Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * fb-contrib - Auxiliary detectors for Java programs
   * Copyright (C) 2005-2015 Dave Brosius
   * 
   * This library is free software; you can redistribute it and/or
   * modify it under the terms of the GNU Lesser General Public
   * License as published by the Free Software Foundation; either
   * version 2.1 of the License, or (at your option) any later version.
   * 
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  * 
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 package com.mebigfatguy.fbcontrib.detect;
 
 import java.util.List;
 import java.util.Map;
 
 
 
looks for calls to HttpRequest.getParameter with parameters of the same name with different cases like 'id' and 'Id'.
 
 {	
     private static final String HTTP_SESSION = "javax/servlet/http/HttpSession";
     private static final String HTTP_SERVLET_REQUEST = "javax/servlet/http/HttpServletRequest";
     private static final String GET_ATTRIBUTE = "getAttribute";
     private static final String SET_ATTRIBUTE = "setAttribute";
     private static final String GET_PARAMETER = "getParameter";
     private static final String GET_ATTRIBUTE_SIG = "(Ljava/lang/String;)Ljava/lang/Object;";
     private static final String SET_ATTRIBUTE_SIG = "(Ljava/lang/String;Ljava/lang/Object;)V";
     private static final String GET_PARAMETER_SIG = "(Ljava/lang/String;)Ljava/lang/String;";
 	
     enum KeyType { 
     	ATTRIBUTE("IKNC_INCONSISTENT_HTTP_ATTRIBUTE_CASING"), 
     	PARAMETER("IKNC_INCONSISTENT_HTTP_PARAM_CASING");
     	
     	private String key;
     	
     	KeyType(String descriptionKey) {
     		 = descriptionKey;
     	}
     	
     	public String getDescription() {
     		return ;
     	}
     }
     
     OpcodeStack stack;
     Map<KeyTypeMap<StringMap<StringList<SourceInfo>>>> parmInfo;
    
    
constructs a IKNC detector given the reporter to report bugs on

Parameters:
reporter the sync of bug reports
 
     public InconsistentKeyNameCasing(BugReporter reporter) {
          = reporter;
          = new EnumMap<KeyTypeMap<StringMap<StringList<SourceInfo>>>>(KeyType.class);
         .put(.new HashMap<StringMap<StringList<SourceInfo>>>());
         .put(.new HashMap<StringMap<StringList<SourceInfo>>>());
     }
    
    
implements the visitor to create the opcode stack

Parameters:
classContext the context object of the currently parsed class
 
     @Override
     public void visitClassContext(ClassContext classContext) {
         try {
              = new OpcodeStack();
             super.visitClassContext(classContext);
         } finally {
              = null;
         }
     }
    
    
implements the visitor to reset the opcode stack for a new method

Parameters:
obj the context object of the currently parsed code block
    @Override
    public void visitCode(Code obj) {
        .resetForMethodEntry(this);
        super.visitCode(obj);
    }
    
    
implements the visitor to look for calls to HttpServletRequest.getParameter and collect what the name of the key is.

Parameters:
seen the opcode of the currently parsed instruction
    @Override
    public void sawOpcode(int seen) {
        try {
            .precomputation(this);
            
            if (seen == ) {
            	KeyType type = isKeyAccessMethod(seen);
            	if (type != null) {
            		int numParms = Type.getArgumentTypes(getSigConstantOperand()).length;
                    if (.getStackDepth() >= numParms) {
                        OpcodeStack.Item item = .getStackItem(numParms - 1);
                        String parmName = (String)item.getConstant();
                        if (parmName != null)
                        {
                            String upperParmName = parmName.toUpperCase(Locale.getDefault());
                            Map<StringMap<StringList<SourceInfo>>> typeMap = .get(.);
                            Map<StringList<SourceInfo>> parmCaseInfo = typeMap.get(upperParmName);
                            if (parmCaseInfo == null) {
                                parmCaseInfo = new HashMap<StringList<SourceInfo>>();
                                typeMap.put(upperParmNameparmCaseInfo);
                            }
                            
                            List<SourceInfoannotations = parmCaseInfo.get(parmName);
                            if (annotations == null) {
                                annotations = new ArrayList<SourceInfo>();
                                parmCaseInfo.put(parmNameannotations);
                            }
                            
                            annotations.add(new SourceInfo(getClassName(), getMethodName(), getMethodSig(), getMethod().isStatic(), SourceLineAnnotation.fromVisitedInstruction(getClassContext(), thisgetPC())));
                        }
                    }
            	}
            }
        } finally {
            .sawOpcode(thisseen);
        }
    }
    
    
implements the visitor to look for the collected parm names, and look for duplicates that are different in casing only.
    @Override
    public void report() {
    	for (Map.Entry<KeyTypeMap<StringMap<StringList<SourceInfo>>>> entry : .entrySet()) {
    		KeyType type = entry.getKey();
    		Map<StringMap<StringList<SourceInfo>>> typeMap = entry.getValue();
	        for (Map<StringList<SourceInfo>> parmCaseInfo : typeMap.values()) {
	            if (parmCaseInfo.size() > 1) {
	               BugInstance bi = new BugInstance(thistype.getDescription(), );
	                
	               for (Map.Entry<StringList<SourceInfo>> sourceInfos :parmCaseInfo.entrySet()) {
	                   for (SourceInfo sourceInfo : sourceInfos.getValue()) {
	                       bi.addClass(sourceInfo.clsName);
	                       bi.addMethod(sourceInfo.clsNamesourceInfo.methodNamesourceInfo.signaturesourceInfo.isStatic);
	                       bi.addSourceLine(sourceInfo.srcLine);
	                   	   bi.addString(sourceInfos.getKey());
	                   }
	               }
	               
	               .reportBug(bi);
	            }
	        }
    	}
        .clear();
    }
    
    private KeyType isKeyAccessMethod(int seen) {
    	if (seen == ) {
            String clsName = getClassConstantOperand();
            if (.equals(clsName)) {
                String methodName = getNameConstantOperand();
                if (.equals(methodName)) {
                    String signature = getSigConstantOperand();
                    return (.equals(signature)) ? . : null;
                } else if (.equals(methodName)) {
                    String signature = getSigConstantOperand();
                    return (.equals(signature)) ? . : null;
                }
            } else if (.equals(clsName)) {
                String methodName = getNameConstantOperand();
                if (.equals(methodName)) {
                    String signature = getSigConstantOperand();
                    return (.equals(signature)) ? . : null;
                }
            }
    	}
    	
    	return null;
    }
    
a holder for location information of a getParameter call
    static class SourceInfo
    {
        String clsName;
        String methodName;
        String signature;
        boolean isStatic;
        
        SourceInfo(String clsString methodString sigboolean mStaticSourceLineAnnotation annotation) {
             = cls;
             = method;
             = sig;
             = mStatic;
             = annotation;
        }
        
        @Override
        public String toString() {
        	return ToString.build(this);
        }
    }
New to GrepCode? Check out our FAQ X