From 292ff060d68d2d87059453f180e6a43c78c73945 Mon Sep 17 00:00:00 2001 From: wuhaoyang <2507865306@qq.com> Date: Mon, 29 Jan 2024 16:28:06 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96Java=E8=A2=AB=E6=B5=8B?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/test/files/ABCVarNameRule.java | 7 +++- .../test/files/AbsolutePathDetectorRule.java | 2 +- .../src/test/files/AuthenticationChecker.java | 6 ++- .../files/AvoidSensitiveInfoInLogsCheck.java | 7 ++-- .../files/CookieSensitiveParameterCheck.java | 7 ++-- .../test/files/DynamicCodeCheckerRule.java | 17 ++++++++- .../test/files/DynamicLibraryLoadChecker.java | 2 +- .../src/test/files/ErrorMessageRule.java | 7 ---- .../src/test/files/FileCheck.java | 2 +- .../src/test/files/HashSaltPassWordRule.java | 29 ++++++++++++-- .../src/test/files/HttpInputDataRule.java | 9 +++++ .../src/test/files/InputSQLVerifyRule.java | 3 ++ .../src/test/files/Md5PassWordVerifyRule.java | 25 ++++++++++-- .../src/test/files/OptionsVerifyRule.java | 12 ++---- .../src/test/files/PasswordRegexCheck.java | 5 ++- .../src/test/files/PathAndKeywordCheck.java | 16 +++++--- .../src/test/files/RSAEncryptionRule.java | 6 ++- .../src/test/files/RedirectUrlChecker.java | 9 ++++- .../src/test/files/SecurityCookieRule.java | 6 ++- .../src/test/files/SendMessageVerifyRule.java | 10 ++--- .../test/files/SessionCacheParamsChecker.java | 8 +++- .../src/test/files/SystemFunctionChecker.java | 7 +++- .../src/test/files/UploadFileVerifyRule.java | 38 ++++++++++++++----- .../src/test/files/UpperCycleLimitRule.java | 4 +- .../files/options/OptionsVerifyOneRule.java | 18 +++------ .../files/options/OptionsVerifyTwoRule.java | 8 +--- 26 files changed, 178 insertions(+), 92 deletions(-) diff --git a/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java b/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java index cd344bc..10e4b71 100644 --- a/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java +++ b/sonar-keyware-plugins-java/src/test/files/ABCVarNameRule.java @@ -1,4 +1,5 @@ -class VarNameRule{ +public class ABCVarNameRule { + private static String ABC = "abc"; // Noncompliant {{不能使用ABC作为变量名}} private static String edf = "edf"; @@ -8,4 +9,6 @@ class VarNameRule{ public void test(){ System.out.println(ABC); } -} + + +} \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/AbsolutePathDetectorRule.java b/sonar-keyware-plugins-java/src/test/files/AbsolutePathDetectorRule.java index a61c013..0b44079 100644 --- a/sonar-keyware-plugins-java/src/test/files/AbsolutePathDetectorRule.java +++ b/sonar-keyware-plugins-java/src/test/files/AbsolutePathDetectorRule.java @@ -1,5 +1,5 @@ -class PathDetectorRule{ +public class AbsolutePathDetectorRule{ // 使用绝对路径读取配置文件,触发规则 String configFilePath = "/path/to/config.properties"; // Noncompliant {{读取配置文件或者服务器中文件时不可使用绝对路径}} diff --git a/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java b/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java index 953e98a..c341e76 100644 --- a/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java +++ b/sonar-keyware-plugins-java/src/test/files/AuthenticationChecker.java @@ -1,7 +1,9 @@ - +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; @Controller -public class AuthController { +public class AuthenticationChecker { @PostMapping("/account/aa") public String login() { diff --git a/sonar-keyware-plugins-java/src/test/files/AvoidSensitiveInfoInLogsCheck.java b/sonar-keyware-plugins-java/src/test/files/AvoidSensitiveInfoInLogsCheck.java index af7a874..0135c54 100644 --- a/sonar-keyware-plugins-java/src/test/files/AvoidSensitiveInfoInLogsCheck.java +++ b/sonar-keyware-plugins-java/src/test/files/AvoidSensitiveInfoInLogsCheck.java @@ -1,8 +1,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; - -public class ExampleClass { - private static final Logger logger = LoggerFactory.getLogger(ExampleClass.class); +public class AvoidSensitiveInfoInLogsCheck { + private static final Logger logger = LoggerFactory.getLogger(AvoidSensitiveInfoInLogsCheck.class); public void sensitiveOperation() { String password = "password"; @@ -17,4 +16,4 @@ public class ExampleClass { logger.trace(password); // Noncompliant {{日志中包含敏感信息}} } -} +} \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/CookieSensitiveParameterCheck.java b/sonar-keyware-plugins-java/src/test/files/CookieSensitiveParameterCheck.java index 2d69613..08531da 100644 --- a/sonar-keyware-plugins-java/src/test/files/CookieSensitiveParameterCheck.java +++ b/sonar-keyware-plugins-java/src/test/files/CookieSensitiveParameterCheck.java @@ -1,16 +1,15 @@ - import javax.servlet.http.Cookie; -class CookieSensitiveParameterCheck{ +public class CookieSensitiveParameterCheck { public void func1(){ String password = ""; Cookie invalidCookie1 = new Cookie("password", "1321"); // Noncompliant {{Cookie参数设置中包含敏感字段}} - Cookie invalidCookie2 = new Cookie(password, 1); // Noncompliant {{Cookie参数设置中包含敏感字段}} + Cookie invalidCookie2 = new Cookie(password, "1"); // Noncompliant {{Cookie参数设置中包含敏感字段}} Cookie invalidCookie3 = new Cookie("213", password); // Noncompliant {{Cookie参数设置中包含敏感字段}} - } + } } \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/DynamicCodeCheckerRule.java b/sonar-keyware-plugins-java/src/test/files/DynamicCodeCheckerRule.java index c14de8f..a1a3ec8 100644 --- a/sonar-keyware-plugins-java/src/test/files/DynamicCodeCheckerRule.java +++ b/sonar-keyware-plugins-java/src/test/files/DynamicCodeCheckerRule.java @@ -1,5 +1,16 @@ -class DynamicCode { +import javax.script.Invocable; +import javax.script.ScriptEngine; +import javax.script.ScriptEngineManager; +import javax.script.ScriptException; + +public class DynamicCodeCheckerRule { + public void dyan() { + + String args1 = "args1"; + String args2 = "args2"; + String args3 = "args3"; + String regular = "function regular(args1,args2,args3){................}"; ScriptEngine engine = new ScriptEngineManager().getEngineByName("javascript"); try { @@ -15,8 +26,10 @@ class DynamicCode { } else { System.out.println("error"); } - } catch (ScriptException e) { + } catch (ScriptException | NoSuchMethodException e) { System.out.println("表达式runtime错误:" + e.getMessage()); } } + + } diff --git a/sonar-keyware-plugins-java/src/test/files/DynamicLibraryLoadChecker.java b/sonar-keyware-plugins-java/src/test/files/DynamicLibraryLoadChecker.java index 8b30244..cae1280 100644 --- a/sonar-keyware-plugins-java/src/test/files/DynamicLibraryLoadChecker.java +++ b/sonar-keyware-plugins-java/src/test/files/DynamicLibraryLoadChecker.java @@ -1,5 +1,5 @@ // 在动态加载库前对输入数据进行验证,确保输入数据仅能用于加载允许加载的代码库 -class DynamicLibraryLoadCheckerExample { +public class DynamicLibraryLoadChecker { public void loadLibrary(String libraryName, int number) { String abc = "bac"; diff --git a/sonar-keyware-plugins-java/src/test/files/ErrorMessageRule.java b/sonar-keyware-plugins-java/src/test/files/ErrorMessageRule.java index 576c3d3..95dfc49 100644 --- a/sonar-keyware-plugins-java/src/test/files/ErrorMessageRule.java +++ b/sonar-keyware-plugins-java/src/test/files/ErrorMessageRule.java @@ -1,10 +1,3 @@ -/* - * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 - * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 - */ - public class ErrorMessageRule { public static void main(String[] args) { try { diff --git a/sonar-keyware-plugins-java/src/test/files/FileCheck.java b/sonar-keyware-plugins-java/src/test/files/FileCheck.java index 516aef2..47d46e5 100644 --- a/sonar-keyware-plugins-java/src/test/files/FileCheck.java +++ b/sonar-keyware-plugins-java/src/test/files/FileCheck.java @@ -1,4 +1,4 @@ -class FileCheck{ +public class FileCheck{ public String FileName(){ String fileName = ""; diff --git a/sonar-keyware-plugins-java/src/test/files/HashSaltPassWordRule.java b/sonar-keyware-plugins-java/src/test/files/HashSaltPassWordRule.java index e1cc25a..5068c1f 100644 --- a/sonar-keyware-plugins-java/src/test/files/HashSaltPassWordRule.java +++ b/sonar-keyware-plugins-java/src/test/files/HashSaltPassWordRule.java @@ -1,11 +1,32 @@ -class HashSaltPassWordRule{ - public static void cs(Student studnet){ + +public class HashSaltPassWordRule { + + public static void cs(Student student){ + // 结合盐值和口令进行散列计算 // String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt()); - studnet.setPassWord(hashedPassword);// Noncompliant {{应使用盐值计算口令}} + student.setPassWord("password");// Noncompliant {{应使用盐值计算口令}} } + static class Student { + private String name; + private String password; + + public Student(String name, String password) { + this.name = name; + this.password = password; + } + + public void setPassWord(String password) { + this.password = password; + } + + @Override + public String toString() { + return "Student{" + "name='" + name + '\'' + ", password='" + password + '\'' + '}'; + } + } -} \ No newline at end of file +} diff --git a/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java b/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java index e73e421..8ee9d4a 100644 --- a/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java +++ b/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java @@ -1,3 +1,12 @@ + +import javax.servlet.ServletOutputStream; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Collection; +import java.util.Locale; + public class HttpInputDataRule { public static void main(String[] args) { diff --git a/sonar-keyware-plugins-java/src/test/files/InputSQLVerifyRule.java b/sonar-keyware-plugins-java/src/test/files/InputSQLVerifyRule.java index 851be85..f073695 100644 --- a/sonar-keyware-plugins-java/src/test/files/InputSQLVerifyRule.java +++ b/sonar-keyware-plugins-java/src/test/files/InputSQLVerifyRule.java @@ -1,3 +1,6 @@ + +import java.sql.*; + public class InputSQLVerifyRile { private static final String DB_URL = "jdbc:mysql://localhost:3306/mydatabase"; private static final String USER = "username"; diff --git a/sonar-keyware-plugins-java/src/test/files/Md5PassWordVerifyRule.java b/sonar-keyware-plugins-java/src/test/files/Md5PassWordVerifyRule.java index c500bc3..5315022 100644 --- a/sonar-keyware-plugins-java/src/test/files/Md5PassWordVerifyRule.java +++ b/sonar-keyware-plugins-java/src/test/files/Md5PassWordVerifyRule.java @@ -1,10 +1,29 @@ -class Md5PassWordVerifyRule{ - public static void cs(Student studnet){ +public class Md5PassWordVerifyRule{ + public static void cs(Student student){ // 结合盐值和口令进行散列计算 // String password = DigestUtils.md5Hex(str); - studnet.setPassWord(password);// Noncompliant {{应使用单向不可逆的加密算法}} + student.setPassWord("password");// Noncompliant {{应使用单向不可逆的加密算法}} } + static class Student { + private String name; + private String password; + + public Student(String name, String password) { + this.name = name; + this.password = password; + } + + public void setPassWord(String password) { + this.password = password; + } + + @Override + public String toString() { + return "Student{" + "name='" + name + '\'' + ", password='" + password + '\'' + '}'; + } + } + } \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/OptionsVerifyRule.java b/sonar-keyware-plugins-java/src/test/files/OptionsVerifyRule.java index f0addf4..d475ea5 100644 --- a/sonar-keyware-plugins-java/src/test/files/OptionsVerifyRule.java +++ b/sonar-keyware-plugins-java/src/test/files/OptionsVerifyRule.java @@ -1,15 +1,10 @@ -/* - * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 - * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 - */ import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -public class OptionsVerifyChecker implements Filter { +public class OptionsVerifyRule implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException {} @@ -25,9 +20,8 @@ public class OptionsVerifyChecker implements Filter { @Override public void destroy() {} - @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { response.setHeader("X-Frame-Options", "DENY"); // 或者使用SAMEORIGIN,ALLOW-FROM等其他策略 filterChain.doFilter(request, response); } -} \ No newline at end of file +} diff --git a/sonar-keyware-plugins-java/src/test/files/PasswordRegexCheck.java b/sonar-keyware-plugins-java/src/test/files/PasswordRegexCheck.java index 3e213b5..a504893 100644 --- a/sonar-keyware-plugins-java/src/test/files/PasswordRegexCheck.java +++ b/sonar-keyware-plugins-java/src/test/files/PasswordRegexCheck.java @@ -1,7 +1,8 @@ + import java.util.regex.Matcher; import java.util.regex.Pattern; -public class PasswordStrengthValidator { +public class PasswordRegexCheck { @@ -9,7 +10,7 @@ public class PasswordStrengthValidator { String asdasd = "asdfsdfsdf"; Pattern pattern = Pattern.compile("^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{8,}$"); Matcher matcher1 = pattern.matcher(asdasd); - Matcher matcher3 = pattern.matcher(); + Matcher matcher3 = pattern.matcher(""); return password; } diff --git a/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java b/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java index 5a2109f..5000245 100644 --- a/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java +++ b/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java @@ -1,10 +1,14 @@ -class PathAndKeywordCheckRule { +import java.io.File; +import java.net.URI; +import java.net.URL; +public class PathAndKeywordCheck { + + public void getParameter(String arg,String brg,String crg) throws Exception { + URL url1 = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}} + URI url2 = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}} + File url3 = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}} - public void getParameter(int arg,String brg,float crg) { - URL url = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}} - URI url = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}} - File url = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}} } -} \ No newline at end of file +} diff --git a/sonar-keyware-plugins-java/src/test/files/RSAEncryptionRule.java b/sonar-keyware-plugins-java/src/test/files/RSAEncryptionRule.java index 5a3713e..9d8186e 100644 --- a/sonar-keyware-plugins-java/src/test/files/RSAEncryptionRule.java +++ b/sonar-keyware-plugins-java/src/test/files/RSAEncryptionRule.java @@ -1,6 +1,10 @@ +import javax.crypto.Cipher; +import java.security.*; + public class RSAEncryptionRule { + public static void main(String[] args) throws Exception { // 生成RSA密钥对 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); @@ -27,4 +31,4 @@ public class RSAEncryptionRule { System.out.println("加密后的数据:" + new String(encryptedBytes)); System.out.println("解密后的数据:" + new String(decryptedBytes)); } -} +} \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/RedirectUrlChecker.java b/sonar-keyware-plugins-java/src/test/files/RedirectUrlChecker.java index f17d8b9..3ff2969 100644 --- a/sonar-keyware-plugins-java/src/test/files/RedirectUrlChecker.java +++ b/sonar-keyware-plugins-java/src/test/files/RedirectUrlChecker.java @@ -1,6 +1,10 @@ +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.servlet.view.RedirectView; + @Controller -public class MyController { +public class RedirectUrlChecker { @GetMapping("/old-url") public RedirectView redirectOldUrl(String url) { // Compliant,因为重定向的路径不是由方法传递进来的 @@ -29,8 +33,9 @@ public class MyController { } @GetMapping("/old-url5") - public String redirectOldUrl4(String url) { + public String redirectOldUrl5(String url) { // 302临时重定向到新的URL return url; // Noncompliant {{在重定向前对输入数据进行验证}} } + } \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/SecurityCookieRule.java b/sonar-keyware-plugins-java/src/test/files/SecurityCookieRule.java index e3a40c0..e4fa328 100644 --- a/sonar-keyware-plugins-java/src/test/files/SecurityCookieRule.java +++ b/sonar-keyware-plugins-java/src/test/files/SecurityCookieRule.java @@ -1,6 +1,10 @@ import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; + public class SecurityCookieRule { + public void setCookie(HttpServletResponse response) { // Noncompliant {{设置HTTPS会话中cookie的安全属性}} // 创建一个新的Cookie Cookie cookie = new Cookie("cookieName", "cookieValue"); @@ -17,4 +21,4 @@ public class SecurityCookieRule { // 将Cookie添加到HTTP响应头中 response.addCookie(cookie); } -} +} \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/SendMessageVerifyRule.java b/sonar-keyware-plugins-java/src/test/files/SendMessageVerifyRule.java index 9911873..7bcbef0 100644 --- a/sonar-keyware-plugins-java/src/test/files/SendMessageVerifyRule.java +++ b/sonar-keyware-plugins-java/src/test/files/SendMessageVerifyRule.java @@ -1,11 +1,9 @@ -/* - * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 - * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 - */ +import java.io.DataOutputStream; +import java.net.ServerSocket; +import java.net.Socket; public class SendMessageVerifyRule { + public static void sendName(String name) { try { ServerSocket ss = new ServerSocket(6666); //建立服务器Socket并绑定端口 diff --git a/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java b/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java index 55bac41..21332be 100644 --- a/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java +++ b/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java @@ -1,9 +1,13 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; -import javax.servlet.http.*; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +public class SessionCacheParamsChecker { -public class ExampleServlet extends HttpServlet { private static final long serialVersionUID = 1391640560504378168L; public void doGet(HttpServletRequest request, HttpServletResponse response) { diff --git a/sonar-keyware-plugins-java/src/test/files/SystemFunctionChecker.java b/sonar-keyware-plugins-java/src/test/files/SystemFunctionChecker.java index 905f001..831b76f 100644 --- a/sonar-keyware-plugins-java/src/test/files/SystemFunctionChecker.java +++ b/sonar-keyware-plugins-java/src/test/files/SystemFunctionChecker.java @@ -1,7 +1,10 @@ -class SystemFunctionChecker{ - public void add(String command){ +import java.io.IOException; + +public class SystemFunctionChecker { + + public void add(String command) throws IOException { Process process = Runtime.getRuntime().exec(command); // Noncompliant {{在构建命令前对输入数据进行验证}} } diff --git a/sonar-keyware-plugins-java/src/test/files/UploadFileVerifyRule.java b/sonar-keyware-plugins-java/src/test/files/UploadFileVerifyRule.java index b54ca86..c06ede9 100644 --- a/sonar-keyware-plugins-java/src/test/files/UploadFileVerifyRule.java +++ b/sonar-keyware-plugins-java/src/test/files/UploadFileVerifyRule.java @@ -1,20 +1,26 @@ -/** - * @author hj - */ +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.multipart.MultipartFile; + +import java.io.File; +import java.io.IOException; + @Slf4j @RestController @RequestMapping("/file") public class UploadFileVerifyRule { + //文件磁盘路径 @Value("${files.upload.path}") private String fileUploadPath; @PostMapping("/upload") - public Result upload(@RequestParam MultipartFile file) throws IOException { // Noncompliant {{程序设计时,应以“白名单”方式限制允许用户上传的文件的类型}} + public String upload(@RequestParam MultipartFile file) throws IOException { // Noncompliant {{程序设计时,应以“白名单”方式限制允许用户上传的文件的类型}} - file.setExecutable(true); - file.setReadable(true); - file.setWritable(true); long size = file.getSize(); @@ -27,7 +33,21 @@ public class UploadFileVerifyRule { // if(type == ""){ // // } - return Result.success(""); + + File localFile = new File(fileUploadPath + File.separator + originalFilename); + + localFile.setExecutable(true); + localFile.setReadable(true); + localFile.setWritable(true); + + file.transferTo(localFile); + return "上传成功"; } -} + class FileUtil{ + public static String extName(String filename){ + // 根据文件名获取文件后缀 + return filename.substring(filename.lastIndexOf(".") + 1); + } + } +} \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/UpperCycleLimitRule.java b/sonar-keyware-plugins-java/src/test/files/UpperCycleLimitRule.java index 1e3ef3d..7277eec 100644 --- a/sonar-keyware-plugins-java/src/test/files/UpperCycleLimitRule.java +++ b/sonar-keyware-plugins-java/src/test/files/UpperCycleLimitRule.java @@ -1,4 +1,5 @@ -class UpperCycleLimitRule{ +public class UpperCycleLimitRule { + public static void Upper(int number){ for(int i = 0; i < number; i++){ // Noncompliant {{规定循环次数的上限,在将用户输入的数据用于循环条件前进行验证用户输入的数据是否超过上限}} @@ -13,5 +14,4 @@ class UpperCycleLimitRule{ }while (number > 0); // Noncompliant {{规定循环次数的上限,在将用户输入的数据用于循环条件前进行验证用户输入的数据是否超过上限}} }; - } \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java b/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java index 0ce0cf2..609f6d1 100644 --- a/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java +++ b/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java @@ -1,18 +1,13 @@ -/* - * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 - * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 - */ +import org.springframework.web.WebApplicationInitializer; import org.springframework.web.filter.OncePerRequestFilter; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; + +import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -public class XFrameOptionsFilter extends OncePerRequestFilter { +public class OptionsVerifyOneRule extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { @@ -22,12 +17,11 @@ public class XFrameOptionsFilter extends OncePerRequestFilter { } // 注册过滤器 -public class WebConfig implements WebApplicationInitializer { +class WebConfig implements WebApplicationInitializer { @Override public void onStartup(ServletContext servletContext) throws ServletException { // ...其他配置... - Dynamic registration = servletContext.addFilter("xFrameOptionsFilter", new XFrameOptionsFilter()); - registration.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*"); + FilterRegistration.Dynamic registration = servletContext.addFilter("xFrameOptionsFilter", new OptionsVerifyOneRule()); } } \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyTwoRule.java b/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyTwoRule.java index f1aced2..3708167 100644 --- a/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyTwoRule.java +++ b/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyTwoRule.java @@ -1,15 +1,9 @@ -/* - * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 - * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 - */ import javax.servlet.*; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -public class XFrameOptionsFilter implements Filter { +public class OptionsVerifyTwoRule implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException {}