All files / src/rules dangerous_statement.ts

91.01% Statements 81/89
70.83% Branches 17/24
100% Functions 7/7
91.01% Lines 81/89

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 901x 1x 1x 1x 1x 1x 1x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 15305x 1x 7653x 7653x 7653x 7653x 7653x 22818x 22818x 22818x 22818x 22818x 22818x 22818x 7653x 7653x 4x 4x 7653x 7653x 7346x 7346x 7653x 7653x 139x 139x 7653x 7653x 155x 155x 155x 845x 845x 845x 1x 845x 1x 844x 1x 843x 1x 842x   841x   841x   841x   841x   841x   841x     845x 845x 4x 4x 845x 155x 155x 155x 7653x 7653x  
import * as Statements from "../abap/2_statements/statements";
import {Issue} from "../issue";
import {ABAPRule} from "./_abap_rule";
import {BasicRuleConfig} from "./_basic_rule_config";
import {IRuleMetadata, RuleTag} from "./_irule";
import {ABAPFile} from "../abap/abap_file";
 
export class DangerousStatementConf extends BasicRuleConfig {
  /** Detects execSQL (dynamic SQL) */
  public execSQL: boolean = true;
  /** Detects kernel calls */
  public kernelCall: boolean = true;
  /** Detects SYSTEM-CALL */
  public systemCall: boolean = true;
  /** Detects INSERT REPORT */
  public insertReport: boolean = true;
  public generateDynpro: boolean = true;
  public generateReport: boolean = true;
  public generateSubroutine: boolean = true;
  public deleteReport: boolean = true;
  public deleteTextpool: boolean = true;
  public deleteDynpro: boolean = true;
  public importDynpro: boolean = true;
}
 
export class DangerousStatement extends ABAPRule {
 
  private conf = new DangerousStatementConf();
 
  public getMetadata(): IRuleMetadata {
    return {
      key: "dangerous_statement",
      title: "Dangerous statement",
      shortDescription: `Detects potentially dangerous statements`,
      tags: [RuleTag.SingleFile, RuleTag.Security],
    };
  }
 
  private getDescription(statement: string): string {
    return "Potential dangerous statement " + statement;
  }
 
  public getConfig() {
    return this.conf;
  }
 
  public setConfig(conf: DangerousStatementConf) {
    this.conf = conf;
  }
 
  public runParsed(file: ABAPFile) {
    const issues: Issue[] = [];
 
    for (const statementNode of file.getStatements()) {
      const statement = statementNode.get();
      let message: string | undefined = undefined;
      if (this.conf.execSQL && statement instanceof Statements.ExecSQL) {
        message = "EXEC SQL";
      } else if (this.conf.kernelCall && statement instanceof Statements.CallKernel) {
        message = "KERNEL CALL";
      } else if (this.conf.systemCall && statement instanceof Statements.SystemCall) {
        message = "SYSTEM-CALL";
      } else if (this.conf.insertReport && statement instanceof Statements.InsertReport) {
        message = "INSERT REPORT";
      } else if (this.conf.generateDynpro && statement instanceof Statements.GenerateDynpro) {
        message = "GENERATE DYNPRO";
      } else if (this.conf.generateReport && statement instanceof Statements.GenerateReport) {
        message = "GENERATE REPORT";
      } else if (this.conf.generateSubroutine && statement instanceof Statements.GenerateSubroutine) {
        message = "GENERATE SUBROUTINE";
      } else if (this.conf.deleteReport && statement instanceof Statements.DeleteReport) {
        message = "DELETE REPORT";
      } else if (this.conf.deleteTextpool && statement instanceof Statements.DeleteTextpool) {
        message = "DELETE TEXTPOOL";
      } else if (this.conf.deleteDynpro && statement instanceof Statements.DeleteDynpro) {
        message = "DELETE DYNPRO";
      } else if (this.conf.importDynpro && statement instanceof Statements.ImportDynpro) {
        message = "IMPORT DYNPRO";
      }
 
      if (message) {
        issues.push(Issue.atStatement(file, statementNode, this.getDescription(message), this.getMetadata().key, this.conf.severity));
      }
    }
 
    return issues;
  }
 
}