com.cflint.CFLint Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of CFLint Show documentation
Show all versions of CFLint Show documentation
A static code analysis tool for ColdFusion (in the spirit of FindBugs and Lint). With CFLint, you are able to analyze your ColdFusion code base for code violations.
package com.cflint;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map.Entry;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.antlr.runtime.BitSet;
import org.antlr.runtime.IntStream;
import org.antlr.runtime.RecognitionException;
import org.antlr.v4.runtime.Parser;
import org.antlr.v4.runtime.Recognizer;
import org.antlr.v4.runtime.Token;
import org.antlr.v4.runtime.atn.ATNConfigSet;
import org.antlr.v4.runtime.dfa.DFA;
import com.cflint.BugInfo.BugInfoBuilder;
import com.cflint.config.CFLintChainedConfig;
import com.cflint.config.CFLintConfig;
import com.cflint.config.CFLintConfiguration;
import com.cflint.config.CFLintPluginInfo.PluginInfoRule;
import com.cflint.config.CFLintPluginInfo.PluginInfoRule.PluginMessage;
import com.cflint.config.ConfigUtils;
import com.cflint.listeners.ScanProgressListener;
import com.cflint.plugins.CFLintScanner;
import com.cflint.plugins.CFLintStructureListener;
import com.cflint.plugins.Context;
import com.cflint.plugins.Context.ContextMessage;
import com.cflint.plugins.Context.ContextType;
import com.cflint.plugins.exceptions.CFLintExceptionListener;
import com.cflint.plugins.exceptions.DefaultCFLintExceptionListener;
import com.cflint.tools.AllowedExtensionsLoader;
import com.cflint.tools.CFLintFilter;
import com.cflint.tools.CommentReformatting;
import com.cflint.tools.FileUtil;
import com.cflint.tools.PrecedingCommentReader;
import com.cflint.tools.ScanningProgressMonitorLookAhead;
import cfml.CFSCRIPTLexer;
import cfml.CFSCRIPTParser;
import cfml.parsing.CFMLParser;
import cfml.parsing.CFMLSource;
import cfml.parsing.ParserTag;
import cfml.parsing.cfscript.CFAssignmentExpression;
import cfml.parsing.cfscript.CFExpression;
import cfml.parsing.cfscript.CFFullVarExpression;
import cfml.parsing.cfscript.CFFunctionExpression;
import cfml.parsing.cfscript.CFIdentifier;
import cfml.parsing.cfscript.CFStatement;
import cfml.parsing.cfscript.CFStringExpression;
import cfml.parsing.cfscript.CFVarDeclExpression;
import cfml.parsing.cfscript.script.CFCase;
import cfml.parsing.cfscript.script.CFCatchStatement;
import cfml.parsing.cfscript.script.CFCompDeclStatement;
import cfml.parsing.cfscript.script.CFCompoundStatement;
import cfml.parsing.cfscript.script.CFExpressionStatement;
import cfml.parsing.cfscript.script.CFForInStatement;
import cfml.parsing.cfscript.script.CFForStatement;
import cfml.parsing.cfscript.script.CFFuncDeclStatement;
import cfml.parsing.cfscript.script.CFFunctionParameter;
import cfml.parsing.cfscript.script.CFIfStatement;
import cfml.parsing.cfscript.script.CFParsedStatement;
import cfml.parsing.cfscript.script.CFPropertyStatement;
import cfml.parsing.cfscript.script.CFReturnStatement;
import cfml.parsing.cfscript.script.CFScriptStatement;
import cfml.parsing.cfscript.script.CFSwitchStatement;
import cfml.parsing.cfscript.script.CFTryCatchStatement;
import cfml.parsing.reporting.IErrorReporter;
import cfml.parsing.reporting.ParseException;
import net.htmlparser.jericho.Element;
import net.htmlparser.jericho.Source;
public class CFLint implements IErrorReporter {
static final String FILE_ERROR = "FILE_ERROR";
static final String PARSE_ERROR = "PARSE_ERROR";
static final String PLUGIN_ERROR = "PLUGIN_ERROR";
static final String RESOURCE_BUNDLE_NAME = "com.cflint.cflint";
CFMLParser cfmlParser = new CFMLParser();
StackHandler handler = new StackHandler();
BugList bugs;
final List extensions = new ArrayList();
final List allowedExtensions = new ArrayList();
boolean verbose = false;
boolean logError = false;
boolean quiet = false;
boolean showProgress = false;
boolean progressUsesThread = true;
// constants
final List scanProgressListeners = new ArrayList();
final List exceptionListeners = new ArrayList();
CFLintConfiguration configuration;
public CFLint(final CFLintConfiguration configFile) throws IOException {
configuration = configFile == null ? new CFLintConfig() : configFile;
for (final PluginInfoRule ruleInfo : configuration.getRules()) {
addScanner(ConfigUtils.loadPlugin(ruleInfo));// TODO load them all
}
final CFLintFilter filter = CFLintFilter.createFilter(verbose);
bugs = new BugList(filter);
if (exceptionListeners.isEmpty()) {
addExceptionListener(new DefaultCFLintExceptionListener(bugs));
}
allowedExtensions.addAll(AllowedExtensionsLoader.init(RESOURCE_BUNDLE_NAME));
cfmlParser.setErrorReporter(this);
}
@Deprecated
public CFLint(final CFLintConfiguration configuration, final CFLintScanner... bugsScanners) {
super();
this.configuration = configuration;
for (final CFLintScanner scanner : bugsScanners) {
extensions.add(scanner);
if (configuration != null) {
final PluginInfoRule ruleInfo = configuration.getRuleByClass(scanner.getClass());
if (ruleInfo != null) {
ruleInfo.setPluginInstance(scanner);
}
}
}
CFLintFilter filter;
try {
filter = CFLintFilter.createFilter(verbose);
bugs = new BugList(filter);
} catch (final IOException e1) {
e1.printStackTrace();
}
if (exceptionListeners.isEmpty()) {
addExceptionListener(new DefaultCFLintExceptionListener(bugs));
}
allowedExtensions.addAll(AllowedExtensionsLoader.init(RESOURCE_BUNDLE_NAME));
cfmlParser.setErrorReporter(this);
}
public void scan(final String folderName) {
if (showProgress) {
ScanningProgressMonitorLookAhead.createInstance(this, folderName, progressUsesThread).startPreScan();
}
scan(new File(folderName));
fireClose();
}
public void scan(final File folderOrFile) {
if (getBugs().getFileFilter() != null && !getBugs().getFileFilter().includeFile(folderOrFile)) {
return;
}
if (folderOrFile.isDirectory()) {
final CFLintConfiguration saveConfig = configuration;
try {
for (final File file : folderOrFile.listFiles()) {
if (file.getName().toLowerCase().startsWith(".cflintrc")) {
try {
System.out.println("read config " + file);
CFLintConfiguration newConfig = file.getName().toLowerCase().endsWith(".xml")?
ConfigUtils.unmarshal(new FileInputStream(file), CFLintConfig.class):
ConfigUtils.unmarshalJson(new FileInputStream(file), CFLintConfig.class);
configuration = new CFLintChainedConfig(newConfig, configuration);
} catch (Exception e) {
System.err.println("Could not read config file " + file);
}
}
}
for (final File file : folderOrFile.listFiles()) {
scan(file);
}
} finally {
configuration = saveConfig;
}
} else if (!folderOrFile.isHidden() && FileUtil.checkExtension(folderOrFile, allowedExtensions)) {
final String src = FileUtil.loadFile(folderOrFile);
try {
process(src, folderOrFile.getAbsolutePath());
} catch (final Exception e) {
printException(e);
if (logError) {
System.out.println("Logging Error: " + FILE_ERROR);
fireCFLintException(e, FILE_ERROR, folderOrFile.getAbsolutePath(), null, null, null, null);
}
}
}
}
protected void printException(final Exception e, Element... elem) {
if (!quiet) {
if (elem != null && elem.length > 0 && elem[0] != null) {
final int line = elem[0].getSource().getRow(elem[0].getBegin());
System.err.println("Error in: " + shortSource(elem[0].getSource(), line) + " @ " + line + ":");
}
if (verbose) {
e.printStackTrace(System.err);
} else {
System.err.println(e.getMessage());
}
}
}
public void process(final String src, final String filename) throws ParseException, IOException {
fireStartedProcessing(filename);
final CFMLSource cfmlSource = new CFMLSource(
src != null && src.contains(" in the tag hierarchy
*/
protected boolean checkForDisabled(final Element element, final String msgcode) {
Element elem = element;
while (elem != null) {
final Element prevSibling = getPreviousSibling(elem);
if (prevSibling != null && prevSibling.getName().equals("!---")) {
final Pattern p = Pattern.compile(".*---\\s*CFLINT-DISABLE\\s+(.*)\\s*---.*");
final Matcher m = p.matcher(prevSibling.toString().toUpperCase().trim());
if (m.matches()) {
// No message codes in CFLINT-DISABLE
if (m.group(1).trim().length() == 0) {
if (verbose) {
System.out.println("Skipping disabled " + msgcode);
}
return true;
}
// check for matching message codes in CFLINT-DISABLE
for (String skipcode : m.group(1).split(",")) {
skipcode = skipcode.trim();
if (msgcode.equals(skipcode)) {
if (verbose) {
System.out.println("Skipping disabled " + msgcode);
}
return true;
}
}
}
}
elem = elem.getParentElement();
}
return false;
}
protected void reportRule(final Element elem, final Object expression, final Context context,
final CFLintScanner pluginParm, final ContextMessage msg) {
final String msgcode = msg.getMessageCode();
final String nameVar = msg.getVariable();
final CFLintScanner plugin = msg.getSource() == null ? pluginParm : msg.getSource();
if (checkForDisabled(elem, msgcode)) {
return;
}
if (configuration == null) {
throw new NullPointerException("Configuration is null");
}
PluginInfoRule ruleInfo;
if ("PLUGIN_ERROR".equals(msgcode)) {
ruleInfo = new PluginInfoRule();
final PluginMessage msgInfo = new PluginMessage("PLUGIN_ERROR");
msgInfo.setMessageText("Error in plugin: ${variable}");
msgInfo.setSeverity("ERROR");
ruleInfo.getMessages().add(msgInfo);
} else {
if (plugin == null) {
throw new NullPointerException(
"Plugin not set. Plugin should be using addMessage(messageCode,variable,source) to report messages in parent contexts");
}
ruleInfo = configuration.getRuleForPlugin(plugin);
}
if (ruleInfo == null) {
throw new NullPointerException("Rule not found for " + plugin.getClass().getSimpleName());
}
final PluginMessage msgInfo = ruleInfo.getMessageByCode(msgcode);
if (configuration == null) {
throw new NullPointerException(
"Message definition not found for [" + msgcode + "] in " + plugin.getClass().getSimpleName());
}
final BugInfoBuilder bldr = new BugInfo.BugInfoBuilder().setMessageCode(msgcode).setVariable(nameVar)
.setFunction(context.getFunctionName()).setFilename(context.getFilename())
.setComponent(context.getComponentName());
if (msgInfo != null) {
bldr.setSeverity(msgInfo.getSeverity());
bldr.setMessage(msgInfo.getMessageText());
} else {
String errMessage = "Message code: " + msgcode + " is not configured correctly.";
fireCFLintException(new NullPointerException(errMessage), PLUGIN_ERROR, "", null, null, null, null);
bldr.setSeverity("WARNING");
bldr.setMessage(msgcode);
}
if (expression instanceof CFStatement) {
bldr.setExpression(((CFStatement) expression).Decompile(0));
} else if (expression instanceof CFScriptStatement) {
bldr.setExpression(((CFScriptStatement) expression).Decompile(0));
} else if (elem != null) {
bldr.setExpression(elem.toString());
}
bldr.setRuleParameters(ruleInfo.getParameters());
if (configuration.includes(ruleInfo.getMessageByCode(msgcode))
&& !configuration.excludes(ruleInfo.getMessageByCode(msgcode))) {
if (expression instanceof CFExpression) {
BugInfo bugInfo = bldr.build((CFExpression) expression, elem);
final Token token = ((CFExpression) expression).getToken();
if (!suppressed(bugInfo, token, context)) {
bugs.add(bugInfo);
}
} else {
final BugInfo bug = bldr.build((CFParsedStatement) expression, elem);
if (msg.getLine() != null) {
bug.setLine(msg.getLine());
bug.setColumn(0);
}
bugs.add(bug);
}
}
}
/*
* Look for a suppress comment on the same line. cflint:line - suppresses
* any messages on the same line cflint:MESSAGE_CODE - suppresses any
* message matching that code
*/
protected boolean suppressed(BugInfo bugInfo, Token token, Context context) {
if (context == null || context.isSuppressed(bugInfo))
return true;
Iterable tokens = context.afterTokens(token);
for (Token currentTok : tokens) {
if (currentTok.getLine() != token.getLine()) {
break;
}
if (currentTok.getChannel() == Token.HIDDEN_CHANNEL && currentTok.getType() == CFSCRIPTLexer.LINE_COMMENT) {
final String commentText = currentTok.getText().replaceFirst("^//\\s*", "").trim();
if (commentText.startsWith("cflint ")) {
Pattern pattern = Pattern.compile("cflint\\s+ignore:([\\w,]+).*");
Matcher matcher = pattern.matcher(commentText);
if (matcher.matches() && matcher.groupCount() > 0) {
final String ignoreCodes = matcher.group(1);
if (ignoreCodes.equalsIgnoreCase("line")) {
return true;
}
for (final String ignoreCode : ignoreCodes.split(",\\s*")) {
if (ignoreCode.equals(bugInfo.getMessageCode())) {
return true;
}
}
}
}
}
}
return false;
}
public BugList getBugs() {
return bugs;
}
public List getAllowedExtensions() {
return allowedExtensions;
}
public void setAllowedExtensions(final List allowedExtensions) {
this.allowedExtensions.clear();
this.allowedExtensions.addAll(allowedExtensions);
}
@Override
public void reportError(final String arg0) {
}
public void reportError(final RecognitionException arg0) {
}
public void reportError(final String[] arg0, final RecognitionException arg1) {
}
public void reportError(final IntStream arg0, final RecognitionException arg1, final BitSet arg2) {
}
public void setVerbose(final boolean verbose) {
this.verbose = verbose;
}
public void setLogError(final boolean logError) {
this.logError = logError;
}
public void setQuiet(final boolean quiet) {
this.quiet = quiet;
}
public void addScanProgressListener(final ScanProgressListener scanProgressListener) {
scanProgressListeners.add(scanProgressListener);
}
protected void fireStartedProcessing(final String srcidentifier) {
cfmlParser = new CFMLParser();
cfmlParser.setErrorReporter(this);
currentFile = srcidentifier;
currentElement = null;
for (final CFLintStructureListener structurePlugin : getStructureListeners(extensions)) {
try {
structurePlugin.startFile(srcidentifier, bugs);
} catch (final Exception e) {
printException(e);
fireCFLintException(e, PARSE_ERROR, srcidentifier, null, null, null, null);
}
}
for (final ScanProgressListener p : scanProgressListeners) {
p.startedProcessing(srcidentifier);
}
}
protected void fireFinishedProcessing(final String srcidentifier) {
for (final CFLintStructureListener structurePlugin : getStructureListeners(extensions)) {
try {
structurePlugin.endFile(srcidentifier, bugs);
} catch (final Exception e) {
printException(e);
fireCFLintException(e, PARSE_ERROR, srcidentifier, null, null, null, null);
}
}
for (final ScanProgressListener p : scanProgressListeners) {
p.finishedProcessing(srcidentifier);
}
processed.clear();
}
protected void fireClose() {
for (final ScanProgressListener p : scanProgressListeners) {
p.close();
}
}
public void addScanner(final CFLintScanner plugin) {
if (plugin != null)
extensions.add(plugin);
}
public List getScanners() {
return extensions;
}
public void addExceptionListener(final CFLintExceptionListener exceptionListener) {
exceptionListeners.add(exceptionListener);
}
protected void fireCFLintException(final Throwable e, final String messageCode, final String filename,
final Integer line, final Integer column, final String functionName, final String expression) {
for (final CFLintExceptionListener p : exceptionListeners) {
p.exceptionOccurred(e, messageCode, filename, line, column, functionName, expression);
}
}
public void setShowProgress(final boolean showProgress) {
this.showProgress = showProgress;
}
public void setProgressUsesThread(final boolean progressUsesThread) {
this.progressUsesThread = progressUsesThread;
}
String currentFile = null;
Element currentElement = null;
@Override
public void syntaxError(final Recognizer, ?> recognizer, final Object offendingSymbol, int line,
int charPositionInLine, final String msg, final org.antlr.v4.runtime.RecognitionException e) {
final String file = currentFile == null ? "" : currentFile + "\r\n";
String expression = null;
if (offendingSymbol instanceof Token) {
expression = ((Token) offendingSymbol).getText();
if (expression.length() > 50) {
expression = expression.substring(1, 40) + "...";
}
}
if (currentElement != null) {
if (line == 1) {
line = currentElement.getSource().getRow(currentElement.getBegin());
charPositionInLine = charPositionInLine
+ currentElement.getSource().getColumn(currentElement.getBegin());
} else {
line = currentElement.getSource().getRow(currentElement.getBegin()) + line - 1;
}
}
if (recognizer instanceof Parser && ((Parser) recognizer).isExpectedToken(CFSCRIPTParser.SEMICOLON)) {
bugs.add(new BugInfo.BugInfoBuilder().setMessageCode("MISSING_SEMI").setFilename(file)
.setMessage("End of statement(;) expected instead of " + expression).setSeverity("ERROR")
.setExpression(expression).setLine(line).setColumn(charPositionInLine).build());
} else {
fireCFLintException(e, PARSE_ERROR, file, line, charPositionInLine, "", msg);
}
}
@Override
public void reportAmbiguity(final Parser recognizer, final DFA dfa, final int startIndex, final int stopIndex,
final boolean exact, final java.util.BitSet ambigAlts, final ATNConfigSet configs) {
}
@Override
public void reportAttemptingFullContext(final Parser recognizer, final DFA dfa, final int startIndex,
final int stopIndex, final java.util.BitSet conflictingAlts, final ATNConfigSet configs) {
}
@Override
public void reportContextSensitivity(final Parser recognizer, final DFA dfa, final int startIndex,
final int stopIndex, final int prediction, final ATNConfigSet configs) {
}
@Override
public void reportError(final org.antlr.v4.runtime.RecognitionException re) {
}
@Override
public void reportError(final String[] tokenNames, final org.antlr.v4.runtime.RecognitionException re) {
}
@Override
public void reportError(final org.antlr.v4.runtime.IntStream input,
final org.antlr.v4.runtime.RecognitionException re, final BitSet follow) {
}
}