From 9e79d0f229eadc9157597f3e77a2a1d8463de08e Mon Sep 17 00:00:00 2001 From: Guo XIn <371864209@qq.com> Date: Fri, 12 Jan 2024 18:33:16 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=EF=BC=9A=E5=86=85=E9=83=A8?= =?UTF-8?q?=E7=B1=BB=E7=9A=84=E7=88=B6=E7=B1=BB=E7=94=B1IssuableSubscripti?= =?UTF-8?q?onVisitor=E6=94=B9=E4=B8=BABaseTreeVisitor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../checkers/UploadFileVerifyChecker.java | 115 ++++++++---------- .../checkers/UploadFileVerifyCheckerTest.java | 3 +- 2 files changed, 51 insertions(+), 67 deletions(-) diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java index 9ce2da8..ab34771 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java @@ -36,139 +36,124 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor { public void visitNode(Tree tree) { MethodTree node = (MethodTree) tree; List parameters = node.parameters(); -// 盘带是否是文件上传类 + //盘带是否是文件上传类 boolean boo = parameters.stream().anyMatch(type -> "MultipartFile".equals(type.type().toString())); - if(boo){ -// 获取文件名称类型判断是否配置文件权限 + if (boo) { + //获取文件名称类型判断是否配置文件权限 var interiorInvoIf = new InteriorInvoIf(); - interiorInvoIf.check(((MethodTree) tree).block()); - if(interiorInvoIf.fileType != ""){ -// 判断是否对文件后缀进行限制 + ((MethodTree) tree).block().accept(interiorInvoIf); + if (interiorInvoIf.fileType != "") { + //判断是否对文件后缀进行限制 NodeIf nodeIf = new NodeIf(interiorInvoIf.fileType); - nodeIf.check(((MethodTree) tree).block()); - if (nodeIf.boo){ + ((MethodTree) tree).block().accept(nodeIf); + if (nodeIf.boo) { context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); } - }else { - if(interiorInvoIf.fileName != ""){ + } else { + if (interiorInvoIf.fileName != "") { // 判断是否对文件后缀进行限制 NodeIf nodeIf = new NodeIf(interiorInvoIf.fileName); - nodeIf.check(((MethodTree) tree).block()); - if (nodeIf.boo){ + ((MethodTree) tree).block().accept(nodeIf); + if (nodeIf.boo) { context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); } - }else { + } else { context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); } } - if(interiorInvoIf.sizeName != ""){ -// 判断是否对文件大小进行限制 + if (interiorInvoIf.sizeName != "") { + //判断是否对文件大小进行限制 NodeIf nodeIf = new NodeIf(interiorInvoIf.sizeName); - nodeIf.check(((MethodTree) tree).block()); - if (nodeIf.boo){ + //nodeIf.check(((MethodTree) tree).block()); + ((MethodTree) tree).block().accept(nodeIf); + if (nodeIf.boo) { context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); } } -// 判断是否进行权限设置 - if(interiorInvoIf.privType){ + //判断是否进行权限设置 + if (interiorInvoIf.privType) { context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); } } } -// 內部文件名称类型获取类 - private class InteriorInvoIf extends IssuableSubscriptionVisitor{ - // 文件全名字 + //內部文件名称类型获取类 + private class InteriorInvoIf extends BaseTreeVisitor { + //文件全名字 public String fileName = ""; // 文件后缀名 public String fileType = ""; - // 文件大小 + //文件大小 public String sizeName = ""; - // 判断权限 + //判断权限 public boolean privType = true; @Override - public List nodesToVisit() { - return Collections.singletonList(Tree.Kind.METHOD_INVOCATION); - } - - @Override - public void visitNode(Tree tree){ - MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree; -// 获取到方法调用的参数 - ExpressionTree expressionTree = methodInvocationTree.methodSelect(); - if(expressionTree instanceof MemberSelectExpressionTree){ + public void visitMethodInvocation(MethodInvocationTree tree) { + //获取到方法调用的参数 + ExpressionTree expressionTree = tree.methodSelect(); + if (expressionTree instanceof MemberSelectExpressionTree) { MemberSelectExpressionTree expressionTree1 = (MemberSelectExpressionTree) expressionTree; -// 对调用方法进行判断 - if("getOriginalFilename".equals(expressionTree1.identifier().toString())){ + //对调用方法进行判断 + if ("getOriginalFilename".equals(expressionTree1.identifier().toString())) { Tree parent = expressionTree1.parent(); - if(parent instanceof MethodInvocationTree){ + if (parent instanceof MethodInvocationTree) { MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent; Tree parent1 = memberSelectExpressionTree.parent(); - if(parent1 instanceof VariableTree){ + if (parent1 instanceof VariableTree) { VariableTree variableTree = (VariableTree) parent1; fileName = variableTree.simpleName().toString(); } } - }else if("extName".equals(expressionTree1.identifier().toString())){ + } else if ("extName".equals(expressionTree1.identifier().toString())) { Tree parent = expressionTree1.parent(); - if(parent instanceof MethodInvocationTree){ + if (parent instanceof MethodInvocationTree) { MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent; Tree parent1 = memberSelectExpressionTree.parent(); - if(parent1 instanceof VariableTree){ + if (parent1 instanceof VariableTree) { VariableTree variableTree = (VariableTree) parent1; fileType = variableTree.simpleName().toString(); } } - }else if("getSize".equals(expressionTree1.identifier().toString())){ + } else if ("getSize".equals(expressionTree1.identifier().toString())) { Tree parent = expressionTree1.parent(); - if(parent instanceof MethodInvocationTree){ + if (parent instanceof MethodInvocationTree) { MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent; Tree parent1 = memberSelectExpressionTree.parent(); - if(parent1 instanceof VariableTree){ + if (parent1 instanceof VariableTree) { VariableTree variableTree = (VariableTree) parent1; sizeName = variableTree.simpleName().toString(); } } - }else if("setExecutable".equals(expressionTree1.identifier().toString()) || "setReadable".equals(expressionTree1.identifier().toString()) || "setWritable".equals(expressionTree1.identifier().toString())){ - privType = false; + } else if ("setExecutable".equals(expressionTree1.identifier().toString()) || "setReadable".equals(expressionTree1.identifier().toString()) || "setWritable".equals(expressionTree1.identifier().toString())) { + privType = false; } } } - public void check(Tree tree){ - this.scanTree(tree); - } } - public class NodeIf extends IssuableSubscriptionVisitor{ + public class NodeIf extends BaseTreeVisitor { private String name; public boolean boo = true; - @Override - public List nodesToVisit() { - return Collections.singletonList(Tree.Kind.IF_STATEMENT); - } public NodeIf(String name) { this.name = name; } - public void check(Tree tree){ - this.scanTree(tree); - } + @Override - public void visitNode(Tree tree){ - IfStatementTree tree1 = (IfStatementTree) tree; -// 获取到if表达式 - ExpressionTree condition = tree1.condition(); - if(condition instanceof BinaryExpressionTree){ + public void visitIfStatement(IfStatementTree tree) { + //获取到if表达式 + ExpressionTree condition = tree.condition(); + if (condition instanceof BinaryExpressionTree) { BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition; -// 判断是否进行if判断 - if(name.equals(binaryExpressionTree.leftOperand().toString())){ + //判断是否进行if判断 + if (name.equals(binaryExpressionTree.leftOperand().toString())) { boo = false; - }else if(name.equals(binaryExpressionTree.rightOperand().toString())){ + } else if (name.equals(binaryExpressionTree.rightOperand().toString())) { boo = false; } } diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyCheckerTest.java index 93abfaf..acf8672 100644 --- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyCheckerTest.java +++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyCheckerTest.java @@ -6,7 +6,6 @@ */ package com.keyware.sonar.java.rules.checkers; -import com.keyware.sonar.java.utils.FilesUtils; import org.junit.jupiter.api.Test; import org.sonar.java.checks.verifier.CheckVerifier; @@ -31,7 +30,7 @@ public class UploadFileVerifyCheckerTest { CheckVerifier.newVerifier() .onFile("src/test/files/UploadFileVerifyRule.java") .withCheck(rule) - .withClassPath(FilesUtils.getClassPath("target/test-jars")) + // .withClassPath(FilesUtils.getClassPath("target/test-jars")) .verifyIssues(); } }