sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化java配置文件被测件

Browse Source
wuhaoyang
wuhaoyang 8 months ago
parent c480a220c7
commit b6e02e866c
26 changed files with 190 additions and 53 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 125
      uut-example/java/pom.xml
  2. 2
      uut-example/java/src/main/java/com/keyware/sonar/ABCVarNameRule.java
  3. 1
      uut-example/java/src/main/java/com/keyware/sonar/AbsolutePathDetectorRule.java
  4. 2
      uut-example/java/src/main/java/com/keyware/sonar/AuthenticationChecker.java
  5. 2
      uut-example/java/src/main/java/com/keyware/sonar/AvoidSensitiveInfoInLogsCheck.java
  6. 5
      uut-example/java/src/main/java/com/keyware/sonar/CookieSensitiveParameterCheck.java
  7. 2
      uut-example/java/src/main/java/com/keyware/sonar/DynamicCodeCheckerRule.java
  8. 2
      uut-example/java/src/main/java/com/keyware/sonar/DynamicLibraryLoadChecker.java
  9. 2
      uut-example/java/src/main/java/com/keyware/sonar/ErrorMessageRule.java
  10. 2
      uut-example/java/src/main/java/com/keyware/sonar/FileCheck.java
  11. 1
      uut-example/java/src/main/java/com/keyware/sonar/HashSaltPassWordRule.java
  12. 22
      uut-example/java/src/main/java/com/keyware/sonar/HttpInputDataRule.java
  13. 3
      uut-example/java/src/main/java/com/keyware/sonar/InputSQLVerifyRule.java
  14. 2
      uut-example/java/src/main/java/com/keyware/sonar/Md5PassWordVerifyRule.java
  15. 8
      uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java
  16. 1
      uut-example/java/src/main/java/com/keyware/sonar/PasswordRegexCheck.java
  17. 1
      uut-example/java/src/main/java/com/keyware/sonar/PathAndKeywordCheck.java
  18. 2
      uut-example/java/src/main/java/com/keyware/sonar/RSAEncryptionRule.java
  19. 1
      uut-example/java/src/main/java/com/keyware/sonar/RedirectUrlChecker.java
  20. 7
      uut-example/java/src/main/java/com/keyware/sonar/SecurityCookieRule.java
  21. 2
      uut-example/java/src/main/java/com/keyware/sonar/SendMessageVerifyRule.java
  22. 12
      uut-example/java/src/main/java/com/keyware/sonar/SessionCacheParamsChecker.java
  23. 2
      uut-example/java/src/main/java/com/keyware/sonar/SystemFunctionChecker.java
  24. 10
      uut-example/java/src/main/java/com/keyware/sonar/UploadFileVerifyRule.java
  25. 2
      uut-example/java/src/main/java/com/keyware/sonar/UpperCycleLimitRule.java
  26. 22
      uut-example/java/src/main/java/com/keyware/sonar/UserStatusVerifyChecker.java

125
uut-example/java/pom.xml
Unescape View File

@ -3,16 +3,129 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.keyware.sonar</groupId>
<artifactId>sonar-keyware</artifactId>
<version>1.0</version>
</parent>
<!--<groupId>com.keyware.sonar</groupId>-->
<groupId>com.keyware.sonar</groupId>
<artifactId>uut-example</artifactId>
<version>1.0</version>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.1.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>RELEASE</version>
</dependency>
<!-- 配置文件绑定提示 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<version>2.1.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>2.1.6.RELEASE</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
<version>RELEASE</version>
</dependency>
<!--引入druid数据源-->
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.8</version>
</dependency>
<!-- 引入mybatis的starter-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>20.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.5</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.1</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.28</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.2.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.2.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>10.1.18</version>
<scope>compile</scope>
</dependency>
</dependencies>
<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>

2
uut-example/java/src/main/java/com/keyware/sonar/ABCVarNameRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
public class ABCVarNameRule {
private static String ABC = "abc"; // Noncompliant {{不能使用ABC作为变量名}}

1
uut-example/java/src/main/java/com/keyware/sonar/AbsolutePathDetectorRule.java
Unescape View File

@ -1,3 +1,4 @@
package com.keyware.sonar;
public class AbsolutePathDetectorRule{
// 使用绝对路径读取配置文件,触发规则

2
uut-example/java/src/main/java/com/keyware/sonar/AuthenticationChecker.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;

2
uut-example/java/src/main/java/com/keyware/sonar/AvoidSensitiveInfoInLogsCheck.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class AvoidSensitiveInfoInLogsCheck {

5
uut-example/java/src/main/java/com/keyware/sonar/CookieSensitiveParameterCheck.java
Unescape View File

@ -1,4 +1,7 @@
import javax.servlet.http.Cookie;
package com.keyware.sonar;
import jakarta.servlet.http.Cookie;
public class CookieSensitiveParameterCheck {

2
uut-example/java/src/main/java/com/keyware/sonar/DynamicCodeCheckerRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
import javax.script.Invocable;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;

2
uut-example/java/src/main/java/com/keyware/sonar/DynamicLibraryLoadChecker.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
// 在动态加载库前对输入数据进行验证,确保输入数据仅能用于加载允许加载的代码库
public class DynamicLibraryLoadChecker {

2
uut-example/java/src/main/java/com/keyware/sonar/ErrorMessageRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
public class ErrorMessageRule {
public static void main(String[] args) {
try {

2
uut-example/java/src/main/java/com/keyware/sonar/FileCheck.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
public class FileCheck{
public String FileName(){

1
uut-example/java/src/main/java/com/keyware/sonar/HashSaltPassWordRule.java
Unescape View File

@ -1,3 +1,4 @@
package com.keyware.sonar;
public class HashSaltPassWordRule {

22
uut-example/java/src/main/java/com/keyware/sonar/HttpInputDataRule.java
Unescape View File

@ -1,7 +1,9 @@
package com.keyware.sonar;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
@ -112,15 +114,6 @@ public class HttpInputDataRule {
return null;
}
@Override
public String encodeUrl(String s) {
return null;
}
@Override
public String encodeRedirectUrl(String s) {
return null;
}
@Override
public void sendError(int i, String s) throws IOException {
@ -172,11 +165,6 @@ public class HttpInputDataRule {
}
@Override
public void setStatus(int i, String s) {
}
@Override
public int getStatus() {
return 0;

3
uut-example/java/src/main/java/com/keyware/sonar/InputSQLVerifyRule.java
Unescape View File

@ -1,7 +1,8 @@
package com.keyware.sonar;
import java.sql.*;
public class InputSQLVerifyRile {
public class InputSQLVerifyRule {
private static final String DB_URL = "jdbc:mysql://localhost:3306/mydatabase";
private static final String USER = "username";
private static final String PASS = "password";

2
uut-example/java/src/main/java/com/keyware/sonar/Md5PassWordVerifyRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
public class Md5PassWordVerifyRule{
public static void cs(Student student){
// 结合盐值和口令进行散列计算

8
uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java
Unescape View File

@ -1,7 +1,9 @@
package com.keyware.sonar;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class OptionsVerifyRule implements Filter {

1
uut-example/java/src/main/java/com/keyware/sonar/PasswordRegexCheck.java
Unescape View File

@ -1,3 +1,4 @@
package com.keyware.sonar;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

1
uut-example/java/src/main/java/com/keyware/sonar/PathAndKeywordCheck.java
Unescape View File

@ -1,3 +1,4 @@
package com.keyware.sonar;
import java.io.File;
import java.net.URI;

2
uut-example/java/src/main/java/com/keyware/sonar/RSAEncryptionRule.java
Unescape View File

@ -1,4 +1,4 @@
package com.keyware.sonar;
import javax.crypto.Cipher;
import java.security.*;

1
uut-example/java/src/main/java/com/keyware/sonar/RedirectUrlChecker.java
Unescape View File

@ -1,3 +1,4 @@
package com.keyware.sonar;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

7
uut-example/java/src/main/java/com/keyware/sonar/SecurityCookieRule.java
Unescape View File

@ -1,7 +1,8 @@
import javax.servlet.http.HttpServletResponse;
package com.keyware.sonar;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
public class SecurityCookieRule {

2
uut-example/java/src/main/java/com/keyware/sonar/SendMessageVerifyRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
import java.io.DataOutputStream;
import java.net.ServerSocket;
import java.net.Socket;

12
uut-example/java/src/main/java/com/keyware/sonar/SessionCacheParamsChecker.java
Unescape View File

@ -1,11 +1,13 @@
package com.keyware.sonar;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SessionCacheParamsChecker {
private static final long serialVersionUID = 1391640560504378168L;

2
uut-example/java/src/main/java/com/keyware/sonar/SystemFunctionChecker.java
Unescape View File

@ -1,4 +1,4 @@
package com.keyware.sonar;
import java.io.IOException;

10
uut-example/java/src/main/java/com/keyware/sonar/UploadFileVerifyRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.PostMapping;
@ -29,7 +31,7 @@ public class UploadFileVerifyRule {
}
//获取文件原始名称
String originalFilename = file.getOriginalFilename();
String type = FileUtil.extName(originalFilename);
String type = extName(originalFilename);
// if(type == ""){
//
// }
@ -44,10 +46,10 @@ public class UploadFileVerifyRule {
return "上传成功";
}
class FileUtil{
public static String extName(String filename){
public String extName(String filename){
// 根据文件名获取文件后缀
return filename.substring(filename.lastIndexOf(".") + 1);
}
}
}

2
uut-example/java/src/main/java/com/keyware/sonar/UpperCycleLimitRule.java
Unescape View File

@ -1,3 +1,5 @@
package com.keyware.sonar;
public class UpperCycleLimitRule {
public static void Upper(int number){

22
uut-example/java/src/main/java/com/keyware/sonar/UserStatusVerifyChecker.java
Unescape View File

@ -1,13 +1,14 @@
package com.keyware.sonar;
import com.fasterxml.classmate.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class UserStatusVerifyChecker {
@ -34,7 +35,7 @@ public class UserStatusVerifyChecker {
}
HttpSession newSession = request.getSession(true);
newSession.setMaxInactiveInterval(30 * 60);
newSession.setAttribute("username", username);
newSession.setAttribute("username", "username");
chain.doFilter(req, resp); // 继续执行下一个过滤器或请求
} else {
req.getRequestDispatcher("/login.jsp").forward(req, resp); // 跳转到登录页面
@ -48,14 +49,13 @@ public class UserStatusVerifyChecker {
}
public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {// Noncompliant {{对用户进行身份鉴别并建立一个新的会话时让原来的会话失效}}
boolean isValidUser = false;
String username = request.getParameter("username");
String password = request.getParameter("password");
isValidUser = UserService.validate(username, password);
if (isValidUser) {
// HttpSession oldSession = request.getSession(false);
HttpSession oldSession = request.getSession(false);
if (oldSession != null) {
oldSession.invalidate();
}

Write Preview
Loading…
Cancel
Save