io.codemodder.remediation.predictableseed.PredictableSeedRemediator Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of codemodder-base Show documentation
Base framework for writing codemods in Java
There is a newer version: 0.98.6
package io.codemodder.remediation.predictableseed;

import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.Node;
import com.github.javaparser.ast.NodeList;
import com.github.javaparser.ast.expr.Expression;
import com.github.javaparser.ast.expr.LiteralExpr;
import com.github.javaparser.ast.expr.MethodCallExpr;
import com.github.javaparser.ast.expr.NameExpr;
import io.codemodder.CodemodFileScanningResult;
import io.codemodder.codetf.DetectorRule;
import io.codemodder.remediation.*;
import java.util.Collection;
import java.util.Optional;
import java.util.function.Function;

/** Remediator for predictable seed weaknesses. */
public final class PredictableSeedRemediator implements Remediator {

  private final SearcherStrategyRemediator searchStrategyRemediator;

  public PredictableSeedRemediator() {
    this.searchStrategyRemediator =
        new SearcherStrategyRemediator.Builder()
            .withSearcherStrategyPair(
                new FixCandidateSearcher.Builder()
                    .withMatcher(
                        n ->
                            Optional.of(n)
                                .map(MethodOrConstructor::new)
                                .filter(mce -> mce.isMethodCallWithName("setSeed"))
                                .filter(mce -> mce.asNode().hasScope())
                                .filter(mce -> mce.getArguments().size() == 1)
                                // technically, we don't need this, just to prevent a silly tool
                                // from
                                // reporting on hardcoded data
                                .filter(mce -> !(mce.getArguments().get(0) instanceof LiteralExpr))
                                .isPresent())
                    .build(),
                new RemediationStrategy() {
                  @Override
                  public SuccessOrReason fix(final CompilationUnit cu, final Node node) {
                    MethodCallExpr setSeedCall = (MethodCallExpr) node;
                    MethodCallExpr safeExpression =
                        new MethodCallExpr(
                            new NameExpr(System.class.getSimpleName()), "currentTimeMillis");
                    NodeList arguments = setSeedCall.getArguments();
                    arguments.set(0, safeExpression);
                    return SuccessOrReason.success();
                  }
                })
            .build();
  }

  @Override
  public CodemodFileScanningResult remediateAll(
      CompilationUnit cu,
      String path,
      DetectorRule detectorRule,
      Collection findingsForPath,
      Function findingIdExtractor,
      Function findingStartLineExtractor,
      Function> findingEndLineExtractor,
      Function> findingColumnExtractor) {
    return searchStrategyRemediator.remediateAll(
        cu,
        path,
        detectorRule,
        findingsForPath,
        findingIdExtractor,
        findingStartLineExtractor,
        findingEndLineExtractor,
        findingColumnExtractor);
  }
}