From 89eee5252358ee5e7e9cea11f57835f3ed449c64 Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Tue, 23 Jan 2024 13:25:57 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E4=BC=98=E5=8C=96:=E8=B0=83=E6=95=B4?=
=?UTF-8?q?=E8=A2=AB=E6=B5=8B=E4=BB=B6=E9=97=AE=E9=A2=98=E6=89=80=E5=9C=A8?=
=?UTF-8?q?=E8=A1=8C=E7=9A=84=E8=A1=8C=E5=8F=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../sonar/java/rules/checkers/PasswordInputTagCheckerTest.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java
index 49ecca5..66459c7 100644
--- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java
+++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/PasswordInputTagCheckerTest.java
@@ -30,6 +30,6 @@ public class PasswordInputTagCheckerTest {
HtmlSourceCode sourceCode = HtmlTestHelper.scan(new File("src/test/files/PasswordInputTagChecker.html"), new PasswordInputTagChecker());
checkMessagesVerifier.verify(sourceCode.getIssues())
- .next().atLine(16);
+ .next().atLine(9);
}
}
From f04961c25997f654323507092deea99c51977c56 Mon Sep 17 00:00:00 2001
From: wuhaoyang <2507865306@qq.com>
Date: Tue, 23 Jan 2024 13:29:03 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=87=86=E5=88=99:?=
=?UTF-8?q?=E7=A6=81=E6=AD=A2=E5=9C=A8=E5=AE=B9=E6=98=93=E5=8F=97=E6=94=BB?=
=?UTF-8?q?=E5=87=BB=E7=9A=84=E5=9C=B0=E6=96=B9=E6=98=8E=E6=96=87=E5=AD=98?=
=?UTF-8?q?=E5=82=A8=E5=8F=A3=E4=BB=A4=E5=AF=86=E7=A0=81=E3=80=82=E5=A6=82?=
=?UTF-8?q?=E6=9E=9C=E9=9C=80=E8=A6=81=EF=BC=8C=E8=80=83=E8=99=91=E5=AD=98?=
=?UTF-8?q?=E5=82=A8=E5=8F=A3=E4=BB=A4=E7=9A=84=E5=8D=95=E5=90=91=E5=8A=A0?=
=?UTF-8?q?=E5=AF=86=E6=95=A3=E5=88=97=EF=BC=8C=E4=BB=A5=E6=9B=BF=E4=BB=A3?=
=?UTF-8?q?=E6=98=8E=E6=96=87=E5=8F=A3=E4=BB=A4=E5=AD=98=E5=82=A8=E3=80=82?=
=?UTF-8?q?(xml,yml,json)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
sonar-keyware-plugins-java/pom.xml | 12 ++
.../sonar/java/ConfigFileSquidSensor.java | 22 ---
.../sonar/java/ConfigurationFileLanguage.java | 2 +-
.../checkers/ConfigurationFileChecker.java | 144 ++++++++++++++++++
.../configFile/ConfigurationFileChecker.conf | 4 +-
.../configFile/ConfigurationFileChecker.ini | 2 +-
.../configFile/ConfigurationFileChecker.json | 5 +
.../ConfigurationFileChecker.properties | 2 +-
.../configFile/ConfigurationFileChecker.xml | 7 +
.../configFile/ConfigurationFileChecker.yml | 3 +
10 files changed, 176 insertions(+), 27 deletions(-)
create mode 100644 sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json
create mode 100644 sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml
create mode 100644 sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml
diff --git a/sonar-keyware-plugins-java/pom.xml b/sonar-keyware-plugins-java/pom.xml
index e5e4aa1..bb5dc53 100644
--- a/sonar-keyware-plugins-java/pom.xml
+++ b/sonar-keyware-plugins-java/pom.xml
@@ -98,6 +98,18 @@
sonar-plugin-api-impl
test
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ 2.16.0
+ compile
+
+
+ org.yaml
+ snakeyaml
+ 1.28
+ compile
+
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
index 7ce3247..faa9fef 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigFileSquidSensor.java
@@ -14,9 +14,7 @@ import org.sonar.api.batch.rule.Checks;
import org.sonar.api.batch.sensor.Sensor;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
-import org.sonar.api.measures.CoreMetrics;
-import java.io.IOException;
public class ConfigFileSquidSensor implements Sensor {
private final Checks checks;
@@ -45,25 +43,5 @@ public class ConfigFileSquidSensor implements Sensor {
}
}
- private String readFileContents(InputFile javaFile) {
- String content;
- try {
- content = javaFile.contents();
- } catch (IOException e) {
- System.err.println("Failed to read " + javaFile + " due to " + e.getMessage());
- content = "";
- }
- return content;
- }
-
- private void measureLines(SensorContext context, InputFile javaFile, String content) {
- int lines = content.split("[\n\r]").length;
- context.newMeasure()
- .forMetric(CoreMetrics.NCLOC)
- .on(javaFile)
- .withValue(lines)
- .save();
- }
-
}
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java
index f2a6028..609a3e4 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/ConfigurationFileLanguage.java
@@ -21,7 +21,7 @@ public class ConfigurationFileLanguage extends AbstractLanguage {
public static final String NAME = "Configuration";
public static final String KEY = "cfg";
public static final String FILE_SUFFIXES_KEY = "sonar.disposition.file.suffixes";
- public static final String FILE_SUFFIXES_DEFAULT_VALUE = ".properties,.ini,.conf";
+ public static final String FILE_SUFFIXES_DEFAULT_VALUE = ".properties,.ini,.conf,.xml,.yml,.json";
private final Configuration config;
diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
index ff710a2..1c2f7e2 100644
--- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
+++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java
@@ -6,13 +6,24 @@
*/
package com.keyware.sonar.java.rules.checkers;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.issue.NewIssue;
import org.sonar.api.rule.RuleKey;
import org.sonar.check.Rule;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.yaml.snakeyaml.Yaml;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
import java.io.*;
+import java.util.Iterator;
+import java.util.Map;
import java.util.Properties;
import java.util.Scanner;
@@ -36,6 +47,7 @@ public class ConfigurationFileChecker {
if (filename.endsWith(".properties")) {
try {
File file = new File(inputFile.absolutePath());
+ System.out.println("---------------properties文件路径----------------"+file);
try (Scanner scanner = new Scanner(file)) {
int lineNum = 1;
while (scanner.hasNextLine()) {
@@ -144,6 +156,138 @@ public class ConfigurationFileChecker {
lineNum++;
}
}
+
+
+
+ if (filename.endsWith(".xml")){
+ // 获取当前输入文件的绝对路径
+ File file1 = inputFile.file();
+ File absoluteFile = file1.getAbsoluteFile();
+
+ // 构建目录路径
+ File dir = new File(String.valueOf(absoluteFile)).getParentFile();
+ System.out.println("---------------xml文件路径----------------"+dir);
+ FilenameFilter filter = new FilenameFilter() {
+ public boolean accept(File dir, String name) {
+ return name.endsWith(".xml");
+ }
+ };
+
+ String[] children = dir.list(filter);
+ if (children == null) {
+ System.out.println("目录不存在或不是目录");
+ } else {
+ for (int i = 0; i < children.length; i++) {
+ String filename1 = children[i];
+ File xmlFile = new File(dir, filename1);
+ processXML(xmlFile);
+ }
+ }
+ }
+
+
+ if (filename.endsWith(".json")){
+ try {
+ // 获取当前输入文件的绝对路径
+ File file1 = inputFile.file();
+ File absoluteFile = file1.getAbsoluteFile();
+
+ // 构建目录路径
+ File folder = new File(String.valueOf(absoluteFile)).getParentFile();
+ System.out.println("---------------json文件路径----------------"+folder);
+ File[] listOfFiles = folder.listFiles();
+
+ if (listOfFiles != null) {
+ ObjectMapper mapper = new ObjectMapper();
+ for (File file : listOfFiles) {
+ if (file.isFile() && file.getName().endsWith(".json")) {
+ JsonNode rootNode = mapper.readTree(file);
+ extractPassword(rootNode);
+ }
+ }
+ }
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+
+ if (filename.endsWith(".yml")){
+ // 获取当前输入文件的绝对路径
+ File file1 = inputFile.file();
+ File absoluteFile = file1.getAbsoluteFile();
+
+ // 构建目录路径
+ File dir = new File(String.valueOf(absoluteFile)).getParentFile();
+ System.out.println("---------------yml文件路径----------------"+dir);
+ Yaml yaml = new Yaml();
+ for (File file : dir.listFiles()) {
+ if (file.isFile() && file.getName().endsWith(".yml")) {
+ try (FileInputStream fis = new FileInputStream(file)) {
+ Map obj = yaml.load(fis);
+ if (obj != null){
+ String password = searchPassword(obj);
+ if (password != null) {
+ System.out.println("password="+password);
+ }
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
}
+ public static void processXML(File xmlFile) {
+ try {
+ DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+ DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
+ Document doc = dBuilder.parse(xmlFile);
+ doc.getDocumentElement().normalize();
+
+ NodeList nList = doc.getElementsByTagName("password");
+ for (int i = 0; i < nList.getLength(); i++) {
+ Node nNode = nList.item(i);
+ if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+ Element eElement = (Element) nNode;
+ System.out.println("Password="+ eElement.getTextContent());
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+
+ public static void extractPassword(JsonNode node) {
+ Iterator fieldNames = node.fieldNames();
+ while (fieldNames.hasNext()) {
+ String fieldName = fieldNames.next();
+ if (fieldName.equals("password")) {
+ System.out.println("Password= " + node.get(fieldName).asText());
+ }
+ if (node.get(fieldName).isContainerNode()) {
+ extractPassword(node.get(fieldName));
+ }
+ }
+ }
+
+
+
+ private static String searchPassword(Map map) {
+ for (String key : map.keySet()) {
+ if ("password".equals(key) && map.get(key) instanceof String) {
+ return (String) map.get(key);
+ } else if (map.get(key) instanceof Map) {
+ String password = searchPassword((Map) map.get(key));
+ if (password != null) {
+ return password;
+ }
+ }
+ }
+ return null;
+ }
}
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf
index 662d821..66b164a 100644
--- a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.conf
@@ -1,2 +1,2 @@
-# 这是一个conf配置文件
-password = yourpassword
\ No newline at end of file
+# 这是一个.conf配置文件
+password = confPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini
index c57ef7f..2361077 100644
--- a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.ini
@@ -1,3 +1,3 @@
[UserCredentials]
username = exampleUser
-password = examplePassword
\ No newline at end of file
+password = iniPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json
new file mode 100644
index 0000000..fb056e5
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.json
@@ -0,0 +1,5 @@
+{
+ "username": "john_doe",
+ "password": "jsonPassword",
+ "email": "john.doe@example.com"
+}
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties
index ed2cc37..39585ab 100644
--- a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.properties
@@ -1,2 +1,2 @@
# ConfigurationFileChecker.properties
-password=abc123
\ No newline at end of file
+password=propertiesPassword
\ No newline at end of file
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml
new file mode 100644
index 0000000..757e3c6
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.xml
@@ -0,0 +1,7 @@
+
+
+
+ exampleUser
+ xmlPassword
+
+
diff --git a/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml
new file mode 100644
index 0000000..29c8a20
--- /dev/null
+++ b/sonar-keyware-plugins-java/src/test/files/configFile/ConfigurationFileChecker.yml
@@ -0,0 +1,3 @@
+database:
+ user: admin
+ password: ymlPassword
\ No newline at end of file