sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复:根据反馈的问题,修改遇到的问题

Browse Source
master
RenFengJiang 1 month ago
parent dc9b749c56
commit 747fc39bd9
22 changed files with 187 additions and 151 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java
  2. 28
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java
  3. 29
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java
  4. 16
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
  5. 52
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/LogFileWriteChecker.java
  6. 3
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PassWordCountChecker.java
  7. 20
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java
  8. 6
      sonar-keyware-plugins-cxx/src/main/java/org/sonar/cxx/squidbridge/AstScanner.java
  9. 24
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/LogChecker.log
  10. 1
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
  11. 22
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
  12. 2
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
  13. 10
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java
  14. 11
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HostIdentityChecker.java
  15. 5
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java
  16. 7
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagJavaChecker.java
  17. 49
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java
  18. 10
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
  19. 2
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java
  20. 4
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateCheckera.java
  21. 32
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java
  22. 2
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java

3
sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java
Unescape View File

@ -9,7 +9,6 @@ package com.keyware.sonar.Configuration.rules.checkers;
import org.sonar.api.batch.fs.InputFile; import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.sensor.SensorContext; import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.issue.NewIssue;
import org.sonar.api.rule.RuleKey; import org.sonar.api.rule.RuleKey;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.Yaml;
@ -100,7 +99,7 @@ public class SessionDateChecker implements ConfigCheck {
Map<String, Object> currentLevel = map; Map<String, Object> currentLevel = map;
for (int i = 0; i < keys.length - 1; ++i) { for (int i = 0; i < keys.length - 1; ++i) {
Object nextLevel = currentLevel.get(keys[i]); Object nextLevel = currentLevel.get(keys[i]);
if (nextLevel instanceof Map) { if (nextLevel != null && nextLevel instanceof Map) {
currentLevel = (Map<String, Object>) nextLevel; currentLevel = (Map<String, Object>) nextLevel;
} else { } else {
return null; return null;

28
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java
Unescape View File

@ -574,7 +574,12 @@ public class CxxSquidSensor implements ProjectSensor {
} }
}); });
} }
fileLinesContext.save();
try {
fileLinesContext.save();
}catch (Exception e){
LOG.error(e.getMessage());
}
} }
private void saveCpdTokens(InputFile inputFile, SourceCode sourceCode) { private void saveCpdTokens(InputFile inputFile, SourceCode sourceCode) {
@ -621,15 +626,22 @@ public class CxxSquidSensor implements ProjectSensor {
}); });
} }
try {
newHighlighting.save(); newHighlighting.save();
}catch (Exception e){
LOG.error(e.getMessage());
}
} }
private <T extends Serializable> void saveMetric(InputComponent file, Metric<T> metric, T value) { private <T extends Serializable> void saveMetric(InputComponent file, Metric<T> metric, T value) {
context.<T>newMeasure() try {
.withValue(value) context.<T>newMeasure()
.forMetric(metric) .withValue(value)
.on(file) .forMetric(metric)
.save(); .on(file)
.save();
}catch (Exception e){
LOG.error(e.getMessage());
}
} }
} }

29
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java
Unescape View File

@ -53,26 +53,35 @@ public class ErrorMessageChecker extends SquidCheck<Grammar> {
*/ */
@Override @Override
public void visitNode(@Nonnull AstNode node) { public void visitNode(@Nonnull AstNode node) {
//声明集合
List<AstNode> children;
//获取第一种情况参数列表 //获取第一种情况参数列表
AstNode firstDescendant = node.getFirstDescendant(CxxGrammarImpl.additiveExpression); AstNode firstDescendant = node.getFirstDescendant(CxxGrammarImpl.additiveExpression);
if(firstDescendant != null){ if(firstDescendant != null){
//第一种情况获取参数列表 //第一种情况获取参数列表
children = firstDescendant.getChildren(); List<AstNode> children = firstDescendant.getChildren();
//判断参数列表是否包含违规参数
for(AstNode chil : children){
if("IDENTIFIER".equals(chil.getName())){
if(lists.contains(chil.getTokenValue().toLowerCase())){
getContext().createLineViolation(this,"抛出异常消息不得包含敏感信息",chil);
}
}
}
}else { }else {
//获取第二种情况获取参数列表 //获取第二种情况获取参数列表
AstNode descendant = node.getFirstDescendant(CxxGrammarImpl.initializerList); AstNode descendant = node.getFirstDescendant(CxxGrammarImpl.initializerList);
children = descendant.getChildren(); if(descendant != null){
} List<AstNode> children = descendant.getChildren();
//判断参数列表是否包含违规参数 for(AstNode chil : children){
for(AstNode chil : children){ if("IDENTIFIER".equals(chil.getName())){
if("IDENTIFIER".equals(chil.getName())){ if(lists.contains(chil.getTokenValue().toLowerCase())){
if(lists.contains(chil.getTokenValue().toLowerCase())){ getContext().createLineViolation(this,"抛出异常消息不得包含敏感信息",chil);
getContext().createLineViolation(this,"抛出异常消息不得包含敏感信息",chil); }
}
} }
} }
} }
} }
} }

16
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
Unescape View File

@ -106,13 +106,15 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
if (child.getType().equals(CxxGrammarImpl.selectionStatement)) { if (child.getType().equals(CxxGrammarImpl.selectionStatement)) {
// 找到 if 语句节点 // 找到 if 语句节点
AstNode conditionNode = child.getFirstDescendant(CxxGrammarImpl.condition); AstNode conditionNode = child.getFirstDescendant(CxxGrammarImpl.condition);
// 找到条件部分的节点 if(conditionNode != null){
AstNode identifierNode = conditionNode.getFirstDescendant(GenericTokenType.IDENTIFIER); // 找到条件部分的节点
// 找到代表标识符的节点 AstNode identifierNode = conditionNode.getFirstDescendant(GenericTokenType.IDENTIFIER);
if (identifierNode != null) { // 找到代表标识符的节点
String codeInsideIf = identifierNode.getTokenValue(); if (identifierNode != null) {
// 获取标识符节点的值 String codeInsideIf = identifierNode.getTokenValue();
conditionVariables.add(codeInsideIf); // 获取标识符节点的值
conditionVariables.add(codeInsideIf);
}
} }
} else { } else {
addAllIdentifiers(child); addAllIdentifiers(child);

52
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/LogFileWriteChecker.java
Unescape View File

@ -90,36 +90,42 @@ public class LogFileWriteChecker extends SquidCheck<Grammar> {
tokenValue = descendant.getTokenValue(); tokenValue = descendant.getTokenValue();
} else { } else {
AstNode firstDescendant = dec.getFirstDescendant(CxxGrammarImpl.andExpression); AstNode firstDescendant = dec.getFirstDescendant(CxxGrammarImpl.andExpression);
List<AstNode> astNodeList = firstDescendant.getChildren(); if(firstDescendant != null){
for (AstNode ast : astNodeList) { List<AstNode> astNodeList = firstDescendant.getChildren();
if ("IDENTIFIER".equals(ast.getName())) { for (AstNode ast : astNodeList) {
tokenValue = ast.getTokenValue(); if ("IDENTIFIER".equals(ast.getName())) {
} tokenValue = ast.getTokenValue();
}
}
} }
} }
List<AstNode> astNodeList = astNode.getDescendants(CxxGrammarImpl.expression); List<AstNode> astNodeList = astNode.getDescendants(CxxGrammarImpl.expression);
for (AstNode ast : astNodeList) { for (AstNode ast : astNodeList) {
if (tokenValue.equals(ast.getTokenValue())) { if (tokenValue.equals(ast.getTokenValue())) {
AstNode descendant1 = ast.getFirstDescendant(CxxGrammarImpl.postfixExpression); AstNode descendant1 = ast.getFirstDescendant(CxxGrammarImpl.postfixExpression);
List<AstNode> childrens = descendant1.getChildren(); if(descendant1 != null){
for (AstNode fir : childrens) { List<AstNode> childrens = descendant1.getChildren();
//判断是否是debug、info、warn、error for (AstNode fir : childrens) {
if (lists.contains(fir.getTokenValue())) { //判断是否是debug、info、warn、error
AstNode inits = ast.getFirstDescendant(CxxGrammarImpl.initializerList); if (lists.contains(fir.getTokenValue())) {
List<AstNode> descendantChildren = inits.getChildren(); AstNode inits = ast.getFirstDescendant(CxxGrammarImpl.initializerList);
for (AstNode chil : descendantChildren) { if(inits != null){
if ("IDENTIFIER".equals(chil.getName())) { List<AstNode> descendantChildren = inits.getChildren();
if (listss.contains(chil.getTokenValue().toLowerCase())) { for (AstNode chil : descendantChildren) {
getContext().createLineViolation(this, "慎重考虑写入日志文件信息的隐私性", chil); if ("IDENTIFIER".equals(chil.getName())) {
break; if (listss.contains(chil.getTokenValue().toLowerCase())) {
} getContext().createLineViolation(this, "慎重考虑写入日志文件信息的隐私性", chil);
} else if ("additiveExpression".equals(chil.getName())) { break;
List<AstNode> chilChildren = chil.getChildren(); }
for (AstNode dren : chilChildren) { } else if ("additiveExpression".equals(chil.getName())) {
if (listss.contains(dren.getTokenValue().toLowerCase())) { List<AstNode> chilChildren = chil.getChildren();
getContext().createLineViolation(this, "慎重考虑写入日志文件信息的隐私性", dren); for (AstNode dren : chilChildren) {
break; if (listss.contains(dren.getTokenValue().toLowerCase())) {
getContext().createLineViolation(this, "慎重考虑写入日志文件信息的隐私性", dren);
break;
}
}
} }
} }
} }

3
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PassWordCountChecker.java
Unescape View File

@ -17,6 +17,7 @@ import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.cxx.squidbridge.checks.SquidCheck; import org.sonar.cxx.squidbridge.checks.SquidCheck;
import javax.annotation.Nonnull;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -46,7 +47,7 @@ public class PassWordCountChecker extends SquidCheck<Grammar> {
* @param astNode 要处理的AST节点该节点类型为通过subscribeTo方法订阅的类型 * @param astNode 要处理的AST节点该节点类型为通过subscribeTo方法订阅的类型
*/ */
@Override @Override
public void visitNode(AstNode astNode) { public void visitNode(@Nonnull AstNode astNode) {
BodyWay bodyWay = new BodyWay(this); BodyWay bodyWay = new BodyWay(this);
bodyWay.accept(astNode); bodyWay.accept(astNode);
} }

20
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java
Unescape View File

@ -81,16 +81,18 @@ public class SendMessageChecker extends SquidCheck<Grammar> {
} else if (des.getTokenValue().startsWith("send")) { } else if (des.getTokenValue().startsWith("send")) {
//获取其中的参数 //获取其中的参数
AstNode firstDescendant = des.getFirstDescendant(CxxGrammarImpl.initializerList); AstNode firstDescendant = des.getFirstDescendant(CxxGrammarImpl.initializerList);
List<AstNode> children = firstDescendant.getChildren(); if(firstDescendant != null){
if (children != null) { List<AstNode> children = firstDescendant.getChildren();
AstNode astNode = children.get(0); if (children != null) {
//判断其中的参数类型 AstNode astNode = children.get(0);
if ("STRING".equals(astNode.getName())) { //判断其中的参数类型
if ("STRING".equals(astNode.getName())) {
} else { } else {
//判斷其中是否包含敏感字段 //判斷其中是否包含敏感字段
if (lists.contains(astNode.getTokenValue().toLowerCase())) { if (lists.contains(astNode.getTokenValue().toLowerCase())) {
getContext().createLineViolation(this, "发送敏感信息前应对敏感信息进行加密", des); getContext().createLineViolation(this, "发送敏感信息前应对敏感信息进行加密", des);
}
} }
} }
} }

6
sonar-keyware-plugins-cxx/src/main/java/org/sonar/cxx/squidbridge/AstScanner.java
Unescape View File

@ -227,8 +227,10 @@ public class AstScanner<G extends Grammar> {
public Builder<G> withSquidAstVisitor(SquidAstVisitor<G> visitor) { public Builder<G> withSquidAstVisitor(SquidAstVisitor<G> visitor) {
checkNotNull(visitor, "visitor cannot be null"); checkNotNull(visitor, "visitor cannot be null");
visitor.setContext(context); if(visitor.getContext() == null){
visitors.add(visitor); visitor.setContext(context);
visitors.add(visitor);
}
return this; return this;
} }

24
sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/LogChecker.log
Unescape View File

@ -13,7 +13,7 @@
2024.01.14 16:05:34 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled 2024.01.14 16:05:34 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 / 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 /
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4
@ -24,7 +24,7 @@
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 / 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 /
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307
2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61 2024.01.14 16:05:36 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61
@ -475,7 +475,7 @@
2024.01.14 16:51:09 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled 2024.01.14 16:51:09 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 / 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 /
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4
@ -486,7 +486,7 @@
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 / 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 /
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307
2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61 2024.01.14 16:51:10 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61
@ -850,7 +850,7 @@
2024.01.14 17:22:18 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled 2024.01.14 17:22:18 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 / 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 /
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4
@ -861,7 +861,7 @@
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 / 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 /
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307
2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61 2024.01.14 17:22:19 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61
@ -1254,7 +1254,7 @@
2024.01.14 17:49:17 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled 2024.01.14 17:49:17 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 / 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 /
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4
@ -1265,7 +1265,7 @@
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 / 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 /
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307
2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61 2024.01.14 17:49:18 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61
@ -1658,7 +1658,7 @@
2024.01.14 18:19:14 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled 2024.01.14 18:19:14 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 / 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 /
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4
@ -1669,7 +1669,7 @@
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 / 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 /
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307
2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61 2024.01.14 18:19:15 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61
@ -2062,7 +2062,7 @@
2024.01.14 18:48:41 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled 2024.01.14 18:48:41 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.8.0.76515 / c1515bad8ebe3e38e102b68fdec8c429669ec560
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy C++ 信息安全性设计准则 / 1.0 / 1390585ba547ab6e3fe269c9d341cef06e44f08e
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 / 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Checkstyle / 10.12.3 /
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Chinese Pack / 10.2 / null
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.1.0.500 / 4a2d47cf125d03ebacf43536a3897c168deb1b0a
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Configuration detection for Code Quality and Security / 1.3.0.654 / 63073f0270b2c4754afa58eb8b5ea04e2eebf1a4
@ -2073,7 +2073,7 @@
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Example Plugin for SonarQube 10.x / 10.0.0 / null
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 / 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Findbugs / 4.2.5 /
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.10.0.3458 / 3ef14c50cfd03e5b40a2270fc6e8edc5c49dedcd
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.14.0.4481 / dcfff811316898a16bf1c6ff191dd3a5d84d3307
2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61 2024.01.14 18:48:42 INFO web[][o.s.s.p.ServerPluginManager] Deploy Groovy / 1.8 / 6f5ddad1c7cf86e39cd9a8fc0be896660b4d4b61

1
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
Unescape View File

@ -6,7 +6,6 @@
*/ */
package com.keyware.sonar.java.rules; package com.keyware.sonar.java.rules;
import com.keyware.sonar.java.rules.checkers.SessionDateChecker;
import org.sonar.api.SonarEdition; import org.sonar.api.SonarEdition;
import org.sonar.api.SonarProduct; import org.sonar.api.SonarProduct;
import org.sonar.api.SonarQubeSide; import org.sonar.api.SonarQubeSide;

22
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
Unescape View File

@ -37,20 +37,24 @@ public class DynamicCodeChecker extends IssuableSubscriptionVisitor {
MethodInvocationTree node = (MethodInvocationTree) tree; MethodInvocationTree node = (MethodInvocationTree) tree;
var expressionTree = node.methodSelect(); var expressionTree = node.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) { if (expressionTree != null && expressionTree instanceof MemberSelectExpressionTree) {
var exprTree = (MemberSelectExpressionTree) expressionTree; var exprTree = (MemberSelectExpressionTree) expressionTree;
var name = exprTree.identifier(); var name = exprTree.identifier();
if ("eval".equals(name.toString())) { if ("eval".equals(name.toString())) {
var varNameNode = exprTree.expression(); var varNameNode = exprTree.expression();
if (varNameNode instanceof IdentifierTree) { if (varNameNode != null && varNameNode instanceof IdentifierTree) {
var varName = (IdentifierTree) varNameNode; var varName = (IdentifierTree) varNameNode;
var symbol = varName.symbol(); if (varName != null) {
var varDecler = symbol.declaration(); var symbol = varName.symbol();
if (varDecler != null) { if (symbol != null) {
var variableTree = (VariableTree) varDecler; var varDecler = symbol.declaration();
var typeName = variableTree.type().toString(); if (varDecler != null && varDecler instanceof VariableTree) {
if ("ScriptEngine".equals(typeName)) { var variableTree = (VariableTree) varDecler;
context.reportIssue(this, tree, "程序设计时禁止动态构建代码进行功能实现"); var typeName = variableTree.type().toString();
if ("ScriptEngine".equals(typeName)) {
context.reportIssue(this, tree, "程序设计时禁止动态构建代码进行功能实现");
}
}
} }
} }
} }

2
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
Unescape View File

@ -72,7 +72,7 @@ public class DynamicLibraryLoadChecker extends IssuableSubscriptionVisitor {
@Override @Override
public void visitMethodInvocation(MethodInvocationTree tree) { public void visitMethodInvocation(MethodInvocationTree tree) {
var methodSelect = tree.methodSelect(); var methodSelect = tree.methodSelect();
if (methodSelect instanceof MemberSelectExpressionTree) { if (methodSelect != null && methodSelect instanceof MemberSelectExpressionTree) {
var mset = (MemberSelectExpressionTree) methodSelect; var mset = (MemberSelectExpressionTree) methodSelect;
// 判断是否调用了System.loadLibrary() // 判断是否调用了System.loadLibrary()
if (mset.firstToken() != null && "System".equals(mset.firstToken().text()) && "loadLibrary".equals(mset.identifier().name())) { if (mset.firstToken() != null && "System".equals(mset.firstToken().text()) && "loadLibrary".equals(mset.identifier().name())) {

10
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java
Unescape View File

@ -7,8 +7,6 @@
package com.keyware.sonar.java.rules.checkers; package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.model.declaration.VariableTreeImpl;
import org.sonar.java.model.expression.MethodInvocationTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*; import org.sonar.plugins.java.api.tree.*;
@ -77,11 +75,11 @@ public class HashSaltPassWordChecker extends IssuableSubscriptionVisitor {
} }
} else if("BCrypt".equals(memberSelectExpressionTree.expression().toString()) && "hashpw".equals(memberSelectExpressionTree.identifier().name())){ } else if("BCrypt".equals(memberSelectExpressionTree.expression().toString()) && "hashpw".equals(memberSelectExpressionTree.identifier().name())){
Tree parent = memberSelectExpressionTree.parent(); Tree parent = memberSelectExpressionTree.parent();
if(parent instanceof MethodInvocationTreeImpl){ if(parent != null && parent instanceof MethodInvocationTree){
MethodInvocationTreeImpl methodInvocationTree = (MethodInvocationTreeImpl) parent; MethodInvocationTree methodInvocationTree = (MethodInvocationTree) parent;
Tree parent1 = methodInvocationTree.parent(); Tree parent1 = methodInvocationTree.parent();
if(parent1 instanceof VariableTreeImpl){ if(parent1 != null && parent1 instanceof VariableTree){
VariableTreeImpl variableTree = (VariableTreeImpl) parent1; VariableTree variableTree = (VariableTree) parent1;
// 加盐后的参数名称 // 加盐后的参数名称
strPassWord = variableTree.simpleName().name(); strPassWord = variableTree.simpleName().name();
} }

11
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HostIdentityChecker.java
Unescape View File

@ -8,7 +8,6 @@
package com.keyware.sonar.java.rules.checkers; package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*; import org.sonar.plugins.java.api.tree.*;
@ -58,7 +57,7 @@ public class HostIdentityChecker extends IssuableSubscriptionVisitor {
public void visitIfStatement(IfStatementTree tree) { public void visitIfStatement(IfStatementTree tree) {
//获取到if表达式 //获取到if表达式
ExpressionTree condition = tree.condition(); ExpressionTree condition = tree.condition();
if (condition instanceof BinaryExpressionTree) { if (condition != null && condition instanceof BinaryExpressionTree) {
BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition; BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition;
//判断是否进行if判断 //判断是否进行if判断
if ("username".equals(binaryExpressionTree.leftOperand().toString())) { if ("username".equals(binaryExpressionTree.leftOperand().toString())) {
@ -67,12 +66,12 @@ public class HostIdentityChecker extends IssuableSubscriptionVisitor {
passwordBoolean = false; passwordBoolean = false;
} }
} }
if (condition instanceof IdentifierTreeImpl) { if (condition != null && condition instanceof IdentifierTree) {
IdentifierTreeImpl identifierTreeImpl = (IdentifierTreeImpl) condition; IdentifierTree identifierTree = (IdentifierTree) condition;
//判断是否进行if判断 //判断是否进行if判断
if ("username".equals(identifierTreeImpl.name())) { if ("username".equals(identifierTree.name())) {
nameBoolean = false; nameBoolean = false;
} else if ("password".equals(identifierTreeImpl.name())) { } else if ("password".equals(identifierTree.name())) {
passwordBoolean = false; passwordBoolean = false;
} }
} }

5
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java
Unescape View File

@ -8,7 +8,6 @@
package com.keyware.sonar.java.rules.checkers; package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*; import org.sonar.plugins.java.api.tree.*;
@ -98,8 +97,8 @@ public class OptionsVerifyChecker extends IssuableSubscriptionVisitor {
public void visitVariable(VariableTree tree) { public void visitVariable(VariableTree tree) {
IdentifierTree identifierTree = tree.simpleName(); IdentifierTree identifierTree = tree.simpleName();
TypeTree type = tree.type(); TypeTree type = tree.type();
if(type instanceof IdentifierTreeImpl){ if(type != null && type instanceof IdentifierTree){
IdentifierTreeImpl fierTree = (IdentifierTreeImpl) type; IdentifierTree fierTree = (IdentifierTree) type;
if("HttpServletResponse".equals(fierTree.name())){ if("HttpServletResponse".equals(fierTree.name())){
MethodCall methodCall = new MethodCall(); MethodCall methodCall = new MethodCall();
node.block().accept(methodCall); node.block().accept(methodCall);

7
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagJavaChecker.java
Unescape View File

@ -8,7 +8,6 @@
package com.keyware.sonar.java.rules.checkers; package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.model.statement.BlockTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*; import org.sonar.plugins.java.api.tree.*;
@ -35,15 +34,15 @@ public class PasswordInputTagJavaChecker extends IssuableSubscriptionVisitor {
@Override @Override
public void visitNode(Tree tree) { public void visitNode(Tree tree) {
BlockTreeImpl node = (BlockTreeImpl) tree; BlockTree node = (BlockTree) tree;
MethodeBodyVisitor methodeBodyVisitor = new MethodeBodyVisitor(this, node); MethodeBodyVisitor methodeBodyVisitor = new MethodeBodyVisitor(this, node);
node.accept(methodeBodyVisitor); node.accept(methodeBodyVisitor);
} }
static class MethodeBodyVisitor extends BaseTreeVisitor { static class MethodeBodyVisitor extends BaseTreeVisitor {
private BlockTreeImpl blockTree; private BlockTree blockTree;
private PasswordInputTagJavaChecker checker; private PasswordInputTagJavaChecker checker;
public MethodeBodyVisitor(PasswordInputTagJavaChecker checker, BlockTreeImpl blockTree){ public MethodeBodyVisitor(PasswordInputTagJavaChecker checker, BlockTree blockTree){
this.checker = checker; this.checker = checker;
this.blockTree = blockTree; this.blockTree = blockTree;
} }

49
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java
Unescape View File

@ -7,7 +7,6 @@
package com.keyware.sonar.java.rules.checkers; package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.model.expression.LiteralTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*; import org.sonar.plugins.java.api.tree.*;
@ -25,6 +24,7 @@ import java.util.List;
public class RSAEncryptionChecker extends IssuableSubscriptionVisitor { public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
private List nameLists = new ArrayList(); private List nameLists = new ArrayList();
@Override @Override
public List<Tree.Kind> nodesToVisit() { public List<Tree.Kind> nodesToVisit() {
/** /**
@ -42,29 +42,31 @@ public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
MethodBOdyVisitor methodBOdyVisitor = new MethodBOdyVisitor(); MethodBOdyVisitor methodBOdyVisitor = new MethodBOdyVisitor();
tree.accept(methodBOdyVisitor); tree.accept(methodBOdyVisitor);
nameLists = methodBOdyVisitor.getNameLists(); nameLists = methodBOdyVisitor.getNameLists();
}else if(tree.is(Tree.Kind.METHOD_INVOCATION)){ } else if (tree.is(Tree.Kind.METHOD_INVOCATION)) {
MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree; MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
ExpressionTree expressionTree = methodInvocationTree.methodSelect(); ExpressionTree expressionTree = methodInvocationTree.methodSelect();
// 获取到方法调用 if (expressionTree != null) {
if (expressionTree instanceof MemberSelectExpressionTree) { // 获取到方法调用
MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) expressionTree; if (expressionTree instanceof MemberSelectExpressionTree) {
// 判断是否符合标准 MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) expressionTree;
String a = memberSelectExpressionTree.expression().toString(); // 判断是否符合标准
String b = memberSelectExpressionTree.identifier().name(); String a = memberSelectExpressionTree.expression().toString();
if ("Cipher".equals(memberSelectExpressionTree.expression().toString()) && "getInstance".equals(memberSelectExpressionTree.identifier().name())) { String b = memberSelectExpressionTree.identifier().name();
// 获取参数列表 if ("Cipher".equals(memberSelectExpressionTree.expression().toString()) && "getInstance".equals(memberSelectExpressionTree.identifier().name())) {
List<ExpressionTree> arguments = methodInvocationTree.arguments(); // 获取参数列表
for (ExpressionTree argument : arguments) { List<ExpressionTree> arguments = methodInvocationTree.arguments();
if (argument.is(Tree.Kind.STRING_LITERAL)) { for (ExpressionTree argument : arguments) {
LiteralTree literalTree = (LiteralTree) argument; if (argument.is(Tree.Kind.STRING_LITERAL)) {
String c = ((LiteralTree) argument).token().text(); LiteralTree literalTree = (LiteralTree) argument;
// 对参数进行判断判断是否符合要求 String c = ((LiteralTree) argument).token().text();
if (!literalTree.token().text().startsWith("\"RSA")) { // 对参数进行判断判断是否符合要求
if (!literalTree.token().text().startsWith("\"RSA")) {
context.reportIssue(this, argument, "使用RSA最优加密填充");
}
} else if (!nameLists.equals(argument.toString())) {
context.reportIssue(this, argument, "使用RSA最优加密填充"); context.reportIssue(this, argument, "使用RSA最优加密填充");
} }
}else if( !nameLists.equals(argument.toString())){
context.reportIssue(this, argument, "使用RSA最优加密填充");
} }
} }
} }
@ -76,6 +78,7 @@ public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
static class MethodBOdyVisitor extends BaseTreeVisitor { static class MethodBOdyVisitor extends BaseTreeVisitor {
private List nameLists = new ArrayList(); private List nameLists = new ArrayList();
public MethodBOdyVisitor() { public MethodBOdyVisitor() {
} }
@ -88,12 +91,14 @@ public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
public void visitVariable(VariableTree tree) { public void visitVariable(VariableTree tree) {
IdentifierTree identifierTree = tree.simpleName(); IdentifierTree identifierTree = tree.simpleName();
ExpressionTree initializer = tree.initializer(); ExpressionTree initializer = tree.initializer();
if(initializer instanceof LiteralTreeImpl){ if (identifierTree != null && initializer != null && initializer instanceof LiteralTree) {
LiteralTreeImpl literalTree = (LiteralTreeImpl) initializer; LiteralTree literalTree = (LiteralTree) initializer;
if(literalTree.value().startsWith("\"RSA") ){ if (literalTree.value().startsWith("\"RSA")) {
nameLists.add(identifierTree.name()); nameLists.add(identifierTree.name());
} }
} }
} }
} }
} }

10
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
Unescape View File

@ -61,7 +61,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
ReturnStatementTree rs = (ReturnStatementTree) statementTree; ReturnStatementTree rs = (ReturnStatementTree) statementTree;
ExpressionTree exprTree = rs.expression(); ExpressionTree exprTree = rs.expression();
if (exprTree != null && !exprTree.is(Tree.Kind.STRING_LITERAL)) { if (exprTree != null && !exprTree.is(Tree.Kind.STRING_LITERAL)) {
if (exprTree instanceof BinaryExpressionTree) { if (exprTree != null && exprTree instanceof BinaryExpressionTree) {
BinaryExpressionTree bExprTree = (BinaryExpressionTree) exprTree; BinaryExpressionTree bExprTree = (BinaryExpressionTree) exprTree;
if (bExprTree.is(Tree.Kind.PLUS) && bExprTree.leftOperand().is(Tree.Kind.STRING_LITERAL) && bExprTree.rightOperand().is(Tree.Kind.IDENTIFIER)) { if (bExprTree.is(Tree.Kind.PLUS) && bExprTree.leftOperand().is(Tree.Kind.STRING_LITERAL) && bExprTree.rightOperand().is(Tree.Kind.IDENTIFIER)) {
var identifierTree = (IdentifierTree) bExprTree.rightOperand(); var identifierTree = (IdentifierTree) bExprTree.rightOperand();
@ -139,13 +139,13 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
var hasMappingAnnotation = false; var hasMappingAnnotation = false;
for (ModifierTree modifier : methodTree.modifiers()) { for (ModifierTree modifier : methodTree.modifiers()) {
// 判断是否为公共方法 // 判断是否为公共方法
if (!isPublic && modifier instanceof ModifierKeywordTree) { if (!isPublic && modifier != null && modifier instanceof ModifierKeywordTree) {
if (((ModifierKeywordTree) modifier).modifier() == Modifier.PUBLIC) { if (((ModifierKeywordTree) modifier).modifier() == Modifier.PUBLIC) {
isPublic = true; isPublic = true;
} }
} }
// 判断是否包含Mapping注解 // 判断是否包含Mapping注解
if (!hasMappingAnnotation && modifier instanceof AnnotationTree) { if (!hasMappingAnnotation && modifier != null && modifier instanceof AnnotationTree) {
AnnotationTree annotationTree = (AnnotationTree) modifier; AnnotationTree annotationTree = (AnnotationTree) modifier;
if (annotationTree.annotationType() instanceof IdentifierTree) { if (annotationTree.annotationType() instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) annotationTree.annotationType(); IdentifierTree identifierTree = (IdentifierTree) annotationTree.annotationType();
@ -189,7 +189,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
@Override @Override
public void visitMethodInvocation(MethodInvocationTree invocationTree) { public void visitMethodInvocation(MethodInvocationTree invocationTree) {
ExpressionTree expressionTree = invocationTree.methodSelect(); ExpressionTree expressionTree = invocationTree.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) { if (expressionTree != null && expressionTree instanceof MemberSelectExpressionTree) {
MemberSelectExpressionTree member = (MemberSelectExpressionTree) expressionTree; MemberSelectExpressionTree member = (MemberSelectExpressionTree) expressionTree;
if (member.expression().symbolType().is("org.springframework.web.servlet.view.RedirectView") if (member.expression().symbolType().is("org.springframework.web.servlet.view.RedirectView")
&& "setUrl".equals(member.identifier().name())) { && "setUrl".equals(member.identifier().name())) {
@ -201,7 +201,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
private void checkArgs(ExpressionTree argNode, Tree tree) { private void checkArgs(ExpressionTree argNode, Tree tree) {
// 判断该语法树节点是否为IdentifierTree,如果是,则说明语法树节点为变量,然后判断该变量是否是包含在方法的参数列表中 // 判断该语法树节点是否为IdentifierTree,如果是,则说明语法树节点为变量,然后判断该变量是否是包含在方法的参数列表中
if (argNode instanceof IdentifierTree) { if (argNode != null && argNode instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) argNode; IdentifierTree identifierTree = (IdentifierTree) argNode;
String argName = identifierTree.name(); String argName = identifierTree.name();
if (methodParameters.stream().anyMatch(parameter -> parameter.simpleName().name().equals(argName))) { if (methodParameters.stream().anyMatch(parameter -> parameter.simpleName().name().equals(argName))) {

2
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java
Unescape View File

@ -70,7 +70,7 @@ public class SecurityCookieChecker extends IssuableSubscriptionVisitor {
@Override @Override
public void visitMethodInvocation(MethodInvocationTree tree) { public void visitMethodInvocation(MethodInvocationTree tree) {
ExpressionTree expressionTree = tree.methodSelect(); ExpressionTree expressionTree = tree.methodSelect();
if(expressionTree instanceof MemberSelectExpressionTree){ if(expressionTree != null && expressionTree instanceof MemberSelectExpressionTree){
MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) expressionTree; MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) expressionTree;
switch (memberSelectExpressionTree.identifier().name()){ switch (memberSelectExpressionTree.identifier().name()){
// case "setHttpOnly": // case "setHttpOnly":

4
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java → sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateCheckera.java
Unescape View File

@ -27,7 +27,7 @@ import java.util.Scanner;
* @date 2024/1/22 * @date 2024/1/22
*/ */
@Rule(key = "SessionDateChecker") @Rule(key = "SessionDateChecker")
public class SessionDateChecker implements ConfigCheck { public class SessionDateCheckera implements ConfigCheck {
private boolean boo = true; private boolean boo = true;
public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){ public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){
@ -77,7 +77,7 @@ public class SessionDateChecker implements ConfigCheck {
Map<String, Object> currentLevel = map; Map<String, Object> currentLevel = map;
for (int i = 0; i < keys.length - 1; ++i) { for (int i = 0; i < keys.length - 1; ++i) {
Object nextLevel = currentLevel.get(keys[i]); Object nextLevel = currentLevel.get(keys[i]);
if (nextLevel instanceof Map) { if (nextLevel != null && nextLevel instanceof Map) {
currentLevel = (Map<String, Object>) nextLevel; currentLevel = (Map<String, Object>) nextLevel;
} else { } else {
return null; return null;

32
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java
Unescape View File

@ -7,11 +7,11 @@
package com.keyware.sonar.java.rules.checkers; package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*; import org.sonar.plugins.java.api.tree.*;
import java.util.*; import java.util.Collections;
import java.util.List;
/** /**
* 上传文件检查规则 * 上传文件检查规则
@ -99,35 +99,35 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitMethodInvocation(MethodInvocationTree tree) { public void visitMethodInvocation(MethodInvocationTree tree) {
//获取到方法调用的参数 //获取到方法调用的参数
ExpressionTree expressionTree = tree.methodSelect(); ExpressionTree expressionTree = tree.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) { if (expressionTree != null && expressionTree instanceof MemberSelectExpressionTree) {
MemberSelectExpressionTree expressionTree1 = (MemberSelectExpressionTree) expressionTree; MemberSelectExpressionTree expressionTree1 = (MemberSelectExpressionTree) expressionTree;
//对调用方法进行判断 //对调用方法进行判断
if ("getOriginalFilename".equals(expressionTree1.identifier().toString())) { if ("getOriginalFilename".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent(); Tree parent = expressionTree1.parent();
if (parent instanceof MethodInvocationTree) { if (parent != null && parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent; MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent(); Tree parent1 = memberSelectExpressionTree.parent();
if (parent1 instanceof VariableTree) { if (parent1 != null && parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1; VariableTree variableTree = (VariableTree) parent1;
fileName = variableTree.simpleName().toString(); fileName = variableTree.simpleName().toString();
} }
} }
} else if ("extName".equals(expressionTree1.identifier().toString())) { } else if ("extName".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent(); Tree parent = expressionTree1.parent();
if (parent instanceof MethodInvocationTree) { if (parent != null && parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent; MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent(); Tree parent1 = memberSelectExpressionTree.parent();
if (parent1 instanceof VariableTree) { if (parent1 != null && parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1; VariableTree variableTree = (VariableTree) parent1;
fileType = variableTree.simpleName().toString(); fileType = variableTree.simpleName().toString();
} }
} }
} else if ("getSize".equals(expressionTree1.identifier().toString())) { } else if ("getSize".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent(); Tree parent = expressionTree1.parent();
if (parent instanceof MethodInvocationTree) { if (parent != null && parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent; MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent(); Tree parent1 = memberSelectExpressionTree.parent();
if (parent1 instanceof VariableTree) { if (parent1 != null && parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1; VariableTree variableTree = (VariableTree) parent1;
sizeName = variableTree.simpleName().toString(); sizeName = variableTree.simpleName().toString();
} }
@ -153,7 +153,7 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitIfStatement(IfStatementTree tree) { public void visitIfStatement(IfStatementTree tree) {
//获取到if表达式 //获取到if表达式
ExpressionTree condition = tree.condition(); ExpressionTree condition = tree.condition();
if (condition instanceof BinaryExpressionTree) { if (condition != null && condition instanceof BinaryExpressionTree) {
BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition; BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition;
//判断是否进行if判断 //判断是否进行if判断
if (name.equals(binaryExpressionTree.leftOperand().toString())) { if (name.equals(binaryExpressionTree.leftOperand().toString())) {
@ -162,12 +162,12 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
boo = false; boo = false;
} }
} }
if (condition instanceof IdentifierTreeImpl) { if (condition != null && condition instanceof IdentifierTree) {
IdentifierTreeImpl identifierTreeImpl = (IdentifierTreeImpl) condition; IdentifierTree identifierTree = (IdentifierTree) condition;
//判断是否进行if判断 //判断是否进行if判断
if (name.equals(identifierTreeImpl.name())) { if (name.equals(identifierTree.name())) {
boo = false; boo = false;
} else if (name.equals(identifierTreeImpl.name())) { } else if (name.equals(identifierTree.name())) {
boo = false; boo = false;
} }
} }
@ -188,8 +188,8 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitVariable(VariableTree tree) { public void visitVariable(VariableTree tree) {
IdentifierTree identifierTree = tree.simpleName(); IdentifierTree identifierTree = tree.simpleName();
TypeTree type = tree.type(); TypeTree type = tree.type();
if(type instanceof IdentifierTreeImpl){ if(type != null && type instanceof IdentifierTree){
IdentifierTreeImpl fierTree = (IdentifierTreeImpl) type; IdentifierTree fierTree = (IdentifierTree) type;
if("Fileltem".equals(fierTree.name())){ if("Fileltem".equals(fierTree.name())){
NodeIf nodeIf = new NodeIf(identifierTree.name()); NodeIf nodeIf = new NodeIf(identifierTree.name());
node.block().accept(nodeIf); node.block().accept(nodeIf);

2
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java
Unescape View File

@ -80,7 +80,7 @@ public class UpperCycleLimitRuleChecker extends IssuableSubscriptionVisitor {
private void checkVar(ExpressionTree operand) { private void checkVar(ExpressionTree operand) {
if (operand instanceof IdentifierTree) { if (operand != null && operand instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) operand; IdentifierTree identifierTree = (IdentifierTree) operand;
var name = identifierTree.name(); var name = identifierTree.name();
for (VariableTree varTree : args) { for (VariableTree varTree : args) {

Write Preview
Loading…
Cancel
Save