diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java index d87578c..ee17ae2 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java @@ -29,16 +29,15 @@ import java.util.Scanner; /** - * TODO ConfigurationFileChecker + * 通过用户名口令、数据证书等其他手段对用户身份进行验证。 * * @author WuHaoYang * @date 2024/1/22 */ @Rule(key = "ConfigurationFileChecker") -public class ConfigurationFileChecker implements ConfigCheck { +public class ConfigurationFileChecker implements ConfigCheck{ - @Override public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){ //文件名称 String filename = inputFile.filename(); @@ -76,35 +75,28 @@ public class ConfigurationFileChecker implements ConfigCheck { if (filename.endsWith(".ini")){ // 获取当前输入文件的绝对路径 File file1 = inputFile.file(); - File absoluteFile = file1.getAbsoluteFile(); // 构建目录路径 - File folder = new File(String.valueOf(absoluteFile)).getParentFile(); - System.out.println("---------------ini文件路径----------------"+folder); - File[] listOfFiles = folder.listFiles(); + System.out.println("---------------ini文件路径----------------"+file1); int lineNum = 1; - for (File file : listOfFiles) { - if (file.isFile() && file.getName().endsWith(".ini")) { - Properties properties = new Properties(); - - try (FileInputStream fileInput = new FileInputStream(file)) { - properties.load(fileInput); - String password = properties.getProperty("password"); - System.out.println("password=" + password); - NewIssue newIssue = context.newIssue(); - newIssue - .forRule(ruleKey) - .at(newIssue.newLocation() - .on(inputFile) - .at(inputFile.selectLine(lineNum))) - .save(); - } catch (IOException e) { - e.printStackTrace(); - } - } - lineNum++; + Properties properties = new Properties(); + + try (FileInputStream fileInput = new FileInputStream(file1)) { + properties.load(fileInput); + String password = properties.getProperty("password"); + System.out.println("password=" + password); + NewIssue newIssue = context.newIssue(); + newIssue + .forRule(ruleKey) + .at(newIssue.newLocation() + .on(inputFile) + .at(inputFile.selectLine(lineNum))) + .save(); + } catch (IOException e) { + e.printStackTrace(); } + lineNum++; } @@ -112,50 +104,41 @@ public class ConfigurationFileChecker implements ConfigCheck { if (filename.endsWith(".conf")){ // 获取当前输入文件的绝对路径 File file1 = inputFile.file(); - File absoluteFile = file1.getAbsoluteFile(); // 构建目录路径 - File folder = new File(String.valueOf(absoluteFile)).getParentFile(); - - System.out.println("---------------conf文件路径----------------"+folder); + System.out.println("---------------conf文件路径----------------"+file1); - File[] listOfFiles = folder.listFiles((dir, name) -> name.endsWith(".conf")); int lineNum = 1; - for (File file : listOfFiles) { - if (file.isFile()) { - Properties prop = new Properties(); - InputStream input = null; - - try { - input = new FileInputStream(file); - prop.load(input); + Properties prop = new Properties(); + InputStream input = null; - if (prop.containsKey("password")) { - System.out.println("password="+ prop.getProperty("password")); - NewIssue newIssue = context.newIssue(); - newIssue - .forRule(ruleKey) - .at(newIssue.newLocation() - .on(inputFile) - .at(inputFile.selectLine(lineNum))) - .save(); - } - - } catch (IOException ex) { - ex.printStackTrace(); - } finally { - if (input != null) { - try { - input.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - } - lineNum++; - } + try { + input = new FileInputStream(file1); + prop.load(input); + + if (prop.containsKey("password")) { + System.out.println("password="+ prop.getProperty("password")); + NewIssue newIssue = context.newIssue(); + newIssue + .forRule(ruleKey) + .at(newIssue.newLocation() + .on(inputFile) + .at(inputFile.selectLine(lineNum))) + .save(); + } + } catch (IOException ex) { + ex.printStackTrace(); + } finally { + if (input != null) { + try { + input.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + } + lineNum++; } @@ -167,23 +150,17 @@ public class ConfigurationFileChecker implements ConfigCheck { // 构建目录路径 File dir = new File(String.valueOf(absoluteFile)).getParentFile(); - System.out.println("---------------xml文件路径----------------"+dir); - FilenameFilter filter = new FilenameFilter() { - public boolean accept(File dir, String name) { - return name.endsWith(".xml"); - } - }; - - String[] children = dir.list(filter); - if (children == null) { - System.out.println("目录不存在或不是目录"); - } else { - for (int i = 0; i < children.length; i++) { - String filename1 = children[i]; - File xmlFile = new File(dir, filename1); - processXML(xmlFile); - } - } + System.out.println("---------------xml文件路径----------------"+file1); + File xmlFile = new File(dir, filename); + processXML(xmlFile); + int lineNum = 1; + NewIssue newIssue = context.newIssue(); + newIssue + .forRule(ruleKey) + .at(newIssue.newLocation() + .on(inputFile) + .at(inputFile.selectLine(lineNum))) + .save(); } @@ -195,18 +172,19 @@ public class ConfigurationFileChecker implements ConfigCheck { // 构建目录路径 File folder = new File(String.valueOf(absoluteFile)).getParentFile(); - System.out.println("---------------json文件路径----------------"+folder); - File[] listOfFiles = folder.listFiles(); - - if (listOfFiles != null) { - ObjectMapper mapper = new ObjectMapper(); - for (File file : listOfFiles) { - if (file.isFile() && file.getName().endsWith(".json")) { - JsonNode rootNode = mapper.readTree(file); - extractPassword(rootNode); - } - } - } + + System.out.println("---------------json文件路径----------------"+file1); + ObjectMapper mapper = new ObjectMapper(); + JsonNode rootNode = mapper.readTree(file1); + extractPassword(rootNode); + int lineNum = 1; + NewIssue newIssue = context.newIssue(); + newIssue + .forRule(ruleKey) + .at(newIssue.newLocation() + .on(inputFile) + .at(inputFile.selectLine(lineNum))) + .save(); } catch (IOException e) { e.printStackTrace(); @@ -221,22 +199,26 @@ public class ConfigurationFileChecker implements ConfigCheck { // 构建目录路径 File dir = new File(String.valueOf(absoluteFile)).getParentFile(); - System.out.println("---------------yml文件路径----------------"+dir); + System.out.println("---------------yml文件路径----------------"+file1); Yaml yaml = new Yaml(); - for (File file : dir.listFiles()) { - if (file.isFile() && file.getName().endsWith(".yml")) { - try (FileInputStream fis = new FileInputStream(file)) { - Map obj = yaml.load(fis); - if (obj != null){ - String password = searchPassword(obj); - if (password != null) { - System.out.println("password="+password); - } - } - } catch (IOException e) { - e.printStackTrace(); + try (FileInputStream fis = new FileInputStream(file1)) { + Map obj = yaml.load(fis); + if (obj != null){ + String password = searchPassword(obj); + if (password != null) { + System.out.println("password="+password); + int lineNum = 1; + NewIssue newIssue = context.newIssue(); + newIssue + .forRule(ruleKey) + .at(newIssue.newLocation() + .on(inputFile) + .at(inputFile.selectLine(lineNum))) + .save(); } } + } catch (IOException e) { + e.printStackTrace(); } }