-
Notifications
You must be signed in to change notification settings - Fork 720
Expand file tree
/
Copy pathMissingPathVariableAnnotationCheck_ModelAttribute.java
More file actions
226 lines (188 loc) · 7.29 KB
/
MissingPathVariableAnnotationCheck_ModelAttribute.java
File metadata and controls
226 lines (188 loc) · 7.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
package checks.spring.s6856;
import java.util.Map;
import java.util.Optional;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
public class MissingPathVariableAnnotationCheck_ModelAttribute {
class ParentController {
@ModelAttribute("viewCfg")
public String getView(@PathVariable("view") final String view) {
return "";
}
}
class ChildController extends ParentController {
@GetMapping("/model/{view}") //Compliant, parent class defines 'view' path var in the model attribute
public String list(@ModelAttribute("viewCfg") final String viewConfig) {
return "";
}
}
class MissingParentChildController extends MissingPathVariableParentInDifferentSample {
@GetMapping("/model/{view}") // Noncompliant
// FP: parent class in different file, cannot collect the model attribute
public String list(@ModelAttribute("parentView") final String viewConfig) {
return "";
}
}
static class ModelA {
@ModelAttribute("user")
public String getUser(@PathVariable String id, @PathVariable String name) { // always compliant when method annotated with @ModelAttribute
return "user"; // because the case is too complex to handle
}
@ModelAttribute("empty")
public String emptyModel(String notPathVariable) {
return "";
}
@GetMapping("/{id}/{name}")
public String get() { // compliant, @ModelAttribute is always called before @GetMapping to generate the model. In our case model attribute
// consume the id and name path variables
return "Hello World";
}
@GetMapping("/{id}/{name}/{age}") // Compliant
public String get2(@PathVariable String age) { // compliant
return "Hello World";
}
@GetMapping("/{id}/{name}/{age}") // Noncompliant {{Bind template variable "age" to a method parameter.}}
public String get3() {
return "Hello World";
}
}
static class ModelB {
@ModelAttribute("user")
public String getUser(@PathVariable String id) {
return "user";
}
@ModelAttribute("id")
public String getId(@PathVariable String name) {
return "id";
}
@GetMapping("/{id}/{name}")
public String get() { // compliant
return "Hello World";
}
@GetMapping("/{id}/{name}/{age}")
public String get2(@PathVariable String age) { // compliant
return "Hello World";
}
@GetMapping("/{id}/{name}/{age}") // Noncompliant
public String get3() {
return "Hello World";
}
}
static class ReportPeriod {
private String project;
private int year;
private String month;
public String getProject() {
return project;
}
public int getYear() {
return year;
}
public String getMonth() {
return month;
}
public void setProject(String project) {
this.project = project;
}
public void setYear(int year) {
this.year = year;
}
public void setMonth(String month) {
this.month = month;
}
}
static class ModelAttributeBindToClass {
@GetMapping("/reports/{project}/{year}/{month}")
public String getReport(@ModelAttribute ReportPeriod period) {
// Spring sees {project} in the URL and calls period.setProject()
// Spring sees {year} in the URL and calls period.setYear()
return "reportDetails";
}
}
// Test case: Parameter WITHOUT @ModelAttribute annotation should NOT extract properties
static class WithoutModelAttributeAnnotation {
@GetMapping("/api/{id}/{name}") // Noncompliant {{Bind template variable "name", "id" to a method parameter.}}
public String process(ReportPeriod period) {
return "result";
}
}
// Test case: @ModelAttribute with STANDARD DATA TYPES should be skipped (no property extraction)
static class ModelAttributeWithStandardDataTypes {
@GetMapping("/string/{value}") // Noncompliant {{Bind template variable "value" to a method parameter.}}
public String processString(@ModelAttribute String value) {
return "result";
}
@GetMapping("/int/{count}") // Noncompliant {{Bind template variable "count" to a method parameter.}}
public String processInt(@ModelAttribute int count) {
return "result";
}
@GetMapping("/integer/{num}") // Noncompliant {{Bind template variable "num" to a method parameter.}}
public String processInteger(@ModelAttribute Integer num) {
return "result";
}
@GetMapping("/long/{id}") // Noncompliant {{Bind template variable "id" to a method parameter.}}
public String processLong(@ModelAttribute Long id) {
return "result";
}
@GetMapping("/double/{price}") // Noncompliant {{Bind template variable "price" to a method parameter.}}
public String processDouble(@ModelAttribute Double price) {
return "result";
}
@GetMapping("/float/{value}") // Noncompliant {{Bind template variable "value" to a method parameter.}}
public String processFloat(@ModelAttribute Float value) {
return "result";
}
@GetMapping("/boolean/{flag}") // Noncompliant {{Bind template variable "flag" to a method parameter.}}
public String processBoolean(@ModelAttribute Boolean flag) {
return "result";
}
@GetMapping("/optional/{id}") // Noncompliant {{Bind template variable "id" to a method parameter.}}
public String processOptional(@ModelAttribute Optional<String> id) {
return "result";
}
@GetMapping("/map/{key}") // Noncompliant {{Bind template variable "key" to a method parameter.}}
public String processMap(@ModelAttribute Map<String, String> params) {
// Map is a standard data type - no property extraction
// Note: @ModelAttribute Map is different from @PathVariable Map
// @PathVariable Map captures all path variables, but @ModelAttribute Map does not
return "result";
}
}
// Test case: Mixed scenario - complex type with standard type parameters
static class MixedParameterTypes {
@GetMapping("/data/{id}/{name}/{age}") // Noncompliant {{Bind template variable "name", "id", "age" to a method parameter.}}
public String process(
@ModelAttribute ReportPeriod period, // Complex type - extracts project, year, month
String regularParam // Not @ModelAttribute - ignored
) {
return "result";
}
@GetMapping("/user/{project}/{year}") // Compliant
public String processPartial(
@ModelAttribute ReportPeriod period, // Extracts project, year, month
@PathVariable String year // Explicitly bound
) {
return "result";
}
}
// Test case: Multiple @ModelAttribute parameters
static class MultipleModelAttributes {
@GetMapping("/multi/{project}/{id}") // Noncompliant {{Bind template variable "id" to a method parameter.}}
public String process(
@ModelAttribute ReportPeriod period, // Extracts project, year, month
@ModelAttribute String name // Standard type - no extraction
) {
return "result";
}
}
// Test case: Records: must be noncompliant for spring-web < 5.3
record ReportRecord(String project, int year, String month) {
}
static class RecordBinding {
@GetMapping("/reports/{project}/{year}/{month}") // Noncompliant
public String getReport(ReportRecord record) {
return "reportDetails";
}
}
}