diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionCacheParamsChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionCacheParamsChecker.java
new file mode 100644
index 0000000..136ee9d
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionCacheParamsChecker.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称:信息安全性设计准则检查插件
+ * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件
+ * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.java.rules.checkers;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
+import org.sonar.plugins.java.api.tree.Tree;
+
+import javax.annotation.Nonnull;
+import java.util.List;
+
+/**
+ * 将页面隐藏域字段、Cookie、URL等关键参数缓存到服务器端的会话中,程序使用该数据须通过会话获取
+ * 在Java web应用开发中,隐藏域字段、Cookie、URL等关键参数应通过会话获取和传递。
+ *
+ * @author GuoXin
+ * @date 2024/1/24
+ */
+@Rule(key = "SessionCacheParamsChecker")
+public class SessionCacheParamsChecker extends IssuableSubscriptionVisitor {
+ private static final List HIDED_PARAMS = List.of(
+ "id",
+ "token"
+ );
+
+
+ @Override
+ public List nodesToVisit() {
+ return List.of(Tree.Kind.METHOD_INVOCATION);
+ }
+
+ @Override
+ public void visitNode(@Nonnull Tree tree) {
+
+ }
+
+
+}
diff --git a/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java b/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java
new file mode 100644
index 0000000..34f4d6a
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/SessionCacheParamsChecker.java
@@ -0,0 +1,22 @@
+package com.example;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+public class ExampleServlet extends HttpServlet {
+ public void doGet(HttpServletRequest request, HttpServletResponse response) {
+ // 直接从request获取参数
+ String param = request.getParameter("userId"); // Noncompliant {{建议将页面隐藏域字段、Cookie、URL等关键参数缓存到服务器端的会话中,并通过会话获取}}
+
+ // 直接从request获取Cookies
+ Cookie[] cookies = request.getCookies();
+ // 将参数存储到session
+ HttpSession session = request.getSession();
+ session.setAttribute("sessionParam", param);
+ // 其他代码...
+ }
+
+ private void get(HttpServletRequest request, HttpServletResponse response){
+
+ }
+}
\ No newline at end of file