Package io.codemodder.codemods

Class OptimizeJacksonStringUsageCodemod

java.lang.Object
io.codemodder.javaparser.JavaParserChanger
io.codemodder.SarifPluginJavaParserChanger<com.github.javaparser.ast.stmt.ExpressionStmt>
io.codemodder.codemods.OptimizeJacksonStringUsageCodemod
All Implemented Interfaces:
io.codemodder.CodeChanger
@Codemod(id="pixee:java/optimize-jackson-string-usage", importance=MEDIUM, reviewGuidance=MERGE_AFTER_CURSORY_REVIEW) public final class OptimizeJacksonStringUsageCodemod extends io.codemodder.SarifPluginJavaParserChanger<com.github.javaparser.ast.stmt.ExpressionStmt>

  • Field Summary

    Fields inherited from class io.codemodder.SarifPluginJavaParserChanger

    sarif

    Fields inherited from class io.codemodder.javaparser.JavaParserChanger

    reporter

  • Constructor Summary

    Constructors
    Constructor
    Description
    OptimizeJacksonStringUsageCodemod(io.codemodder.RuleSarif semgrepSarif)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    io.codemodder.javaparser.ChangesResult
    onResultFound(io.codemodder.CodemodInvocationContext context, com.github.javaparser.ast.CompilationUnit cu, com.github.javaparser.ast.stmt.ExpressionStmt varDeclStmt, com.contrastsecurity.sarif.Result result)
    The rule pattern identifies any dataflow from IOUtils#toString() to ObjectMapper#readValue().

    Methods inherited from class io.codemodder.SarifPluginJavaParserChanger

    shouldRun, visit

    Methods inherited from class io.codemodder.javaparser.JavaParserChanger

    getDescription, getIndividualChangeDescription, getReferences, getSummary

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • OptimizeJacksonStringUsageCodemod

      @Inject public OptimizeJacksonStringUsageCodemod(@SemgrepScan(ruleId="optimize-jackson-string-usage") io.codemodder.RuleSarif semgrepSarif)

  • Method Details

    • onResultFound

      public io.codemodder.javaparser.ChangesResult onResultFound(io.codemodder.CodemodInvocationContext context, com.github.javaparser.ast.CompilationUnit cu, com.github.javaparser.ast.stmt.ExpressionStmt varDeclStmt, com.contrastsecurity.sarif.Result result)
      The rule pattern identifies any dataflow from IOUtils#toString() to ObjectMapper#readValue(). However, we can't hope to handle every instance of that pattern. This codemod will operate when the given requirements hold:
      1. The IOUtils#toString() call is a simple variable declaration assignment.
      2. The resulting String is used nowhere else besides the readValue() call.
      We've configured the SourceCodeRegionExtractor to pull the first data flow event, which is the IOUtils#toString() call.
      Specified by:
      onResultFound in class io.codemodder.SarifPluginJavaParserChanger<com.github.javaparser.ast.stmt.ExpressionStmt>