@Override public void element(final Element element, final Context context, final BugList bugs) { if ( element.getName().equalsIgnoreCase(CF.CFQUERY) && !CF.QUERY.equalsIgnoreCase(element.getAttributeValue(CF.DBTYPE))) { String content = element.getContent().toString(); //Todo : cfparser/Jericho does not support parsing out the cfqueryparam very well. // the following code will not work when there is a > sign in the expression content = content.replaceAll("<[cC][fF][qQ][uU][eE][rR][yY][pP][aA][rR][aA][mM][^>]*>", ""); if (content.indexOf('#') >= 0) { final List<Integer> ignoreLines = determineIgnoreLines(element); final Matcher matcher = Pattern.compile("#(?:##)?([^#]+)(?:##)?#($|[^#])",Pattern.DOTALL).matcher(content); while (matcher.find()) { if (matcher.groupCount() >= 1) { int currentline = context.startLine() + countNewLinesUpTo(content, matcher.start()); int currentOffset = element.getStartTag().getEnd() + 1 + matcher.start(); final String variableName = matcher.group(1); if (!ignoreLines.contains(currentline)) { context.addMessage("CFQUERYPARAM_REQ", variableName, currentline, currentOffset); } } } } } }
@Override public void element(final Element element, final Context context, final BugList bugs) { if ( element.getName().equalsIgnoreCase(CF.CFQUERY) && !CF.QUERY.equalsIgnoreCase(element.getAttributeValue(CF.DBTYPE))) { String content = element.getContent().toString(); //Todo : cfparser/Jericho does not support parsing out the cfqueryparam very well. // the following code will not work when there is a > sign in the expression content = content.replaceAll("<[cC][fF][qQ][uU][eE][rR][yY][pP][aA][rR][aA][mM][^>]*>", ""); if (content.indexOf('#') >= 0) { final List<Integer> ignoreLines = determineIgnoreLines(element); final Matcher matcher = Pattern.compile("#(?:##)?([^#]+)(?:##)?#($|[^#])",Pattern.DOTALL).matcher(content); while (matcher.find()) { if (matcher.groupCount() >= 1) { int currentline = context.startLine() + countNewLinesUpTo(content, matcher.start()); int currentOffset = element.getStartTag().getEnd() + 1 + matcher.start(); final String variableName = matcher.group(1); if (!ignoreLines.contains(currentline)) { context.addMessage("CFQUERYPARAM_REQ", variableName, currentline, currentOffset); } } } } } }
public int offset() { if (element != null) { if (element.getName().equalsIgnoreCase(CF.CFSCRIPT)) { return element.getStartTag().getEnd(); } else if (element.getName().equalsIgnoreCase(CF.CFSET)) { return element.getStartTag().getTagContent().getBegin() + 1; } return element.getBegin(); } else { return 0; } }
public int offset() { if (element != null) { if (element.getName().equalsIgnoreCase(CF.CFSCRIPT)) { return element.getStartTag().getEnd(); } else if (element.getName().equalsIgnoreCase(CF.CFSET)) { return element.getStartTag().getTagContent().getBegin() + 1; } return element.getBegin(); } else { return 0; } }
public BugInfo build(final CFScriptStatement expression, final Element elem) { int elemLine = 1; int elemColumn = 1; int elemoffset = 0; int length = 0; if (elem != null) { elemoffset = elem.getName().equalsIgnoreCase(CF.CFSCRIPT) ? elem.getStartTag().getEnd() : elem.getBegin(); elemLine = elem.getSource().getRow(elem.getBegin()); elemColumn = elem.getSource().getColumn(elem.getBegin()); } int offset = elemoffset + Math.max(expression == null ? 0 : expression.getOffset(), 0); if(expression == null) { length = 0; } else { if(expression.getToken() != null ) { length = expression.getToken().getStopIndex() - expression.getToken().getStartIndex() + 1; } else { length = expression.Decompile(0).length(); } } bugInfo.setOffset(offset); bugInfo.setLength(length); bugInfo.setLine(elemLine + Math.max(expression == null ? 0 : expression.getLine() - 1, 0)); bugInfo.setColumn(elemColumn + Math.max(expression == null ? 0 : expression.getColumn() - 1, 0)); doMessageText(elem); return bugInfo; }
public BugInfo build(final CFScriptStatement expression, final Element elem) { int elemLine = 1; int elemColumn = 1; int elemoffset = 0; int length = 0; if (elem != null) { elemoffset = elem.getName().equalsIgnoreCase(CF.CFSCRIPT) ? elem.getStartTag().getEnd() : elem.getBegin(); elemLine = elem.getSource().getRow(elem.getBegin()); elemColumn = elem.getSource().getColumn(elem.getBegin()); } int offset = elemoffset + Math.max(expression == null ? 0 : expression.getOffset(), 0); if(expression == null) { length = 0; } else { if(expression.getToken() != null ) { length = expression.getToken().getStopIndex() - expression.getToken().getStartIndex() + 1; } else { length = expression.Decompile(0).length(); } } bugInfo.setOffset(offset); bugInfo.setLength(length); bugInfo.setLine(elemLine + Math.max(expression == null ? 0 : expression.getLine() - 1, 0)); bugInfo.setColumn(elemColumn + Math.max(expression == null ? 0 : expression.getColumn() - 1, 0)); doMessageText(elem); return bugInfo; }
cfscript = elem.getSource().subSequence(elem.getStartTag().getEnd(), nextTag.getBegin()) .toString(); skipToPosition = nextTag.getEnd();
cfscript = elem.getSource().subSequence(elem.getStartTag().getEnd(), nextTag.getBegin()) .toString(); skipToPosition = nextTag.getEnd();
int length = 0; if (elem != null) { elemoffset = elem.getName().equalsIgnoreCase(CF.CFSCRIPT) ? elem.getStartTag().getEnd() : elem.getBegin(); elemLine = elem.getSource().getRow(elem.getBegin()); elemColumn = elem.getSource().getColumn(elem.getBegin());
int length = 0; if (elem != null) { elemoffset = elem.getName().equalsIgnoreCase(CF.CFSCRIPT) ? elem.getStartTag().getEnd() : elem.getBegin(); elemLine = elem.getSource().getRow(elem.getBegin()); elemColumn = elem.getSource().getColumn(elem.getBegin());
public ParserTag(StartTag tag) { setName(tag.getName()); setBegin(tag.getElement().getEnd()); setEnd(tag.getElement().getBegin()); setStartTagBegin(tag.getElement().getStartTag().getBegin()); setStartTagEnd(tag.getElement().getStartTag().getEnd()); if (tag.getElement().getEndTag() != null) { setEndTagBegin(tag.getElement().getEndTag().getBegin()); setEndTagEnd(tag.getElement().getEndTag().getEnd()); } else { setEndTagBegin(tag.getElement().getStartTag().getBegin()); setEndTagEnd(tag.getElement().getStartTag().getEnd()); } setAttributes(tag.getAttributes()); }
public ParserTag(net.htmlparser.jericho.Tag tag) { setName(tag.getName()); setBegin(tag.getElement().getEnd()); setEnd(tag.getElement().getBegin()); setStartTagBegin(tag.getElement().getStartTag().getBegin()); setStartTagEnd(tag.getElement().getStartTag().getEnd()); if (tag.getElement().getEndTag() != null) { setEndTagBegin(tag.getElement().getEndTag().getBegin()); setEndTagEnd(tag.getElement().getEndTag().getEnd()); } else { setEndTagBegin(tag.getElement().getStartTag().getBegin()); setEndTagEnd(tag.getElement().getStartTag().getEnd()); } setAttributes(tag.getElement().getAttributes()); }