• 博客园logo
  • 会员
  • 众包
  • 新闻
  • 博问
  • 闪存
  • 赞助商
  • HarmonyOS
  • Chat2DB
    • 搜索
      所有博客
    • 搜索
      当前博客
  • 写随笔 我的博客 短消息 简洁模式
    用户头像
    我的博客 我的园子 账号设置 会员中心 简洁模式 ... 退出登录
    注册 登录

yxchun

  • 博客园
  • 联系
  • 订阅
  • 管理

公告

View Post

Sonarqube,标识代码中的username/password关键字,分别使用Tree.Kind.STRING_LITERAL 、Tree.Kind.IDENTIFIER、Tree.Kind.TEXT_BLOCK

关于Tree.Kind.STRING_LITERAL 、Tree.Kind.IDENTIFIER、Tree.Kind.TEXT_BLOCK等各个区别,请参考:

Tree.Kind.STRING_LITERAL 、Tree.Kind.IDENTIFIER、Tree.Kind.TEXT_BLOCK 区别 - yxchun - 博客园 (cnblogs.com)

 

1、使用 Tree.Kind.STRING_LITERAL 

package org.sonar.samples.java.checks;

import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScanner;

import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.Tree;

import java.util.Arrays;
import java.util.List;

@Rule(key = "HardcodedSensitiveInfo2Rule")
public class HardcodedSensitiveInfo2Rule extends IssuableSubscriptionVisitor implements JavaFileScanner {

  private static final List<String> SENSITIVE_KEYWORDS = Arrays.asList("username", "password");

  @Override
  public List<Tree.Kind> nodesToVisit() {
    return Arrays.asList(Tree.Kind.STRING_LITERAL);
  }

  @Override
  public void visitNode(Tree tree) {

    if (tree.is(Tree.Kind.STRING_LITERAL)) {

      LiteralTree stringLiteral = (LiteralTree) tree;

        String value = stringLiteral.value().toLowerCase();
        for (String keyword : SENSITIVE_KEYWORDS) {
          if (value.contains(keyword)) {
            reportIssue(tree, "Avoid hardcoding sensitive information such as " + keyword);
          }
        }
      }

    }
    
}

2、使用Tree.Kind.IDENTIFIER

package org.sonar.samples.java.checks;

import org.sonar.check.Rule;
import org.sonar.plugins.java.api.JavaFileScanner;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;

import java.util.Collections;
import java.util.List;
import java.util.Arrays;

@Rule(key = "HardcodedSensitiveInfoRule")
public class HardcodedSensitiveInfoRule extends IssuableSubscriptionVisitor implements JavaFileScanner {

  @Override
  public List<Tree.Kind> nodesToVisit() {
    return Collections.singletonList(Tree.Kind.IDENTIFIER);
  }

  @Override
  public void visitNode(Tree tree) {
    IdentifierTree identifier = (IdentifierTree) tree;
    String value=identifier.name().toLowerCase();
    if (value.contains("username")||value.contains("password")) {
      reportIssue(identifier, "Hardcoding sensitive : Method or parameter, Identifier name should not contain 'username' or 'password'.");
    }
  }
}

 

3、使用Tree.Kind.TEXT_BLOCK

package org.sonar.samples.java.checks;

import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.Tree.Kind;

import java.util.Collections;
import java.util.List;

@Rule(key = "MyTxtBlockCheck")
public class MyTxtBlockCheck extends IssuableSubscriptionVisitor {


  @Override
  public List<Kind> nodesToVisit() {

    return Collections.singletonList(Kind.TEXT_BLOCK);
  }

  @Override
  public void visitNode(Tree tree) {

    if (tree.is(Kind.TEXT_BLOCK)) {
      LiteralTree textBlock = (LiteralTree) tree;
      String value = textBlock.value().toLowerCase();
      if (value.contains("username") || value.contains("password")) {
        reportIssue(tree, "Sensitive information detected: 'username' or 'password'.");
      }
    }

  }


}

 

posted on 2024-08-19 14:17  yxchun  阅读(89)  评论(0)    收藏  举报

刷新页面返回顶部
 
博客园  ©  2004-2025
浙公网安备 33010602011771号 浙ICP备2021040463号-3