Skip to content
This repository has been archived by the owner on Jan 13, 2023. It is now read-only.

sql checks #88

Merged
merged 1 commit into from
Oct 17, 2022
Merged

sql checks #88

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 10 additions & 11 deletions src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidFullSQLRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
package fr.cnumr.java.checks;

import java.util.Arrays;
import static java.util.Collections.singletonList;
import static java.util.regex.Pattern.CASE_INSENSITIVE;
import static java.util.regex.Pattern.compile;

import java.util.List;
import java.util.function.Predicate;

import org.sonar.check.Priority;
import org.sonar.check.Rule;
Expand All @@ -19,23 +23,18 @@
public class AvoidFullSQLRequest extends IssuableSubscriptionVisitor {

protected static final String MESSAGERULE = "Don't use the query SELECT * FROM";
private static final String REGEXPSELECTFROM = "(?i).*select.*\\*.*from.*";
private static final Predicate<String> SELECT_FROM_REGEXP =
compile("select\\s*\\*\\s*from", CASE_INSENSITIVE).asPredicate(); //simple regexp, more precision

@Override
public List<Kind> nodesToVisit() {
return Arrays.asList(Tree.Kind.STRING_LITERAL);
return singletonList(Tree.Kind.STRING_LITERAL);
}

@Override
public void visitNode(Tree tree) {
boolean isSelectFrom = false;

if (tree.is(Kind.STRING_LITERAL,Kind.TEXT_BLOCK)) {
LiteralTree literal = (LiteralTree) tree;
isSelectFrom = literal.value().matches(REGEXPSELECTFROM);
}

if (isSelectFrom) {
String value = ((LiteralTree) tree).value();
if (SELECT_FROM_REGEXP.test(value)) {
reportIssue(tree, MESSAGERULE);
}
}
Expand Down
7 changes: 4 additions & 3 deletions src/java-plugin/src/main/java/fr/cnumr/java/checks/AvoidSQLRequestInLoop.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
import java.util.Arrays;
import java.util.List;

import org.apache.tomcat.util.descriptor.web.MessageDestinationRef;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
Expand All @@ -24,7 +23,9 @@ public class AvoidSQLRequestInLoop extends IssuableSubscriptionVisitor {

@Override
public List<Kind> nodesToVisit() {
return Arrays.asList(Tree.Kind.FOR_EACH_STATEMENT, Tree.Kind.FOR_STATEMENT, Tree.Kind.WHILE_STATEMENT);
return Arrays.asList(
Tree.Kind.FOR_EACH_STATEMENT, Tree.Kind.FOR_STATEMENT,
Tree.Kind.WHILE_STATEMENT, Tree.Kind.DO_STATEMENT);
}

@Override
Expand All @@ -42,7 +43,7 @@ private class AvoidSQLRequestInLoopVisitor extends BaseTreeVisitor {
MethodMatchers.create().ofSubTypes("org.hibernate.Session").names("createQuery", "createSQLQuery")
.withAnyParameters().build(),
MethodMatchers.create().ofSubTypes(JAVA_SQL_STATEMENT)
.names("executeQuery", "execute", "executeUpdate", "executeLargeUpdate", "addBatch")
.names("executeQuery", "execute", "executeUpdate", "executeLargeUpdate") // addBatch is recommended
.withAnyParameters().build(),
MethodMatchers.create().ofSubTypes(JAVA_SQL_CONNECTION)
.names("prepareStatement", "prepareCall", "nativeSQL")
Expand Down
9 changes: 9 additions & 0 deletions src/java-plugin/src/test/files/AvoidFullSQLRequestCheck.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
package fr.cnumr.java.checks;

import java.util.regex.Pattern;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems not used


class AvoidFullSQLRequestCheck {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe adding some test like that would be wised :
dummyCall("SELECT user FROM (SELECT * FROM table)");

AvoidFullSQLRequestCheck(AvoidFullSQLRequestCheck mc) {
}

public void literalSQLrequest() {
dummyCall(" sElEcT * fRoM myTable"); // Noncompliant
dummyCall(" sElEcT user fRoM myTable");

dummyCall("SELECTABLE 2*2 FROMAGE"); //not sql
dummyCall("SELECT *FROM table"); // Noncompliant
}


Expand All @@ -15,9 +20,13 @@ public void variableSQLrequest() {
String requestCompiliant = " SeLeCt user FrOm myTable";
dummyCall(requestNonCompiliant);
dummyCall(requestCompiliant);

String noSqlCompiliant = "SELECTABLE 2*2 FROMAGE"; //not sql
String requestNonCompiliant_nSpace = "SELECT *FROM table"; // Noncompliant
}

private void dummyCall (String request) {

}

}