优化准则:通过用户名口令、数据证书等其他手段对用户身份进行验证。

wuhaoyang
wuhaoyang 10 months ago
parent 24ccac44f7
commit 32dba7da4a
  1. 88
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java

@ -29,7 +29,7 @@ import java.util.Scanner;
/**
* TODO ConfigurationFileChecker
* 通过用户名口令数据证书等其他手段对用户身份进行验证
*
* @author WuHaoYang
* @date 2024/1/22
@ -38,7 +38,6 @@ import java.util.Scanner;
public class ConfigurationFileChecker implements ConfigCheck{
@Override
public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){
//文件名称
String filename = inputFile.filename();
@ -76,19 +75,14 @@ public class ConfigurationFileChecker implements ConfigCheck {
if (filename.endsWith(".ini")){
// 获取当前输入文件的绝对路径
File file1 = inputFile.file();
File absoluteFile = file1.getAbsoluteFile();
// 构建目录路径
File folder = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------ini文件路径----------------"+folder);
File[] listOfFiles = folder.listFiles();
System.out.println("---------------ini文件路径----------------"+file1);
int lineNum = 1;
for (File file : listOfFiles) {
if (file.isFile() && file.getName().endsWith(".ini")) {
Properties properties = new Properties();
try (FileInputStream fileInput = new FileInputStream(file)) {
try (FileInputStream fileInput = new FileInputStream(file1)) {
properties.load(fileInput);
String password = properties.getProperty("password");
System.out.println("password=" + password);
@ -102,33 +96,25 @@ public class ConfigurationFileChecker implements ConfigCheck {
} catch (IOException e) {
e.printStackTrace();
}
}
lineNum++;
}
}
if (filename.endsWith(".conf")){
// 获取当前输入文件的绝对路径
File file1 = inputFile.file();
File absoluteFile = file1.getAbsoluteFile();
// 构建目录路径
File folder = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------conf文件路径----------------"+file1);
System.out.println("---------------conf文件路径----------------"+folder);
File[] listOfFiles = folder.listFiles((dir, name) -> name.endsWith(".conf"));
int lineNum = 1;
for (File file : listOfFiles) {
if (file.isFile()) {
Properties prop = new Properties();
InputStream input = null;
try {
input = new FileInputStream(file);
input = new FileInputStream(file1);
prop.load(input);
if (prop.containsKey("password")) {
@ -141,7 +127,6 @@ public class ConfigurationFileChecker implements ConfigCheck {
.at(inputFile.selectLine(lineNum)))
.save();
}
} catch (IOException ex) {
ex.printStackTrace();
} finally {
@ -153,10 +138,8 @@ public class ConfigurationFileChecker implements ConfigCheck {
}
}
}
}
lineNum++;
}
}
@ -167,23 +150,17 @@ public class ConfigurationFileChecker implements ConfigCheck {
// 构建目录路径
File dir = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------xml文件路径----------------"+dir);
FilenameFilter filter = new FilenameFilter() {
public boolean accept(File dir, String name) {
return name.endsWith(".xml");
}
};
String[] children = dir.list(filter);
if (children == null) {
System.out.println("目录不存在或不是目录");
} else {
for (int i = 0; i < children.length; i++) {
String filename1 = children[i];
File xmlFile = new File(dir, filename1);
System.out.println("---------------xml文件路径----------------"+file1);
File xmlFile = new File(dir, filename);
processXML(xmlFile);
}
}
int lineNum = 1;
NewIssue newIssue = context.newIssue();
newIssue
.forRule(ruleKey)
.at(newIssue.newLocation()
.on(inputFile)
.at(inputFile.selectLine(lineNum)))
.save();
}
@ -195,18 +172,19 @@ public class ConfigurationFileChecker implements ConfigCheck {
// 构建目录路径
File folder = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------json文件路径----------------"+folder);
File[] listOfFiles = folder.listFiles();
if (listOfFiles != null) {
System.out.println("---------------json文件路径----------------"+file1);
ObjectMapper mapper = new ObjectMapper();
for (File file : listOfFiles) {
if (file.isFile() && file.getName().endsWith(".json")) {
JsonNode rootNode = mapper.readTree(file);
JsonNode rootNode = mapper.readTree(file1);
extractPassword(rootNode);
}
}
}
int lineNum = 1;
NewIssue newIssue = context.newIssue();
newIssue
.forRule(ruleKey)
.at(newIssue.newLocation()
.on(inputFile)
.at(inputFile.selectLine(lineNum)))
.save();
} catch (IOException e) {
e.printStackTrace();
@ -221,24 +199,28 @@ public class ConfigurationFileChecker implements ConfigCheck {
// 构建目录路径
File dir = new File(String.valueOf(absoluteFile)).getParentFile();
System.out.println("---------------yml文件路径----------------"+dir);
System.out.println("---------------yml文件路径----------------"+file1);
Yaml yaml = new Yaml();
for (File file : dir.listFiles()) {
if (file.isFile() && file.getName().endsWith(".yml")) {
try (FileInputStream fis = new FileInputStream(file)) {
try (FileInputStream fis = new FileInputStream(file1)) {
Map<String, Object> obj = yaml.load(fis);
if (obj != null){
String password = searchPassword(obj);
if (password != null) {
System.out.println("password="+password);
int lineNum = 1;
NewIssue newIssue = context.newIssue();
newIssue
.forRule(ruleKey)
.at(newIssue.newLocation()
.on(inputFile)
.at(inputFile.selectLine(lineNum)))
.save();
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
public static void processXML(File xmlFile) {

Loading…
Cancel
Save