From 395f16889e3661c1ed1e36e4c222a7a4e2039e66 Mon Sep 17 00:00:00 2001 From: wuhaoyang <2507865306@qq.com> Date: Mon, 29 Jan 2024 16:29:56 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=87=86=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/keyware/sonar/java/ConfigFileSquidSensor.java | 4 ++++ .../keyware/sonar/java/rules/checkers/DynamicCodeChecker.java | 2 +- .../sonar/java/rules/checkers/HashSaltPassWordChecker.java | 2 ++ .../sonar/java/rules/checkers/Md5PassWordVerifyChecker.java | 2 ++ .../keyware/sonar/java/rules/checkers/RedirectUrlChecker.java | 2 +- 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java index 0881079..1cbe00c 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java @@ -16,9 +16,12 @@ import org.sonar.api.batch.rule.Checks; import org.sonar.api.batch.sensor.Sensor; import org.sonar.api.batch.sensor.SensorContext; import org.sonar.api.batch.sensor.SensorDescriptor; +import org.sonar.api.utils.log.Logger; +import org.sonar.api.utils.log.Loggers; public class ConfigFileSquidSensor implements Sensor { + private final Logger LOG = Loggers.get(ConfigFileSquidSensor.class); private final Checks checks; private SensorContext context; @@ -39,6 +42,7 @@ public class ConfigFileSquidSensor implements Sensor { @Override public void execute(SensorContext context) { FilePredicates p = context.fileSystem().predicates(); + LOG.info("ConfigFileSquidSensor FileSystem class is: {}", context.fileSystem().getClass().getName()); for (InputFile inputFile : context.fileSystem().inputFiles(p.hasLanguages(ConfigurationFileLanguage.KEY))) { checks.all().forEach(check -> { check.execute(context, inputFile, checks.ruleKey(check)); diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java index 094a3cb..f47a741 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java @@ -35,7 +35,7 @@ public class DynamicCodeChecker extends IssuableSubscriptionVisitor { @Override public void visitNode(Tree tree) { MethodInvocationTree node = (MethodInvocationTree) tree; - System.out.println(node); + var expressionTree = node.methodSelect(); if (expressionTree instanceof MemberSelectExpressionTree) { var exprTree = (MemberSelectExpressionTree) expressionTree; diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java index f0bd642..201d110 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java @@ -71,6 +71,8 @@ public class HashSaltPassWordChecker extends IssuableSubscriptionVisitor { if(!identifierTree.name().equals(strPassWord)){ checker.context.reportIssue(checker, identifierTree, "应使用盐值计算口令"); } + }else { + checker.context.reportIssue(checker, expressionTree1, "应使用盐值计算口令"); } } } diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java index a69d8c9..c9a19b4 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java @@ -71,6 +71,8 @@ public class Md5PassWordVerifyChecker extends IssuableSubscriptionVisitor { if(!identifierTree.name().equals(strPassWord)){ checker.context.reportIssue(checker, identifierTree, "应使用单向不可逆的加密算法"); } + }else { + checker.context.reportIssue(checker, expressionTree1, "应使用单向不可逆的加密算法"); } } } diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java index d365328..fbd5f5c 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java @@ -138,7 +138,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor { ExpressionTree expressionTree = invocationTree.methodSelect(); if (expressionTree instanceof MemberSelectExpressionTree) { MemberSelectExpressionTree member = (MemberSelectExpressionTree) expressionTree; - if (member.expression().symbolType().is("RedirectView") + if (member.expression().symbolType().is("org.springframework.web.servlet.view.RedirectView") && "setUrl".equals(member.identifier().name())) { ExpressionTree argNode = invocationTree.arguments().get(0); checkArgs(argNode, invocationTree);