sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化准则:通过用户名口令、数据证书等其他手段对用户身份进行验证。

Browse Source
wuhaoyang
wuhaoyang 8 months ago
parent 24ccac44f7
commit 32dba7da4a
1 changed files with 89 additions and 107 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 196
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java

196
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
Unescape View File

@ -29,16 +29,15 @@ import java.util.Scanner;
/** /**
* TODO ConfigurationFileChecker * 通过用户名口令数据证书等其他手段对用户身份进行验证
* *
* @author WuHaoYang * @author WuHaoYang
* @date 2024/1/22 * @date 2024/1/22
*/ */
@Rule(key = "ConfigurationFileChecker") @Rule(key = "ConfigurationFileChecker")
public class ConfigurationFileChecker implements ConfigCheck { public class ConfigurationFileChecker implements ConfigCheck{
@Override
public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){ public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){
//文件名称 //文件名称
String filename = inputFile.filename(); String filename = inputFile.filename();
@ -76,35 +75,28 @@ public class ConfigurationFileChecker implements ConfigCheck {
if (filename.endsWith(".ini")){ if (filename.endsWith(".ini")){
// 获取当前输入文件的绝对路径 // 获取当前输入文件的绝对路径
File file1 = inputFile.file(); File file1 = inputFile.file();
File absoluteFile = file1.getAbsoluteFile();
// 构建目录路径 // 构建目录路径
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); System.out.println("---------------ini文件路径----------------"+file1);
System.out.println("---------------ini文件路径----------------"+folder);
File[] listOfFiles = folder.listFiles();
int lineNum = 1; int lineNum = 1;
for (File file : listOfFiles) { Properties properties = new Properties();
if (file.isFile() && file.getName().endsWith(".ini")) {
Properties properties = new Properties(); try (FileInputStream fileInput = new FileInputStream(file1)) {
properties.load(fileInput);
try (FileInputStream fileInput = new FileInputStream(file)) { String password = properties.getProperty("password");
properties.load(fileInput); System.out.println("password=" + password);
String password = properties.getProperty("password"); NewIssue newIssue = context.newIssue();
System.out.println("password=" + password); newIssue
NewIssue newIssue = context.newIssue(); .forRule(ruleKey)
newIssue .at(newIssue.newLocation()
.forRule(ruleKey) .on(inputFile)
.at(newIssue.newLocation() .at(inputFile.selectLine(lineNum)))
.on(inputFile) .save();
.at(inputFile.selectLine(lineNum))) } catch (IOException e) {
.save(); e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
lineNum++;
} }
lineNum++;
} }
@ -112,50 +104,41 @@ public class ConfigurationFileChecker implements ConfigCheck {
if (filename.endsWith(".conf")){ if (filename.endsWith(".conf")){
// 获取当前输入文件的绝对路径 // 获取当前输入文件的绝对路径
File file1 = inputFile.file(); File file1 = inputFile.file();
File absoluteFile = file1.getAbsoluteFile();
// 构建目录路径 // 构建目录路径
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); System.out.println("---------------conf文件路径----------------"+file1);
System.out.println("---------------conf文件路径----------------"+folder);
File[] listOfFiles = folder.listFiles((dir, name) -> name.endsWith(".conf"));
int lineNum = 1; int lineNum = 1;
for (File file : listOfFiles) { Properties prop = new Properties();
if (file.isFile()) { InputStream input = null;
Properties prop = new Properties();
InputStream input = null;
try {
input = new FileInputStream(file);
prop.load(input);
if (prop.containsKey("password")) { try {
System.out.println("password="+ prop.getProperty("password")); input = new FileInputStream(file1);
NewIssue newIssue = context.newIssue(); prop.load(input);
newIssue
.forRule(ruleKey) if (prop.containsKey("password")) {
.at(newIssue.newLocation() System.out.println("password="+ prop.getProperty("password"));
.on(inputFile) NewIssue newIssue = context.newIssue();
.at(inputFile.selectLine(lineNum))) newIssue
.save(); .forRule(ruleKey)
} .at(newIssue.newLocation()
.on(inputFile)
} catch (IOException ex) { .at(inputFile.selectLine(lineNum)))
ex.printStackTrace(); .save();
} finally { }
if (input != null) { } catch (IOException ex) {
try { ex.printStackTrace();
input.close(); } finally {
} catch (IOException e) { if (input != null) {
e.printStackTrace(); try {
} input.close();
} } catch (IOException e) {
} e.printStackTrace();
} }
lineNum++; }
} }
lineNum++;
} }
@ -167,23 +150,17 @@ public class ConfigurationFileChecker implements ConfigCheck {
// 构建目录路径 // 构建目录路径
File dir = new File(String.valueOf(absoluteFile)).getParentFile(); File dir = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------xml文件路径----------------"+dir); System.out.println("---------------xml文件路径----------------"+file1);
FilenameFilter filter = new FilenameFilter() { File xmlFile = new File(dir, filename);
public boolean accept(File dir, String name) { processXML(xmlFile);
return name.endsWith(".xml"); int lineNum = 1;
} NewIssue newIssue = context.newIssue();
}; newIssue
.forRule(ruleKey)
String[] children = dir.list(filter); .at(newIssue.newLocation()
if (children == null) { .on(inputFile)
System.out.println("目录不存在或不是目录"); .at(inputFile.selectLine(lineNum)))
} else { .save();
for (int i = 0; i < children.length; i++) {
String filename1 = children[i];
File xmlFile = new File(dir, filename1);
processXML(xmlFile);
}
}
} }
@ -195,18 +172,19 @@ public class ConfigurationFileChecker implements ConfigCheck {
// 构建目录路径 // 构建目录路径
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); File folder = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------json文件路径----------------"+folder);
File[] listOfFiles = folder.listFiles(); System.out.println("---------------json文件路径----------------"+file1);
ObjectMapper mapper = new ObjectMapper();
if (listOfFiles != null) { JsonNode rootNode = mapper.readTree(file1);
ObjectMapper mapper = new ObjectMapper(); extractPassword(rootNode);
for (File file : listOfFiles) { int lineNum = 1;
if (file.isFile() && file.getName().endsWith(".json")) { NewIssue newIssue = context.newIssue();
JsonNode rootNode = mapper.readTree(file); newIssue
extractPassword(rootNode); .forRule(ruleKey)
} .at(newIssue.newLocation()
} .on(inputFile)
} .at(inputFile.selectLine(lineNum)))
.save();
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); e.printStackTrace();
@ -221,22 +199,26 @@ public class ConfigurationFileChecker implements ConfigCheck {
// 构建目录路径 // 构建目录路径
File dir = new File(String.valueOf(absoluteFile)).getParentFile(); File dir = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------yml文件路径----------------"+dir); System.out.println("---------------yml文件路径----------------"+file1);
Yaml yaml = new Yaml(); Yaml yaml = new Yaml();
for (File file : dir.listFiles()) { try (FileInputStream fis = new FileInputStream(file1)) {
if (file.isFile() && file.getName().endsWith(".yml")) { Map<String, Object> obj = yaml.load(fis);
try (FileInputStream fis = new FileInputStream(file)) { if (obj != null){
Map<String, Object> obj = yaml.load(fis); String password = searchPassword(obj);
if (obj != null){ if (password != null) {
String password = searchPassword(obj); System.out.println("password="+password);
if (password != null) { int lineNum = 1;
System.out.println("password="+password); NewIssue newIssue = context.newIssue();
} newIssue
} .forRule(ruleKey)
} catch (IOException e) { .at(newIssue.newLocation()
e.printStackTrace(); .on(inputFile)
.at(inputFile.selectLine(lineNum)))
.save();
} }
} }
} catch (IOException e) {
e.printStackTrace();
} }
} }

Write Preview
Loading…
Cancel
Save