bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Add OrderedBroadcastPlugin

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-12 10:51:49 +02:00
parent c0c1577f1c
commit 6ecdafac87
3 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/com/bartek/esa/core/di/PluginModule.java
View File

@@ -131,4 +131,10 @@ public class PluginModule {
public Plugin worldAccessPermissionsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { public Plugin worldAccessPermissionsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new WorldAccessPermissionsPlugin(globMatcher, xmlHelper); return new WorldAccessPermissionsPlugin(globMatcher, xmlHelper);
} }
@Provides
@IntoSet
public Plugin orderedAndStickyBroadcastPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new OrderedBroadcastPlugin(globMatcher, xmlHelper);
}
} }

25
src/main/java/com/bartek/esa/core/plugin/OrderedBroadcastPlugin.java Normal file
View File

@@ -0,0 +1,25 @@
package com.bartek.esa.core.plugin;
import com.bartek.esa.core.archetype.JavaPlugin;
import com.bartek.esa.core.model.enumeration.Severity;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.expr.MethodCallExpr;
import javax.inject.Inject;
public class OrderedBroadcastPlugin extends JavaPlugin {
@Inject
public OrderedBroadcastPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
super(globMatcher, xmlHelper);
}
@Override
public void run(CompilationUnit compilationUnit) {
compilationUnit.findAll(MethodCallExpr.class).stream()
.filter(expr -> expr.getName().getIdentifier().matches("sendOrderedBroadcast|sendOrderedBroadcastAsUser|sendStickyOrderedBroadcast|sendStickyOrderedBroadcastAsUser"))
.forEach(expr -> addIssue(Severity.WARNING, getLineNumberFromExpression(expr), expr.toString()));
}
}

5
src/main/resources/description.properties
View File

@@ -115,4 +115,7 @@ com.bartek.esa.core.plugin.SqlInjectionPlugin='rawQuery' method detected. Potent
com.bartek.esa.core.plugin.WorldAccessPermissionsPlugin=World access permissions detected. Potential data leakage.\n\ com.bartek.esa.core.plugin.WorldAccessPermissionsPlugin=World access permissions detected. Potential data leakage.\n\
The deprecated '${exprName}' constant has been found and it can be risky to use.\n\ The deprecated '${exprName}' constant has been found and it can be risky to use.\n\
It grants world access permission to selected resource.\n\ It grants world access permission to selected resource.\n\
Consider using less permissive mode.a. Consider using less permissive mode.
com.bartek.esa.core.plugin.OrderedBroadcastPlugin=Sending ordered broadcast. Potential broadcast theft.\n\
Malicious applications can intercept ordered broadcasts, stop their propagation and resend with malicious data.