INFO + + + + + + + + Avoid using the ${functionName} function. Use implicit structure construction instead (= {}). + INFO + + + + + + INFO + + + + + INFO + + + + + + + + WARNING + + + + + + WARNING + + + + + + WARNING + + + + + + WARNING + + + + + INFO + + + + + WARNING + + + + + + WARNING + + + + + \ No newline at end of file diff --git a/src/test/java/com/cflint/config/TestCFLintConfig.java b/src/test/java/com/cflint/config/TestCFLintConfig.java index 9376bb2cd..d37384739 100644 --- a/src/test/java/com/cflint/config/TestCFLintConfig.java +++ b/src/test/java/com/cflint/config/TestCFLintConfig.java @@ -10,6 +10,7 @@ import org.junit.Test; +import com.cflint.config.CFLintPluginInfo.PluginInfoGroup; import com.cflint.config.CFLintPluginInfo.PluginInfoRule; import com.cflint.config.CFLintPluginInfo.PluginInfoRule.PluginMessage; import com.fasterxml.jackson.core.JsonFactory; @@ -40,19 +41,24 @@ public class TestCFLintConfig { final String expected = "\n" + "\n" + - " \n" + - " \n" + - " messageText\n" + - " WARNING\n" + - " \n" + - " \n" + + " \n" + + " \n" + + " \n" + + " messageText\n" + + " WARNING\n" + + " \n" + + " \n" + + " \n" + ""; @Test public void test() throws Exception { CFLintPluginInfo config = new CFLintPluginInfo(); - config.setRules(new ArrayList()); + config.setGroups(new ArrayList()); + PluginInfoGroup group = new PluginInfoGroup(); + config.getGroups().add(group); + group.setRules(new ArrayList()); PluginInfoRule rule = new CFLintPluginInfo.PluginInfoRule(); - config.getRules().add(rule); + group.getRules().add(rule); rule.setName("OPM"); PluginMessage message = new PluginMessage(); rule.getMessages().add(message); diff --git a/src/test/java/com/cflint/config/TestConfigUtilsJson.java b/src/test/java/com/cflint/config/TestConfigUtilsJson.java index d9ac0cd29..bcab0ac22 100644 --- a/src/test/java/com/cflint/config/TestConfigUtilsJson.java +++ b/src/test/java/com/cflint/config/TestConfigUtilsJson.java @@ -33,5 +33,7 @@ public void test() throws Exception { StringWriter sw = new StringWriter(); jaxbMarshaller.marshal(config, sw); System.out.println(sw); + + System.out.println(ConfigUtils.marshalJson(config)); } }