Skip to main content
M
MSheth
Participant
March 30, 2010
Question

Custom Rules - picking obj.functionCall(argumentsValue)

  • March 30, 2010
  • 1 reply
  • 664 views

Hello FlexPMD Community,

I am trying to write some custom rules for picking:

private function downloadFile():void

{

     fileRef.download("/abc/xyz");

}

The best, I could do is:

private

static final String METHOD_NAME[] = {"download"};

private static final String SECURITY[] = {"FileReference"};

@2226279

protected final void findViolations( final IClass classNode )

{

     for(final IFunction function : classNode.getFunctions())

     {

          if(function.getBody().findPrimaryStatementsFromNameInChildren(SECURITY).size() > 0)

          {

               for(final IParserNode functionCall : function.getBody().findPrimaryStatementsFromNameInChildren(METHOD_NAME))

               {

                         addViolation( functionCall );

               }

          }

     }

}

I was hoping to be able to traverse AST with objRef.functionCall and than retrieve the value /abc/xyz.

Any help greatly appreciated.

- Mansi

This topic has been closed for replies.

1 reply

X
Adobe Employee
Xavier Agnetti
Adobe Employee
March 31, 2010

The way the AST is built makes it difficult at the moment to "visit" a node in a function body.

We are thinking of a way to refactor it to make it easier, but at the moment, the way you tried is the way to go.

Cheers,

Xavier

M
MShethAuthor
Participant
May 6, 2010

Xavier,

I know you said there is no way for a finer granular control over AST traversal at the moment. I see this feature extremely valuable.

What I am looking at is:

If I can say for below function call:

Security.allowDomain("*")

(className/objectname).functionName(value). If I can retrieve this value, it would be extremely useful, to do lot of string comparisions on these values.

Also, searching as PRIMARIES, which as per my understanding is a <regex> search within a function, generates some noise. Thought would like to compliment, not a lot of noise as we are still doing it within a function.

If we have that granular control over our AST traversal, it would be phenomenal.  Going ahead, we might be able to add some dataflow analysis feature too.

Let me know, if you find it valuable and you want me to add a JIRA request.

Btw, I am in love with FlexPMD and find it extremely useful.

- Mansi

X
Adobe Employee
Xavier Agnetti
Adobe Employee
May 7, 2010

Hi Mansi,

Please, feel free to add a feature request.

Xavier

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices