|
|
|
@ -36,6 +36,12 @@ public class SendMessageChecker extends SquidCheck<Grammar> { |
|
|
|
|
CxxGrammarImpl.functionBody |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
private static List<String> lists = new ArrayList(){{ |
|
|
|
|
add("weapon"); |
|
|
|
|
add("unit"); |
|
|
|
|
add("param"); |
|
|
|
|
}}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* 访问AST节点 |
|
|
|
@ -45,10 +51,7 @@ public class SendMessageChecker extends SquidCheck<Grammar> { |
|
|
|
|
@Override |
|
|
|
|
public void visitNode(@Nonnull AstNode node) { |
|
|
|
|
//创建集合存入违规敏感字段
|
|
|
|
|
List<String> lists = new ArrayList(); |
|
|
|
|
lists.add("weapon"); |
|
|
|
|
lists.add("unit"); |
|
|
|
|
lists.add("param"); |
|
|
|
|
|
|
|
|
|
//获取到所有的表达式
|
|
|
|
|
List<AstNode> descendants = node.getDescendants(CxxGrammarImpl.expression); |
|
|
|
|
for (AstNode des:descendants) { |
|
|
|
@ -62,7 +65,8 @@ public class SendMessageChecker extends SquidCheck<Grammar> { |
|
|
|
|
if("STRING".equals(astNode.getName())){ |
|
|
|
|
|
|
|
|
|
}else { |
|
|
|
|
if(lists.contains(astNode.getTokenValue())){ |
|
|
|
|
//判斷其中是否包含敏感字段
|
|
|
|
|
if(lists.contains(astNode.getTokenValue().toLowerCase())){ |
|
|
|
|
getContext().createLineViolation(this,"发送敏感信息前应对敏感信息进行加密",des); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|