rules sql_escape_host_variables.ts

97.97% Statements 97/99
83.33% Branches 30/36
100% Functions 5/5
97.97% Lines 97/99
Press n or j to go to the next uncovered block, b, p or k for the previous block.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99 1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
10780x
10780x
10780x
10780x
32194x
32194x
32194x
32194x
32194x
32194x
32194x
32194x
32194x
32194x
10780x
10780x
10267x
10267x
10780x
10780x
240x
240x
10780x
10780x
278x
278x
278x
278x
23x
23x
255x
255x
278x
278x
 
 
255x
278x
1371x
1371x
1371x
1371x
1371x
1371x
1371x
28x
28x
16x
16x
16x
10x
10x
10x
1x
1x
1x
9x
9x
9x
10x
10x
10x
10x
10x
16x
28x
28x
16x
16x
11x
11x
5x
5x
5x
16x
16x
16x
16x
16x
28x
1371x
255x
255x
255x
10780x import * as Statements from "../abap/2_statements/statements";
import * as Expressions from "../abap/2_statements/expressions";
import {Issue} from "../issue";
import {ABAPRule} from "./_abap_rule";
import {BasicRuleConfig} from "./_basic_rule_config";
import {LanguageVersion, Release, releaseAtLeast} from "../version";
import {RuleTag, IRuleMetadata} from "./_irule";
import {ABAPFile} from "../abap/abap_file";
import {ABAPObject} from "../objects/_abap_object";
import {EditHelper} from "../edit_helper";
 
export class SQLEscapeHostVariablesConf extends BasicRuleConfig {
}
 
export class SQLEscapeHostVariables extends ABAPRule {
  private conf = new SQLEscapeHostVariablesConf();
 
  public getMetadata(): IRuleMetadata {
    return {
      key: "sql_escape_host_variables",
      title: "Escape SQL host variables",
      shortDescription: `Escape SQL host variables, from 740sp05 and in open-abap`,
      extendedInformation: `https://github.com/SAP/styleguides/blob/main/clean-abap/CleanABAP.md#avoid-obsolete-language-elements`,
      tags: [RuleTag.Upport, RuleTag.Styleguide, RuleTag.Quickfix, RuleTag.Syntax],
      badExample: `SELECT * FROM tab INTO TABLE res WHERE field = val.`,
      goodExample: `SELECT * FROM tab INTO TABLE @res WHERE field = @val.`,
    };
  }
 
  public getConfig() {
    return this.conf;
  }
 
  public setConfig(conf: SQLEscapeHostVariablesConf) {
    this.conf = conf;
  }
 
  public runParsed(file: ABAPFile, obj: ABAPObject) {
    const issues: Issue[] = [];
 
    const type = obj.getType();
    if (type === "INTF" || type === "TYPE") {
      return [];
    }
 
    if (!releaseAtLeast(this.reg.getConfig().getRelease(), Release.v740sp02)
        && this.reg.getConfig().getLanguageVersion() !== LanguageVersion.Cloud
        && !this.reg.getConfig().getOpenABAP()) {
      return [];
    }
 
    for (const s of file.getStatements()) {
      const get = s.get();
      if (get instanceof Statements.UpdateDatabase
          || get instanceof Statements.ModifyDatabase
          || get instanceof Statements.Select
          || get instanceof Statements.SelectLoop
          || get instanceof Statements.InsertDatabase
          || get instanceof Statements.DeleteDatabase) {
 
        for (const o of s.findAllExpressionsMulti([Expressions.SQLSource, Expressions.SQLSourceSimple])) {
          const first = o.getFirstChild();
          if ((first?.get() instanceof Expressions.Source && first.getChildren()[0].get() instanceof Expressions.FieldChain)
              || (first?.get() instanceof Expressions.SimpleSource3 && first.getChildren()[0].get() instanceof Expressions.FieldChain)) {
 
            if (get instanceof Statements.ModifyDatabase
                && first.getFirstToken().getStr().toUpperCase().startsWith("LS_")) {
              // heuristic, might not be correct in all cases
              continue;
            }
 
            const message = "Escape SQL host variables";
            const firstToken = o.getFirstChild()!.getFirstToken();
            const fix = EditHelper.replaceToken(file, firstToken, "@" + firstToken?.getStr());
            const issue = Issue.atToken(file, first.getFirstToken(), message, this.getMetadata().key, this.conf.severity, fix);
            issues.push(issue);
            break;
          }
        }
 
        for (const o of s.findAllExpressions(Expressions.SQLTarget)) {
          const escaped = o.findDirectTokenByText("@");
          if (escaped !== undefined) {
            continue;
          }
 
          const message = "Escape SQL host variables";
          const firstToken = o.getFirstChild()!.getFirstToken();
          const fix = EditHelper.replaceToken(file, firstToken, "@" + firstToken?.getStr());
          const issue = Issue.atToken(file, o.getFirstToken(), message, this.getMetadata().key, this.conf.severity, fix);
          issues.push(issue);
          break;
        }
      }
    }
 
    return issues;
  }
}