From efb7596c4c2e4aa8d3ebb13f5147995917707161 Mon Sep 17 00:00:00 2001
From: u$f <usf.alami@gmail.com>
Date: Wed, 1 Jun 2022 23:23:34 +0200
Subject: [PATCH] sql checks

---
 .../java/checks/AvoidFullSQLRequest.java      | 21 +++++++++----------
 .../java/checks/AvoidSQLRequestInLoop.java    |  7 ++++---
 .../test/files/AvoidFullSQLRequestCheck.java  |  9 ++++++++
 3 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidFullSQLRequest.java b/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidFullSQLRequest.java
index dd521912..29d2bf3f 100644
--- a/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidFullSQLRequest.java
+++ b/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidFullSQLRequest.java
@@ -1,7 +1,11 @@
 package fr.cnumr.java.checks;
 
-import java.util.Arrays;
+import static java.util.Collections.singletonList;
+import static java.util.regex.Pattern.CASE_INSENSITIVE;
+import static java.util.regex.Pattern.compile;
+
 import java.util.List;
+import java.util.function.Predicate;
 
 import org.sonar.check.Priority;
 import org.sonar.check.Rule;
@@ -19,23 +23,18 @@
 public class AvoidFullSQLRequest extends IssuableSubscriptionVisitor {
 
 	protected static final String MESSAGERULE = "Don't use the query SELECT * FROM";
-	private static final String REGEXPSELECTFROM = "(?i).*select.*\\*.*from.*";
+	private static final Predicate<String> SELECT_FROM_REGEXP = 
+			compile("select\\s*\\*\\s*from", CASE_INSENSITIVE).asPredicate(); //simple regexp, more precision
 	
     @Override
     public List<Kind> nodesToVisit() {
-        return  Arrays.asList(Tree.Kind.STRING_LITERAL);
+        return singletonList(Tree.Kind.STRING_LITERAL);
     }
 
     @Override
     public void visitNode(Tree tree) {
-    	boolean isSelectFrom = false;
-    	
-    	if (tree.is(Kind.STRING_LITERAL,Kind.TEXT_BLOCK)) {
-    		LiteralTree literal = (LiteralTree) tree;
-    		isSelectFrom = literal.value().matches(REGEXPSELECTFROM);
-    	}
-    	
-    	if (isSelectFrom) {
+    	String value = ((LiteralTree) tree).value();
+    	if (SELECT_FROM_REGEXP.test(value)) {
     		reportIssue(tree, MESSAGERULE);
     	}
     }
diff --git a/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidSQLRequestInLoop.java b/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidSQLRequestInLoop.java
index f51ab4a0..7b33712e 100644
--- a/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidSQLRequestInLoop.java
+++ b/src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidSQLRequestInLoop.java
@@ -5,7 +5,6 @@
 import java.util.Arrays;
 import java.util.List;
 
-import org.apache.tomcat.util.descriptor.web.MessageDestinationRef;
 import org.sonar.check.Priority;
 import org.sonar.check.Rule;
 import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
@@ -24,7 +23,9 @@ public class AvoidSQLRequestInLoop extends IssuableSubscriptionVisitor {
 
 	@Override
 	public List<Kind> nodesToVisit() {
-		return Arrays.asList(Tree.Kind.FOR_EACH_STATEMENT, Tree.Kind.FOR_STATEMENT, Tree.Kind.WHILE_STATEMENT);
+		return Arrays.asList(
+				Tree.Kind.FOR_EACH_STATEMENT, Tree.Kind.FOR_STATEMENT, 
+				Tree.Kind.WHILE_STATEMENT, Tree.Kind.DO_STATEMENT);
 	}
 
 	@Override
@@ -42,7 +43,7 @@ private class AvoidSQLRequestInLoopVisitor extends BaseTreeVisitor {
 				MethodMatchers.create().ofSubTypes("org.hibernate.Session").names("createQuery", "createSQLQuery")
 						.withAnyParameters().build(),
 				MethodMatchers.create().ofSubTypes(JAVA_SQL_STATEMENT)
-						.names("executeQuery", "execute", "executeUpdate", "executeLargeUpdate", "addBatch")
+						.names("executeQuery", "execute", "executeUpdate", "executeLargeUpdate") // addBatch is recommended
 						.withAnyParameters().build(),
 				MethodMatchers.create().ofSubTypes(JAVA_SQL_CONNECTION)
 						.names("prepareStatement", "prepareCall", "nativeSQL")
diff --git a/src/java-plugin/src/test/files/AvoidFullSQLRequestCheck.java b/src/java-plugin/src/test/files/AvoidFullSQLRequestCheck.java
index 3c01e9f5..52a9bc39 100644
--- a/src/java-plugin/src/test/files/AvoidFullSQLRequestCheck.java
+++ b/src/java-plugin/src/test/files/AvoidFullSQLRequestCheck.java
@@ -1,5 +1,7 @@
 package fr.cnumr.java.checks;
 
+import java.util.regex.Pattern;
+
 class AvoidFullSQLRequestCheck {
 	AvoidFullSQLRequestCheck(AvoidFullSQLRequestCheck mc) {
     }
@@ -7,6 +9,9 @@ class AvoidFullSQLRequestCheck {
 	   public void literalSQLrequest() {
 		   dummyCall("   sElEcT * fRoM myTable"); // Noncompliant
 		   dummyCall("   sElEcT user fRoM myTable"); 
+
+		   dummyCall("SELECTABLE 2*2 FROMAGE"); //not sql
+		   dummyCall("SELECT     *FROM table"); // Noncompliant
 	   }
 	   
 
@@ -15,9 +20,13 @@ public void variableSQLrequest() {
 		   String requestCompiliant = "   SeLeCt user FrOm myTable"; 
 		   dummyCall(requestNonCompiliant); 
 		   dummyCall(requestCompiliant); 
+		   
+		   String noSqlCompiliant = "SELECTABLE 2*2 FROMAGE"; //not sql
+		   String requestNonCompiliant_nSpace = "SELECT   *FROM table"; // Noncompliant
 	   }
 	   
    private void dummyCall (String request) {
 	   
    }
+   
 }
\ No newline at end of file