Skip to content

[core] XPath expressions return handling #1939

Closed
#2872
Closed
[core] XPath expressions return handling#1939
#2872
Labels
a:bugPMD crashes or fails to analyse a file.in:xpathRelating to xpath support at large, eg Jaxen / Saxon, custom functions, attribute resolution
Milestone
6.30.0
@oowekyala

Description

@oowekyala
oowekyala
opened on Jul 23, 2019

XPathRule doesn't check the type of the nodes returned by an XPath expression:

pmd/pmd-core/src/main/java/net/sourceforge/pmd/lang/rule/xpath/SaxonXPathRuleQuery.java

Lines 86 to 95 in 2d4a30f

final List<ElementNode> nodes = xpathExpression.evaluate(xpathDynamicContext);
/*
Map List of Saxon Nodes -> List of AST Nodes, which were detected to match the XPath expression
(i.e. violation found)
*/
final List<Node> results = new ArrayList<>();
for (final ElementNode elementNode : nodes) {
results.add((Node) elementNode.getUnderlyingNode());
}

The assignment of the result of xpathExpression::evaluate to List<ElementNode> line 86 is unchecked, it's actually a list of the more general Item. So when getting a node line 93, the routine will fail with ClassCastException if the element is not actually an ElementNode.

This is not completely outlandish: eg 1+1 is a valid XPath expression that doesn't yield an ElementNode, and so is / (a single slash), which should yield a document node (see #1938)

We should at least ensure that the type of each element is correct

Metadata

Metadata

Assignees

No one assigned

    Labels

    a:bugPMD crashes or fails to analyse a file.in:xpathRelating to xpath support at large, eg Jaxen / Saxon, custom functions, attribute resolution

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions