|
|
|
@ -6,13 +6,24 @@ |
|
|
|
|
*/ |
|
|
|
|
package com.keyware.sonar.java.rules.checkers; |
|
|
|
|
|
|
|
|
|
import com.fasterxml.jackson.databind.JsonNode; |
|
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper; |
|
|
|
|
import org.sonar.api.batch.fs.InputFile; |
|
|
|
|
import org.sonar.api.batch.sensor.SensorContext; |
|
|
|
|
import org.sonar.api.batch.sensor.issue.NewIssue; |
|
|
|
|
import org.sonar.api.rule.RuleKey; |
|
|
|
|
import org.sonar.check.Rule; |
|
|
|
|
import org.w3c.dom.Document; |
|
|
|
|
import org.w3c.dom.Element; |
|
|
|
|
import org.w3c.dom.Node; |
|
|
|
|
import org.w3c.dom.NodeList; |
|
|
|
|
import org.yaml.snakeyaml.Yaml; |
|
|
|
|
|
|
|
|
|
import javax.xml.parsers.DocumentBuilder; |
|
|
|
|
import javax.xml.parsers.DocumentBuilderFactory; |
|
|
|
|
import java.io.*; |
|
|
|
|
import java.util.Iterator; |
|
|
|
|
import java.util.Map; |
|
|
|
|
import java.util.Properties; |
|
|
|
|
import java.util.Scanner; |
|
|
|
|
|
|
|
|
@ -36,6 +47,7 @@ public class ConfigurationFileChecker { |
|
|
|
|
if (filename.endsWith(".properties")) { |
|
|
|
|
try { |
|
|
|
|
File file = new File(inputFile.absolutePath()); |
|
|
|
|
System.out.println("---------------properties文件路径----------------"+file); |
|
|
|
|
try (Scanner scanner = new Scanner(file)) { |
|
|
|
|
int lineNum = 1; |
|
|
|
|
while (scanner.hasNextLine()) { |
|
|
|
@ -144,6 +156,138 @@ public class ConfigurationFileChecker { |
|
|
|
|
lineNum++; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (filename.endsWith(".xml")){ |
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
File absoluteFile = file1.getAbsoluteFile(); |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File dir = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------xml文件路径----------------"+dir); |
|
|
|
|
FilenameFilter filter = new FilenameFilter() { |
|
|
|
|
public boolean accept(File dir, String name) { |
|
|
|
|
return name.endsWith(".xml"); |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
String[] children = dir.list(filter); |
|
|
|
|
if (children == null) { |
|
|
|
|
System.out.println("目录不存在或不是目录"); |
|
|
|
|
} else { |
|
|
|
|
for (int i = 0; i < children.length; i++) { |
|
|
|
|
String filename1 = children[i]; |
|
|
|
|
File xmlFile = new File(dir, filename1); |
|
|
|
|
processXML(xmlFile); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (filename.endsWith(".json")){ |
|
|
|
|
try { |
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
File absoluteFile = file1.getAbsoluteFile(); |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File folder = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------json文件路径----------------"+folder); |
|
|
|
|
File[] listOfFiles = folder.listFiles(); |
|
|
|
|
|
|
|
|
|
if (listOfFiles != null) { |
|
|
|
|
ObjectMapper mapper = new ObjectMapper(); |
|
|
|
|
for (File file : listOfFiles) { |
|
|
|
|
if (file.isFile() && file.getName().endsWith(".json")) { |
|
|
|
|
JsonNode rootNode = mapper.readTree(file); |
|
|
|
|
extractPassword(rootNode); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (filename.endsWith(".yml")){ |
|
|
|
|
// 获取当前输入文件的绝对路径
|
|
|
|
|
File file1 = inputFile.file(); |
|
|
|
|
File absoluteFile = file1.getAbsoluteFile(); |
|
|
|
|
|
|
|
|
|
// 构建目录路径
|
|
|
|
|
File dir = new File(String.valueOf(absoluteFile)).getParentFile(); |
|
|
|
|
System.out.println("---------------yml文件路径----------------"+dir); |
|
|
|
|
Yaml yaml = new Yaml(); |
|
|
|
|
for (File file : dir.listFiles()) { |
|
|
|
|
if (file.isFile() && file.getName().endsWith(".yml")) { |
|
|
|
|
try (FileInputStream fis = new FileInputStream(file)) { |
|
|
|
|
Map<String, Object> obj = yaml.load(fis); |
|
|
|
|
if (obj != null){ |
|
|
|
|
String password = searchPassword(obj); |
|
|
|
|
if (password != null) { |
|
|
|
|
System.out.println("password="+password); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
public static void processXML(File xmlFile) { |
|
|
|
|
try { |
|
|
|
|
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); |
|
|
|
|
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); |
|
|
|
|
Document doc = dBuilder.parse(xmlFile); |
|
|
|
|
doc.getDocumentElement().normalize(); |
|
|
|
|
|
|
|
|
|
NodeList nList = doc.getElementsByTagName("password"); |
|
|
|
|
|
|
|
|
|
for (int i = 0; i < nList.getLength(); i++) { |
|
|
|
|
Node nNode = nList.item(i); |
|
|
|
|
if (nNode.getNodeType() == Node.ELEMENT_NODE) { |
|
|
|
|
Element eElement = (Element) nNode; |
|
|
|
|
System.out.println("Password="+ eElement.getTextContent()); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public static void extractPassword(JsonNode node) { |
|
|
|
|
Iterator<String> fieldNames = node.fieldNames(); |
|
|
|
|
while (fieldNames.hasNext()) { |
|
|
|
|
String fieldName = fieldNames.next(); |
|
|
|
|
if (fieldName.equals("password")) { |
|
|
|
|
System.out.println("Password= " + node.get(fieldName).asText()); |
|
|
|
|
} |
|
|
|
|
if (node.get(fieldName).isContainerNode()) { |
|
|
|
|
extractPassword(node.get(fieldName)); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static String searchPassword(Map<String, Object> map) { |
|
|
|
|
for (String key : map.keySet()) { |
|
|
|
|
if ("password".equals(key) && map.get(key) instanceof String) { |
|
|
|
|
return (String) map.get(key); |
|
|
|
|
} else if (map.get(key) instanceof Map) { |
|
|
|
|
String password = searchPassword((Map<String, Object>) map.get(key)); |
|
|
|
|
if (password != null) { |
|
|
|
|
return password; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return null; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|