From f1ff75bb4befbffdafd67f39edc0664757ea5835 Mon Sep 17 00:00:00 2001
From: Ken John <kjohn@kjsbh.com>
Date: Sat, 11 Feb 2017 17:06:44 -0600
Subject: [PATCH] Update the POM file Update UnusedArgumentChecker.java to look
 at the function Update test to look fro arguments in cfqueryparam

---
 pom.xml                                       |  5 ++++
 .../plugins/core/UnusedArgumentChecker.java   | 27 ++++++++++++++-----
 .../com/cflint/TestUnusedArgumentChecker.java | 20 ++++++++++++++
 3 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9d3e66c44..2e7b486c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,6 +177,11 @@
 			<artifactId>jackson-core</artifactId>
 			<version>2.8.6</version>
 		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+			<version>2.8.6</version>
+		</dependency>
 		<dependency>
 		  <groupId>com.fasterxml.jackson.module</groupId>
 		  <artifactId>jackson-module-jaxb-annotations</artifactId>
diff --git a/src/main/java/com/cflint/plugins/core/UnusedArgumentChecker.java b/src/main/java/com/cflint/plugins/core/UnusedArgumentChecker.java
index e5aefcf46..2b564a3cc 100644
--- a/src/main/java/com/cflint/plugins/core/UnusedArgumentChecker.java
+++ b/src/main/java/com/cflint/plugins/core/UnusedArgumentChecker.java
@@ -24,11 +24,15 @@ public class UnusedArgumentChecker extends CFLintScannerAdapter {
 
     @Override
     public void element(final Element element, final Context context, final BugList bugs) {
-        if (element.getName().equals("cfargument")) {
+    	if (element.getName().equals("cfargument")) {
             final String name = element.getAttributeValue("name") != null
                     ? element.getAttributeValue("name").toLowerCase() : "";
             methodArguments.put(name, false);
             setArgumentLineNo(name, context.startLine());
+            final String code = element.getParentElement().toString();
+            if(isUsed(code, name)){
+            	methodArguments.put(name, true);
+            }
         }
     }
 
@@ -57,10 +61,10 @@ protected void setArgumentLineNo(final String argument, final Integer lineNo) {
     }
 
     protected void useIdentifier(final CFFullVarExpression fullVarExpression) {
-        if (fullVarExpression.getExpressions().size() > 0) {
+    	if (fullVarExpression.getExpressions().size() > 0) {
             final CFExpression identifier1 = fullVarExpression.getExpressions().get(0);
             if (identifier1 instanceof CFIdentifier) {
-                if ("arguments".equalsIgnoreCase(((CFIdentifier) identifier1).getName())
+            	if ("arguments".equalsIgnoreCase(((CFIdentifier) identifier1).getName())
                         && fullVarExpression.getExpressions().size() > 1) {
                     final CFExpression identifier2 = fullVarExpression.getExpressions().get(1);
                     if (identifier2 instanceof CFIdentifier) {
@@ -74,7 +78,7 @@ protected void useIdentifier(final CFFullVarExpression fullVarExpression) {
     }
 
     protected void useIdentifier(final CFIdentifier identifier) {
-        final String name = identifier.getName().toLowerCase();
+    	final String name = identifier.getName().toLowerCase();
         if (methodArguments.get(name) != null) {
             methodArguments.put(name, true);
         }
@@ -82,7 +86,7 @@ protected void useIdentifier(final CFIdentifier identifier) {
 
     @Override
     public void expression(final CFExpression expression, final Context context, final BugList bugs) {
-        if (expression instanceof CFFullVarExpression) {
+    	if (expression instanceof CFFullVarExpression) {
             useIdentifier((CFFullVarExpression) expression);
         } else if (expression instanceof CFIdentifier) {
             useIdentifier((CFIdentifier) expression);
@@ -98,13 +102,22 @@ public void startFunction(final Context context, final BugList bugs) {
     @Override
     public void endFunction(final Context context, final BugList bugs) {
         // sort by line number
-        for (final Map.Entry<String, Boolean> method : methodArguments.entrySet()) {
+    	for (final Map.Entry<String, Boolean> method : methodArguments.entrySet()) {
+        	final String name = method.getKey();
             final Boolean used = method.getValue();
             if (!used) {
-                final String name = method.getKey();
                 context.addMessage("UNUSED_METHOD_ARGUMENT", name, argumentLineNo.get(name));
             }
         }
     }
+    
+    private boolean isUsed(String content, final String name) {
+    	boolean isUsed = false;
+        content = content.replace(" ", "").replace("'", "\"").toLowerCase();
+        boolean structKeyCheck = (content.contains("arguments[\"" + name + "\"]"));
+        boolean isDefinedCheck = (content.contains("arguments." + name));
+        isUsed = structKeyCheck || isDefinedCheck;
+        return isUsed;
+    }
 
 }
diff --git a/src/test/java/com/cflint/TestUnusedArgumentChecker.java b/src/test/java/com/cflint/TestUnusedArgumentChecker.java
index 05840cd2c..b0432c3a7 100644
--- a/src/test/java/com/cflint/TestUnusedArgumentChecker.java
+++ b/src/test/java/com/cflint/TestUnusedArgumentChecker.java
@@ -248,5 +248,25 @@ public void testArgumentsUsedInTagWithArgumentsScope() throws ParseException, IO
 		final Map<String, List<BugInfo>> result = cfBugs.getBugs().getBugList();
 		assertEquals(0, result.size());
 	}
+	
+	@Test
+	public void testArgumentsUsedInQuerygWithArgumentsScope() throws ParseException, IOException {
+		final String tagSrc = "<cfcomponent>\r\n"
+			+ "<cffunction name=\"getProduct\">\r\n"
+			+ "<cfargument name=\"productid\">\r\n"
+			+ "<cfargument name=\"b\">\r\n"
+			+ "<cfset var qryProduct = \"\" />\r\n"
+			+ "<cfquery name=\"qryProduct\">\r\n"
+			+ "SET @productId = <cfqueryparam value=\"#arguments.productid#\" cfsqltype=\"cf_sql_integer\" />\r\n"
+			+ "SELECT @productId as productId\r\n"
+			+ "</cfquery>\r\n"
+			+ "<cfreturn arguments.a + arguments.b>\r\n"
+			+ "</cffunction>\r\n"
+			+ "</cfcomponent>\r\n";
+		
+		cfBugs.process(tagSrc, "test");
+		final Map<String, List<BugInfo>> result = cfBugs.getBugs().getBugList();
+		assertEquals(0, result.size());
+	}
 
 }