@abaplint/core 2.79.31 → 2.79.35

package/build/abaplint.d.ts

@@ -1655,6 +1655,7 @@ declare namespace Expressions {
         ClassGlobal_2 as ClassGlobal,
         ClassName,
         Color,
+        FindType,
         CompareOperator,
         Compare,
         ComponentChainSimple,
@@ -1915,6 +1916,10 @@ declare class Find implements IStatement {
     getMatcher(): IStatementRunnable;
 }
 
+declare class FindType extends Expression {
+    getRunnable(): IStatementRunnable;
+}
+
 declare class FloatingPointType extends AbstractType {
     private readonly length;
     constructor(length: number, qualifiedName?: string);

package/build/src/abap/2_statements/expressions/field_chain.js

@@ -6,9 +6,9 @@ const _1 = require(".");
 const tokens_1 = require("../../1_lexer/tokens");
 class FieldChain extends combi_1.Expression {
     getRunnable() {
-        const attr = (0, combi_1.seq)((0, combi_1.tok)(tokens_1.InstanceArrow), (0, combi_1.altPrio)(_1.AttributeName, "*"));
+        const attr = (0, combi_1.seq)((0, combi_1.tok)(tokens_1.InstanceArrow), _1.AttributeName);
         const comp = (0, combi_1.seq)((0, combi_1.tok)(tokens_1.Dash), (0, combi_1.optPrio)(_1.ComponentName));
-        const chain = (0, combi_1.star)((0, combi_1.altPrio)(attr, comp, _1.TableExpression));
+        const chain = (0, combi_1.star)((0, combi_1.altPrio)(_1.Dereference, attr, comp, _1.TableExpression));
         const clas = (0, combi_1.seq)(_1.ClassName, (0, combi_1.tok)(tokens_1.StaticArrow), _1.AttributeName);
         const start = (0, combi_1.altPrio)(clas, _1.SourceField, _1.SourceFieldSymbol);
         const after = (0, combi_1.altPrio)((0, combi_1.tok)(tokens_1.DashW), (0, combi_1.seq)((0, combi_1.optPrio)(_1.TableBody), (0, combi_1.optPrio)(_1.FieldOffset), (0, combi_1.optPrio)(_1.FieldLength)));

package/build/src/abap/2_statements/expressions/find_type.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FindType = void 0;
+const version_1 = require("../../../version");
+const combi_1 = require("../combi");
+class FindType extends combi_1.Expression {
+    getRunnable() {
+        return (0, combi_1.opt)((0, combi_1.alt)("REGEX", "SUBSTRING", (0, combi_1.ver)(version_1.Version.v755, "PCRE")));
+    }
+}
+exports.FindType = FindType;
+//# sourceMappingURL=find_type.js.map

package/build/src/abap/2_statements/expressions/index.js

@@ -27,6 +27,7 @@ __exportStar(require("./class_friends"), exports);
 __exportStar(require("./class_global"), exports);
 __exportStar(require("./class_name"), exports);
 __exportStar(require("./color"), exports);
+__exportStar(require("./find_type"), exports);
 __exportStar(require("./compare_operator"), exports);
 __exportStar(require("./compare"), exports);
 __exportStar(require("./component_chain_simple"), exports);

package/build/src/abap/2_statements/statements/find.js

@@ -3,14 +3,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Find = void 0;
 const combi_1 = require("../combi");
 const expressions_1 = require("../expressions");
-const version_1 = require("../../../version");
 class Find {
     getMatcher() {
         // SUBMATCHES handling is a workaround
         const options = (0, combi_1.per)("IGNORING CASE", "RESPECTING CASE", "IN BYTE MODE", "IN CHARACTER MODE", (0, combi_1.seq)("OF", expressions_1.Source), (0, combi_1.seq)("FROM", expressions_1.Source), (0, combi_1.seq)("TO", expressions_1.Source), (0, combi_1.seq)("MATCH OFFSET", expressions_1.Target), (0, combi_1.seq)("MATCH LINE", expressions_1.Target), (0, combi_1.seq)("MATCH COUNT", expressions_1.Target), (0, combi_1.seq)("MATCH LENGTH", expressions_1.Target), (0, combi_1.seq)("LENGTH", expressions_1.Source), (0, combi_1.seq)("RESULTS", expressions_1.Target), (0, combi_1.seq)("SUBMATCHES", expressions_1.Target), (0, combi_1.seq)("SUBMATCHES", expressions_1.Target, expressions_1.Target), (0, combi_1.seq)("SUBMATCHES", (0, combi_1.plus)(expressions_1.Target)));
         const sectionLength = (0, combi_1.seq)("SECTION LENGTH", expressions_1.Source, "OF");
         const before = (0, combi_1.seq)((0, combi_1.optPrio)((0, combi_1.alt)("TABLE", "SECTION OFFSET", sectionLength)), expressions_1.Source);
-        const ret = (0, combi_1.seq)("FIND", (0, combi_1.opt)((0, combi_1.alt)("FIRST OCCURRENCE OF", "ALL OCCURRENCES OF")), (0, combi_1.opt)((0, combi_1.alt)("REGEX", "SUBSTRING", (0, combi_1.ver)(version_1.Version.v755, "PCRE"))), expressions_1.Source, "IN", before, (0, combi_1.opt)(options));
+        const ret = (0, combi_1.seq)("FIND", (0, combi_1.opt)((0, combi_1.alt)("FIRST OCCURRENCE OF", "ALL OCCURRENCES OF")), expressions_1.FindType, expressions_1.Source, "IN", before, (0, combi_1.opt)(options));
         return ret;
     }
 }

package/build/src/abap/2_statements/statements/replace.js

@@ -3,13 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Replace = void 0;
 const combi_1 = require("../combi");
 const expressions_1 = require("../expressions");
-const version_1 = require("../../../version");
 class Replace {
     getMatcher() {
         const length = (0, combi_1.seq)("LENGTH", expressions_1.Source);
         const offset = (0, combi_1.seq)("OFFSET", expressions_1.Source);
         const section = (0, combi_1.seq)((0, combi_1.opt)("IN"), "SECTION", (0, combi_1.per)(offset, length), "OF", expressions_1.Source);
-        const source = (0, combi_1.seq)((0, combi_1.opt)("OF"), (0, combi_1.opt)((0, combi_1.alt)("REGEX", "SUBSTRING", (0, combi_1.ver)(version_1.Version.v755, "PCRE"))), expressions_1.Source);
+        const source = (0, combi_1.seq)((0, combi_1.opt)("OF"), expressions_1.FindType, expressions_1.Source);
         const cas = (0, combi_1.alt)("IGNORING CASE", "RESPECTING CASE");
         const repl = (0, combi_1.seq)("REPLACEMENT COUNT", expressions_1.Target);
         const replo = (0, combi_1.seq)("REPLACEMENT OFFSET", expressions_1.Target);

package/build/src/abap/5_syntax/basic_types.js

@@ -164,7 +164,7 @@ class BasicTypes {
         }
         const type = this.scope.findTypePoolType(chainText);
         if (type) {
-            this.scope.addReference(typeName.getFirstToken(), typ, _reference_1.ReferenceType.TypeReference, this.filename);
+            //      this.scope.addReference(typeName.getFirstToken(), type, ReferenceType.TypeReference, this.filename);
             return type;
         }
         const ddic = this.scope.getDDIC().lookup(chainText);
@@ -474,13 +474,20 @@ class BasicTypes {
             const found = this.scope.findType(subs[0]);
             foundType = found === null || found === void 0 ? void 0 : found.getType();
             if (foundType === undefined) {
-                const f = this.scope.getDDIC().lookupTableOrView(subs[0]);
-                this.scope.getDDICReferences().addUsing(this.scope.getParentObj(), { object: f.object, filename: this.filename, token: expr.getFirstToken() });
-                if (f.type instanceof _typed_identifier_1.TypedIdentifier) {
-                    foundType = f.type.getType();
+                const typePoolType = this.scope.findTypePoolType(subs[0]);
+                if (typePoolType) {
+                    //          this.scope.addReference(typeName.getFirstToken(), typePoolType, ReferenceType.TypeReference, this.filename);
+                    foundType = typePoolType;
                 }
-                else {
-                    foundType = f.type;
+                if (foundType === undefined) {
+                    const f = this.scope.getDDIC().lookupTableOrView(subs[0]);
+                    this.scope.getDDICReferences().addUsing(this.scope.getParentObj(), { object: f.object, filename: this.filename, token: expr.getFirstToken() });
+                    if (f.type instanceof _typed_identifier_1.TypedIdentifier) {
+                        foundType = f.type.getType();
+                    }
+                    else {
+                        foundType = f.type;
+                    }
                 }
             }
             else {

package/build/src/abap/5_syntax/expressions/field_chain.js

@@ -11,6 +11,8 @@ const _reference_1 = require("../_reference");
 const field_offset_1 = require("./field_offset");
 const field_length_1 = require("./field_length");
 const table_expression_1 = require("./table_expression");
+const expressions_1 = require("../../2_statements/expressions");
+const dereference_1 = require("./dereference");
 class FieldChain {
     runSyntax(node, scope, filename, refType) {
         const concat = node.concatTokens();
@@ -64,6 +66,9 @@ class FieldChain {
                     throw new Error("Not a object reference, field chain");
                 }
             }
+            else if (current.get() instanceof expressions_1.Dereference) {
+                context = new dereference_1.Dereference().runSyntax(context);
+            }
             else if (current.get() instanceof Expressions.ComponentName) {
                 context = new component_name_1.ComponentName().runSyntax(context, current);
             }

package/build/src/registry.js

@@ -68,7 +68,7 @@ class Registry {
     }
     static abaplintVersion() {
         // magic, see build script "version.sh"
-        return "2.79.31";
+        return "2.79.35";
     }
     getDDICReferences() {
         return this.references;

package/build/src/rules/allowed_object_naming.js

@@ -42,7 +42,7 @@ class AllowedObjectNaming {
                 message = "Name not allowed";
             }
         }
-        else if (obj.getName().match(/^(\/[A-Z_\d]{3,8}\/)?[A-Z_\d<> ]+$/i) === null) {
+        else if (obj.getName().match(/^(\/[A-Z_\d]{3,8}\/)?[A-Z_-\d<> ]+$/i) === null) {
             message = "Name not allowed";
         }
         if (message.length > 0) {

package/build/src/rules/dangerous_statement.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DangerousStatement = exports.DangerousStatementConf = void 0;
 const Statements = require("../abap/2_statements/statements");
+const Expressions = require("../abap/2_statements/expressions");
 const issue_1 = require("../issue");
 const _abap_rule_1 = require("./_abap_rule");
 const _basic_rule_config_1 = require("./_basic_rule_config");
@@ -24,6 +25,8 @@ class DangerousStatementConf extends _basic_rule_config_1.BasicRuleConfig {
         this.deleteTextpool = true;
         this.deleteDynpro = true;
         this.importDynpro = true;
+        /** Finds instances of dynamic SQL: SELECT, UPDATE, DELETE, INSERT, MODIFY */
+        this.dynamicSQL = true;
     }
 }
 exports.DangerousStatementConf = DangerousStatementConf;
@@ -37,6 +40,8 @@ class DangerousStatement extends _abap_rule_1.ABAPRule {
             key: "dangerous_statement",
             title: "Dangerous statement",
             shortDescription: `Detects potentially dangerous statements`,
+            extendedInformation: `Dynamic SQL: Typically ABAP logic does not need dynamic SQL,
+dynamic SQL can potentially create SQL injection problems`,
             tags: [_irule_1.RuleTag.SingleFile, _irule_1.RuleTag.Security],
         };
     }
@@ -90,9 +95,29 @@ class DangerousStatement extends _abap_rule_1.ABAPRule {
             if (message) {
                 issues.push(issue_1.Issue.atStatement(file, statementNode, this.getDescription(message), this.getMetadata().key, this.conf.severity));
             }
+            if (this.conf.dynamicSQL) {
+                message = this.findDynamicSQL(statementNode);
+                if (message) {
+                    issues.push(issue_1.Issue.atStatement(file, statementNode, this.getDescription(message), this.getMetadata().key, this.conf.severity));
+                }
+            }
         }
         return issues;
     }
+    findDynamicSQL(statementNode) {
+        const statement = statementNode.get();
+        if (statement instanceof Statements.UpdateDatabase
+            || statement instanceof Statements.Select
+            || statement instanceof Statements.SelectLoop
+            || statement instanceof Statements.InsertDatabase
+            || statement instanceof Statements.ModifyDatabase
+            || statement instanceof Statements.DeleteDatabase) {
+            if (statementNode.findFirstExpression(Expressions.Dynamic)) {
+                return "Dynamic SQL";
+            }
+        }
+        return undefined;
+    }
 }
 exports.DangerousStatement = DangerousStatement;
 //# sourceMappingURL=dangerous_statement.js.map

package/build/src/rules/obsolete_statement.js

@@ -123,7 +123,7 @@ POSIX REGEX: https://help.sap.com/doc/abapdocu_755_index_htm/7.55/en-US/index.ht
         this.conf = conf;
     }
     runParsed(file) {
-        var _a, _b;
+        var _a, _b, _c;
         const issues = [];
         const statements = file.getStatements();
         let prev = undefined;
@@ -272,8 +272,7 @@ POSIX REGEX: https://help.sap.com/doc/abapdocu_755_index_htm/7.55/en-US/index.ht
             }
             if (configVersion >= version_1.Version.v756 && this.conf.regex) {
                 if (sta instanceof Statements.Find || sta instanceof Statements.Replace) {
-                    const concat = staNode.concatTokens().toUpperCase();
-                    if (concat.includes("REGEX")) {
+                    if ((_c = staNode.findFirstExpression(Expressions.FindType)) === null || _c === void 0 ? void 0 : _c.concatTokens().includes("REGEX")) {
                         const issue = issue_1.Issue.atStatement(file, staNode, "REGEX obsolete, use PCRE", this.getMetadata().key, this.conf.severity);
                         issues.push(issue);
                     }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@abaplint/core",
-    "version": "2.79.31",
+    "version": "2.79.35",
     "description": "abaplint - Core API",
     "main": "build/src/index.js",
     "typings": "build/abaplint.d.ts",
@@ -54,12 +54,12 @@
     },
     "homepage": "https://abaplint.org",
     "devDependencies": {
-        "@microsoft/api-extractor": "^7.18.16",
+        "@microsoft/api-extractor": "^7.18.17",
         "@types/chai": "^4.2.22",
         "@types/mocha": "^9.0.0",
-        "@types/node": "^16.11.1",
+        "@types/node": "^16.11.6",
         "chai": "^4.3.4",
-        "eslint": "^8.0.1",
+        "eslint": "^8.1.0",
         "madge": "^5.0.1",
         "mocha": "^9.1.3",
         "c8": "^7.10.0",
@@ -68,7 +68,7 @@
         "typescript": "^4.4.4"
     },
     "dependencies": {
-        "fast-xml-parser": "^3.20.3",
+        "fast-xml-parser": "^3.21.0",
         "json5": "^2.2.0",
         "vscode-languageserver-protocol": "^3.16.0",
         "vscode-languageserver-types": "^3.16.0"