feat(java): define imported classes

Bearer · Jun 27, 2024 · 87e1e0a · 87e1e0a
1 parent d8df782
commit 87e1e0a
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 0 deletions.
diff --git a/pkg/languages/java/.snapshots/TestImport-import.yml b/pkg/languages/java/.snapshots/TestImport-import.yml
@@ -0,0 +1,2 @@
+{}
+
diff --git a/pkg/languages/java/analyzer/analyzer.go b/pkg/languages/java/analyzer/analyzer.go
@@ -2,7 +2,9 @@ package analyzer
 
 import (
 	"slices"
+	"strings"
 
+	"github.com/rs/zerolog/log"
 	sitter "github.com/smacker/go-tree-sitter"
 
 	"github.com/bearer/bearer/pkg/scanner/ast/tree"
@@ -48,6 +50,8 @@ func (analyzer *analyzer) Analyze(node *sitter.Node, visitChildren func() error)
 		return analyzer.withScope(language.NewScope(analyzer.scope), func() error {
 			return visitChildren()
 		})
+	case "import_declaration":
+		return analyzer.analyzeImport(node, visitChildren)
 	case "assignment_expression":
 		return analyzer.analyzeAssignment(node, visitChildren)
 	case "variable_declarator":
@@ -84,6 +88,30 @@ func (analyzer *analyzer) Analyze(node *sitter.Node, visitChildren func() error)
 	}
 }
 
+// import foo.Bar;
+// import foo.*;
+// import static foo.Bar;
+func (analyzer *analyzer) analyzeImport(node *sitter.Node, visitChildren func() error) error {
+	log.Error().Msgf("dd: %s", node.String())
+	// package import
+	if node.NamedChildCount() != 1 {
+		return nil
+	}
+
+	identifier := node.NamedChild(0)
+
+	content := analyzer.builder.ContentFor(node)
+	prefix := content[:identifier.StartByte()-node.StartByte()]
+	if strings.Contains(prefix, "static") {
+		return nil
+	}
+
+	name := identifier.ChildByFieldName("name")
+	analyzer.scope.Declare(analyzer.builder.ContentFor(name), name)
+	analyzer.builder.Alias(identifier, name)
+	return nil
+}
+
 // foo = a
 // foo += a
 func (analyzer *analyzer) analyzeAssignment(node *sitter.Node, visitChildren func() error) error {

diff --git a/pkg/languages/java/java_test.go b/pkg/languages/java/java_test.go
@@ -11,12 +11,19 @@ import (
 	patternquerybuilder "github.com/bearer/bearer/pkg/scanner/detectors/customrule/patternquery/builder"
 )
 
+//go:embed testdata/import.yml
+var importRule []byte
+
 //go:embed testdata/logger.yml
 var loggerRule []byte
 
 //go:embed testdata/scope_rule.yml
 var scopeRule []byte
 
+func TestImport(t *testing.T) {
+	testhelper.GetRunner(t, importRule, java.Get()).RunTest(t, "./testdata/import", ".snapshots/")
+}
+
 func TestFlow(t *testing.T) {
 	testhelper.GetRunner(t, loggerRule, java.Get()).RunTest(t, "./testdata/testcases/flow", ".snapshots/flow/")
 }

diff --git a/pkg/languages/java/testdata/import.yml b/pkg/languages/java/testdata/import.yml
@@ -0,0 +1,21 @@
+languages:
+  - java
+patterns:
+  - pattern: sink($<IMPORT>)
+    filters:
+      - variable: IMPORT
+        detection: flow_test_source
+        scope: cursor
+auxiliary:
+  - id: flow_test_source
+    patterns:
+      - import $<!>foo.Import
+      - import $<!>foo.Import2
+      - import $<!>foo.Import3
+severity: high
+metadata:
+  description: Test import handling
+  remediation_message: Test import handling
+  cwe_id:
+    - 42
+  id: import_test
diff --git a/pkg/languages/java/testdata/import/import.java b/pkg/languages/java/testdata/import/import.java
@@ -0,0 +1,11 @@
+import foo.Import;
+import foo.Import2.*;
+import static foo.Import3;
+
+class A {
+    public void exec() {
+        sink(Import);
+        sink(Import2); // no match
+        sink(Import3); // no match
+    }
+}