Package net.sourceforge.pmd.lang.apex.rule.security

Class ApexXSSFromURLParamRule

java.lang.Object

net.sourceforge.pmd.properties.AbstractPropertySource

net.sourceforge.pmd.lang.rule.AbstractRule

net.sourceforge.pmd.lang.apex.rule.AbstractApexRule

net.sourceforge.pmd.lang.apex.rule.security.ApexXSSFromURLParamRule

All Implemented Interfaces:

ApexParserVisitor, ImmutableLanguage, PropertySource, CodeClimateRule, Rule

public class ApexXSSFromURLParamRule
extends AbstractApexRule

Detects potential XSS when controller extracts a variable from URL query and uses it without escaping first

Author:

sergey.gorbaty

Nested Class Summary

Nested classes/interfaces inherited from interface net.sourceforge.pmd.renderers.CodeClimateRule

CodeClimateRule.CodeClimateCategory

Field Summary

Fields inherited from class net.sourceforge.pmd.properties.AbstractPropertySource

propertyDescriptors, propertyValuesByDescriptor

Fields inherited from interface net.sourceforge.pmd.renderers.CodeClimateRule

CODECLIMATE_BLOCK_HIGHLIGHTING, CODECLIMATE_CATEGORIES, CODECLIMATE_REMEDIATION_MULTIPLIER

Fields inherited from interface net.sourceforge.pmd.Rule

VIOLATION_SUPPRESS_REGEX_DESCRIPTOR, VIOLATION_SUPPRESS_XPATH_DESCRIPTOR

Constructor Summary

Constructors

Constructor	Description
ApexXSSFromURLParamRule()

Method Summary

Modifier and Type	Method	Description
Object	visit(ASTAssignmentExpression node, Object data)
Object	visit(ASTFieldDeclaration node, Object data)
Object	visit(ASTMethodCallExpression node, Object data)
Object	visit(ASTReturnStatement node, Object data)
Object	visit(ASTUserClass node, Object data)
Object	visit(ASTVariableDeclaration node, Object data)

Methods inherited from class net.sourceforge.pmd.lang.apex.rule.AbstractApexRule

apply, getParserOptions, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visit, visitAll

Methods inherited from class net.sourceforge.pmd.lang.rule.AbstractRule

addExample, addRuleChainVisit, addRuleChainVisit, addViolation, addViolation, addViolation, addViolationWithMessage, addViolationWithMessage, addViolationWithMessage, deepCopy, deepCopyValuesTo, end, equals, getDescription, getExamples, getExternalInfoUrl, getLanguage, getMaximumLanguageVersion, getMessage, getMinimumLanguageVersion, getName, getPriority, getPropertySourceType, getRuleChainVisits, getRuleClass, getRuleSetName, getSince, hashCode, isDeprecated, isDfa, isMultifile, isRuleChain, isTypeResolution, setDeprecated, setDescription, setDfa, setExternalInfoUrl, setLanguage, setMaximumLanguageVersion, setMessage, setMinimumLanguageVersion, setMultifile, setName, setPriority, setRuleClass, setRuleSetName, setSince, setTypeResolution, setUsesDFA, setUsesMultifile, setUsesTypeResolution, start, usesDFA, usesMultifile, usesRuleChain, usesTypeResolution

Methods inherited from class net.sourceforge.pmd.properties.AbstractPropertySource

copyPropertyDescriptors, copyPropertyValues, definePropertyDescriptor, dysfunctionReason, getOverriddenPropertiesByPropertyDescriptor, getOverriddenPropertyDescriptors, getPropertiesByPropertyDescriptor, getProperty, getPropertyDescriptor, getPropertyDescriptors, hasDescriptor, ignoredProperties, isPropertyOverridden, setProperty, setProperty, useDefaultValueFor, usesDefaultValues

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.sourceforge.pmd.properties.PropertySource

definePropertyDescriptor, dysfunctionReason, getOverriddenPropertiesByPropertyDescriptor, getOverriddenPropertyDescriptors, getPropertiesByPropertyDescriptor, getProperty, getPropertyDescriptor, getPropertyDescriptors, hasDescriptor, ignoredProperties, isPropertyOverridden, setProperty, setProperty, useDefaultValueFor, usesDefaultValues

Methods inherited from interface net.sourceforge.pmd.Rule

addExample, addRuleChainVisit, addRuleChainVisit, deepCopy, end, getDescription, getExamples, getExternalInfoUrl, getLanguage, getMaximumLanguageVersion, getMessage, getMinimumLanguageVersion, getName, getPriority, getRuleChainVisits, getRuleClass, getRuleSetName, getSince, isDeprecated, isDfa, isMultifile, isRuleChain, isTypeResolution, setDeprecated, setDescription, setDfa, setExternalInfoUrl, setLanguage, setMaximumLanguageVersion, setMessage, setMinimumLanguageVersion, setMultifile, setName, setPriority, setRuleClass, setRuleSetName, setSince, setTypeResolution, setUsesDFA, setUsesMultifile, setUsesTypeResolution, start, usesDFA, usesMultifile, usesRuleChain, usesTypeResolution

Constructor Detail

ApexXSSFromURLParamRule

public ApexXSSFromURLParamRule()

Method Detail

visit

public Object visit(ASTUserClass node,
                    Object data)

Specified by:

visit in interface ApexParserVisitor

Overrides:

visit in class AbstractApexRule

visit

public Object visit(ASTAssignmentExpression node,
                    Object data)

Specified by:

visit in interface ApexParserVisitor

Overrides:

visit in class AbstractApexRule

visit

public Object visit(ASTVariableDeclaration node,
                    Object data)

Specified by:

visit in interface ApexParserVisitor

Overrides:

visit in class AbstractApexRule

visit

public Object visit(ASTFieldDeclaration node,
                    Object data)

Specified by:

visit in interface ApexParserVisitor

Overrides:

visit in class AbstractApexRule

visit

public Object visit(ASTMethodCallExpression node,
                    Object data)

Specified by:

visit in interface ApexParserVisitor

Overrides:

visit in class AbstractApexRule

visit

public Object visit(ASTReturnStatement node,
                    Object data)

Specified by:

visit in interface ApexParserVisitor

Overrides:

visit in class AbstractApexRule