parent
07c325f619
commit
292ff060d6
@ -1,16 +1,15 @@ |
||||
|
||||
import javax.servlet.http.Cookie; |
||||
|
||||
class CookieSensitiveParameterCheck{ |
||||
public class CookieSensitiveParameterCheck { |
||||
|
||||
public void func1(){ |
||||
|
||||
String password = ""; |
||||
|
||||
Cookie invalidCookie1 = new Cookie("password", "1321"); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||
Cookie invalidCookie2 = new Cookie(password, 1); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||
Cookie invalidCookie2 = new Cookie(password, "1"); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||
Cookie invalidCookie3 = new Cookie("213", password); // Noncompliant {{Cookie参数设置中包含敏感字段}}
|
||||
} |
||||
|
||||
} |
||||
|
||||
} |
@ -1,11 +1,32 @@ |
||||
class HashSaltPassWordRule{ |
||||
public static void cs(Student studnet){ |
||||
|
||||
public class HashSaltPassWordRule { |
||||
|
||||
public static void cs(Student student){ |
||||
|
||||
// 结合盐值和口令进行散列计算
|
||||
// String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt());
|
||||
|
||||
studnet.setPassWord(hashedPassword);// Noncompliant {{应使用盐值计算口令}}
|
||||
student.setPassWord("password");// Noncompliant {{应使用盐值计算口令}}
|
||||
|
||||
} |
||||
|
||||
static class Student { |
||||
private String name; |
||||
private String password; |
||||
|
||||
public Student(String name, String password) { |
||||
this.name = name; |
||||
this.password = password; |
||||
} |
||||
|
||||
public void setPassWord(String password) { |
||||
this.password = password; |
||||
} |
||||
|
||||
@Override |
||||
public String toString() { |
||||
return "Student{" + "name='" + name + '\'' + ", password='" + password + '\'' + '}'; |
||||
} |
||||
} |
||||
|
||||
} |
@ -1,10 +1,29 @@ |
||||
class Md5PassWordVerifyRule{ |
||||
public static void cs(Student studnet){ |
||||
public class Md5PassWordVerifyRule{ |
||||
public static void cs(Student student){ |
||||
// 结合盐值和口令进行散列计算
|
||||
// String password = DigestUtils.md5Hex(str);
|
||||
|
||||
studnet.setPassWord(password);// Noncompliant {{应使用单向不可逆的加密算法}}
|
||||
student.setPassWord("password");// Noncompliant {{应使用单向不可逆的加密算法}}
|
||||
|
||||
} |
||||
|
||||
static class Student { |
||||
private String name; |
||||
private String password; |
||||
|
||||
public Student(String name, String password) { |
||||
this.name = name; |
||||
this.password = password; |
||||
} |
||||
|
||||
public void setPassWord(String password) { |
||||
this.password = password; |
||||
} |
||||
|
||||
@Override |
||||
public String toString() { |
||||
return "Student{" + "name='" + name + '\'' + ", password='" + password + '\'' + '}'; |
||||
} |
||||
} |
||||
|
||||
} |
@ -1,10 +1,14 @@ |
||||
|
||||
class PathAndKeywordCheckRule { |
||||
import java.io.File; |
||||
import java.net.URI; |
||||
import java.net.URL; |
||||
|
||||
public class PathAndKeywordCheck { |
||||
|
||||
public void getParameter(String arg,String brg,String crg) throws Exception { |
||||
URL url1 = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||
URI url2 = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||
File url3 = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||
|
||||
public void getParameter(int arg,String brg,float crg) { |
||||
URL url = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||
URI url = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||
File url = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}}
|
||||
} |
||||
} |
Loading…
Reference in new issue