|
|
|
@ -15,15 +15,8 @@ import org.sonar.api.batch.sensor.SensorContext; |
|
|
|
|
import org.sonar.api.batch.sensor.issue.NewIssue; |
|
|
|
|
import org.sonar.api.rule.RuleKey; |
|
|
|
|
import org.sonar.check.Rule; |
|
|
|
|
import org.w3c.dom.Document; |
|
|
|
|
import org.w3c.dom.Element; |
|
|
|
|
import org.w3c.dom.Node; |
|
|
|
|
import org.w3c.dom.NodeList; |
|
|
|
|
import org.yaml.snakeyaml.Yaml; |
|
|
|
|
|
|
|
|
|
import javax.xml.parsers.*; |
|
|
|
|
import java.io.*; |
|
|
|
|
import java.util.Map; |
|
|
|
|
import java.util.Scanner; |
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -131,15 +124,35 @@ public class ConfigurationFileChecker implements ConfigCheck{ |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (filename.endsWith(".xml") && !filename.equals("pom.xml")){ |
|
|
|
|
if (filename.endsWith(".xml") && !filename.equals("pom.xml")) { |
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
|
|
|
|
|
File absoluteFile = file1.getAbsoluteFile(); |
|
|
|
|
|
|
|
|
|
File xmlFile = absoluteFile; |
|
|
|
|
|
|
|
|
|
processXML(xmlFile); |
|
|
|
|
BufferedReader reader = null; |
|
|
|
|
int lineNumber = 0; |
|
|
|
|
try { |
|
|
|
|
reader = new BufferedReader(new InputStreamReader(new FileInputStream(file1), "UTF-8")); |
|
|
|
|
String line; |
|
|
|
|
while ((line = reader.readLine()) != null) { |
|
|
|
|
lineNumber++; |
|
|
|
|
if (line.contains("<password>")) { |
|
|
|
|
// 创建和保存issue
|
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation().on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNumber))) |
|
|
|
|
.save(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} finally { |
|
|
|
|
if (reader != null) { |
|
|
|
|
try { reader.close(); } catch (IOException e) { e.printStackTrace(); } |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (filename.endsWith(".json")) { |
|
|
|
@ -181,70 +194,29 @@ public class ConfigurationFileChecker implements ConfigCheck{ |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (filename.endsWith(".yml")){ |
|
|
|
|
if (filename.endsWith(".yml")) { |
|
|
|
|
File file = inputFile.file(); |
|
|
|
|
try (BufferedReader reader = new BufferedReader(new FileReader(file))) { |
|
|
|
|
String line; |
|
|
|
|
int lineNumber = 0; |
|
|
|
|
|
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
while ((line = reader.readLine()) != null) { |
|
|
|
|
lineNumber++; |
|
|
|
|
|
|
|
|
|
Yaml yaml = new Yaml(); |
|
|
|
|
try (FileInputStream fis = new FileInputStream(file1)) { |
|
|
|
|
Map<String, Object> obj = yaml.load(fis); |
|
|
|
|
if (obj != null) { |
|
|
|
|
String password = searchPassword(obj, 1); |
|
|
|
|
if (password != null) { |
|
|
|
|
if (line.trim().startsWith("password:")) { |
|
|
|
|
// 创建并保存issue
|
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation().on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNumber))) |
|
|
|
|
.save(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private static String searchPassword(Map<String, Object> map, int lineNum) { |
|
|
|
|
for (String key : map.keySet()) { |
|
|
|
|
if ("password".equals(key) && map.get(key) instanceof String) { |
|
|
|
|
return (String) map.get(key); |
|
|
|
|
} else if (map.get(key) instanceof Map) { |
|
|
|
|
lineNum++; |
|
|
|
|
String password = searchPassword((Map<String, Object>) map.get(key), lineNum); |
|
|
|
|
if (password != null) { |
|
|
|
|
return password; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return null; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public static int getLineNumber(Node node) { |
|
|
|
|
Document document = node.getOwnerDocument(); |
|
|
|
|
document.getDocumentElement().normalize(); |
|
|
|
|
String xmlContent = document.getDocumentElement().getTextContent(); |
|
|
|
|
String[] lines = xmlContent.split("\n"); |
|
|
|
|
for(int i = 0; i < lines.length; i++) { |
|
|
|
|
if(lines[i].contains(node.getTextContent())) { |
|
|
|
|
return i+2; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return -1; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public static void processXML(File xmlFile) { |
|
|
|
|
try { |
|
|
|
|
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); |
|
|
|
|
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); |
|
|
|
|
Document doc = dBuilder.parse(xmlFile); |
|
|
|
|
doc.getDocumentElement().normalize(); |
|
|
|
|
NodeList nList = doc.getElementsByTagName("password"); |
|
|
|
|
for (int i = 0; i < nList.getLength(); i++) { |
|
|
|
|
Node nNode = nList.item(i); |
|
|
|
|
if (nNode.getNodeType() == Node.ELEMENT_NODE) { |
|
|
|
|
Element eElement = (Element) nNode; |
|
|
|
|
int lineNumber = getLineNumber(nNode); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|