Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 22437x 22437x 22437x 22437x 22437x 1x 11222x 11222x 11222x 11222x 11222x 33494x 33494x 33494x 33494x 33494x 33494x 33494x 33494x 11222x 11222x 10969x 10969x 11222x 11222x 228x 228x 11222x 11222x 236x 236x 236x 11222x 11222x 302x 63x 63x 239x 239x 239x 239x 302x 246x 246x 12x 12x 234x 234x 234x 246x 1359x 1359x 1359x 1359x 1359x 6x 6x 6x 6x 2x 1x 1x 2x 2x 4x 4x 6x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 2x 2x 3x 3x 3x 3x 6x 1359x 234x 227x 227x 227x 11222x 11222x | import * as Statements from "../abap/2_statements/statements";
import * as Expressions from "../abap/2_statements/expressions";
import {Issue} from "../issue";
import {BasicRuleConfig} from "./_basic_rule_config";
import {IRule, IRuleMetadata, RuleTag} from "./_irule";
import {IRegistry} from "../_iregistry";
import {IObject} from "../objects/_iobject";
import {ABAPObject} from "../objects/_abap_object";
import {SyntaxLogic} from "../abap/5_syntax/syntax";
import {ISpaghettiScope} from "../abap/5_syntax/_spaghetti_scope";
export class ModifyOnlyOwnDBTablesConf extends BasicRuleConfig {
public reportDynamic: boolean = true;
/** Case insensitve regex for own tables */
public ownTables: string = "^[yz]";
}
export class ModifyOnlyOwnDBTables implements IRule {
private conf = new ModifyOnlyOwnDBTablesConf();
protected reg: IRegistry;
public getMetadata(): IRuleMetadata {
return {
key: "modify_only_own_db_tables",
title: "Modify only own DB tables",
shortDescription: `Modify only own DB tables`,
extendedInformation: `https://docs.abapopenchecks.org/checks/26/`,
tags: [RuleTag.Security],
};
}
public getConfig() {
return this.conf;
}
public setConfig(conf: ModifyOnlyOwnDBTablesConf) {
this.conf = conf;
}
public initialize(reg: IRegistry) {
this.reg = reg;
return this;
}
public run(obj: IObject): readonly Issue[] {
if (!(obj instanceof ABAPObject)) {
return [];
}
let spaghetti: ISpaghettiScope | undefined = undefined;
const output: Issue[] = [];
for (const file of obj.getABAPFiles()) {
const struc = file.getStructure();
if (struc === undefined) {
return [];
}
const regExp = new RegExp(this.getConfig().ownTables, "i");
for (const s of file.getStatements()) {
const g = s.get();
if (g instanceof Statements.DeleteDatabase
|| g instanceof Statements.UpdateDatabase
|| g instanceof Statements.InsertDatabase
|| g instanceof Statements.ModifyDatabase) {
const databaseTable = s.findFirstExpression(Expressions.DatabaseTable);
if (databaseTable === undefined) {
continue;
}
if (databaseTable.getFirstChild()?.get() instanceof Expressions.Dynamic) {
if (this.getConfig().reportDynamic === true) {
output.push(Issue.atStatement(file, s, this.getMetadata().title, this.getMetadata().key, this.getConfig().severity));
}
continue;
}
const concat = databaseTable.concatTokens().toUpperCase();
if (regExp.test(concat) === false) {
// must contain a ReferenceType.TableVoidReference or a ReferenceType.TableReference if its a dependency
if (spaghetti === undefined) {
spaghetti = new SyntaxLogic(this.reg, obj).run().spaghetti;
}
const start = databaseTable.getFirstToken().getStart();
const scope = spaghetti.lookupPosition(start, file.getFilename());
const found1 = scope?.findTableVoidReference(start);
if (found1) {
output.push(Issue.atStatement(file, s, this.getMetadata().title, this.getMetadata().key, this.getConfig().severity));
}
const found2 = scope?.findTableReference(start);
if (found2) {
output.push(Issue.atStatement(file, s, this.getMetadata().title, this.getMetadata().key, this.getConfig().severity));
}
}
}
}
}
return output;
}
}
|