Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 11353x 11353x 11353x 11353x 44764x 44764x 44764x 44764x 44764x 44764x 44764x 44764x 44764x 44764x 11353x 11353x 10854x 10854x 11353x 11353x 233x 233x 11353x 11353x 270x 270x 270x 270x 23x 23x 247x 247x 270x 270x 247x 270x 1318x 1318x 1318x 1318x 1318x 1318x 1318x 27x 27x 15x 15x 15x 10x 10x 10x 1x 1x 1x 9x 9x 9x 10x 10x 10x 10x 10x 15x 27x 27x 15x 15x 10x 10x 5x 5x 5x 15x 15x 15x 15x 15x 27x 1318x 247x 247x 247x 11353x | import * as Statements from "../abap/2_statements/statements";
import * as Expressions from "../abap/2_statements/expressions";
import {Issue} from "../issue";
import {ABAPRule} from "./_abap_rule";
import {BasicRuleConfig} from "./_basic_rule_config";
import {Version} from "../version";
import {RuleTag, IRuleMetadata} from "./_irule";
import {ABAPFile} from "../abap/abap_file";
import {ABAPObject} from "../objects/_abap_object";
import {EditHelper} from "../edit_helper";
export class SQLEscapeHostVariablesConf extends BasicRuleConfig {
}
export class SQLEscapeHostVariables extends ABAPRule {
private conf = new SQLEscapeHostVariablesConf();
public getMetadata(): IRuleMetadata {
return {
key: "sql_escape_host_variables",
title: "Escape SQL host variables",
shortDescription: `Escape SQL host variables, from 740sp05 and in open-abap`,
extendedInformation: `https://github.com/SAP/styleguides/blob/main/clean-abap/CleanABAP.md#avoid-obsolete-language-elements`,
tags: [RuleTag.Upport, RuleTag.Styleguide, RuleTag.Quickfix, RuleTag.Syntax],
badExample: `SELECT * FROM tab INTO TABLE res WHERE field = val.`,
goodExample: `SELECT * FROM tab INTO TABLE @res WHERE field = @val.`,
};
}
public getConfig() {
return this.conf;
}
public setConfig(conf: SQLEscapeHostVariablesConf) {
this.conf = conf;
}
public runParsed(file: ABAPFile, obj: ABAPObject) {
const issues: Issue[] = [];
const type = obj.getType();
if (type === "INTF" || type === "TYPE") {
return [];
}
if (this.reg.getConfig().getVersion() < Version.v740sp02
&& this.reg.getConfig().getVersion() !== Version.Cloud
&& this.reg.getConfig().getVersion() !== Version.OpenABAP) {
return [];
}
for (const s of file.getStatements()) {
const get = s.get();
if (get instanceof Statements.UpdateDatabase
|| get instanceof Statements.ModifyDatabase
|| get instanceof Statements.Select
|| get instanceof Statements.SelectLoop
|| get instanceof Statements.InsertDatabase
|| get instanceof Statements.DeleteDatabase) {
for (const o of s.findAllExpressionsMulti([Expressions.SQLSource, Expressions.SQLSourceSimple])) {
const first = o.getFirstChild();
if ((first?.get() instanceof Expressions.Source && first.getChildren()[0].get() instanceof Expressions.FieldChain)
|| (first?.get() instanceof Expressions.SimpleSource3 && first.getChildren()[0].get() instanceof Expressions.FieldChain)) {
if (get instanceof Statements.ModifyDatabase
&& first.getFirstToken().getStr().toUpperCase().startsWith("LS_")) {
// heuristic, might not be correct in all cases
continue;
}
const message = "Escape SQL host variables";
const firstToken = o.getFirstChild()!.getFirstToken();
const fix = EditHelper.replaceToken(file, firstToken, "@" + firstToken?.getStr());
const issue = Issue.atToken(file, first.getFirstToken(), message, this.getMetadata().key, this.conf.severity, fix);
issues.push(issue);
break;
}
}
for (const o of s.findAllExpressions(Expressions.SQLTarget)) {
const escaped = o.findDirectTokenByText("@");
if (escaped !== undefined) {
continue;
}
const message = "Escape SQL host variables";
const firstToken = o.getFirstChild()!.getFirstToken();
const fix = EditHelper.replaceToken(file, firstToken, "@" + firstToken?.getStr());
const issue = Issue.atToken(file, o.getFirstToken(), message, this.getMetadata().key, this.conf.severity, fix);
issues.push(issue);
break;
}
}
}
return issues;
}
} |