修改准则：在构建路径名前对输入数据进行验证，确保外部输入仅包含允许构成路径名的字符或限制允许访问的目录.取消了检测参数类型限制

11 months ago · b1987b0b02
parent 1e51d83973
commit b1987b0b02
2 changed files with 17 additions and 18 deletions
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PathAndKeywordCheck.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/PathAndKeywordCheck.java
@ -50,8 +50,8 @@ public class PathAndKeywordCheck extends IssuableSubscriptionVisitor {
            MethodTree methodTree = (MethodTree) parent;
            methodTree.parameters().forEach(parameter -> {
                if (parameter.type() != null) {
-                    String parameterType = parameter.type().symbolType().name();
-                    if (parameterType.equals("String")) { // 这里假设你关心的参数类型是 String
+                    String parameterType = parameter.type().symbolType().fullyQualifiedName();
+                    System.out.println(parameterType);
                    String className = newClassTree.symbolType().name();
                    if (TARGET_CLASS_NAMES.contains(className)) {
                        // 获取构造方法的参数
@ -70,7 +70,6 @@ public class PathAndKeywordCheck extends IssuableSubscriptionVisitor {
                        }
                    }
                }
-                }
            });
        }
    }
--- a/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java
+++ b/sonar-keyware-plugins-java/src/test/files/PathAndKeywordCheck.java
@ -2,9 +2,9 @@
 class PathAndKeywordCheckRule {


-    public void getParameter(String arg) {
+    public void getParameter(int arg,String brg,float crg) {
        URL url = new URL(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
-        URI url = new URI(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
-        File url = new File(arg);// Noncompliant {{避免在参数中使用禁止的关键字}}
+        URI url = new URI(brg);// Noncompliant {{避免在参数中使用禁止的关键字}}
+        File url = new File(crg);// Noncompliant {{避免在参数中使用禁止的关键字}}
    }
 }