Strings in Kotlin can directly have interpolated values inside them:
"My name is $name" => replaces $name with the value of name.toString()
or even blocks of code:
In Kotlin AST, this is represented as a string template (KtStringTemplateExpression), which has a list of entries, that can either be literal children (KtLiteralStringTemplateEntry, KtEscapeStringTemplateEntry) or expression children that will be interpolated (KtSimpleNameStringTemplateEntry, KtBlockStringTemplateEntry)
- Variables used in string interpolation should appear in the Slang AST, otherwise it might result in False Positives for rules such as "unused variable"/"unused parameters".
- Individual entries of a string template cannot appear as individual string literals in AST otherwise it might result in False Positives for similar string detection. (Ex: "My name " and "My name $name" would both be considered to have "My name " string literal)
In order to avoid False Positives mentioned above, string templates that involve interpolation are currently mapped to a native element instead of a string literal, and the template children entries that should be string literals are also mapped to native elements.
This causes false negatives for the following cases:
- The rule HardcodedCredentialsCheck (RSPEC-2068): strings in the form of "password=XXXX&login=$loginValue" will not raise an issue, since the literal will be considered as a native element
- The rule StringLiteralDuplicatedCheck (RSPEC-1192): will not raise issues on duplicated strings with variable entries. Ex:
Additionally, these strings are not flagged as such for highlighting
One possible solution would be to extend StringLiteralTree in Kotlin part, to have the literal value be the whole string (with interpolated value), and allow the tree to have children as well.
Problem to this is that it is not in Slang grammar, so it cannot be tested in checks.