diff --git a/sonar-keyware-plugins-java/pom.xml b/sonar-keyware-plugins-java/pom.xml
index e5e4aa1..bb5dc53 100644
--- a/sonar-keyware-plugins-java/pom.xml
+++ b/sonar-keyware-plugins-java/pom.xml
@@ -98,6 +98,18 @@
sonar-plugin-api-impl
test
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ 2.16.0
+ compile
+
+
+ org.yaml
+ snakeyaml
+ 1.28
+ compile
+
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
index 7ce3247..faa9fef 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
@@ -14,9 +14,7 @@ import org.sonar.api.batch.rule.Checks;
import org.sonar.api.batch.sensor.Sensor;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
-import org.sonar.api.measures.CoreMetrics;
-import java.io.IOException;
public class ConfigFileSquidSensor implements Sensor {
private final Checks checks;
@@ -45,25 +43,5 @@ public class ConfigFileSquidSensor implements Sensor {
}
}
- private String readFileContents(InputFile javaFile) {
- String content;
- try {
- content = javaFile.contents();
- } catch (IOException e) {
- System.err.println("Failed to read " + javaFile + " due to " + e.getMessage());
- content = "";
- }
- return content;
- }
-
- private void measureLines(SensorContext context, InputFile javaFile, String content) {
- int lines = content.split("[\n\r]").length;
- context.newMeasure()
- .forMetric(CoreMetrics.NCLOC)
- .on(javaFile)
- .withValue(lines)
- .save();
- }
-
}
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java
index f2a6028..609a3e4 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java
@@ -21,7 +21,7 @@ public class ConfigurationFileLanguage extends AbstractLanguage {
public static final String NAME = "Configuration";
public static final String KEY = "cfg";
public static final String FILE_SUFFIXES_KEY = "sonar.disposition.file.suffixes";
- public static final String FILE_SUFFIXES_DEFAULT_VALUE = ".properties,.ini,.conf";
+ public static final String FILE_SUFFIXES_DEFAULT_VALUE = ".properties,.ini,.conf,.xml,.yml,.json";
private final Configuration config;
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
index ff710a2..1c2f7e2 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
@@ -6,13 +6,24 @@
*/
package com.keyware.sonar.java.rules.checkers;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.issue.NewIssue;
import org.sonar.api.rule.RuleKey;
import org.sonar.check.Rule;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.yaml.snakeyaml.Yaml;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
import java.io.*;
+import java.util.Iterator;
+import java.util.Map;
import java.util.Properties;
import java.util.Scanner;
@@ -36,6 +47,7 @@ public class ConfigurationFileChecker {
if (filename.endsWith(".properties")) {
try {
File file = new File(inputFile.absolutePath());
+ System.out.println("---------------properties文件路径----------------"+file);
try (Scanner scanner = new Scanner(file)) {
int lineNum = 1;
while (scanner.hasNextLine()) {
@@ -144,6 +156,138 @@ public class ConfigurationFileChecker {
lineNum++;
}
}
+
+
+
+ if (filename.endsWith(".xml")){
+ // 获取当前输入文件的绝对路径
+ File file1 = inputFile.file();
+ File absoluteFile = file1.getAbsoluteFile();
+
+ // 构建目录路径
+ File dir = new File(String.valueOf(absoluteFile)).getParentFile();
+ System.out.println("---------------xml文件路径----------------"+dir);
+ FilenameFilter filter = new FilenameFilter() {
+ public boolean accept(File dir, String name) {
+ return name.endsWith(".xml");
+ }
+ };
+
+ String[] children = dir.list(filter);
+ if (children == null) {
+ System.out.println("目录不存在或不是目录");
+ } else {
+ for (int i = 0; i < children.length; i++) {
+ String filename1 = children[i];
+ File xmlFile = new File(dir, filename1);
+ processXML(xmlFile);
+ }
+ }
+ }
+
+
+ if (filename.endsWith(".json")){
+ try {
+ // 获取当前输入文件的绝对路径
+ File file1 = inputFile.file();
+ File absoluteFile = file1.getAbsoluteFile();
+
+ // 构建目录路径
+ File folder = new File(String.valueOf(absoluteFile)).getParentFile();
+ System.out.println("---------------json文件路径----------------"+folder);
+ File[] listOfFiles = folder.listFiles();
+
+ if (listOfFiles != null) {
+ ObjectMapper mapper = new ObjectMapper();
+ for (File file : listOfFiles) {
+ if (file.isFile() && file.getName().endsWith(".json")) {
+ JsonNode rootNode = mapper.readTree(file);
+ extractPassword(rootNode);
+ }
+ }
+ }
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+
+ if (filename.endsWith(".yml")){
+ // 获取当前输入文件的绝对路径
+ File file1 = inputFile.file();
+ File absoluteFile = file1.getAbsoluteFile();
+
+ // 构建目录路径
+ File dir = new File(String.valueOf(absoluteFile)).getParentFile();
+ System.out.println("---------------yml文件路径----------------"+dir);
+ Yaml yaml = new Yaml();
+ for (File file : dir.listFiles()) {
+ if (file.isFile() && file.getName().endsWith(".yml")) {
+ try (FileInputStream fis = new FileInputStream(file)) {
+ Map obj = yaml.load(fis);
+ if (obj != null){
+ String password = searchPassword(obj);
+ if (password != null) {
+ System.out.println("password="+password);
+ }
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
}
+ public static void processXML(File xmlFile) {
+ try {
+ DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+ DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
+ Document doc = dBuilder.parse(xmlFile);
+ doc.getDocumentElement().normalize();
+
+ NodeList nList = doc.getElementsByTagName("password");
+ for (int i = 0; i < nList.getLength(); i++) {
+ Node nNode = nList.item(i);
+ if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+ Element eElement = (Element) nNode;
+ System.out.println("Password="+ eElement.getTextContent());
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+
+ public static void extractPassword(JsonNode node) {
+ Iterator fieldNames = node.fieldNames();
+ while (fieldNames.hasNext()) {
+ String fieldName = fieldNames.next();
+ if (fieldName.equals("password")) {
+ System.out.println("Password= " + node.get(fieldName).asText());
+ }
+ if (node.get(fieldName).isContainerNode()) {
+ extractPassword(node.get(fieldName));
+ }
+ }
+ }
+
+
+
+ private static String searchPassword(Map map) {
+ for (String key : map.keySet()) {
+ if ("password".equals(key) && map.get(key) instanceof String) {
+ return (String) map.get(key);
+ } else if (map.get(key) instanceof Map) {
+ String password = searchPassword((Map) map.get(key));
+ if (password != null) {
+ return password;
+ }
+ }
+ }
+ return null;
+ }
}
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf
index 662d821..66b164a 100644
--- a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf
@@ -1,2 +1,2 @@
-# 这是一个conf配置文件
-password = yourpassword
\ No newline at end of file
+# 这是一个.conf配置文件
+password = confPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini
index c57ef7f..2361077 100644
--- a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini
@@ -1,3 +1,3 @@
[UserCredentials]
username = exampleUser
-password = examplePassword
\ No newline at end of file
+password = iniPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json
new file mode 100644
index 0000000..fb056e5
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json
@@ -0,0 +1,5 @@
+{
+ "username": "john_doe",
+ "password": "jsonPassword",
+ "email": "john.doe@example.com"
+}
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties
index ed2cc37..39585ab 100644
--- a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties
@@ -1,2 +1,2 @@
# ConfigurationFileChecker.properties
-password=abc123
\ No newline at end of file
+password=propertiesPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml
new file mode 100644
index 0000000..757e3c6
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml
@@ -0,0 +1,7 @@
+
+
+
+ exampleUser
+ xmlPassword
+
+
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml
new file mode 100644
index 0000000..29c8a20
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml
@@ -0,0 +1,3 @@
+database:
+ user: admin
+ password: ymlPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java
index 49ecca5..66459c7 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java
@@ -30,6 +30,6 @@ public class PasswordInputTagCheckerTest {
HtmlSourceCode sourceCode = HtmlTestHelper.scan(new File("src/test/files/PasswordInputTagChecker.html"), new PasswordInputTagChecker());
checkMessagesVerifier.verify(sourceCode.getIssues())
- .next().atLine(16);
+ .next().atLine(9);
}
}