修改准则：在构建路径名前对输入数据进行验证，确保外部输入仅包含允许构成路径名的字符或限制允许访问的目录.取消了检测参数类型限制

11 months ago · b1987b0b02
parent 1e51d83973
commit b1987b0b02
2 changed files with 17 additions and 18 deletions
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PathAndKeywordCheck.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PathAndKeywordCheck.java
@ -50,23 +50,22 @@ public class PathAndKeywordCheck extends IssuableSubscriptionVisitor {
            MethodTree methodTree = (MethodTree) parent;
            methodTree.parameters().forEach(parameter -> {
                if (parameter.type() != null) {
-                    String parameterType = parameter.type().symbolType().name();
+                    String parameterType = parameter.type().symbolType().fullyQualifiedName();
-                    if (parameterType.equals("String")) { // 这里假设你关心的参数类型是 String
+                    System.out.println(parameterType);
-                        String className = newClassTree.symbolType().name();
+                    String className = newClassTree.symbolType().name();
-                        if (TARGET_CLASS_NAMES.contains(className)) {
+                    if (TARGET_CLASS_NAMES.contains(className)) {
-                            // 获取构造方法的参数
+                        // 获取构造方法的参数
-                            List<ExpressionTree> arguments = newClassTree.arguments();
+                        List<ExpressionTree> arguments = newClassTree.arguments();
-                            if (!arguments.isEmpty()) {
+                        if (!arguments.isEmpty()) {
-                                ExpressionTree firstArgument = arguments.get(0);
+                            ExpressionTree firstArgument = arguments.get(0);
-                                String constructorArgument = getArgumentValue(firstArgument);
+                            String constructorArgument = getArgumentValue(firstArgument);
-                                // 获取方法的入参名称
+                            // 获取方法的入参名称
-                                String parameterName = parameter.simpleName().name();
+                            String parameterName = parameter.simpleName().name();
-                                if (constructorArgument != null && constructorArgument.equals(parameterName)) {
+                            if (constructorArgument != null && constructorArgument.equals(parameterName)) {
-                                    System.out.println("避免在参数中使用 " + className + " 对象的构造方法的参数：" + parameterName);
+                                System.out.println("避免在参数中使用 " + className + " 对象的构造方法的参数：" + parameterName);
-                                    reportIssue(newClassTree, "避免在参数中使用禁止的关键字");
+                                reportIssue(newClassTree, "避免在参数中使用禁止的关键字");
                                }
                            }
                        }
                    }
--- a/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java
+++ b/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java
@ -2,9 +2,9 @@
 class PathAndKeywordCheckRule {
-    public void getParameter(String arg) {
+    public void getParameter(int arg,String brg,float crg) {
        URL url = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
-        URI url = new URI(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
+        URI url = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}}
-        File url = new File(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
+        File url = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}}
    }
 }