From b6e02e866c0576452802dec336ba852c3db12683 Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Tue, 30 Jan 2024 19:18:57 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96java=E9=85=8D=E7=BD=AE?=
=?UTF-8?q?=E6=96=87=E4=BB=B6=E8=A2=AB=E6=B5=8B=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
uut-example/java/pom.xml | 125 +++++++++++++++++-
.../com/keyware/sonar/ABCVarNameRule.java | 2 +
.../sonar/AbsolutePathDetectorRule.java | 1 +
.../keyware/sonar/AuthenticationChecker.java | 2 +
.../sonar/AvoidSensitiveInfoInLogsCheck.java | 2 +
.../sonar/CookieSensitiveParameterCheck.java | 5 +-
.../keyware/sonar/DynamicCodeCheckerRule.java | 2 +
.../sonar/DynamicLibraryLoadChecker.java | 2 +
.../com/keyware/sonar/ErrorMessageRule.java | 2 +
.../java/com/keyware/sonar/FileCheck.java | 2 +
.../keyware/sonar/HashSaltPassWordRule.java | 1 +
.../com/keyware/sonar/HttpInputDataRule.java | 22 +--
.../com/keyware/sonar/InputSQLVerifyRule.java | 3 +-
.../keyware/sonar/Md5PassWordVerifyRule.java | 2 +
.../com/keyware/sonar/OptionsVerifyRule.java | 8 +-
.../com/keyware/sonar/PasswordRegexCheck.java | 1 +
.../keyware/sonar/PathAndKeywordCheck.java | 1 +
.../com/keyware/sonar/RSAEncryptionRule.java | 2 +-
.../com/keyware/sonar/RedirectUrlChecker.java | 1 +
.../com/keyware/sonar/SecurityCookieRule.java | 7 +-
.../keyware/sonar/SendMessageVerifyRule.java | 2 +
.../sonar/SessionCacheParamsChecker.java | 12 +-
.../keyware/sonar/SystemFunctionChecker.java | 2 +-
.../keyware/sonar/UploadFileVerifyRule.java | 10 +-
.../keyware/sonar/UpperCycleLimitRule.java | 2 +
.../sonar/UserStatusVerifyChecker.java | 22 +--
26 files changed, 190 insertions(+), 53 deletions(-)
diff --git a/uut-example/java/pom.xml b/uut-example/java/pom.xml
index d791071..5e398ee 100644
--- a/uut-example/java/pom.xml
+++ b/uut-example/java/pom.xml
@@ -3,16 +3,129 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
-
- com.keyware.sonar
- sonar-keyware
- 1.0
-
-
+ com.keyware.sonar
uut-example
1.0
+
+
+ junit
+ junit
+ 4.12
+ test
+
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+ 2.1.6.RELEASE
+
+
+
+ org.projectlombok
+ lombok
+ RELEASE
+
+
+
+
+ org.springframework.boot
+ spring-boot-configuration-processor
+ 2.1.6.RELEASE
+
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ 2.1.6.RELEASE
+ test
+
+
+ junit
+ junit
+
+
+
+
+
+ mysql
+ mysql-connector-java
+ runtime
+ RELEASE
+
+
+
+
+
+ com.alibaba
+ druid
+ 1.1.8
+
+
+
+
+ org.mybatis.spring.boot
+ mybatis-spring-boot-starter
+ 1.3.1
+
+
+
+ com.google.guava
+ guava
+ 20.0
+
+
+
+ org.apache.commons
+ commons-lang3
+ 3.5
+
+
+
+ org.apache.commons
+ commons-collections4
+ 4.1
+
+
+
+ com.alibaba
+ fastjson
+ 1.2.28
+
+
+
+ io.springfox
+ springfox-swagger2
+ 2.2.2
+
+
+
+ io.springfox
+ springfox-swagger-ui
+ 2.2.2
+
+
+
+ commons-io
+ commons-io
+ 2.4
+
+
+
+ commons-fileupload
+ commons-fileupload
+ 1.3.1
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+ 10.1.18
+ compile
+
+
+
+
11
11
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/ABCVarNameRule.java b/uut-example/java/src/main/java/com/keyware/sonar/ABCVarNameRule.java
index 10e4b71..d090c8e 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/ABCVarNameRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/ABCVarNameRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
public class ABCVarNameRule {
private static String ABC = "abc"; // Noncompliant {{不能使用ABC作为变量名}}
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/AbsolutePathDetectorRule.java b/uut-example/java/src/main/java/com/keyware/sonar/AbsolutePathDetectorRule.java
index 0b44079..3931b10 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/AbsolutePathDetectorRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/AbsolutePathDetectorRule.java
@@ -1,3 +1,4 @@
+package com.keyware.sonar;
public class AbsolutePathDetectorRule{
// 使用绝对路径读取配置文件,触发规则
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/AuthenticationChecker.java b/uut-example/java/src/main/java/com/keyware/sonar/AuthenticationChecker.java
index c341e76..202af7d 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/AuthenticationChecker.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/AuthenticationChecker.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/AvoidSensitiveInfoInLogsCheck.java b/uut-example/java/src/main/java/com/keyware/sonar/AvoidSensitiveInfoInLogsCheck.java
index 0135c54..0c24f90 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/AvoidSensitiveInfoInLogsCheck.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/AvoidSensitiveInfoInLogsCheck.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class AvoidSensitiveInfoInLogsCheck {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/CookieSensitiveParameterCheck.java b/uut-example/java/src/main/java/com/keyware/sonar/CookieSensitiveParameterCheck.java
index 08531da..f32411e 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/CookieSensitiveParameterCheck.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/CookieSensitiveParameterCheck.java
@@ -1,4 +1,7 @@
-import javax.servlet.http.Cookie;
+package com.keyware.sonar;
+
+
+import jakarta.servlet.http.Cookie;
public class CookieSensitiveParameterCheck {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/DynamicCodeCheckerRule.java b/uut-example/java/src/main/java/com/keyware/sonar/DynamicCodeCheckerRule.java
index a1a3ec8..40f8594 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/DynamicCodeCheckerRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/DynamicCodeCheckerRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
import javax.script.Invocable;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/DynamicLibraryLoadChecker.java b/uut-example/java/src/main/java/com/keyware/sonar/DynamicLibraryLoadChecker.java
index cae1280..fc9ca8f 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/DynamicLibraryLoadChecker.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/DynamicLibraryLoadChecker.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
// 在动态加载库前对输入数据进行验证,确保输入数据仅能用于加载允许加载的代码库
public class DynamicLibraryLoadChecker {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/ErrorMessageRule.java b/uut-example/java/src/main/java/com/keyware/sonar/ErrorMessageRule.java
index 95dfc49..f7c4f7c 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/ErrorMessageRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/ErrorMessageRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
public class ErrorMessageRule {
public static void main(String[] args) {
try {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/FileCheck.java b/uut-example/java/src/main/java/com/keyware/sonar/FileCheck.java
index 47d46e5..3f7ecc5 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/FileCheck.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/FileCheck.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
public class FileCheck{
public String FileName(){
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/HashSaltPassWordRule.java b/uut-example/java/src/main/java/com/keyware/sonar/HashSaltPassWordRule.java
index 5068c1f..8c6271f 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/HashSaltPassWordRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/HashSaltPassWordRule.java
@@ -1,3 +1,4 @@
+package com.keyware.sonar;
public class HashSaltPassWordRule {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/HttpInputDataRule.java b/uut-example/java/src/main/java/com/keyware/sonar/HttpInputDataRule.java
index 8ee9d4a..bf947b8 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/HttpInputDataRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/HttpInputDataRule.java
@@ -1,7 +1,9 @@
+package com.keyware.sonar;
+
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
@@ -112,15 +114,6 @@ public class HttpInputDataRule {
return null;
}
- @Override
- public String encodeUrl(String s) {
- return null;
- }
-
- @Override
- public String encodeRedirectUrl(String s) {
- return null;
- }
@Override
public void sendError(int i, String s) throws IOException {
@@ -172,11 +165,6 @@ public class HttpInputDataRule {
}
- @Override
- public void setStatus(int i, String s) {
-
- }
-
@Override
public int getStatus() {
return 0;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/InputSQLVerifyRule.java b/uut-example/java/src/main/java/com/keyware/sonar/InputSQLVerifyRule.java
index f073695..5cba606 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/InputSQLVerifyRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/InputSQLVerifyRule.java
@@ -1,7 +1,8 @@
+package com.keyware.sonar;
import java.sql.*;
-public class InputSQLVerifyRile {
+public class InputSQLVerifyRule {
private static final String DB_URL = "jdbc:mysql://localhost:3306/mydatabase";
private static final String USER = "username";
private static final String PASS = "password";
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/Md5PassWordVerifyRule.java b/uut-example/java/src/main/java/com/keyware/sonar/Md5PassWordVerifyRule.java
index 5315022..328527f 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/Md5PassWordVerifyRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/Md5PassWordVerifyRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
public class Md5PassWordVerifyRule{
public static void cs(Student student){
// 结合盐值和口令进行散列计算
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java b/uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java
index d475ea5..18d6be8 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java
@@ -1,7 +1,9 @@
+package com.keyware.sonar;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class OptionsVerifyRule implements Filter {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/PasswordRegexCheck.java b/uut-example/java/src/main/java/com/keyware/sonar/PasswordRegexCheck.java
index a504893..0a00d00 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/PasswordRegexCheck.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/PasswordRegexCheck.java
@@ -1,3 +1,4 @@
+package com.keyware.sonar;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/PathAndKeywordCheck.java b/uut-example/java/src/main/java/com/keyware/sonar/PathAndKeywordCheck.java
index 5000245..d39aebb 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/PathAndKeywordCheck.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/PathAndKeywordCheck.java
@@ -1,3 +1,4 @@
+package com.keyware.sonar;
import java.io.File;
import java.net.URI;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/RSAEncryptionRule.java b/uut-example/java/src/main/java/com/keyware/sonar/RSAEncryptionRule.java
index 9d8186e..42d9073 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/RSAEncryptionRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/RSAEncryptionRule.java
@@ -1,4 +1,4 @@
-
+package com.keyware.sonar;
import javax.crypto.Cipher;
import java.security.*;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/RedirectUrlChecker.java b/uut-example/java/src/main/java/com/keyware/sonar/RedirectUrlChecker.java
index 3ff2969..f8e0844 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/RedirectUrlChecker.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/RedirectUrlChecker.java
@@ -1,3 +1,4 @@
+package com.keyware.sonar;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/SecurityCookieRule.java b/uut-example/java/src/main/java/com/keyware/sonar/SecurityCookieRule.java
index e4fa328..9779a96 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/SecurityCookieRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/SecurityCookieRule.java
@@ -1,7 +1,8 @@
-import javax.servlet.http.HttpServletResponse;
+package com.keyware.sonar;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
public class SecurityCookieRule {
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/SendMessageVerifyRule.java b/uut-example/java/src/main/java/com/keyware/sonar/SendMessageVerifyRule.java
index 7bcbef0..e054e3a 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/SendMessageVerifyRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/SendMessageVerifyRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
import java.io.DataOutputStream;
import java.net.ServerSocket;
import java.net.Socket;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/SessionCacheParamsChecker.java b/uut-example/java/src/main/java/com/keyware/sonar/SessionCacheParamsChecker.java
index 21332be..47e0d12 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/SessionCacheParamsChecker.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/SessionCacheParamsChecker.java
@@ -1,11 +1,13 @@
+package com.keyware.sonar;
+
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
public class SessionCacheParamsChecker {
private static final long serialVersionUID = 1391640560504378168L;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/SystemFunctionChecker.java b/uut-example/java/src/main/java/com/keyware/sonar/SystemFunctionChecker.java
index 831b76f..6e4c7af 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/SystemFunctionChecker.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/SystemFunctionChecker.java
@@ -1,4 +1,4 @@
-
+package com.keyware.sonar;
import java.io.IOException;
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/UploadFileVerifyRule.java b/uut-example/java/src/main/java/com/keyware/sonar/UploadFileVerifyRule.java
index c06ede9..223d6bf 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/UploadFileVerifyRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/UploadFileVerifyRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.PostMapping;
@@ -29,7 +31,7 @@ public class UploadFileVerifyRule {
}
//获取文件原始名称
String originalFilename = file.getOriginalFilename();
- String type = FileUtil.extName(originalFilename);
+ String type = extName(originalFilename);
// if(type == ""){
//
// }
@@ -44,10 +46,10 @@ public class UploadFileVerifyRule {
return "上传成功";
}
- class FileUtil{
- public static String extName(String filename){
+
+ public String extName(String filename){
// 根据文件名获取文件后缀
return filename.substring(filename.lastIndexOf(".") + 1);
}
- }
+
}
\ No newline at end of file
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/UpperCycleLimitRule.java b/uut-example/java/src/main/java/com/keyware/sonar/UpperCycleLimitRule.java
index 7277eec..78a293a 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/UpperCycleLimitRule.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/UpperCycleLimitRule.java
@@ -1,3 +1,5 @@
+package com.keyware.sonar;
+
public class UpperCycleLimitRule {
public static void Upper(int number){
diff --git a/uut-example/java/src/main/java/com/keyware/sonar/UserStatusVerifyChecker.java b/uut-example/java/src/main/java/com/keyware/sonar/UserStatusVerifyChecker.java
index cbe3d82..9a0b32f 100644
--- a/uut-example/java/src/main/java/com/keyware/sonar/UserStatusVerifyChecker.java
+++ b/uut-example/java/src/main/java/com/keyware/sonar/UserStatusVerifyChecker.java
@@ -1,13 +1,14 @@
+package com.keyware.sonar;
+
import com.fasterxml.classmate.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import java.io.IOException;
public class UserStatusVerifyChecker {
@@ -34,7 +35,7 @@ public class UserStatusVerifyChecker {
}
HttpSession newSession = request.getSession(true);
newSession.setMaxInactiveInterval(30 * 60);
- newSession.setAttribute("username", username);
+ newSession.setAttribute("username", "username");
chain.doFilter(req, resp); // 继续执行下一个过滤器或请求
} else {
req.getRequestDispatcher("/login.jsp").forward(req, resp); // 跳转到登录页面
@@ -48,14 +49,13 @@ public class UserStatusVerifyChecker {
}
public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
- @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {// Noncompliant {{对用户进行身份鉴别并建立一个新的会话时让原来的会话失效}}
boolean isValidUser = false;
String username = request.getParameter("username");
String password = request.getParameter("password");
isValidUser = UserService.validate(username, password);
if (isValidUser) {
-// HttpSession oldSession = request.getSession(false);
+ HttpSession oldSession = request.getSession(false);
if (oldSession != null) {
oldSession.invalidate();
}