Ejemplo n.º 1
0
        public void Process(InsertStatement Fragment)
        {
            if (Fragment.InsertSpecification.Columns.Count == 0)
            {
                _smells.SendFeedBack(12, Fragment);
            }

            switch (FragmentTypeParser.GetFragmentType(Fragment.InsertSpecification.InsertSource))
            {
            case "SelectInsertSource":
                var InsSource = (SelectInsertSource)Fragment.InsertSpecification.InsertSource;
                WithCtesAndXmlNamespaces Cte = Fragment.WithCtesAndXmlNamespaces;
                _smells.ProcessQueryExpression(InsSource.Select, "RG", false, Cte);
                if (Cte != null)
                {
                    ProcessWithCtesAndXmlNamespaces(Cte);
                }
                break;

            case "ExecuteInsertSource":
                var ExecSource = (ExecuteInsertSource)Fragment.InsertSpecification.InsertSource;
                //ProcessExecuteSpecification(ExecSource.Execute);
                ExecutableEntity ExecutableEntity = ExecSource.Execute.ExecutableEntity;
                _smells.ExecutableEntityProcessor.ProcessExecutableEntity(ExecutableEntity);
                break;
            }
        }
Ejemplo n.º 2
0
 public static IList <Field> GetFields(
     this ExecutableEntity executableEntity,
     ILogger logger,
     SchemaFile file
     )
 {
     return(executableEntity.GetSchema(logger, file).Columns.ToList());
 }
        public void ProcessExecutableEntity(ExecutableEntity ExecutableEntity)
        {
            switch (FragmentTypeParser.GetFragmentType(ExecutableEntity))
            {
            case "ExecutableProcedureReference":
                var ProcReference = (ExecutableProcedureReference)ExecutableEntity;
                if (ProcReference.ProcedureReference.ProcedureReference.Name.SchemaIdentifier == null &&
                    !ProcReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value.StartsWith(
                        "sp_", StringComparison.OrdinalIgnoreCase))
                {
                    _smells.SendFeedBack(21, ExecutableEntity);
                }
                if (
                    ProcReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value.Equals(
                        "sp_executesql", StringComparison.OrdinalIgnoreCase))
                {
                    foreach (ExecuteParameter Param in ExecutableEntity.Parameters)
                    {
                        if (Param.Variable.Name.Equals("@stmt", StringComparison.OrdinalIgnoreCase))
                        {
                            if (FragmentTypeParser.GetFragmentType(Param.ParameterValue) == "VariableReference")
                            {
                                var var = (VariableReference)Param.ParameterValue;
                                if (TestVariableAssigmentChain(var.Name))
                                {
                                    _smells.SendFeedBack(43, ExecutableEntity);
                                }
                            }
                        }
                    }
                }
                break;

            case "ExecutableStringList":
                var StringList = (ExecutableStringList)ExecutableEntity;
                if (InjectionTesting(StringList))
                {
                    _smells.SendFeedBack(43, ExecutableEntity);
                }
                break;
            }
        }
Ejemplo n.º 4
0
        public static IList <Parameter> GetParameters(
            this ExecutableEntity executableEntity,
            ILogger logger,
            SchemaFile file
            )
        {
            var executable = executableEntity.GetSchema(logger, file);

            switch (executable)
            {
            case StoredProcedure storedProcedure:
                return(storedProcedure.Parameters);

            case Function function:
                return(function.Parameters);

            default:
                return(new List <Parameter>());
            }
        }
 public void ProcessExecutableEntity(ExecutableEntity ExecutableEntity)
 {
     switch (FragmentTypeParser.GetFragmentType(ExecutableEntity))
     {
         case "ExecutableProcedureReference":
             var ProcReference = (ExecutableProcedureReference) ExecutableEntity;
             if (ProcReference.ProcedureReference.ProcedureReference.Name.SchemaIdentifier == null &&
                 !ProcReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value.StartsWith(
                     "sp_", StringComparison.OrdinalIgnoreCase))
             {
                 _smells.SendFeedBack(21, ExecutableEntity);
             }
             if (
                 ProcReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value.Equals(
                     "sp_executesql", StringComparison.OrdinalIgnoreCase))
             {
                 foreach (ExecuteParameter Param in ExecutableEntity.Parameters)
                 {
                     if (Param.Variable.Name.Equals("@stmt", StringComparison.OrdinalIgnoreCase))
                     {
                         if (FragmentTypeParser.GetFragmentType(Param.ParameterValue) == "VariableReference")
                         {
                             var var = (VariableReference) Param.ParameterValue;
                             if (TestVariableAssigmentChain(var.Name))
                             {
                                 _smells.SendFeedBack(43, ExecutableEntity);
                             }
                         }
                     }
                 }
             }
             break;
         case "ExecutableStringList":
             var StringList = (ExecutableStringList) ExecutableEntity;
             if (InjectionTesting(StringList))
             {
                 _smells.SendFeedBack(43, ExecutableEntity);
             }
             break;
     }
 }
Ejemplo n.º 6
0
        public static SchemaObject GetSchema(
            this ExecutableEntity executableEntity,
            ILogger logger,
            SchemaFile file
            )
        {
            switch (executableEntity)
            {
            case ExecutableProcedureReference executableProcedureReference:
            {
                // TODO : requires more work, there is also a Variable property, who knows what's that for
                var identifier = executableProcedureReference.ProcedureReference.ProcedureReference.Name.GetQualifiedIdentfier(file);
                if (file.Schema.ContainsKey(identifier))
                {
                    return(file.Schema[identifier]);
                }

                var parameters     = new List <Parameter>();
                var schema         = SchemaObject.SystemSchema;
                var baseIdentifier = executableProcedureReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value;
                var columns        = new List <Field>();

                switch (baseIdentifier.ToUpper())
                {
                case "SP_EXECUTESQL":
                    parameters.Add(new Parameter(new StringField()
                        {
                            Name       = "@stmt",
                            Type       = FieldType.String,   // nvarchar(max)
                            Origin     = OriginType.SystemType,
                            IsNullable = false,
                            Length     = 0,     // TODO
                        })
                        {
                            HasDefaultValue = false,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        });
                    break;

                case "SP_ADDEXTENDEDPROPERTY":
                    parameters = new List <Parameter>()
                    {
                        new Parameter(new StringField()
                            {
                                Name   = "@name",
                                Type   = FieldType.String,       // sysname
                                Origin = OriginType.SystemType,
                                Length = 128,
                            })
                        {
                            HasDefaultValue = false,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new DefaultField()
                            {
                                Name   = "@value",
                                Type   = FieldType.SqlVariant,
                                Origin = OriginType.SystemType,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new StringField()
                            {
                                Name   = "@level0type",
                                Type   = FieldType.String,       // varchar(128)
                                Origin = OriginType.SystemType,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new StringField()
                            {
                                Name   = "@level0name",
                                Type   = FieldType.String,       // sysname
                                Origin = OriginType.SystemType,
                                Length = 128,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new StringField()
                            {
                                Name   = "@level1type",
                                Type   = FieldType.String,       // varchar(128)
                                Origin = OriginType.SystemType,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new StringField()
                            {
                                Name   = "@level1name",
                                Type   = FieldType.String,       // sysname
                                Origin = OriginType.SystemType,
                                Length = 128,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new StringField()
                            {
                                Name   = "@level2type",
                                Type   = FieldType.String,       // varchar(128)
                                Origin = OriginType.SystemType,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                        new Parameter(new StringField()
                            {
                                Name   = "@level2name",
                                Type   = FieldType.String,       // sysname
                                Origin = OriginType.SystemType,
                                Length = 128,
                            })
                        {
                            HasDefaultValue = true,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        },
                    };
                    break;

                case "XP_CMDSHELL":
                    parameters.Add(new Parameter(new StringField()
                        {
                            Name       = "@command_string",
                            Type       = FieldType.String,   // varchar(8000) / nvarchar(4000)
                            Origin     = OriginType.SystemType,
                            IsNullable = false,
                            Length     = 8000,     // TODO
                        })
                        {
                            HasDefaultValue = false,
                            IsOutput        = false,
                            IsReadOnly      = false,
                        });
                    columns.Add(new StringField()
                        {
                            Name       = null,
                            Type       = FieldType.String,   // nvarchar(255)
                            Origin     = OriginType.SystemType,
                            IsNullable = false,
                            Length     = 255,
                        });
                    break;

                default:
                    logger.Log(LogLevel.Error,
                               LogType.MissingSchemaObject,
                               file.Path,
                               $"\"{identifier}\" executable entity is missing in the schema.");

                    schema = executableProcedureReference
                             .ProcedureReference
                             .ProcedureReference
                             .Name
                             .SchemaIdentifier
                             ?.Value
                             ?? SchemaObject.DefaultSchema;

                    break;
                }

                var storedProc = new StoredProcedure()
                {
                    File     = file,
                    Database = executableProcedureReference
                               .ProcedureReference
                               .ProcedureReference
                               .Name
                               .DatabaseIdentifier
                               ?.Value
                               ?? file.Context.Name,
                    Schema     = schema,
                    Identifier = baseIdentifier,
                    Parameters = parameters,
                    Columns    = columns,
                };

                return(storedProc);
            }

            // TODO : ugh, what can I do with this?
            case ExecutableStringList executableStringList:
            default:
                //logger.Log(LogLevel.NotSupportedYet, $"\"{executableEntity.GetType()}\" executable entity is not supported yet.");
                return(new Unknown()
                {
                    File = file,
                    Database = file.Context.Name,
                    Schema = SchemaObject.DefaultSchema,
                    Identifier = "Unknown",
                });
            }
        }
 public override void ExplicitVisit(ExecutableEntity fragment)
 {
     _fragments.Add(fragment);
 }
        public void ProcessExecuteStatement(ExecuteStatement Fragment)
        {
            ExecutableEntity ExecutableEntity = Fragment.ExecuteSpecification.ExecutableEntity;

            ProcessExecutableEntity(ExecutableEntity);
        }
 public sealed override void ExplicitVisit(ExecutableEntity node)
 {
     base.ExplicitVisit(node);
 }
 public sealed override void Visit(ExecutableEntity node)
 {
     base.Visit(node);
 }
Ejemplo n.º 11
0
 public override void ExplicitVisit(ExecutableEntity node) { this.action(node); }