private void ProcessWhereBooleanExpression(BooleanExpression BooleanExpression)
{
string ExpressionType = FragmentTypeParser.GetFragmentType(BooleanExpression);
switch (ExpressionType)
{
case "BooleanComparisonExpression":
var BoolComp = (BooleanComparisonExpression)BooleanExpression;
ProcessWhereScalarExpression(BoolComp.FirstExpression);
ProcessWhereScalarExpression(BoolComp.SecondExpression);
if ((BoolComp.ComparisonType == BooleanComparisonType.Equals) &&
(FragmentTypeParser.GetFragmentType(BoolComp.FirstExpression) == "NullLiteral" ||
FragmentTypeParser.GetFragmentType(BoolComp.SecondExpression) == "NullLiteral")
)
{
_smells.SendFeedBack(46, BoolComp);
}
break;
case "BooleanBinaryExpression":
var BoolExpression = (BooleanBinaryExpression)BooleanExpression;
ProcessWhereBooleanExpression(BoolExpression.FirstExpression);
ProcessWhereBooleanExpression(BoolExpression.SecondExpression);
break;
default:
break;
}
}
public void ProcessTopFilter(TopRowFilter TopFilter)
{
IntegerLiteral TopLiteral = null;
if (FragmentTypeParser.GetFragmentType(TopFilter.Expression) != "ParenthesisExpression")
{
_smells.SendFeedBack(34, TopFilter);
if (FragmentTypeParser.GetFragmentType(TopFilter.Expression) == "IntegerLiteral")
{
TopLiteral = (IntegerLiteral)TopFilter.Expression;
}
}
else
{
var ParenthesisExpression = (ParenthesisExpression)TopFilter.Expression;
if (FragmentTypeParser.GetFragmentType(ParenthesisExpression.Expression) == "IntegerLiteral")
{
TopLiteral = (IntegerLiteral)ParenthesisExpression.Expression;
}
}
if (TopFilter.Percent && TopLiteral != null && TopLiteral.Value == "100")
{
_smells.SendFeedBack(35, TopLiteral);
}
}
private void ProcessWhereScalarExpression(ScalarExpression WhereExpression)
{
string ExpressionType = FragmentTypeParser.GetFragmentType(WhereExpression);
String ParameterType;
switch (ExpressionType)
{
case "ConvertCall":
var ConvertCall = (ConvertCall)WhereExpression;
ParameterType = FragmentTypeParser.GetFragmentType(ConvertCall.Parameter);
if (ParameterType == "ColumnReferenceExpression")
{
_smells.SendFeedBack(6, ConvertCall);
}
break;
case "CastCall":
var CastCall = (CastCall)WhereExpression;
ParameterType = FragmentTypeParser.GetFragmentType(CastCall.Parameter);
if (ParameterType == "ColumnReferenceExpression")
{
_smells.SendFeedBack(6, CastCall);
}
break;
case "ScalarSubquery":
var SubQuery = (ScalarSubquery)WhereExpression;
_smells.ProcessQueryExpression(SubQuery.QueryExpression, "RG");
break;
}
}
public void Process(InsertStatement Fragment)
{
if (Fragment.InsertSpecification.Columns.Count == 0)
{
_smells.SendFeedBack(12, Fragment);
}
switch (FragmentTypeParser.GetFragmentType(Fragment.InsertSpecification.InsertSource))
{
case "SelectInsertSource":
var InsSource = (SelectInsertSource)Fragment.InsertSpecification.InsertSource;
WithCtesAndXmlNamespaces Cte = Fragment.WithCtesAndXmlNamespaces;
_smells.ProcessQueryExpression(InsSource.Select, "RG", false, Cte);
if (Cte != null)
{
ProcessWithCtesAndXmlNamespaces(Cte);
}
break;
case "ExecuteInsertSource":
var ExecSource = (ExecuteInsertSource)Fragment.InsertSpecification.InsertSource;
//ProcessExecuteSpecification(ExecSource.Execute);
ExecutableEntity ExecutableEntity = ExecSource.Execute.ExecutableEntity;
_smells.ExecutableEntityProcessor.ProcessExecutableEntity(ExecutableEntity);
break;
}
}
public void ProcessQueryExpression(QueryExpression queryExpression, string parentType, bool testTop = false,
WithCtesAndXmlNamespaces cte = null)
{
string expressionType = FragmentTypeParser.GetFragmentType(queryExpression);
switch (expressionType)
{
case "QuerySpecification":
//{$Query = $Stmt.QueryExpression;
var querySpec = (QuerySpecification)queryExpression;
_selectStatementProcessor.ProcessSelectElements(querySpec.SelectElements, parentType, cte);
if (querySpec.FromClause != null)
{
_fromProcessor.Process(querySpec.FromClause, cte);
}
if (querySpec.WhereClause != null)
{
_whereProcessor.Process(querySpec.WhereClause);
}
if (querySpec.OrderByClause != null)
{
_orderByProcessor.Process(querySpec.OrderByClause);
if (parentType == "VW")
{
SendFeedBack(28, querySpec.OrderByClause);
}
}
if (querySpec.TopRowFilter != null)
{
_topProcessor.ProcessTopFilter(querySpec.TopRowFilter);
}
break;
case "QueryParenthesisExpression":
//{$Query=$Stmt.QueryExpression.QueryExpression;break}
var expression = (QueryParenthesisExpression)queryExpression;
ProcessQueryExpression(expression.QueryExpression, "RG", testTop, cte);
break;
case "BinaryQueryExpression":
var binaryQueryExpression = (BinaryQueryExpression)queryExpression;
ProcessQueryExpression(binaryQueryExpression.FirstQueryExpression, parentType, testTop, cte);
ProcessQueryExpression(binaryQueryExpression.SecondQueryExpression, parentType, testTop, cte);
//BinaryQueryExpression.
//{Process-BinaryQueryExpression $Stmt.QueryExpression;break;}
break;
}
}
private bool InjectionTesting(ExecutableStringList StringList)
{
foreach (TSqlFragment Fragment in StringList.Strings)
{
switch (FragmentTypeParser.GetFragmentType(Fragment))
{
case "VariableReference":
var varRef = (VariableReference)Fragment;
if (TestVariableAssigmentChain(varRef.Name))
{
return(true);
}
break;
}
}
return(false);
}
private void ProcessOrderExpression(ExpressionWithSortOrder Expression)
{
string SubExpressionType = FragmentTypeParser.GetFragmentType(Expression.Expression);
switch (SubExpressionType)
{
case "IntegerLiteral":
_smells.SendFeedBack(7, Expression);
break;
case "CastCall":
var CastCall = (CastCall)Expression.Expression;
if (FragmentTypeParser.GetFragmentType(CastCall.Parameter) == "ColumnReferenceExpression")
{
_smells.SendFeedBack(6, Expression);
}
break;
}
}
private void ProcessSelectElement(SelectElement SelectElement, string ParentType, WithCtesAndXmlNamespaces Cte)
{
string ElemType = FragmentTypeParser.GetFragmentType(SelectElement);
switch (ElemType)
{
case "SelectStarExpression":
_smells.SendFeedBack(5, SelectElement);
break;
case "SelectScalarExpression":
var ScalarExpression = (SelectScalarExpression)SelectElement;
string ExpressionType = FragmentTypeParser.GetFragmentType(ScalarExpression.Expression);
switch (ExpressionType)
{
case "ScalarSubquery":
var SubQuery = (ScalarSubquery)ScalarExpression.Expression;
_smells.ProcessQueryExpression(SubQuery.QueryExpression, ParentType, false, Cte);
break;
case "ColumnReferenceExpression":
var Expression = (ColumnReferenceExpression)ScalarExpression.Expression;
break;
case "FunctionCall":
_smells.FunctionProcessor.ProcessFunctionCall((FunctionCall)ScalarExpression.Expression);
break;
case "IntegerLiteral":
break;
case "ConvertCall":
break;
}
break;
case "SelectSetVariable":
_smells.SelectSetProcessor.ProcessSelectSetVariable((SelectSetVariable)SelectElement);
break;
}
}
public void ProcessExecutableEntity(ExecutableEntity ExecutableEntity)
{
switch (FragmentTypeParser.GetFragmentType(ExecutableEntity))
{
case "ExecutableProcedureReference":
var ProcReference = (ExecutableProcedureReference)ExecutableEntity;
if (ProcReference.ProcedureReference.ProcedureReference.Name.SchemaIdentifier == null &&
!ProcReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value.StartsWith(
"sp_", StringComparison.OrdinalIgnoreCase))
{
_smells.SendFeedBack(21, ExecutableEntity);
}
if (
ProcReference.ProcedureReference.ProcedureReference.Name.BaseIdentifier.Value.Equals(
"sp_executesql", StringComparison.OrdinalIgnoreCase))
{
foreach (ExecuteParameter Param in ExecutableEntity.Parameters)
{
if (Param.Variable.Name.Equals("@stmt", StringComparison.OrdinalIgnoreCase))
{
if (FragmentTypeParser.GetFragmentType(Param.ParameterValue) == "VariableReference")
{
var var = (VariableReference)Param.ParameterValue;
if (TestVariableAssigmentChain(var.Name))
{
_smells.SendFeedBack(43, ExecutableEntity);
}
}
}
}
}
break;
case "ExecutableStringList":
var StringList = (ExecutableStringList)ExecutableEntity;
if (InjectionTesting(StringList))
{
_smells.SendFeedBack(43, ExecutableEntity);
}
break;
}
}
private void ProcessSelectSetFragment(TSqlFragment Expression, string VarName)
{
string ElemType = FragmentTypeParser.GetFragmentType(Expression);
switch (ElemType)
{
case "BinaryExpression":
var BinaryExpression = (BinaryExpression)Expression;
ProcessSelectSetFragment(BinaryExpression.FirstExpression, VarName);
ProcessSelectSetFragment(BinaryExpression.SecondExpression, VarName);
break;
case "VariableReference":
ProcessVariableReference((VariableReference)Expression, VarName);
break;
case "FunctionCall":
var Func = (FunctionCall)Expression;
foreach (TSqlFragment Parameter in Func.Parameters)
{
ProcessSelectSetFragment(Parameter, VarName);
}
break;
case "CastCall":
var Cast = (CastCall)Expression;
if (FragmentTypeParser.GetFragmentType(Cast.Parameter) == "VariableReference")
{
ProcessVariableReference((VariableReference)Cast.Parameter, VarName);
}
break;
case "StringLiteral":
break;
}
}
private void ProcessTableReference(TableReference TableRef, WithCtesAndXmlNamespaces cte)
{
string Type = FragmentTypeParser.GetFragmentType(TableRef);
switch (Type)
{
case "NamedTableReference":
var NamedTableRef = (NamedTableReference)TableRef;
if (NamedTableRef.SchemaObject.BaseIdentifier.Value[0] != '#' &&
NamedTableRef.SchemaObject.BaseIdentifier.Value[0] != '@')
{
if (NamedTableRef.SchemaObject.ServerIdentifier != null)
{
_smells.SendFeedBack(1, NamedTableRef);
}
if (NamedTableRef.SchemaObject.SchemaIdentifier == null &&
!isCteName(NamedTableRef.SchemaObject, cte))
{
_smells.SendFeedBack(2, NamedTableRef);
}
}
if (NamedTableRef.TableHints != null)
{
foreach (TableHint TableHint in NamedTableRef.TableHints)
{
switch (TableHint.HintKind)
{
case TableHintKind.NoLock:
_smells.SendFeedBack(3, TableHint);
break;
case TableHintKind.ReadPast:
break;
case TableHintKind.ForceScan:
_smells.SendFeedBack(44, TableHint);
break;
case TableHintKind.Index:
_smells.SendFeedBack(45, TableHint);
break;
default:
_smells.SendFeedBack(4, TableHint);
break;
}
}
}
break;
case "QueryDerivedTable":
var QueryDerivedRef = (QueryDerivedTable)TableRef;
String Alias = QueryDerivedRef.Alias.Value;
if (Alias.Length == 1)
{
_smells.SendFeedBack(11, QueryDerivedRef);
}
if (FragmentTypeParser.GetFragmentType(QueryDerivedRef.QueryExpression) == "QuerySpecification")
{
// QuerySpecification QuerySpec = (QuerySpecification)QueryDerivedRef.QueryExpression;
// Process(QuerySpec.FromClause, cte);
_smells.ProcessQueryExpression(QueryDerivedRef.QueryExpression, "RG", true, cte);
}
break;
case "QualifiedJoin":
var QualifiedJoin = (QualifiedJoin)TableRef;
ProcessTableReference(QualifiedJoin.FirstTableReference, cte);
ProcessTableReference(QualifiedJoin.SecondTableReference, cte);
break;
}
}
//void ProcessSelectElements(
public void ProcessTsqlFragment(TSqlFragment fragment)
{
String stmtType = FragmentTypeParser.GetFragmentType(fragment);
//Console.WriteLine(StmtType);
switch (stmtType)
{
case "DeclareCursorStatement":
_cursorProcessor.ProcessCursorStatement((DeclareCursorStatement)fragment);
break;
case "BeginEndBlockStatement":
_beginEndBlockProcessor.ProcessBeginEndBlockStatement((BeginEndBlockStatement)fragment);
break;
case "CreateFunctionStatement":
case "AlterFunctionStatement":
_functionStatementBodyProcessor.ProcessFunctionStatementBody((FunctionStatementBody)fragment);
break;
case "SelectFunctionReturnType":
_selectFunctionReturnTypeProcessor.ProcessSelectFunctionReturnType((SelectFunctionReturnType)fragment);
return;
case "ScalarFunctionReturnType":
_scalarFunctionReturnTypeProcessor.ProcessScalarFunctionReturnType((ScalarFunctionReturnType)fragment);
break;
case "SetTransactionIsolationLevelStatement":
_setTransactionIsolationLevelProcessor.ProcessSetTransactionIolationLevelStatement((SetTransactionIsolationLevelStatement)fragment);
break;
case "WhileStatement":
_whileProcessor.ProcessWhileStatement((WhileStatement)fragment);
break;
case "InsertStatement":
InsertProcessor.Process((InsertStatement)fragment);
break;
case "SelectStatement":
_selectStatementProcessor.Process((SelectStatement)fragment, "RG", true);
break;
case "SetRowCountStatement":
SendFeedBack(42, fragment);
break;
case "IfStatement":
_ifStatementProcessor.ProcessIfStatement((IfStatement)fragment);
break;
case "PredicateSetStatement":
_predicateSetProcessor.ProcessPredicateSetStatement((PredicateSetStatement)fragment);
break;
case "ExecuteStatement":
ExecutableEntityProcessor.ProcessExecuteStatement((ExecuteStatement)fragment);
break;
case "SetIdentityInsertStatement":
SendFeedBack(22, fragment);
break;
case "SetCommandStatement":
_setProcessor.ProcessSetStatement((SetCommandStatement)fragment);
break;
case "CreateTableStatement":
_createTableProcessor.ProcessCreateTable((CreateTableStatement)fragment);
break;
case "CreateProcedureStatement":
case "AlterProcedureStatement":
ProcedureStatementBodyProcessor.ProcessProcedureStatementBody((ProcedureStatementBody)fragment);
_assignmentList.Clear();
break;
case "CreateViewStatement":
case "AlterViewStatement":
_viewStatementProcessor.ProcessViewStatementBody((ViewStatementBody)fragment);
break;
case "TSqlBatch":
var batch = (TSqlBatch)fragment;
foreach (TSqlStatement innerFragment in batch.Statements)
{
ProcessTsqlFragment(innerFragment);
}
break;
case "TSqlScript":
var script = (TSqlScript)fragment;
foreach (TSqlBatch innerBatch in script.Batches)
{
ProcessTsqlFragment(innerBatch);
}
break;
case "TryCatchStatement":
var trycatch = (TryCatchStatement)fragment;
foreach (TSqlStatement innerStmt in trycatch.TryStatements.Statements)
{
ProcessTsqlFragment(innerStmt);
}
foreach (TSqlStatement innerStmt in trycatch.CatchStatements.Statements)
{
ProcessTsqlFragment(innerStmt);
}
break;
case "BooleanParenthesisExpression":
var expression = (BooleanParenthesisExpression)fragment;
ProcessTsqlFragment(expression.Expression);
break;
case "BooleanComparisonExpression":
var bcExpression = (BooleanComparisonExpression)fragment;
ProcessTsqlFragment(bcExpression.FirstExpression);
ProcessTsqlFragment(bcExpression.SecondExpression);
break;
case "ScalarSubquery":
var scalarSubquery = (ScalarSubquery)fragment;
ProcessQueryExpression(scalarSubquery.QueryExpression, "RG");
break;
case "ReturnStatement":
_returnStatementProcessor.ProcessReturnStatement((ReturnStatement)fragment);
break;
case "IntegerLiteral":
break;
case "DeclareVariableStatement":
_declareVariableProcessor.ProcessDeclareVariableStatement((DeclareVariableStatement)fragment);
break;
case "DeclareVariableElement":
_declareVariableProcessor.ProcessDeclareVariableElement((DeclareVariableElement)fragment);
break;
case "PrintStatement":
break;
case "SqlDataTypeReference":
_sqlDataTypeProcessor.ProcessSqlDataTypeReference((SqlDataTypeReference)fragment);
break;
case "DeclareTableVariableStatement":
_tableVariableProcessor.ProcessTableVariableStatement((DeclareTableVariableStatement)fragment);
break;
case "TableValuedFunctionReturnType":
_tableVariableProcessor.ProcessTableValuedFunctionReturnType((TableValuedFunctionReturnType)fragment);
break;
case "DeclareTableVariableBody":
_tableVariableProcessor.ProcessTableVariableBody((DeclareTableVariableBody)fragment);
break;
case "VariableReference":
//ProcessVariableReference((VariableReference)Fragment);
break;
case "ExistsPredicate":
_tableVariableProcessor.ProcessExistsPredicate((ExistsPredicate)fragment);
break;
case "ColumnDefinition":
_columnDefinitionProcessor.ProcessColumnDefinition((ColumnDefinition)fragment);
break;
}
}
public void ProcessCreateTable(CreateTableStatement TblStmt)
{
bool isTemp = TblStmt.SchemaObjectName.BaseIdentifier.Value.StartsWith("#") ||
TblStmt.SchemaObjectName.BaseIdentifier.Value.StartsWith("@");
if (TblStmt.SchemaObjectName.SchemaIdentifier == null &&
!isTemp
)
{
_smells.SendFeedBack(27, TblStmt);
}
{
foreach (ColumnDefinition colDef in TblStmt.Definition.ColumnDefinitions)
{
_smells.ProcessTsqlFragment(colDef);
}
}
if (isTemp)
{
foreach (ConstraintDefinition constDef in TblStmt.Definition.TableConstraints)
{
if (constDef.ConstraintIdentifier != null)
{
}
switch (FragmentTypeParser.GetFragmentType(constDef))
{
case "UniqueConstraintDefinition":
UniqueConstraintDefinition unqConst = (UniqueConstraintDefinition)constDef;
if (unqConst.IsPrimaryKey)
{
_smells.SendFeedBack(38, constDef);
}
break;
}
}
foreach (ColumnDefinition colDef in TblStmt.Definition.ColumnDefinitions)
{
if (colDef.DefaultConstraint != null && colDef.DefaultConstraint.ConstraintIdentifier != null)
{
_smells.SendFeedBack(39, colDef);
}
foreach (ConstraintDefinition constDef in colDef.Constraints)
{
if (constDef.ConstraintIdentifier != null)
{
}
switch (FragmentTypeParser.GetFragmentType(constDef))
{
case "CheckConstraintDefinition":
CheckConstraintDefinition chkConst = (CheckConstraintDefinition)constDef;
if (chkConst.ConstraintIdentifier != null)
{
_smells.SendFeedBack(40, chkConst);;
}
break;
}
}
}
}
}