sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复:根据反馈的问题,修改遇到的问题

Browse Source
master
RenFengJiang 1 month ago
parent dc9b749c56
commit 747fc39bd9
22 changed files with 187 additions and 151 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java
  2. 14
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java
  3. 21
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java
  4. 2
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
  5. 6
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/LogFileWriteChecker.java
  6. 3
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PassWordCountChecker.java
  7. 2
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java
  8. 2
      sonar-keyware-plugins-cxx/src/main/java/org/sonar/cxx/squidbridge/AstScanner.java
  9. 1
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
  10. 10
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
  11. 2
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
  12. 10
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java
  13. 11
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HostIdentityChecker.java
  14. 5
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java
  15. 7
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagJavaChecker.java
  16. 17
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java
  17. 10
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
  18. 2
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java
  19. 4
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateCheckera.java
  20. 32
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java
  21. 2
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java

3
sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java
Unescape View File

@ -9,7 +9,6 @@ package com.keyware.sonar.Configuration.rules.checkers;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.issue.NewIssue;
import org.sonar.api.rule.RuleKey;
import org.sonar.check.Rule;
import org.yaml.snakeyaml.Yaml;
@ -100,7 +99,7 @@ public class SessionDateChecker implements ConfigCheck {
Map<String, Object> currentLevel = map;
for (int i = 0; i < keys.length - 1; ++i) {
Object nextLevel = currentLevel.get(keys[i]);
if (nextLevel instanceof Map) {
if (nextLevel != null && nextLevel instanceof Map) {
currentLevel = (Map<String, Object>) nextLevel;
} else {
return null;

14
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java
Unescape View File

@ -574,7 +574,12 @@ public class CxxSquidSensor implements ProjectSensor {
}
});
}
try {
fileLinesContext.save();
}catch (Exception e){
LOG.error(e.getMessage());
}
}
private void saveCpdTokens(InputFile inputFile, SourceCode sourceCode) {
@ -621,15 +626,22 @@ public class CxxSquidSensor implements ProjectSensor {
});
}
try {
newHighlighting.save();
}catch (Exception e){
LOG.error(e.getMessage());
}
}
private <T extends Serializable> void saveMetric(InputComponent file, Metric<T> metric, T value) {
try {
context.<T>newMeasure()
.withValue(value)
.forMetric(metric)
.on(file)
.save();
}catch (Exception e){
LOG.error(e.getMessage());
}
}
}

21
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java
Unescape View File

@ -53,19 +53,24 @@ public class ErrorMessageChecker extends SquidCheck<Grammar> {
*/
@Override
public void visitNode(@Nonnull AstNode node) {
//声明集合
List<AstNode> children;
//获取第一种情况参数列表
AstNode firstDescendant = node.getFirstDescendant(CxxGrammarImpl.additiveExpression);
if(firstDescendant != null){
//第一种情况获取参数列表
children = firstDescendant.getChildren();
List<AstNode> children = firstDescendant.getChildren();
//判断参数列表是否包含违规参数
for(AstNode chil : children){
if("IDENTIFIER".equals(chil.getName())){
if(lists.contains(chil.getTokenValue().toLowerCase())){
getContext().createLineViolation(this,"抛出异常消息不得包含敏感信息",chil);
}
}
}
}else {
//获取第二种情况获取参数列表
AstNode descendant = node.getFirstDescendant(CxxGrammarImpl.initializerList);
children = descendant.getChildren();
}
//判断参数列表是否包含违规参数
if(descendant != null){
List<AstNode> children = descendant.getChildren();
for(AstNode chil : children){
if("IDENTIFIER".equals(chil.getName())){
if(lists.contains(chil.getTokenValue().toLowerCase())){
@ -73,6 +78,10 @@ public class ErrorMessageChecker extends SquidCheck<Grammar> {
}
}
}
}
}
}
}

2
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
Unescape View File

@ -106,6 +106,7 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
if (child.getType().equals(CxxGrammarImpl.selectionStatement)) {
// 找到 if 语句节点
AstNode conditionNode = child.getFirstDescendant(CxxGrammarImpl.condition);
if(conditionNode != null){
// 找到条件部分的节点
AstNode identifierNode = conditionNode.getFirstDescendant(GenericTokenType.IDENTIFIER);
// 找到代表标识符的节点
@ -114,6 +115,7 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
// 获取标识符节点的值
conditionVariables.add(codeInsideIf);
}
}
} else {
addAllIdentifiers(child);
}

6
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/LogFileWriteChecker.java
Unescape View File

@ -90,6 +90,7 @@ public class LogFileWriteChecker extends SquidCheck<Grammar> {
tokenValue = descendant.getTokenValue();
} else {
AstNode firstDescendant = dec.getFirstDescendant(CxxGrammarImpl.andExpression);
if(firstDescendant != null){
List<AstNode> astNodeList = firstDescendant.getChildren();
for (AstNode ast : astNodeList) {
if ("IDENTIFIER".equals(ast.getName())) {
@ -98,15 +99,18 @@ public class LogFileWriteChecker extends SquidCheck<Grammar> {
}
}
}
List<AstNode> astNodeList = astNode.getDescendants(CxxGrammarImpl.expression);
for (AstNode ast : astNodeList) {
if (tokenValue.equals(ast.getTokenValue())) {
AstNode descendant1 = ast.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(descendant1 != null){
List<AstNode> childrens = descendant1.getChildren();
for (AstNode fir : childrens) {
//判断是否是debug、info、warn、error
if (lists.contains(fir.getTokenValue())) {
AstNode inits = ast.getFirstDescendant(CxxGrammarImpl.initializerList);
if(inits != null){
List<AstNode> descendantChildren = inits.getChildren();
for (AstNode chil : descendantChildren) {
if ("IDENTIFIER".equals(chil.getName())) {
@ -129,6 +133,8 @@ public class LogFileWriteChecker extends SquidCheck<Grammar> {
}
}
}
}
}
}
}

3
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PassWordCountChecker.java
Unescape View File

@ -17,6 +17,7 @@ import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.cxx.squidbridge.checks.SquidCheck;
import javax.annotation.Nonnull;
import java.util.ArrayList;
import java.util.List;
@ -46,7 +47,7 @@ public class PassWordCountChecker extends SquidCheck<Grammar> {
* @param astNode 要处理的AST节点该节点类型为通过subscribeTo方法订阅的类型
*/
@Override
public void visitNode(AstNode astNode) {
public void visitNode(@Nonnull AstNode astNode) {
BodyWay bodyWay = new BodyWay(this);
bodyWay.accept(astNode);
}

2
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java
Unescape View File

@ -81,6 +81,7 @@ public class SendMessageChecker extends SquidCheck<Grammar> {
} else if (des.getTokenValue().startsWith("send")) {
//获取其中的参数
AstNode firstDescendant = des.getFirstDescendant(CxxGrammarImpl.initializerList);
if(firstDescendant != null){
List<AstNode> children = firstDescendant.getChildren();
if (children != null) {
AstNode astNode = children.get(0);
@ -97,5 +98,6 @@ public class SendMessageChecker extends SquidCheck<Grammar> {
}
}
}
}
}

2
sonar-keyware-plugins-cxx/src/main/java/org/sonar/cxx/squidbridge/AstScanner.java
Unescape View File

@ -227,8 +227,10 @@ public class AstScanner<G extends Grammar> {
public Builder<G> withSquidAstVisitor(SquidAstVisitor<G> visitor) {
checkNotNull(visitor, "visitor cannot be null");
if(visitor.getContext() == null){
visitor.setContext(context);
visitors.add(visitor);
}
return this;
}

1
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/JavaSecurityDesignRulesRepository.java
Unescape View File

@ -6,7 +6,6 @@
*/
package com.keyware.sonar.java.rules;
import com.keyware.sonar.java.rules.checkers.SessionDateChecker;
import org.sonar.api.SonarEdition;
import org.sonar.api.SonarProduct;
import org.sonar.api.SonarQubeSide;

10
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java
Unescape View File

@ -37,16 +37,18 @@ public class DynamicCodeChecker extends IssuableSubscriptionVisitor {
MethodInvocationTree node = (MethodInvocationTree) tree;
var expressionTree = node.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) {
if (expressionTree != null && expressionTree instanceof MemberSelectExpressionTree) {
var exprTree = (MemberSelectExpressionTree) expressionTree;
var name = exprTree.identifier();
if ("eval".equals(name.toString())) {
var varNameNode = exprTree.expression();
if (varNameNode instanceof IdentifierTree) {
if (varNameNode != null && varNameNode instanceof IdentifierTree) {
var varName = (IdentifierTree) varNameNode;
if (varName != null) {
var symbol = varName.symbol();
if (symbol != null) {
var varDecler = symbol.declaration();
if (varDecler != null) {
if (varDecler != null && varDecler instanceof VariableTree) {
var variableTree = (VariableTree) varDecler;
var typeName = variableTree.type().toString();
if ("ScriptEngine".equals(typeName)) {
@ -57,5 +59,7 @@ public class DynamicCodeChecker extends IssuableSubscriptionVisitor {
}
}
}
}
}
}

2
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicLibraryLoadChecker.java
Unescape View File

@ -72,7 +72,7 @@ public class DynamicLibraryLoadChecker extends IssuableSubscriptionVisitor {
@Override
public void visitMethodInvocation(MethodInvocationTree tree) {
var methodSelect = tree.methodSelect();
if (methodSelect instanceof MemberSelectExpressionTree) {
if (methodSelect != null && methodSelect instanceof MemberSelectExpressionTree) {
var mset = (MemberSelectExpressionTree) methodSelect;
// 判断是否调用了System.loadLibrary()
if (mset.firstToken() != null && "System".equals(mset.firstToken().text()) && "loadLibrary".equals(mset.identifier().name())) {

10
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java
Unescape View File

@ -7,8 +7,6 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.model.declaration.VariableTreeImpl;
import org.sonar.java.model.expression.MethodInvocationTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
@ -77,11 +75,11 @@ public class HashSaltPassWordChecker extends IssuableSubscriptionVisitor {
}
} else if("BCrypt".equals(memberSelectExpressionTree.expression().toString()) && "hashpw".equals(memberSelectExpressionTree.identifier().name())){
Tree parent = memberSelectExpressionTree.parent();
if(parent instanceof MethodInvocationTreeImpl){
MethodInvocationTreeImpl methodInvocationTree = (MethodInvocationTreeImpl) parent;
if(parent != null && parent instanceof MethodInvocationTree){
MethodInvocationTree methodInvocationTree = (MethodInvocationTree) parent;
Tree parent1 = methodInvocationTree.parent();
if(parent1 instanceof VariableTreeImpl){
VariableTreeImpl variableTree = (VariableTreeImpl) parent1;
if(parent1 != null && parent1 instanceof VariableTree){
VariableTree variableTree = (VariableTree) parent1;
// 加盐后的参数名称
strPassWord = variableTree.simpleName().name();
}

11
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HostIdentityChecker.java
Unescape View File

@ -8,7 +8,6 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
@ -58,7 +57,7 @@ public class HostIdentityChecker extends IssuableSubscriptionVisitor {
public void visitIfStatement(IfStatementTree tree) {
//获取到if表达式
ExpressionTree condition = tree.condition();
if (condition instanceof BinaryExpressionTree) {
if (condition != null && condition instanceof BinaryExpressionTree) {
BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition;
//判断是否进行if判断
if ("username".equals(binaryExpressionTree.leftOperand().toString())) {
@ -67,12 +66,12 @@ public class HostIdentityChecker extends IssuableSubscriptionVisitor {
passwordBoolean = false;
}
}
if (condition instanceof IdentifierTreeImpl) {
IdentifierTreeImpl identifierTreeImpl = (IdentifierTreeImpl) condition;
if (condition != null && condition instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) condition;
//判断是否进行if判断
if ("username".equals(identifierTreeImpl.name())) {
if ("username".equals(identifierTree.name())) {
nameBoolean = false;
} else if ("password".equals(identifierTreeImpl.name())) {
} else if ("password".equals(identifierTree.name())) {
passwordBoolean = false;
}
}

5
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java
Unescape View File

@ -8,7 +8,6 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
@ -98,8 +97,8 @@ public class OptionsVerifyChecker extends IssuableSubscriptionVisitor {
public void visitVariable(VariableTree tree) {
IdentifierTree identifierTree = tree.simpleName();
TypeTree type = tree.type();
if(type instanceof IdentifierTreeImpl){
IdentifierTreeImpl fierTree = (IdentifierTreeImpl) type;
if(type != null && type instanceof IdentifierTree){
IdentifierTree fierTree = (IdentifierTree) type;
if("HttpServletResponse".equals(fierTree.name())){
MethodCall methodCall = new MethodCall();
node.block().accept(methodCall);

7
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagJavaChecker.java
Unescape View File

@ -8,7 +8,6 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.model.statement.BlockTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
@ -35,15 +34,15 @@ public class PasswordInputTagJavaChecker extends IssuableSubscriptionVisitor {
@Override
public void visitNode(Tree tree) {
BlockTreeImpl node = (BlockTreeImpl) tree;
BlockTree node = (BlockTree) tree;
MethodeBodyVisitor methodeBodyVisitor = new MethodeBodyVisitor(this, node);
node.accept(methodeBodyVisitor);
}
static class MethodeBodyVisitor extends BaseTreeVisitor {
private BlockTreeImpl blockTree;
private BlockTree blockTree;
private PasswordInputTagJavaChecker checker;
public MethodeBodyVisitor(PasswordInputTagJavaChecker checker, BlockTreeImpl blockTree){
public MethodeBodyVisitor(PasswordInputTagJavaChecker checker, BlockTree blockTree){
this.checker = checker;
this.blockTree = blockTree;
}

17
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java
Unescape View File

@ -7,7 +7,6 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.model.expression.LiteralTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
@ -25,6 +24,7 @@ import java.util.List;
public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
private List nameLists = new ArrayList();
@Override
public List<Tree.Kind> nodesToVisit() {
/**
@ -42,10 +42,11 @@ public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
MethodBOdyVisitor methodBOdyVisitor = new MethodBOdyVisitor();
tree.accept(methodBOdyVisitor);
nameLists = methodBOdyVisitor.getNameLists();
}else if(tree.is(Tree.Kind.METHOD_INVOCATION)){
} else if (tree.is(Tree.Kind.METHOD_INVOCATION)) {
MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
ExpressionTree expressionTree = methodInvocationTree.methodSelect();
if (expressionTree != null) {
// 获取到方法调用
if (expressionTree instanceof MemberSelectExpressionTree) {
MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) expressionTree;
@ -63,19 +64,21 @@ public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
if (!literalTree.token().text().startsWith("\"RSA")) {
context.reportIssue(this, argument, "使用RSA最优加密填充");
}
}else if( !nameLists.equals(argument.toString())){
} else if (!nameLists.equals(argument.toString())) {
context.reportIssue(this, argument, "使用RSA最优加密填充");
}
}
}
}
}
}
}
static class MethodBOdyVisitor extends BaseTreeVisitor {
private List nameLists = new ArrayList();
public MethodBOdyVisitor() {
}
@ -88,12 +91,14 @@ public class RSAEncryptionChecker extends IssuableSubscriptionVisitor {
public void visitVariable(VariableTree tree) {
IdentifierTree identifierTree = tree.simpleName();
ExpressionTree initializer = tree.initializer();
if(initializer instanceof LiteralTreeImpl){
LiteralTreeImpl literalTree = (LiteralTreeImpl) initializer;
if(literalTree.value().startsWith("\"RSA") ){
if (identifierTree != null && initializer != null && initializer instanceof LiteralTree) {
LiteralTree literalTree = (LiteralTree) initializer;
if (literalTree.value().startsWith("\"RSA")) {
nameLists.add(identifierTree.name());
}
}
}
}
}

10
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java
Unescape View File

@ -61,7 +61,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
ReturnStatementTree rs = (ReturnStatementTree) statementTree;
ExpressionTree exprTree = rs.expression();
if (exprTree != null && !exprTree.is(Tree.Kind.STRING_LITERAL)) {
if (exprTree instanceof BinaryExpressionTree) {
if (exprTree != null && exprTree instanceof BinaryExpressionTree) {
BinaryExpressionTree bExprTree = (BinaryExpressionTree) exprTree;
if (bExprTree.is(Tree.Kind.PLUS) && bExprTree.leftOperand().is(Tree.Kind.STRING_LITERAL) && bExprTree.rightOperand().is(Tree.Kind.IDENTIFIER)) {
var identifierTree = (IdentifierTree) bExprTree.rightOperand();
@ -139,13 +139,13 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
var hasMappingAnnotation = false;
for (ModifierTree modifier : methodTree.modifiers()) {
// 判断是否为公共方法
if (!isPublic && modifier instanceof ModifierKeywordTree) {
if (!isPublic && modifier != null && modifier instanceof ModifierKeywordTree) {
if (((ModifierKeywordTree) modifier).modifier() == Modifier.PUBLIC) {
isPublic = true;
}
}
// 判断是否包含Mapping注解
if (!hasMappingAnnotation && modifier instanceof AnnotationTree) {
if (!hasMappingAnnotation && modifier != null && modifier instanceof AnnotationTree) {
AnnotationTree annotationTree = (AnnotationTree) modifier;
if (annotationTree.annotationType() instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) annotationTree.annotationType();
@ -189,7 +189,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
@Override
public void visitMethodInvocation(MethodInvocationTree invocationTree) {
ExpressionTree expressionTree = invocationTree.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) {
if (expressionTree != null && expressionTree instanceof MemberSelectExpressionTree) {
MemberSelectExpressionTree member = (MemberSelectExpressionTree) expressionTree;
if (member.expression().symbolType().is("org.springframework.web.servlet.view.RedirectView")
&& "setUrl".equals(member.identifier().name())) {
@ -201,7 +201,7 @@ public class RedirectUrlChecker extends IssuableSubscriptionVisitor {
private void checkArgs(ExpressionTree argNode, Tree tree) {
// 判断该语法树节点是否为IdentifierTree,如果是,则说明语法树节点为变量,然后判断该变量是否是包含在方法的参数列表中
if (argNode instanceof IdentifierTree) {
if (argNode != null && argNode instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) argNode;
String argName = identifierTree.name();
if (methodParameters.stream().anyMatch(parameter -> parameter.simpleName().name().equals(argName))) {

2
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java
Unescape View File

@ -70,7 +70,7 @@ public class SecurityCookieChecker extends IssuableSubscriptionVisitor {
@Override
public void visitMethodInvocation(MethodInvocationTree tree) {
ExpressionTree expressionTree = tree.methodSelect();
if(expressionTree instanceof MemberSelectExpressionTree){
if(expressionTree != null && expressionTree instanceof MemberSelectExpressionTree){
MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) expressionTree;
switch (memberSelectExpressionTree.identifier().name()){
// case "setHttpOnly":

4
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java → sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateCheckera.java
Unescape View File

@ -27,7 +27,7 @@ import java.util.Scanner;
* @date 2024/1/22
*/
@Rule(key = "SessionDateChecker")
public class SessionDateChecker implements ConfigCheck {
public class SessionDateCheckera implements ConfigCheck {
private boolean boo = true;
public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){
@ -77,7 +77,7 @@ public class SessionDateChecker implements ConfigCheck {
Map<String, Object> currentLevel = map;
for (int i = 0; i < keys.length - 1; ++i) {
Object nextLevel = currentLevel.get(keys[i]);
if (nextLevel instanceof Map) {
if (nextLevel != null && nextLevel instanceof Map) {
currentLevel = (Map<String, Object>) nextLevel;
} else {
return null;

32
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java
Unescape View File

@ -7,11 +7,11 @@
package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule;
import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.*;
import java.util.*;
import java.util.Collections;
import java.util.List;
/**
* 上传文件检查规则
@ -99,35 +99,35 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitMethodInvocation(MethodInvocationTree tree) {
//获取到方法调用的参数
ExpressionTree expressionTree = tree.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) {
if (expressionTree != null && expressionTree instanceof MemberSelectExpressionTree) {
MemberSelectExpressionTree expressionTree1 = (MemberSelectExpressionTree) expressionTree;
//对调用方法进行判断
if ("getOriginalFilename".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent();
if (parent instanceof MethodInvocationTree) {
if (parent != null && parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent();
if (parent1 instanceof VariableTree) {
if (parent1 != null && parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1;
fileName = variableTree.simpleName().toString();
}
}
} else if ("extName".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent();
if (parent instanceof MethodInvocationTree) {
if (parent != null && parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent();
if (parent1 instanceof VariableTree) {
if (parent1 != null && parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1;
fileType = variableTree.simpleName().toString();
}
}
} else if ("getSize".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent();
if (parent instanceof MethodInvocationTree) {
if (parent != null && parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent();
if (parent1 instanceof VariableTree) {
if (parent1 != null && parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1;
sizeName = variableTree.simpleName().toString();
}
@ -153,7 +153,7 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitIfStatement(IfStatementTree tree) {
//获取到if表达式
ExpressionTree condition = tree.condition();
if (condition instanceof BinaryExpressionTree) {
if (condition != null && condition instanceof BinaryExpressionTree) {
BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition;
//判断是否进行if判断
if (name.equals(binaryExpressionTree.leftOperand().toString())) {
@ -162,12 +162,12 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
boo = false;
}
}
if (condition instanceof IdentifierTreeImpl) {
IdentifierTreeImpl identifierTreeImpl = (IdentifierTreeImpl) condition;
if (condition != null && condition instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) condition;
//判断是否进行if判断
if (name.equals(identifierTreeImpl.name())) {
if (name.equals(identifierTree.name())) {
boo = false;
} else if (name.equals(identifierTreeImpl.name())) {
} else if (name.equals(identifierTree.name())) {
boo = false;
}
}
@ -188,8 +188,8 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitVariable(VariableTree tree) {
IdentifierTree identifierTree = tree.simpleName();
TypeTree type = tree.type();
if(type instanceof IdentifierTreeImpl){
IdentifierTreeImpl fierTree = (IdentifierTreeImpl) type;
if(type != null && type instanceof IdentifierTree){
IdentifierTree fierTree = (IdentifierTree) type;
if("Fileltem".equals(fierTree.name())){
NodeIf nodeIf = new NodeIf(identifierTree.name());
node.block().accept(nodeIf);

2
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java
Unescape View File

@ -80,7 +80,7 @@ public class UpperCycleLimitRuleChecker extends IssuableSubscriptionVisitor {
private void checkVar(ExpressionTree operand) {
if (operand instanceof IdentifierTree) {
if (operand != null && operand instanceof IdentifierTree) {
IdentifierTree identifierTree = (IdentifierTree) operand;
var name = identifierTree.name();
for (VariableTree varTree : args) {

Write Preview
Loading…
Cancel
Save