Copy link to clipboard
Copied
Hello FlexPMD Community,
I am trying to write some custom rules for picking:
private function downloadFile():void
{
fileRef.download("/abc/xyz");
}
The best, I could do is:
private
static final String METHOD_NAME[] = {"download"};
private static final String SECURITY[] = {"FileReference"};
protected final void findViolations( final IClass classNode )
{
for(final IFunction function : classNode.getFunctions())
{
if(function.getBody().findPrimaryStatementsFromNameInChildren(SECURITY).size() > 0)
{
for(final IParserNode functionCall : function.getBody().findPrimaryStatementsFromNameInChildren(METHOD_NAME))
{
addViolation( functionCall );
}
}
}
}
I was hoping to be able to traverse AST with objRef.functionCall and than retrieve the value /abc/xyz.
Any help greatly appreciated.
- Mansi
Copy link to clipboard
Copied
The way the AST is built makes it difficult at the moment to "visit" a node in a function body.
We are thinking of a way to refactor it to make it easier, but at the moment, the way you tried is the way to go.
Cheers,
Xavier
Copy link to clipboard
Copied
Xavier,
I know you said there is no way for a finer granular control over AST traversal at the moment. I see this feature extremely valuable.
What I am looking at is:
If I can say for below function call:
Security.allowDomain("*")
(className/objectname).functionName(value). If I can retrieve this value, it would be extremely useful, to do lot of string comparisions on these values.
Also, searching as PRIMARIES, which as per my understanding is a <regex> search within a function, generates some noise. Thought would like to compliment, not a lot of noise as we are still doing it within a function.
If we have that granular control over our AST traversal, it would be phenomenal. Going ahead, we might be able to add some dataflow analysis feature too.
Let me know, if you find it valuable and you want me to add a JIRA request.
Btw, I am in love with FlexPMD and find it extremely useful.
- Mansi
Copy link to clipboard
Copied
Hi Mansi,
Please, feel free to add a feature request.
Xavier