From a2eafc5661c07fdc470287bf31aebd5f80119f07 Mon Sep 17 00:00:00 2001 From: RenFengJiang <1111> Date: Fri, 12 Jan 2024 19:09:23 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=87=86=E5=88=99=EF=BC=9A?= =?UTF-8?q?=E4=BF=AE=E6=94=B9if=E5=88=A4=E6=96=AD=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../checkers/UploadFileVerifyChecker.java | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java index ab34771..46d9c39 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java @@ -22,6 +22,8 @@ import java.util.List; @Rule(key = "UploadFileVerify") public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor { + + private final String value = "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"; @Override public List nodesToVisit() { /** @@ -42,38 +44,38 @@ public class UploadFileVerifyChecker extends IssuableSubscriptionVisitor { //获取文件名称类型判断是否配置文件权限 var interiorInvoIf = new InteriorInvoIf(); ((MethodTree) tree).block().accept(interiorInvoIf); - if (interiorInvoIf.fileType != "") { + if (!interiorInvoIf.fileType.equals("")) { //判断是否对文件后缀进行限制 NodeIf nodeIf = new NodeIf(interiorInvoIf.fileType); ((MethodTree) tree).block().accept(nodeIf); if (nodeIf.boo) { - context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); + context.reportIssue(this, node.simpleName(), value); } } else { - if (interiorInvoIf.fileName != "") { + if (!interiorInvoIf.fileName.equals("")) { // 判断是否对文件后缀进行限制 NodeIf nodeIf = new NodeIf(interiorInvoIf.fileName); ((MethodTree) tree).block().accept(nodeIf); if (nodeIf.boo) { - context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); + context.reportIssue(this, node.simpleName(), value); } } else { - context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); + context.reportIssue(this, node.simpleName(), value); } } - if (interiorInvoIf.sizeName != "") { + if (!interiorInvoIf.sizeName.equals("")) { //判断是否对文件大小进行限制 NodeIf nodeIf = new NodeIf(interiorInvoIf.sizeName); //nodeIf.check(((MethodTree) tree).block()); ((MethodTree) tree).block().accept(nodeIf); if (nodeIf.boo) { - context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); + context.reportIssue(this, node.simpleName(), value); } } //判断是否进行权限设置 if (interiorInvoIf.privType) { - context.reportIssue(this, node.simpleName(), "程序设计时,应以“白名单”方式限制允许用户上传的文件的类型"); + context.reportIssue(this, node.simpleName(), value); } }