From 338b45a24dacf22c2e64d1d550361b190618eefd Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Tue, 23 Jan 2024 17:17:53 +0800
Subject: [PATCH 1/3] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=87=86=E5=88=99:?=
 =?UTF-8?q?=E9=80=9A=E8=BF=87=E7=94=A8=E6=88=B7=E5=90=8D=E5=8F=A3=E4=BB=A4?=
 =?UTF-8?q?=E3=80=81=E6=95=B0=E6=8D=AE=E8=AF=81=E4=B9=A6=E7=AD=89=E5=85=B6?=
 =?UTF-8?q?=E4=BB=96=E6=89=8B=E6=AE=B5=E5=AF=B9=E7=94=A8=E6=88=B7=E8=BA=AB?=
 =?UTF-8?q?=E4=BB=BD=E8=BF=9B=E8=A1=8C=E9=AA=8C=E8=AF=81=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../rules/checkers/AuthenticationChecker.java | 109 ++++++++++++++++++
 .../rules/java/AuthenticationChecker.html     |   9 ++
 .../rules/java/AuthenticationChecker.json     |  13 +++
 .../src/test/files/AuthenticationChecker.java |  22 ++++
 .../checkers/AuthenticationCheckerTest.java   |  32 +++++
 5 files changed, 185 insertions(+)
 create mode 100644 sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java
 create mode 100644 sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.html
 create mode 100644 sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.json
 create mode 100644 sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java
 create mode 100644 sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/AuthenticationCheckerTest.java

diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java
new file mode 100644
index 0000000..8b94dbe
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：信息安全性设计准则检查插件
+ * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+
+import org.sonar.check.Rule;
+import org.sonar.java.model.DefaultModuleScannerContext;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
+import org.sonar.plugins.java.api.ModuleScannerContext;
+import org.sonar.plugins.java.api.internal.EndOfAnalysis;
+import org.sonar.plugins.java.api.tree.*;
+
+import java.util.*;
+
+
+/**
+ * TODO 通过用户名口令、数据证书等其他手段对用户身份进行验证。
+ * AuthenticationChecker
+ *
+ * @author WuHaoYang
+ * @date 2024/1/23
+ */
+@Rule(key = "AuthenticationChecker")
+public class AuthenticationChecker extends IssuableSubscriptionVisitor implements EndOfAnalysis {
+
+    private static final Set<String> VALID_PATHS = new HashSet<>(Arrays.asList("/login", "/auto","signin"));
+    private boolean isValidPathFound = false;
+
+    @Override
+    public List<Tree.Kind> nodesToVisit() {
+        return Collections.singletonList(Tree.Kind.METHOD);
+    }
+
+    @Override
+    public void visitNode(Tree tree) {
+        MethodTree methodTree = (MethodTree) tree;
+
+        for (AnnotationTree annotation : methodTree.modifiers().annotations()) {
+            if (isWebAnnotation(annotation)) {
+                if (checkAnnotationArguments(annotation)) {
+                    isValidPathFound = true;
+                    break;
+                }
+            }
+        }
+    }
+
+    private boolean isWebAnnotation(AnnotationTree annotation) {
+        TypeTree typeTree = annotation.annotationType();
+        return "PostMapping".equals(typeTree.toString()) || "RequestMapping".equals(typeTree.toString());
+    }
+
+    private boolean checkAnnotationArguments(AnnotationTree annotation) {
+        for (ExpressionTree arg : annotation.arguments()) {
+            if (arg.is(Tree.Kind.ASSIGNMENT)) {
+                AssignmentExpressionTree aet = (AssignmentExpressionTree) arg;
+                IdentifierTree it = (IdentifierTree) aet.variable();
+                if ("value".equals(it.name())) {
+                    if (aet.expression().is(Tree.Kind.NEW_ARRAY)) {
+                        NewArrayTree nat = (NewArrayTree) aet.expression();
+                        for (ExpressionTree et : nat.initializers()) {
+                            LiteralTree lt = (LiteralTree) et;
+                            System.out.println(lt.value().toString());
+                            if (checkUrl(lt.value().toString())) {
+                                return true;
+                            }
+                        }
+                    } else if (aet.expression().is(Tree.Kind.STRING_LITERAL)) {
+                        LiteralTree lt = (LiteralTree) aet.expression();
+                        System.out.println(lt.value().toString());
+                        if (checkUrl(lt.value().toString())) {
+                            return true;
+                        }
+                    }
+                }
+            } else if (arg.is(Tree.Kind.STRING_LITERAL)) {
+                LiteralTree lt = (LiteralTree) arg;
+                System.out.println(lt.value().toString());
+                if (checkUrl(lt.value().toString())) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    private boolean checkUrl(String url) {
+        for (String validPath : VALID_PATHS) {
+            if (url.endsWith(validPath) || url.contains(validPath)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public void endOfAnalysis(ModuleScannerContext context) {
+        var defaultContext = (DefaultModuleScannerContext) context;
+        if (!isValidPathFound) {
+            System.out.println("应通过用户名口令、数据证书等其他手段对用户身份进行验证");
+            defaultContext.addIssueOnProject(this, "应通过用户名口令、数据证书等其他手段对用户身份进行验证");
+        }
+    }
+}
diff --git a/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.html b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.html
new file mode 100644
index 0000000..e8a20d8
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.html
@@ -0,0 +1,9 @@
+<p>通过用户名口令、数据证书等其他手段对用户身份进行验证</p>
+<h2>通过用户名口令、数据证书等其他手段对用户身份进行验证</h2>
+<pre>
+
+</pre>
+<h2>合规解决方案</h2>
+<pre>
+
+</pre>
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.json b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.json
new file mode 100644
index 0000000..93ee759
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.json
@@ -0,0 +1,13 @@
+{
+  "title": "通过用户名口令、数据证书等其他手段对用户身份进行验证",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "28suo"
+  ],
+  "defaultSeverity": "Minor"
+}
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java b/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java
new file mode 100644
index 0000000..c7f4216
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java
@@ -0,0 +1,22 @@
+
+
+@Controller
+public class AuthController {
+
+    @PostMapping("/account/aa")
+    public String login() {
+        return "login";
+    }
+
+
+    @PostMapping(value ={"/path/bb", "/path/www", "/path/eee"})
+    public String signin() {
+        return "login";
+
+
+    @RequestMapping("/myapp/cc")
+    public String auth() {
+        return "login";
+    }
+
+}
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/AuthenticationCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/AuthenticationCheckerTest.java
new file mode 100644
index 0000000..576545e
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/AuthenticationCheckerTest.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：信息安全性设计准则检查插件
+ * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+import com.keyware.sonar.java.utils.FilesUtils;
+import org.junit.jupiter.api.Test;
+import org.sonar.java.checks.verifier.CheckVerifier;
+
+
+/**
+ * 通过用户名口令、数据证书等其他手段对用户身份进行验证。 单元测试类
+ *
+ * @author WuHaoYang
+ * @date 2024/1/23
+ */
+public class AuthenticationCheckerTest {
+
+
+    @Test
+    void detected() {
+
+        CheckVerifier.newVerifier()
+                .onFiles("src/test/files/AuthenticationChecker.java")
+                .withCheck(new AuthenticationChecker())
+                .withClassPath(FilesUtils.getClassPath("target/test-jars"))
+                .verifyIssueOnProject("应通过用户名口令、数据证书等其他手段对用户身份进行验证");
+    }
+}

From 58cd99cd4190563aab3311314acd62bed36e7e01 Mon Sep 17 00:00:00 2001
From: RenFengJiang <1111>
Date: Tue, 23 Jan 2024 20:25:27 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9Ajava=E8=AE=BE?=
 =?UTF-8?q?=E7=BD=AE=E4=BC=9A=E8=AF=9D=E8=BF=87=E6=9C=9F=E7=9A=84=E6=97=A5?=
 =?UTF-8?q?=E6=9C=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../sonar/java/ConfigFileSquidSensor.java     |  7 +-
 .../java/JavaSecurityDesignWayProfile.java    |  1 +
 .../JavaSecurityDesignRulesRepository.java    |  4 +-
 .../java/rules/checkers/ConfigCheck.java      | 23 +++++
 .../checkers/ConfigurationFileChecker.java    |  3 +-
 .../rules/checkers/SessionDateChecker.java    | 96 +++++++++++++++++++
 .../java/rules/java/SessionDateChecker.html   | 16 ++++
 .../java/rules/java/SessionDateChecker.json   | 13 +++
 .../files/sessionDates/application.properties |  9 ++
 .../test/files/sessionDates/application.yml   |  4 +
 10 files changed, 173 insertions(+), 3 deletions(-)
 create mode 100644 sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java
 create mode 100644 sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java
 create mode 100644 sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.html
 create mode 100644 sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.json
 create mode 100644 sonar-keyware-plugins-java/src/test/files/sessionDates/application.properties
 create mode 100644 sonar-keyware-plugins-java/src/test/files/sessionDates/application.yml

diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
index faa9fef..0881079 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
@@ -6,7 +6,9 @@
  */
 package com.keyware.sonar.java;
 
+import com.keyware.sonar.java.rules.checkers.ConfigCheck;
 import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
+import com.keyware.sonar.java.rules.checkers.SessionDateChecker;
 import org.sonar.api.batch.fs.FilePredicates;
 import org.sonar.api.batch.fs.InputFile;
 import org.sonar.api.batch.rule.CheckFactory;
@@ -17,13 +19,14 @@ import org.sonar.api.batch.sensor.SensorDescriptor;
 
 
 public class ConfigFileSquidSensor implements Sensor {
-    private final Checks<ConfigurationFileChecker> checks;
+    private final Checks<ConfigCheck> checks;
 
     private SensorContext context;
 
     public ConfigFileSquidSensor(CheckFactory checkFactory){
         checks = checkFactory.create("config");
         checks.addAnnotatedChecks(ConfigurationFileChecker.class);
+        checks.addAnnotatedChecks(SessionDateChecker.class);
     }
     @Override
     public void describe(SensorDescriptor descriptor) {
@@ -41,6 +44,8 @@ public class ConfigFileSquidSensor implements Sensor {
                 check.execute(context, inputFile, checks.ruleKey(check));
             });
         }
+
+        checks.all().forEach(check->check.endOfCheck(context, checks.ruleKey(check)));
     }
 
 
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
index e3aeef6..5acf99d 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/JavaSecurityDesignWayProfile.java
@@ -33,6 +33,7 @@ public class JavaSecurityDesignWayProfile implements BuiltInQualityProfilesDefin
 
         var cfgWay = context.createBuiltInQualityProfile("配置信息安全性设计规则", ConfigurationFileLanguage.KEY);
         cfgWay.activateRule("config", "ConfigurationFileChecker");
+        cfgWay.activateRule("config", "SessionDateChecker");
         cfgWay.done();
     }
 }
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
index e0ad7a1..9577a04 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
@@ -7,6 +7,8 @@
 package com.keyware.sonar.java.rules;
 
 import com.keyware.sonar.java.rules.checkers.ConfigurationFileChecker;
+import com.keyware.sonar.java.rules.checkers.SecurityCookieChecker;
+import com.keyware.sonar.java.rules.checkers.SessionDateChecker;
 import org.sonar.api.SonarEdition;
 import org.sonar.api.SonarProduct;
 import org.sonar.api.SonarQubeSide;
@@ -54,7 +56,7 @@ public class JavaSecurityDesignRulesRepository implements RulesDefinition {
         htmlRepo.done();
 
         RulesDefinition.NewRepository configRepo = context.createRepository("config", "cfg").setName("config");
-        ruleMetadataLoader.addRulesByAnnotatedClass(configRepo, List.of(ConfigurationFileChecker.class));
+        ruleMetadataLoader.addRulesByAnnotatedClass(configRepo, List.of(ConfigurationFileChecker.class, SessionDateChecker.class));
         setTemplates(configRepo);
         configRepo.done();
     }
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java
new file mode 100644
index 0000000..c4342ff
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：信息安全性设计准则检查插件
+ * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+
+package com.keyware.sonar.java.rules.checkers;
+
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.rule.RuleKey;
+
+/**
+ * TODO ConfigCheck
+ *
+ * @author RenFengJiang
+ * @date 2024/1/23
+ */
+public interface ConfigCheck {
+    default  void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){}
+    default void endOfCheck(SensorContext context, RuleKey ruleKey){}
+}
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
index 1c2f7e2..d87578c 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
@@ -35,9 +35,10 @@ import java.util.Scanner;
  * @date 2024/1/22
  */
 @Rule(key = "ConfigurationFileChecker")
-public class ConfigurationFileChecker {
+public class ConfigurationFileChecker implements ConfigCheck {
 
 
+    @Override
     public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){
         //文件名称
         String filename = inputFile.filename();
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java
new file mode 100644
index 0000000..114bde9
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：信息安全性设计准则检查插件
+ * 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+
+package com.keyware.sonar.java.rules.checkers;
+
+import org.sonar.api.batch.fs.InputFile;
+import org.sonar.api.batch.sensor.SensorContext;
+import org.sonar.api.rule.RuleKey;
+import org.sonar.check.Rule;
+import org.yaml.snakeyaml.Yaml;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Scanner;
+
+/**
+ * TODO SessionDateChecker
+ *
+ * @author RenFengJiang
+ * @date 2024/1/22
+ */
+@Rule(key = "SessionDateChecker")
+public class SessionDateChecker implements ConfigCheck {
+
+    private boolean boo = true;
+    public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){
+        if(boo){
+            //文件名称
+            String filename = inputFile.filename();
+            //校验文件后缀
+            if (filename.endsWith(".properties")) {
+                try {
+                    File file = new File(inputFile.absolutePath());
+                    try (Scanner scanner = new Scanner(file)) {
+                        while (scanner.hasNextLine()) {
+                            String line = scanner.nextLine();
+                            if (line.contains("server.servlet.session.timeout")) {
+                                boo = false;
+                                break;
+                            }
+                        }
+                    }
+                } catch (FileNotFoundException e) {
+                    System.out.println("文件未找到: " + e.getMessage());
+                    return;  // 文件未找到时立即返回
+                }
+            }
+            if (filename.endsWith(".yml")){
+                // 获取当前输入文件的绝对路径
+                File file1 = inputFile.file();
+                File absoluteFile = file1.getAbsoluteFile();
+                // 构建目录路径
+                Yaml yaml = new Yaml();
+                try (FileInputStream fis = new FileInputStream(file1)) {
+                    Map<String, Object> obj = yaml.load(fis);
+                    if (obj != null){
+                        String sessionTimeout = searchForSessionTimeout(obj, "server", "servlet", "session", "timeout");
+                        if (sessionTimeout != null) {
+                            boo = false;
+                        }
+                    }
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+    }
+
+    private String searchForSessionTimeout(Map<String, Object> map, String... keys) {
+        Map<String, Object> currentLevel = map;
+        for (int i = 0; i < keys.length - 1; ++i) {
+            Object nextLevel = currentLevel.get(keys[i]);
+            if (nextLevel instanceof Map) {
+                currentLevel = (Map<String, Object>) nextLevel;
+            } else {
+                return null;
+            }
+        }
+        return currentLevel.get(keys[keys.length - 1]).toString();
+    }
+
+    @Override
+    public void endOfCheck(SensorContext context, RuleKey ruleKey) {
+        if(boo){
+            var issue = context.newIssue();
+            issue.at(issue.newLocation().on(context.project()).message("设置会话过期的日期")).forRule(ruleKey).save();
+        }
+    }
+}
diff --git a/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.html b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.html
new file mode 100644
index 0000000..d0627b8
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.html
@@ -0,0 +1,16 @@
+<!--
+  ~ Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+  ~ 项目名称：信息安全性设计准则检查插件
+  ~ 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+  ~ 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+  -->
+
+<p>设置会话过期的日期</p>
+<h2>设置会话过期的日期</h2>
+<pre>
+
+</pre>
+<h2>合规解决方案</h2>
+<pre>
+
+</pre>
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.json b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.json
new file mode 100644
index 0000000..f59df08
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/SessionDateChecker.json
@@ -0,0 +1,13 @@
+{
+  "title": "设置会话过期的日期",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "28suo"
+  ],
+  "defaultSeverity": "Minor"
+}
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/sessionDates/application.properties b/sonar-keyware-plugins-java/src/test/files/sessionDates/application.properties
new file mode 100644
index 0000000..b918494
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/sessionDates/application.properties
@@ -0,0 +1,9 @@
+#
+# Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+# 项目名称：信息安全性设计准则检查插件
+# 项目描述：用于检查源代码的安全性设计准则的Sonarqube插件
+# 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+#
+
+# 设置会话超时时间为30分钟
+server.servlet.session.timeout=30m
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/sessionDates/application.yml b/sonar-keyware-plugins-java/src/test/files/sessionDates/application.yml
new file mode 100644
index 0000000..191582c
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/sessionDates/application.yml
@@ -0,0 +1,4 @@
+server:
+  servlet:
+    session:
+      timeout: 30m
\ No newline at end of file

From a52d36b1d4f13930bf2560569ff65c4801466fbe Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Wed, 24 Jan 2024 09:17:07 +0800
Subject: [PATCH 3/3] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=87=86=E5=88=99?=
 =?UTF-8?q?=E8=A2=AB=E6=B5=8B=E4=BB=B6:=E9=80=9A=E8=BF=87=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E5=90=8D=E5=8F=A3=E4=BB=A4=E3=80=81=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E8=AF=81=E4=B9=A6=E7=AD=89=E5=85=B6=E4=BB=96=E6=89=8B=E6=AE=B5?=
 =?UTF-8?q?=E5=AF=B9=E7=94=A8=E6=88=B7=E8=BA=AB=E4=BB=BD=E8=BF=9B=E8=A1=8C?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/test/files/AuthenticationChecker.java                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java b/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java
index c7f4216..953e98a 100644
--- a/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java
+++ b/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java
@@ -12,7 +12,7 @@ public class AuthController {
     @PostMapping(value ={"/path/bb", "/path/www", "/path/eee"})
     public String signin() {
         return "login";
-
+    }
 
     @RequestMapping("/myapp/cc")
     public String auth() {