From 867f67b9640cb5f26e48e8230903c6015da98986 Mon Sep 17 00:00:00 2001 From: RenFengJiang <1111> Date: Fri, 8 Mar 2024 18:06:30 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=EF=BC=9A=E4=BC=98=E5=8C=96?= =?UTF-8?q?=E8=AF=AF=E6=8A=A5=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Configuration/ConfigurationFileLanguage.java | 2 +- .../rules/checkers/SessionDateChecker.java | 12 ++++++------ .../java/rules/checkers/OptionsVerifyChecker.java | 14 ++++++++------ .../test/files/options/OptionsVerifyOneRule.java | 2 +- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/ConfigurationFileLanguage.java b/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/ConfigurationFileLanguage.java index 751d558..7d4a0b2 100644 --- a/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/ConfigurationFileLanguage.java +++ b/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/ConfigurationFileLanguage.java @@ -21,7 +21,7 @@ public class ConfigurationFileLanguage extends AbstractLanguage { public static final String NAME = "Configuration"; public static final String KEY = "cfg"; public static final String FILE_SUFFIXES_KEY = "sonar.disposition.file.suffixes"; - public static final String FILE_SUFFIXES_DEFAULT_VALUE = ".properties,.ini,.conf,.xml,.yml,.json"; + public static final String FILE_SUFFIXES_DEFAULT_VALUE = ".properties,.ini,.conf,.yml,.json"; private final Configuration config; diff --git a/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java b/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java index dcb293e..6973b04 100644 --- a/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java +++ b/sonar-keyware-plugins-ConfigurationDetection/src/main/java/com/keyware/sonar/Configuration/rules/checkers/SessionDateChecker.java @@ -29,9 +29,9 @@ import java.util.Scanner; @Rule(key = "SessionDateChecker") public class SessionDateChecker implements ConfigCheck { - private boolean boo = true; + private boolean boo = false; public void execute(SensorContext context, InputFile inputFile, RuleKey ruleKey){ - if(boo){ + if(!boo){ //文件名称 String filename = inputFile.filename(); //校验文件后缀 @@ -41,8 +41,8 @@ public class SessionDateChecker implements ConfigCheck { try (Scanner scanner = new Scanner(file)) { while (scanner.hasNextLine()) { String line = scanner.nextLine(); - if (line.contains("server.servlet.session.timeout")) { - boo = false; + if (!line.contains("server.servlet.session.timeout")) { + boo = true; break; } } @@ -62,8 +62,8 @@ public class SessionDateChecker implements ConfigCheck { Map obj = yaml.load(fis); if (obj != null){ String sessionTimeout = searchForSessionTimeout(obj, "server", "servlet", "session", "timeout"); - if (sessionTimeout != null) { - boo = false; + if (sessionTimeout == null) { + boo = true; } } } catch (IOException e) { diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java index a5226df..24203f7 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/OptionsVerifyChecker.java @@ -27,7 +27,7 @@ import java.util.List; @Rule(key = "OptionsVerifyChecker") public class OptionsVerifyChecker extends IssuableSubscriptionVisitor implements EndOfAnalysis { - private boolean boo = true; + private boolean boo = false; @Override public List nodesToVisit() { @@ -36,7 +36,7 @@ public class OptionsVerifyChecker extends IssuableSubscriptionVisitor implements @Override public void visitNode(Tree tree) { - if(boo) { + if(!boo) { MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree; ExpressionTree expressionTree = methodInvocationTree.methodSelect(); if (expressionTree.is(Tree.Kind.MEMBER_SELECT)) { @@ -44,19 +44,21 @@ public class OptionsVerifyChecker extends IssuableSubscriptionVisitor implements if("addHeader".equals(selectExpressionTree.identifier().name()) || "setHeader".equals(selectExpressionTree.identifier().name())) { Arguments arguments = methodInvocationTree.arguments(); boolean one = false; - boolean two = false; + boolean two = true; for (ExpressionTree argument : arguments) { if(argument.is(Tree.Kind.STRING_LITERAL)){ String literalValue = ((LiteralTree) argument).value(); if ("\"X-Frame-Options\"".equals(literalValue)) { one = true; } else if("\"DENY\"".equals(literalValue)){ - two = true; + two = false; } } } - if(one && two){ - boo = false; + if(one){ + if(two){ + boo = true; + } } } } diff --git a/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java b/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java index 609f6d1..bf67dab 100644 --- a/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java +++ b/sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyOneRule.java @@ -11,7 +11,7 @@ public class OptionsVerifyOneRule extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { -// response.setHeader("X-Frame-Options", "DENY"); // 或者使用SAMEORIGIN,ALLOW-FROM等其他策略 + response.setHeader("X-Frame-Options", "SAMEORIGIN"); // 或者使用SAMEORIGIN,ALLOW-FROM等其他策略 filterChain.doFilter(request, response); } }