diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java index 8319b56..16b2a1b 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java @@ -8,7 +8,7 @@ package com.keyware.sonar.java.rules.checkers; import org.sonar.check.Rule; import org.sonar.java.ast.parser.ArgumentListTreeImpl; -import org.sonar.java.model.expression.AssignmentExpressionTreeImpl; +import org.sonar.java.model.expression.BinaryExpressionTreeImpl; import org.sonar.java.model.expression.IdentifierTreeImpl; import org.sonar.java.model.expression.LiteralTreeImpl; import org.sonar.java.model.expression.MemberSelectExpressionTreeImpl; @@ -54,9 +54,15 @@ public class HttpInputDataChecker extends IssuableSubscriptionVisitor { @Override public void visitIfStatement(IfStatementTree tree) { ExpressionTree condition = tree.condition(); - if(condition instanceof AssignmentExpressionTreeImpl){ - AssignmentExpressionTreeImpl assignmentExpressionTree = (AssignmentExpressionTreeImpl) condition; - list.add(assignmentExpressionTree.variable().toString()); + if (condition instanceof BinaryExpressionTreeImpl) { + BinaryExpressionTreeImpl binaryExpressionTree = (BinaryExpressionTreeImpl) condition; + List children = binaryExpressionTree.children(); + for (Tree child:children) { + if(child instanceof IdentifierTreeImpl){ + IdentifierTreeImpl identifierTree = (IdentifierTreeImpl) child; + list.add(identifierTree.name()); + } + } } } @@ -87,9 +93,5 @@ public class HttpInputDataChecker extends IssuableSubscriptionVisitor { } } } - - - - } } diff --git a/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java b/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java index 75e50ab..e73e421 100644 --- a/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java +++ b/sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java @@ -1,8 +1,193 @@ - public class HttpInputDataRule { + public static void main(String[] args) { // 假设有一个HttpServletResponse对象 - HttpServletResponse response = new HttpServletResponse(); + HttpServletResponse response = new HttpServletResponse() { + @Override + public String getCharacterEncoding() { + return null; + } + + @Override + public String getContentType() { + return null; + } + + @Override + public ServletOutputStream getOutputStream() throws IOException { + return null; + } + + @Override + public PrintWriter getWriter() throws IOException { + return null; + } + + @Override + public void setCharacterEncoding(String s) { + + } + + @Override + public void setContentLength(int i) { + + } + + @Override + public void setContentLengthLong(long l) { + + } + + @Override + public void setContentType(String s) { + + } + + @Override + public void setBufferSize(int i) { + + } + + @Override + public int getBufferSize() { + return 0; + } + + @Override + public void flushBuffer() throws IOException { + + } + + @Override + public void resetBuffer() { + + } + + @Override + public boolean isCommitted() { + return false; + } + + @Override + public void reset() { + + } + + @Override + public void setLocale(Locale locale) { + + } + + @Override + public Locale getLocale() { + return null; + } + + @Override + public void addCookie(Cookie cookie) { + + } + + @Override + public boolean containsHeader(String s) { + return false; + } + + @Override + public String encodeURL(String s) { + return null; + } + + @Override + public String encodeRedirectURL(String s) { + return null; + } + + @Override + public String encodeUrl(String s) { + return null; + } + + @Override + public String encodeRedirectUrl(String s) { + return null; + } + + @Override + public void sendError(int i, String s) throws IOException { + + } + + @Override + public void sendError(int i) throws IOException { + + } + + @Override + public void sendRedirect(String s) throws IOException { + + } + + @Override + public void setDateHeader(String s, long l) { + + } + + @Override + public void addDateHeader(String s, long l) { + + } + + @Override + public void setHeader(String s, String s1) { + + } + + @Override + public void addHeader(String s, String s1) { + + } + + @Override + public void setIntHeader(String s, int i) { + + } + + @Override + public void addIntHeader(String s, int i) { + + } + + @Override + public void setStatus(int i) { + + } + + @Override + public void setStatus(int i, String s) { + + } + + @Override + public int getStatus() { + return 0; + } + + @Override + public String getHeader(String s) { + return null; + } + + @Override + public Collection getHeaders(String s) { + return null; + } + + @Override + public Collection getHeaderNames() { + return null; + } + }; // 设置单个报头 response.setHeader("Content-Type", "text/plain"); // Noncompliant {{HTTP输入数据验证}} @@ -10,10 +195,10 @@ public class HttpInputDataRule { // 添加多个报头 String a = "Cache-Control"; String b = "no-cache" ; - if(a = "asds"){ + if(a == "asds"){ } - if(b = "asds"){ + if(b == "asds"){ } @@ -22,4 +207,4 @@ public class HttpInputDataRule { // 其他操作... } -} +} \ No newline at end of file