From ea351ac386a7b0f778452b08a5983ff6f812e8da Mon Sep 17 00:00:00 2001 From: renfengshan <1535889807@qqcom> Date: Thu, 11 Jan 2024 11:30:05 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E2=80=9C=E7=A8=8B?= =?UTF-8?q?=E5=BA=8F=E8=AE=BE=E8=AE=A1=E6=97=B6=E7=A6=81=E6=AD=A2=E5=8A=A8?= =?UTF-8?q?=E6=80=81=E6=9E=84=E5=BB=BA=E4=BB=A3=E7=A0=81=E8=BF=9B=E8=A1=8C?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E5=AE=9E=E7=8E=B0=E2=80=9D=E5=87=86=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sonar/java/rules/checkers/DynamicCodeChecker.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java index 11b14c4..009a51f 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java @@ -12,18 +12,13 @@ import java.util.Collections; import java.util.List; -@Rule(key = "SessionExpirationDateChecker") +@Rule(key = "DynamicCodeChecker") //检测代码中包含动态代码执行操作时,工具进行提示 public class DynamicCodeChecker extends SubscriptionVisitor { @Override public List nodesToVisit() { - /** - * Tree.Kind.METHOD:方法节点 - * Tree.Kind.BLOCK:方法的代码块节点 - * Tree.Kind.METHOD_INVOCATION: 方法的调用节点 - */ return Collections.singletonList( Tree.Kind.METHOD_INVOCATION ); From 3d3a1b9d8470c2c585494165dac6e87ec59cd762 Mon Sep 17 00:00:00 2001 From: wuhaoyang <2507865306@qq.com> Date: Thu, 11 Jan 2024 13:24:58 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=87=86=E5=88=99?= =?UTF-8?q?=E5=9C=A8=E6=9E=84=E5=BB=BA=E5=91=BD=E4=BB=A4=E5=89=8D=E5=AF=B9?= =?UTF-8?q?=E8=BE=93=E5=85=A5=E6=95=B0=E6=8D=AE=E8=BF=9B=E8=A1=8C=E9=AA=8C?= =?UTF-8?q?=E8=AF=81=EF=BC=8C=E7=A1=AE=E4=BF=9D=E8=BE=93=E5=85=A5=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E4=BB=85=E8=83=BD=E7=94=A8=E4=BA=8E=E6=9E=84=E6=88=90?= =?UTF-8?q?=E5=85=81=E8=AE=B8=E7=9A=84=E5=91=BD=E4=BB=A4=E8=A1=8C=E6=88=96?= =?UTF-8?q?=E5=B9=B2=E9=A2=84=E5=91=BD=E4=BB=A4=E7=9A=84=E6=97=A0=E7=94=A8?= =?UTF-8?q?=E6=B3=A8=E9=87=8A=EF=BC=8C=E4=B8=94=E6=89=93=E4=B8=8A=E5=A4=B4?= =?UTF-8?q?=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/rules/checkers/DynamicCodeChecker.java | 6 ++++++ .../java/rules/checkers/RedirectUrlChecker.java | 6 ++++++ .../java/rules/checkers/SystemFunctionChecker.java | 14 ++++++-------- .../rules/checkers/DynamicCodeCheckerTest.java | 6 ++++++ .../rules/checkers/RedirectUrlCheckerTest.java | 6 ++++++ .../rules/checkers/SystemFunctionCheckerTest.java | 6 ++++++ 6 files changed, 36 insertions(+), 8 deletions(-) diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java index 11b14c4..7a0f3ac 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:Java 信息安全性设计准则 + * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ package com.keyware.sonar.java.rules.checkers; diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java index 17bf995..282b0c9 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RedirectUrlChecker.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:Java 信息安全性设计准则 + * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ package com.keyware.sonar.java.rules.checkers; import org.sonar.check.Rule; diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SystemFunctionChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SystemFunctionChecker.java index dd9445e..d367fe0 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SystemFunctionChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SystemFunctionChecker.java @@ -1,15 +1,13 @@ -package com.keyware.sonar.java.rules.checkers;/* - *@title SystemFunctionChecker - *@description - *@author Admin - *@version 1.0 - *@create 2024/1/11 9:29 +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:Java 信息安全性设计准则 + * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 */ +package com.keyware.sonar.java.rules.checkers; import org.sonar.check.Rule; -import org.sonar.java.checks.helpers.ExpressionsHelper; import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; -import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.*; import java.util.*; diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/DynamicCodeCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/DynamicCodeCheckerTest.java index e4fdef7..8ae58a0 100644 --- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/DynamicCodeCheckerTest.java +++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/DynamicCodeCheckerTest.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:Java 信息安全性设计准则 + * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ package com.keyware.sonar.java.rules.checkers; diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/RedirectUrlCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/RedirectUrlCheckerTest.java index c448e5e..218af36 100644 --- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/RedirectUrlCheckerTest.java +++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/RedirectUrlCheckerTest.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:Java 信息安全性设计准则 + * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ package com.keyware.sonar.java.rules.checkers; import com.keyware.sonar.java.utils.FilesUtils; diff --git a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/SystemFunctionCheckerTest.java b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/SystemFunctionCheckerTest.java index 8ab8dce..5bd1d96 100644 --- a/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/SystemFunctionCheckerTest.java +++ b/sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/SystemFunctionCheckerTest.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:Java 信息安全性设计准则 + * 项目描述:用于检查Java源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ package com.keyware.sonar.java.rules.checkers;/* *@title SystemFunctionCheckerTest *@description