sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复:内部类的父类由IssuableSubscriptionVisitor改为BaseTreeVisitor

Browse Source
wuhaoyang
Guo XIn 8 months ago
parent 21ffba058d
commit 9e79d0f229
2 changed files with 51 additions and 67 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 113
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java
  2. 3
      sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyCheckerTest.java

113
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java
Unescape View File

@ -36,139 +36,124 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor {
public void visitNode(Tree tree) {
MethodTree node = (MethodTree) tree;
List<VariableTree> parameters = node.parameters();
// 盘带是否是文件上传类
//盘带是否是文件上传类
boolean boo = parameters.stream().anyMatch(type -> "MultipartFile".equals(type.type().toString()));
if(boo){
// 获取文件名称类型判断是否配置文件权限
if (boo) {
//获取文件名称类型判断是否配置文件权限
var interiorInvoIf = new InteriorInvoIf();
interiorInvoIf.check(((MethodTree) tree).block());
if(interiorInvoIf.fileType != ""){
// 判断是否对文件后缀进行限制
((MethodTree) tree).block().accept(interiorInvoIf);
if (interiorInvoIf.fileType != "") {
//判断是否对文件后缀进行限制
NodeIf nodeIf = new NodeIf(interiorInvoIf.fileType);
nodeIf.check(((MethodTree) tree).block());
if (nodeIf.boo){
((MethodTree) tree).block().accept(nodeIf);
if (nodeIf.boo) {
context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型");
}
}else {
if(interiorInvoIf.fileName != ""){
} else {
if (interiorInvoIf.fileName != "") {
// 判断是否对文件后缀进行限制
NodeIf nodeIf = new NodeIf(interiorInvoIf.fileName);
nodeIf.check(((MethodTree) tree).block());
if (nodeIf.boo){
((MethodTree) tree).block().accept(nodeIf);
if (nodeIf.boo) {
context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型");
}
}else {
} else {
context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型");
}
}
if(interiorInvoIf.sizeName != ""){
// 判断是否对文件大小进行限制
if (interiorInvoIf.sizeName != "") {
//判断是否对文件大小进行限制
NodeIf nodeIf = new NodeIf(interiorInvoIf.sizeName);
nodeIf.check(((MethodTree) tree).block());
if (nodeIf.boo){
//nodeIf.check(((MethodTree) tree).block());
((MethodTree) tree).block().accept(nodeIf);
if (nodeIf.boo) {
context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型");
}
}
// 判断是否进行权限设置
if(interiorInvoIf.privType){
//判断是否进行权限设置
if (interiorInvoIf.privType) {
context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型");
}
}
}
// 內部文件名称类型获取类
private class InteriorInvoIf extends IssuableSubscriptionVisitor{
// 文件全名字
//內部文件名称类型获取类
private class InteriorInvoIf extends BaseTreeVisitor {
//文件全名字
public String fileName = "";
// 文件后缀名
public String fileType = "";
// 文件大小
//文件大小
public String sizeName = "";
// 判断权限
//判断权限
public boolean privType = true;
@Override
public List<Tree.Kind> nodesToVisit() {
return Collections.singletonList(Tree.Kind.METHOD_INVOCATION);
}
@Override
public void visitNode(Tree tree){
MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
// 获取到方法调用的参数
ExpressionTree expressionTree = methodInvocationTree.methodSelect();
if(expressionTree instanceof MemberSelectExpressionTree){
public void visitMethodInvocation(MethodInvocationTree tree) {
//获取到方法调用的参数
ExpressionTree expressionTree = tree.methodSelect();
if (expressionTree instanceof MemberSelectExpressionTree) {
MemberSelectExpressionTree expressionTree1 = (MemberSelectExpressionTree) expressionTree;
// 对调用方法进行判断
if("getOriginalFilename".equals(expressionTree1.identifier().toString())){
//对调用方法进行判断
if ("getOriginalFilename".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent();
if(parent instanceof MethodInvocationTree){
if (parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent();
if(parent1 instanceof VariableTree){
if (parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1;
fileName = variableTree.simpleName().toString();
}
}
}else if("extName".equals(expressionTree1.identifier().toString())){
} else if ("extName".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent();
if(parent instanceof MethodInvocationTree){
if (parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent();
if(parent1 instanceof VariableTree){
if (parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1;
fileType = variableTree.simpleName().toString();
}
}
}else if("getSize".equals(expressionTree1.identifier().toString())){
} else if ("getSize".equals(expressionTree1.identifier().toString())) {
Tree parent = expressionTree1.parent();
if(parent instanceof MethodInvocationTree){
if (parent instanceof MethodInvocationTree) {
MethodInvocationTree memberSelectExpressionTree = (MethodInvocationTree) parent;
Tree parent1 = memberSelectExpressionTree.parent();
if(parent1 instanceof VariableTree){
if (parent1 instanceof VariableTree) {
VariableTree variableTree = (VariableTree) parent1;
sizeName = variableTree.simpleName().toString();
}
}
}else if("setExecutable".equals(expressionTree1.identifier().toString()) || "setReadable".equals(expressionTree1.identifier().toString()) || "setWritable".equals(expressionTree1.identifier().toString())){
} else if ("setExecutable".equals(expressionTree1.identifier().toString()) || "setReadable".equals(expressionTree1.identifier().toString()) || "setWritable".equals(expressionTree1.identifier().toString())) {
privType = false;
}
}
}
public void check(Tree tree){
this.scanTree(tree);
}
}
public class NodeIf extends IssuableSubscriptionVisitor{
public class NodeIf extends BaseTreeVisitor {
private String name;
public boolean boo = true;
@Override
public List<Tree.Kind> nodesToVisit() {
return Collections.singletonList(Tree.Kind.IF_STATEMENT);
}
public NodeIf(String name) {
this.name = name;
}
public void check(Tree tree){
this.scanTree(tree);
}
@Override
public void visitNode(Tree tree){
IfStatementTree tree1 = (IfStatementTree) tree;
// 获取到if表达式
ExpressionTree condition = tree1.condition();
if(condition instanceof BinaryExpressionTree){
public void visitIfStatement(IfStatementTree tree) {
//获取到if表达式
ExpressionTree condition = tree.condition();
if (condition instanceof BinaryExpressionTree) {
BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) condition;
// 判断是否进行if判断
if(name.equals(binaryExpressionTree.leftOperand().toString())){
//判断是否进行if判断
if (name.equals(binaryExpressionTree.leftOperand().toString())) {
boo = false;
}else if(name.equals(binaryExpressionTree.rightOperand().toString())){
} else if (name.equals(binaryExpressionTree.rightOperand().toString())) {
boo = false;
}
}

3
sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyCheckerTest.java
Unescape View File

@ -6,7 +6,6 @@
*/
package com.keyware.sonar.java.rules.checkers;
import com.keyware.sonar.java.utils.FilesUtils;
import org.junit.jupiter.api.Test;
import org.sonar.java.checks.verifier.CheckVerifier;
@ -31,7 +30,7 @@ public class UploadFileVerifyCheckerTest {
CheckVerifier.newVerifier()
.onFile("src/test/files/UploadFileVerifyRule.java")
.withCheck(rule)
.withClassPath(FilesUtils.getClassPath("target/test-jars"))
// .withClassPath(FilesUtils.getClassPath("target/test-jars"))
.verifyIssues();
}
}

Write Preview
Loading…
Cancel
Save