Fixed a bug where variables were being wrongly removed

andrecsilva · andrecsilva · commit 66a861869749 · 2024-11-06T08:16:14.000-03:00
diff --git a/framework/codemodder-base/src/main/java/io/codemodder/ast/ASTs.java b/framework/codemodder-base/src/main/java/io/codemodder/ast/ASTs.java
@@ -182,14 +182,14 @@ public static Optional<MethodCallExpr> isScopeInMethodCall(final Expression expr
   }
 
   /**
-   * Test for this pattern: {@link PatternExpr} ({@code node}) -&gt; {@link SimpleName}
+   * Test for this pattern: {@link TypePatternExpr} ({@code node}) -&gt; {@link SimpleName}
    *
    * @return A tuple with the above pattern in order sans the {@link SimpleName}.
    */
-  public static Optional<PatternExpr> isPatternExprDeclarationOf(
+  public static Optional<TypePatternExpr> isPatternExprDeclarationOf(
       final Node node, final String name) {
-    if (node instanceof PatternExpr) {
-      var pexpr = (PatternExpr) node;
+    if (node instanceof TypePatternExpr) {
+      var pexpr = (TypePatternExpr) node;
       if (pexpr.getNameAsString().equals(name)) return Optional.of(pexpr);
     }
     return Optional.empty();
diff --git a/framework/codemodder-base/src/main/java/io/codemodder/remediation/sqlinjection/SQLParameterizer.java b/framework/codemodder-base/src/main/java/io/codemodder/remediation/sqlinjection/SQLParameterizer.java
@@ -692,8 +692,12 @@ private MethodCallExpr fixByHijackedStatement(
     topStatement = gatherAndSetParameters(pStmtName, topStatement, queryParameterizer);
 
     // Add PreparedStmt stmt =  conn.prepareStatement() assignment
+    // Need to clone the nodes in the arguments to make sure the parent node is properly set
     MethodCallExpr prepareStatementCall =
-        new MethodCallExpr(new NameExpr(connName), "prepareStatement", executeCall.getArguments());
+        new MethodCallExpr(
+            new NameExpr(connName),
+            "prepareStatement",
+            new NodeList<>(executeCall.getArguments().stream().map(n -> n.clone()).toList()));
     ExpressionStmt pStmtCreation =
         new ExpressionStmt(
             new VariableDeclarationExpr(
diff --git a/framework/codemodder-base/src/main/java/io/codemodder/remediation/sqlinjection/SQLParameterizerWithCleanup.java b/framework/codemodder-base/src/main/java/io/codemodder/remediation/sqlinjection/SQLParameterizerWithCleanup.java
@@ -20,7 +20,7 @@ public static void cleanup(final MethodCallExpr pstmtCall) {
     // Remove concatenation with empty strings e.g "first" +  "" -> "first";
     maybeMethodDecl.ifPresent(ASTTransforms::removeEmptyStringConcatenation);
     // Remove potential unused variables left after transform
-    // maybeMethodDecl.ifPresent(md -> ASTTransforms.removeUnusedLocalVariables(md));
+    maybeMethodDecl.ifPresent(md -> ASTTransforms.removeUnusedLocalVariables(md));
 
     // Merge concatenated literals, e.g. "first" + " and second" -> "first and second"
     pstmtCall.getArguments().getFirst().ifPresent(ASTTransforms::mergeConcatenatedLiterals);
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,7 +1,7 @@
 [versions]
 auto-value = "1.9"
 jackson = "2.13.1"
-javaparser-core = "3.25.4"
+javaparser-core = "3.26.2"
 javaparser-symbolsolver = "3.15.15"
 java-security-toolkit = "1.2.0"
 java-security-toolkit-xstream = "1.0.2"

Original file line number	Diff line number	Diff line change
`@@ -182,14 +182,14 @@ public static Optional<MethodCallExpr> isScopeInMethodCall(final Expression expr`
`182`	`182`	`}`
`183`	`183`
`184`	`184`	`/**`
`185`		`- * Test for this pattern: {@link PatternExpr} ({@code node}) -> {@link SimpleName}`
	`185`	`+ * Test for this pattern: {@link TypePatternExpr} ({@code node}) -> {@link SimpleName}`
`186`	`186`	`*`
`187`	`187`	`* @return A tuple with the above pattern in order sans the {@link SimpleName}.`
`188`	`188`	`*/`
`189`		`- public static Optional<PatternExpr> isPatternExprDeclarationOf(`
	`189`	`+ public static Optional<TypePatternExpr> isPatternExprDeclarationOf(`
`190`	`190`	`final Node node, final String name) {`
`191`		`- if (node instanceof PatternExpr) {`
`192`		`- var pexpr = (PatternExpr) node;`
	`191`	`+ if (node instanceof TypePatternExpr) {`
	`192`	`+ var pexpr = (TypePatternExpr) node;`
`193`	`193`	`if (pexpr.getNameAsString().equals(name)) return Optional.of(pexpr);`
`194`	`194`	`}`
`195`	`195`	`return Optional.empty();`