|
|
|
|
@ -29,16 +29,15 @@ import java.util.Scanner; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* TODO ConfigurationFileChecker |
|
|
|
|
* 通过用户名口令、数据证书等其他手段对用户身份进行验证。 |
|
|
|
|
* |
|
|
|
|
* @author WuHaoYang |
|
|
|
|
* @date 2024/1/22 |
|
|
|
|
*/ |
|
|
|
|
@Rule(key = "ConfigurationFileChecker") |
|
|
|
|
public class ConfigurationFileChecker implements ConfigCheck { |
|
|
|
|
public class ConfigurationFileChecker implements ConfigCheck{ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){ |
|
|
|
|
//文件名称
|
|
|
|
|
String filename = inputFile.filename(); |
|
|
|
|
@ -76,35 +75,28 @@ public class ConfigurationFileChecker implements ConfigCheck { |
|
|
|
|
if (filename.endsWith(".ini")){ |
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
File absoluteFile = file1.getAbsoluteFile(); |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------ini文件路径----------------"+folder); |
|
|
|
|
File[] listOfFiles = folder.listFiles(); |
|
|
|
|
System.out.println("---------------ini文件路径----------------"+file1); |
|
|
|
|
|
|
|
|
|
int lineNum = 1; |
|
|
|
|
for (File file : listOfFiles) { |
|
|
|
|
if (file.isFile() && file.getName().endsWith(".ini")) { |
|
|
|
|
Properties properties = new Properties(); |
|
|
|
|
|
|
|
|
|
try (FileInputStream fileInput = new FileInputStream(file)) { |
|
|
|
|
properties.load(fileInput); |
|
|
|
|
String password = properties.getProperty("password"); |
|
|
|
|
System.out.println("password=" + password); |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
lineNum++; |
|
|
|
|
Properties properties = new Properties(); |
|
|
|
|
|
|
|
|
|
try (FileInputStream fileInput = new FileInputStream(file1)) { |
|
|
|
|
properties.load(fileInput); |
|
|
|
|
String password = properties.getProperty("password"); |
|
|
|
|
System.out.println("password=" + password); |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
lineNum++; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -112,50 +104,41 @@ public class ConfigurationFileChecker implements ConfigCheck { |
|
|
|
|
if (filename.endsWith(".conf")){ |
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
File absoluteFile = file1.getAbsoluteFile(); |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
|
|
|
|
|
System.out.println("---------------conf文件路径----------------"+folder); |
|
|
|
|
System.out.println("---------------conf文件路径----------------"+file1); |
|
|
|
|
|
|
|
|
|
File[] listOfFiles = folder.listFiles((dir, name) -> name.endsWith(".conf")); |
|
|
|
|
|
|
|
|
|
int lineNum = 1; |
|
|
|
|
for (File file : listOfFiles) { |
|
|
|
|
if (file.isFile()) { |
|
|
|
|
Properties prop = new Properties(); |
|
|
|
|
InputStream input = null; |
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
input = new FileInputStream(file); |
|
|
|
|
prop.load(input); |
|
|
|
|
Properties prop = new Properties(); |
|
|
|
|
InputStream input = null; |
|
|
|
|
|
|
|
|
|
if (prop.containsKey("password")) { |
|
|
|
|
System.out.println("password="+ prop.getProperty("password")); |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} catch (IOException ex) { |
|
|
|
|
ex.printStackTrace(); |
|
|
|
|
} finally { |
|
|
|
|
if (input != null) { |
|
|
|
|
try { |
|
|
|
|
input.close(); |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
lineNum++; |
|
|
|
|
} |
|
|
|
|
try { |
|
|
|
|
input = new FileInputStream(file1); |
|
|
|
|
prop.load(input); |
|
|
|
|
|
|
|
|
|
if (prop.containsKey("password")) { |
|
|
|
|
System.out.println("password="+ prop.getProperty("password")); |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
} |
|
|
|
|
} catch (IOException ex) { |
|
|
|
|
ex.printStackTrace(); |
|
|
|
|
} finally { |
|
|
|
|
if (input != null) { |
|
|
|
|
try { |
|
|
|
|
input.close(); |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
lineNum++; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -167,23 +150,17 @@ public class ConfigurationFileChecker implements ConfigCheck { |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File dir = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------xml文件路径----------------"+dir); |
|
|
|
|
FilenameFilter filter = new FilenameFilter() { |
|
|
|
|
public boolean accept(File dir, String name) { |
|
|
|
|
return name.endsWith(".xml"); |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
String[] children = dir.list(filter); |
|
|
|
|
if (children == null) { |
|
|
|
|
System.out.println("目录不存在或不是目录"); |
|
|
|
|
} else { |
|
|
|
|
for (int i = 0; i < children.length; i++) { |
|
|
|
|
String filename1 = children[i]; |
|
|
|
|
File xmlFile = new File(dir, filename1); |
|
|
|
|
processXML(xmlFile); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
System.out.println("---------------xml文件路径----------------"+file1); |
|
|
|
|
File xmlFile = new File(dir, filename); |
|
|
|
|
processXML(xmlFile); |
|
|
|
|
int lineNum = 1; |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -195,18 +172,19 @@ public class ConfigurationFileChecker implements ConfigCheck { |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------json文件路径----------------"+folder); |
|
|
|
|
File[] listOfFiles = folder.listFiles(); |
|
|
|
|
|
|
|
|
|
if (listOfFiles != null) { |
|
|
|
|
ObjectMapper mapper = new ObjectMapper(); |
|
|
|
|
for (File file : listOfFiles) { |
|
|
|
|
if (file.isFile() && file.getName().endsWith(".json")) { |
|
|
|
|
JsonNode rootNode = mapper.readTree(file); |
|
|
|
|
extractPassword(rootNode); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
System.out.println("---------------json文件路径----------------"+file1); |
|
|
|
|
ObjectMapper mapper = new ObjectMapper(); |
|
|
|
|
JsonNode rootNode = mapper.readTree(file1); |
|
|
|
|
extractPassword(rootNode); |
|
|
|
|
int lineNum = 1; |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
|
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
@ -221,22 +199,26 @@ public class ConfigurationFileChecker implements ConfigCheck { |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File dir = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------yml文件路径----------------"+dir); |
|
|
|
|
System.out.println("---------------yml文件路径----------------"+file1); |
|
|
|
|
Yaml yaml = new Yaml(); |
|
|
|
|
for (File file : dir.listFiles()) { |
|
|
|
|
if (file.isFile() && file.getName().endsWith(".yml")) { |
|
|
|
|
try (FileInputStream fis = new FileInputStream(file)) { |
|
|
|
|
Map<String, Object> obj = yaml.load(fis); |
|
|
|
|
if (obj != null){ |
|
|
|
|
String password = searchPassword(obj); |
|
|
|
|
if (password != null) { |
|
|
|
|
System.out.println("password="+password); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
try (FileInputStream fis = new FileInputStream(file1)) { |
|
|
|
|
Map<String, Object> obj = yaml.load(fis); |
|
|
|
|
if (obj != null){ |
|
|
|
|
String password = searchPassword(obj); |
|
|
|
|
if (password != null) { |
|
|
|
|
System.out.println("password="+password); |
|
|
|
|
int lineNum = 1; |
|
|
|
|
NewIssue newIssue = context.newIssue(); |
|
|
|
|
newIssue |
|
|
|
|
.forRule(ruleKey) |
|
|
|
|
.at(newIssue.newLocation() |
|
|
|
|
.on(inputFile) |
|
|
|
|
.at(inputFile.selectLine(lineNum))) |
|
|
|
|
.save(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
