From 1235996c0164755268a320f766a429b75da8e116 Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Wed, 28 Feb 2024 16:55:34 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dxml=E5=92=8Cyml=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E6=97=A0=E6=B3=95=E6=8F=90=E7=A4=BA=E6=8A=A5=E9=94=99?=
 =?UTF-8?q?=E8=A1=8C=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../checkers/ConfigurationFileChecker.java    | 108 +++++++-----------
 1 file changed, 40 insertions(+), 68 deletions(-)

diff --git a/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/ConfigurationFileChecker.java b/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/ConfigurationFileChecker.java
index 19eff91..7bfebd0 100644
--- a/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/ConfigurationFileChecker.java
+++ b/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/ConfigurationFileChecker.java
@@ -15,15 +15,8 @@ import org.sonar.api.batch.sensor.SensorContext;
 import org.sonar.api.batch.sensor.issue.NewIssue;
 import org.sonar.api.rule.RuleKey;
 import org.sonar.check.Rule;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.yaml.snakeyaml.Yaml;
 
-import javax.xml.parsers.*;
 import java.io.*;
-import java.util.Map;
 import java.util.Scanner;
 
 
@@ -131,15 +124,35 @@ public class ConfigurationFileChecker implements ConfigCheck{
             }
         }
 
-        if (filename.endsWith(".xml") && !filename.equals("pom.xml")){
+        if (filename.endsWith(".xml") && !filename.equals("pom.xml")) {
             // 获取当前输入文件的绝对路径
             File file1 = inputFile.file();
-
             File absoluteFile = file1.getAbsoluteFile();
 
-            File xmlFile = absoluteFile;
-
-            processXML(xmlFile);
+            BufferedReader reader = null;
+            int lineNumber = 0;
+            try {
+                reader = new BufferedReader(new InputStreamReader(new FileInputStream(file1), "UTF-8"));
+                String line;
+                while ((line = reader.readLine()) != null) {
+                    lineNumber++;
+                    if (line.contains("<password>")) {
+                        // 创建和保存issue
+                        NewIssue newIssue = context.newIssue();
+                        newIssue
+                                .forRule(ruleKey)
+                                .at(newIssue.newLocation().on(inputFile)
+                                        .at(inputFile.selectLine(lineNumber)))
+                                .save();
+                    }
+                }
+            } catch (Exception e) {
+                e.printStackTrace();
+            } finally {
+                if (reader != null) {
+                    try { reader.close(); } catch (IOException e) { e.printStackTrace(); }
+                }
+            }
         }
 
         if (filename.endsWith(".json")) {
@@ -181,70 +194,29 @@ public class ConfigurationFileChecker implements ConfigCheck{
             }
         }
 
-        if (filename.endsWith(".yml")){
+        if (filename.endsWith(".yml")) {
+            File file = inputFile.file();
+            try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
+                String line;
+                int lineNumber = 0;
 
-            // 获取当前输入文件的绝对路径
-            File file1 = inputFile.file();
+                while ((line = reader.readLine()) != null) {
+                    lineNumber++;
 
-            Yaml yaml = new Yaml();
-            try (FileInputStream fis = new FileInputStream(file1)) {
-                Map<String, Object> obj = yaml.load(fis);
-                if (obj != null) {
-                    String password = searchPassword(obj, 1);
-                    if (password != null) {
+                    if (line.trim().startsWith("password:")) {
+                        // 创建并保存issue
+                        NewIssue newIssue = context.newIssue();
+                        newIssue
+                                .forRule(ruleKey)
+                                .at(newIssue.newLocation().on(inputFile)
+                                        .at(inputFile.selectLine(lineNumber)))
+                                .save();
                     }
                 }
             } catch (IOException e) {
                 e.printStackTrace();
             }
         }
-
-    }
-
-    private static String searchPassword(Map<String, Object> map, int lineNum) {
-        for (String key : map.keySet()) {
-            if ("password".equals(key) && map.get(key) instanceof String) {
-                return (String) map.get(key);
-            } else if (map.get(key) instanceof Map) {
-                lineNum++;
-                String password = searchPassword((Map<String, Object>) map.get(key), lineNum);
-                if (password != null) {
-                    return password;
-                }
-            }
-        }
-        return null;
     }
 
-    public static int getLineNumber(Node node) {
-        Document document = node.getOwnerDocument();
-        document.getDocumentElement().normalize();
-        String xmlContent = document.getDocumentElement().getTextContent();
-        String[] lines = xmlContent.split("\n");
-        for(int i = 0; i < lines.length; i++) {
-            if(lines[i].contains(node.getTextContent())) {
-                return i+2;
-            }
-        }
-        return -1;
-    }
-
-    public static void processXML(File xmlFile) {
-        try {
-            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
-            DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
-            Document doc = dBuilder.parse(xmlFile);
-            doc.getDocumentElement().normalize();
-            NodeList nList = doc.getElementsByTagName("password");
-            for (int i = 0; i < nList.getLength(); i++) {
-                Node nNode = nList.item(i);
-                if (nNode.getNodeType() == Node.ELEMENT_NODE) {
-                    Element eElement = (Element) nNode;
-                    int lineNumber = getLineNumber(nNode);
-                }
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
 }