优化：优化误报问题

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.java

@@ -92,7 +92,7 @@ public class ReallocMainChecker extends SquidCheck<Grammar> {
                         String name = as.getToken().getValue();
                         //判断参数是否存在在集合中
                         if(!lists.contains(name)){
-                            reportIssue(as, "使用realloc函数前应先清楚敏感信息");
+                            reportIssue(as, "使用realloc函数前应先清空敏感信息");
                         }
                     }
                 }

sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/ReallocMainCheckerTest.java

@@ -27,7 +27,7 @@ public class ReallocMainCheckerTest {
         var tester = CxxFileTesterHelper.create("ReallocMainChecker.cc");
         SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
         CheckMessagesVerifier.verify(file.getCheckMessages())
-                .next().atLine(27).withMessage("使用realloc函数前应先清楚敏感信息")
+                .next().atLine(27).withMessage("使用realloc函数前应先清空敏感信息")
                 .noMore();
     }
 

sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionCacheParamsChecker.java

@@ -8,7 +8,6 @@ package com.keyware.sonar.java.rules.checkers;
 
 import org.sonar.check.Rule;
 import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
-import org.sonar.plugins.java.api.semantic.Symbol;
 import org.sonar.plugins.java.api.semantic.Type;
 import org.sonar.plugins.java.api.tree.*;
 
@@ -32,7 +31,7 @@ public class SessionCacheParamsChecker extends IssuableSubscriptionVisitor {
             "url",
             "userpassword"
     );
-    private static final String requestType = "javax.servlet.http.HttpServletRequest";
+    private static final String requestType = "HttpServletRequest";
 
     @Override
     public List<Tree.Kind> nodesToVisit() {
@@ -42,19 +41,19 @@ public class SessionCacheParamsChecker extends IssuableSubscriptionVisitor {
     @Override
     public void visitNode(@Nonnull Tree tree) {
         MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
-        Symbol.MethodSymbol methodSymbol = (Symbol.MethodSymbol) methodInvocationTree.methodSymbol();
         //获取参数
         ExpressionTree expressionTree = methodInvocationTree.methodSelect();
         if(expressionTree.is(Tree.Kind.MEMBER_SELECT)){
             MemberSelectExpressionTree selectExpressionTree = (MemberSelectExpressionTree) expressionTree;
             //获取参数类型
             Type type = selectExpressionTree.expression().symbolType();
+            String fierName = selectExpressionTree.identifier().name();
             if(type != null){
                 //判断参数类型和调用方法符不符合要求
-                if(requestType.equals(type.fullyQualifiedName())
+                if(type.fullyQualifiedName().contains(requestType)
-                        && ("getParameter".equals(methodSymbol.name()) || "getCookies".equals(methodSymbol.name()))) {
+                        && ("getParameter".equals(fierName) || "getCookies".equals(fierName))) {
                     //如果是getCookies方法直接抛错
-                    if("getCookies".equals(methodSymbol.name())){
+                    if("getCookies".equals(fierName)){
                         reportIssue(methodInvocationTree, "页面隐藏域字段、Cookie、URL等关键参数不能直接获取，应缓存到服务器端的会话中并通过会话获取");
                     }else {
                         //获取参数
@@ -65,7 +64,6 @@ public class SessionCacheParamsChecker extends IssuableSubscriptionVisitor {
                                         .replace("\"", "").toLowerCase();
                                 //判断是否是违规项
                                 if(HIDED_PARAMS.contains(name)){
-                                    System.out.println(methodInvocationTree);
                                     reportIssue(methodInvocationTree, "页面隐藏域字段、Cookie、URL等关键参数不能直接获取，应缓存到服务器端的会话中并通过会话获取");
                                     break;
                                 }

sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.html

@@ -1,5 +1,5 @@
-<p>通过用户名口令、数据证书等其他手段对用户身份进行验证</p>
+<p>应通过用户名口令、数据证书等其他手段对用户身份进行验证</p>
-<h2>通过用户名口令、数据证书等其他手段对用户身份进行验证</h2>
+<h2>应通过用户名口令、数据证书等其他手段对用户身份进行验证</h2>
 <pre>
 
 </pre>

sonar-keyware-plugins-java/src/main/resources/org/sonar/l10n/java/rules/java/AuthenticationChecker.json

@@ -1,5 +1,5 @@
 {
-  "title": "通过用户名口令、数据证书等其他手段对用户身份进行验证",
+  "title": "应通过用户名口令、数据证书等其他手段对用户身份进行验证",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {

sonar-keyware-plugins-java/src/test/files/options/OptionsVerifyTwoRule.java

@@ -12,7 +12,7 @@ public class OptionsVerifyTwoRule implements Filter {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
         HttpServletResponse res = (HttpServletResponse) response;
-//        res.addHeader("X-Frame-Options", "DENY");
+        res.addHeader("X-Frame-Options", "iframe");
         chain.doFilter(request, response);
     }
 

sonar-keyware-plugins-java/src/test/java/com/keyware/sonar/java/rules/checkers/SessionCacheParamsCheckerTest.java

@@ -12,7 +12,7 @@ import org.junit.jupiter.api.Test;
 import org.sonar.java.checks.verifier.CheckVerifier;
 
 /**
- * TODO SessionCacheParamsCheckerTest
+ * TODO 将页面隐藏域字段、Cookie、URL等关键参数缓存到服务器端的会话中，程序使用该数据须通过会话获取
  *
  * @author RenFengJiang
  * @date 2024/1/24

uut-example/java/src/main/java/com/keyware/sonar/OptionsVerifyRule.java

@@ -15,7 +15,7 @@ public class OptionsVerifyRule implements Filter {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
         HttpServletResponse res = (HttpServletResponse) response;
-        res.addHeader("X-Frame-Options", "DENY");
+        res.addHeader("X-Frame-Options", "iframe");
         chain.doFilter(request, response);
     }