parent
07c325f619
commit
292ff060d6
@ -1,16 +1,15 @@ |
|||||||
|
|
||||||
import javax.servlet.http.Cookie; |
import javax.servlet.http.Cookie; |
||||||
|
|
||||||
class CookieSensitiveParameterCheck{ |
public class CookieSensitiveParameterCheck { |
||||||
|
|
||||||
public void func1(){ |
public void func1(){ |
||||||
|
|
||||||
String password = ""; |
String password = ""; |
||||||
|
|
||||||
Cookie invalidCookie1 = new Cookie("password", "1321"); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
Cookie invalidCookie1 = new Cookie("password", "1321"); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||||
Cookie invalidCookie2 = new Cookie(password, 1); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
Cookie invalidCookie2 = new Cookie(password, "1"); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||||
Cookie invalidCookie3 = new Cookie("213", password); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
Cookie invalidCookie3 = new Cookie("213", password); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||||
} |
|
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
} |
} |
@ -1,11 +1,32 @@ |
|||||||
class HashSaltPassWordRule{ |
|
||||||
public static void cs(Student studnet){ |
public class HashSaltPassWordRule { |
||||||
|
|
||||||
|
public static void cs(Student student){ |
||||||
|
|
||||||
// 结合盐值和口令进行散列计算
|
// 结合盐值和口令进行散列计算
|
||||||
// String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt());
|
// String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt());
|
||||||
|
|
||||||
studnet.setPassWord(hashedPassword);// Noncompliant {{应使用盐值计算口令}}
|
student.setPassWord("password");// Noncompliant {{应使用盐值计算口令}}
|
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
|
static class Student { |
||||||
|
private String name; |
||||||
|
private String password; |
||||||
|
|
||||||
|
public Student(String name, String password) { |
||||||
|
this.name = name; |
||||||
|
this.password = password; |
||||||
|
} |
||||||
|
|
||||||
|
public void setPassWord(String password) { |
||||||
|
this.password = password; |
||||||
} |
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public String toString() { |
||||||
|
return "Student{" + "name='" + name + '\'' + ", password='" + password + '\'' + '}'; |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
} |
} |
@ -1,10 +1,29 @@ |
|||||||
class Md5PassWordVerifyRule{ |
public class Md5PassWordVerifyRule{ |
||||||
public static void cs(Student studnet){ |
public static void cs(Student student){ |
||||||
// 结合盐值和口令进行散列计算
|
// 结合盐值和口令进行散列计算
|
||||||
// String password = DigestUtils.md5Hex(str);
|
// String password = DigestUtils.md5Hex(str);
|
||||||
|
|
||||||
studnet.setPassWord(password);// Noncompliant {{应使用单向不可逆的加密算法}}
|
student.setPassWord("password");// Noncompliant {{应使用单向不可逆的加密算法}}
|
||||||
|
|
||||||
} |
} |
||||||
|
|
||||||
|
static class Student { |
||||||
|
private String name; |
||||||
|
private String password; |
||||||
|
|
||||||
|
public Student(String name, String password) { |
||||||
|
this.name = name; |
||||||
|
this.password = password; |
||||||
|
} |
||||||
|
|
||||||
|
public void setPassWord(String password) { |
||||||
|
this.password = password; |
||||||
|
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public String toString() { |
||||||
|
return "Student{" + "name='" + name + '\'' + ", password='" + password + '\'' + '}'; |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
} |
} |
@ -1,10 +1,14 @@ |
|||||||
|
|
||||||
class PathAndKeywordCheckRule { |
import java.io.File; |
||||||
|
import java.net.URI; |
||||||
|
import java.net.URL; |
||||||
|
|
||||||
|
public class PathAndKeywordCheck { |
||||||
|
|
||||||
|
public void getParameter(String arg,String brg,String crg) throws Exception { |
||||||
|
URL url1 = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||||
|
URI url2 = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||||
|
File url3 = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||||
|
|
||||||
public void getParameter(int arg,String brg,float crg) { |
|
||||||
URL url = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
|
||||||
URI url = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
|
||||||
File url = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
|
||||||
} |
} |
||||||
} |
} |
Loading…
Reference in new issue