bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Add OrderedBroadcastPlugin

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-12 10:51:49 +02:00
parent c0c1577f1c
commit 6ecdafac87
3 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/com/bartek/esa/core/di/PluginModule.java
View File

@@ -131,4 +131,10 @@ public class PluginModule {
public Plugin worldAccessPermissionsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new WorldAccessPermissionsPlugin(globMatcher, xmlHelper);
}
@Provides
@IntoSet
public Plugin orderedAndStickyBroadcastPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new OrderedBroadcastPlugin(globMatcher, xmlHelper);
}
}

25
src/main/java/com/bartek/esa/core/plugin/OrderedBroadcastPlugin.java Normal file
View File

@@ -0,0 +1,25 @@
package com.bartek.esa.core.plugin;
import com.bartek.esa.core.archetype.JavaPlugin;
import com.bartek.esa.core.model.enumeration.Severity;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.expr.MethodCallExpr;
import javax.inject.Inject;
public class OrderedBroadcastPlugin extends JavaPlugin {
@Inject
public OrderedBroadcastPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
super(globMatcher, xmlHelper);
}
@Override
public void run(CompilationUnit compilationUnit) {
compilationUnit.findAll(MethodCallExpr.class).stream()
.filter(expr -> expr.getName().getIdentifier().matches("sendOrderedBroadcast|sendOrderedBroadcastAsUser|sendStickyOrderedBroadcast|sendStickyOrderedBroadcastAsUser"))
.forEach(expr -> addIssue(Severity.WARNING, getLineNumberFromExpression(expr), expr.toString()));
}
}

5
src/main/resources/description.properties
View File

@@ -115,4 +115,7 @@ com.bartek.esa.core.plugin.SqlInjectionPlugin='rawQuery' method detected. Potent
com.bartek.esa.core.plugin.WorldAccessPermissionsPlugin=World access permissions detected. Potential data leakage.\n\
The deprecated '${exprName}' constant has been found and it can be risky to use.\n\
It grants world access permission to selected resource.\n\
Consider using less permissive mode.a.
Consider using less permissive mode.
com.bartek.esa.core.plugin.OrderedBroadcastPlugin=Sending ordered broadcast. Potential broadcast theft.\n\
Malicious applications can intercept ordered broadcasts, stop their propagation and resend with malicious data.