preview

Author: springkill

.idea/gradle.xml

@@ -5,19 +5,28 @@ plugins {
 }
 
 group = "com.skgroup"
-version = "1.0-SNAPSHOT"
+version = "1.0"
 
 repositories {
     mavenCentral()
 }
 
+dependencies {
+    implementation("me.gosimple:nbvcxz:1.5.1")
+    // https://mvnrepository.com/artifact/org.jboss.windup.decompiler/decompiler-fernflower
+    implementation("org.jboss.windup.decompiler:decompiler-fernflower:6.3.9.Final")
+    implementation("org.apache.maven:maven-model:3.6.3")
+    implementation("org.apache.maven:maven-model-builder:3.6.3")
+}
+
+
 // Configure Gradle IntelliJ Plugin
 // Read more: https://plugins.jetbrains.com/docs/intellij/tools-gradle-intellij-plugin.html
 intellij {
     version.set("2023.2.6")
     type.set("IC") // Target IDE Platform
 
-    plugins.set(listOf(/* Plugin Dependencies */))
+    plugins.set(listOf("Git4Idea", "java"))
 }
 
 tasks {

.idea/misc.xml

@@ -1,4 +1,7 @@
 package org.skgroup.securityinspector.enums
 
-class VulnElemType {
+enum class VulnElemType {
+    ASSIGNMENT_EXPRESSION,
+    LOCAL_VARIABLE,
+    CLASS_FIELD
 }

build.gradle.kts

@@ -1,4 +1,4 @@
-package org.skgroup.securityinspector.utils
+package org.skgroup.securityinspector.enums
 
 enum class VulnType {
 

src/main/kotlin/org/skgroup/securityinspector/enums/VulnElemType.kt

@@ -1,4 +1,14 @@
 package org.skgroup.securityinspector.enums
 
-class XmlFactory {
+enum class XmlFactory {
+    DOCUMENT_BUILDER_FACTORY,
+    SAX_PARSER_FACTORY,
+    SAX_TRANSFORMER_FACTORY,
+    SAX_BUILDER,
+    SAX_READER,
+    XML_READER_FACTORY,
+    SCHEMA_FACTORY,
+    XML_INPUT_FACTORY,
+    TRANSFORMER_FACTORY,
+    VALIDATOR_OF_SCHEMA
 }

src/main/kotlin/org/skgroup/securityinspector/enums/VulnType.kt

@@ -1,10 +1,10 @@
-package com.skgroup.securityinspector.inspectors
+package org.skgroup.securityinspector.inspectors
 
 import com.intellij.codeInspection.AbstractBaseJavaLocalInspectionTool
 import com.intellij.psi.*
-import com.skgroup.securityinspector.utils.SecExpressionUtils
-import com.skgroup.securityinspector.visitors.BaseFixElementWalkingVisitor
 import org.apache.commons.codec.digest.MurmurHash3
+import org.skgroup.securityinspector.utils.SecExpressionUtils
+import org.skgroup.securityinspector.visitors.BaseFixElementWalkingVisitor
 
 abstract class BaseLocalInspectionTool : AbstractBaseJavaLocalInspectionTool() {
 

src/main/kotlin/org/skgroup/securityinspector/enums/XmlFactory.kt

@@ -1,4 +1,13 @@
 package org.skgroup.securityinspector.inspectors
 
+import com.intellij.codeInspection.ProblemsHolder
+import com.intellij.psi.PsiFile
+
 interface InspectionTool {
+    /**
+     * 针对给定的 PsiFile 运行检查器
+     * @param psiFile 目标 PsiFile
+     * @param problemsHolder 用于收集问题
+     */
+    fun inspectFile(psiFile: PsiFile, problemsHolder: ProblemsHolder)
 }

src/main/kotlin/org/skgroup/securityinspector/inspectors/BaseLocalInspectionTool.kt

@@ -1,32 +1,21 @@
-package com.skgroup.securityinspector.rules.dos
+package org.skgroup.securityinspector.rules.dos
 
-import com.intellij.codeInsight.completion.ml.JavaCompletionFeatures
 import com.intellij.codeInspection.LocalQuickFix
 import com.intellij.codeInspection.ProblemDescriptor
 import com.intellij.codeInspection.ProblemHighlightType
 import com.intellij.codeInspection.ProblemsHolder
 import com.intellij.openapi.project.Project
 import com.intellij.psi.*
-import com.skgroup.securityinspector.inspectors.BaseLocalInspectionTool
-import com.skgroup.securityinspector.utils.InspectionBundle
-import com.skgroup.securityinspector.utils.SecExpressionUtils
-import org.jetbrains.annotations.Nls
+import org.skgroup.securityinspector.inspectors.BaseLocalInspectionTool
+import org.skgroup.securityinspector.utils.InspectionBundle
+import org.skgroup.securityinspector.utils.SecExpressionUtils
+import org.skgroup.securityinspector.inspectors.InspectionTool
 
-/**
- * 1051: Netty响应拆分攻击
- *
- * ref:
- * (1) https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.java
- * (2) http://www.infosecwriters.com/Papers/DCrab_HTTP_Response.pdf
- */
-const val NETTY_RESPONSE_MESSAGE = "netty.response.splitting.msg"
-const val NETTY_RESPONSE_FIX = "netty.response.splitting.fix"
-
-class NettyResponseSplitting : BaseLocalInspectionTool() {
+class NettyResponseSplitting : BaseLocalInspectionTool(), InspectionTool {
 
     companion object {
-        private val MESSAGE = InspectionBundle.message(NETTY_RESPONSE_MESSAGE)
-        private val QUICK_FIX_NAME = InspectionBundle.message(NETTY_RESPONSE_FIX)
+        private val MESSAGE = InspectionBundle.message("vuln.massage.NettyResponseSplittingRisk")
+        private val QUICK_FIX_NAME = InspectionBundle.message("vuln.fix.NettyResponseSplittingRisk")
     }
 
     override fun buildVisitor(holder: ProblemsHolder, isOnTheFly: Boolean): PsiElementVisitor {
@@ -48,9 +37,6 @@ class NettyResponseSplitting : BaseLocalInspectionTool() {
         }
     }
 
-    /**
-     * 通用方法：检查表达式是否有问题，并注册问题
-     */
     private fun checkForProblem(
         expression: PsiNewExpression,
         qualifiedName: String,
@@ -60,7 +46,7 @@ class NettyResponseSplitting : BaseLocalInspectionTool() {
         if (SecExpressionUtils.hasFullQualifiedName(expression, qualifiedName)) {
             expression.argumentList?.expressions?.let { args ->
                 if (args.size > argIndex && args[argIndex] is PsiLiteralExpression &&
-                    JavaCompletionFeatures.JavaKeyword.FALSE == (args[argIndex] as PsiLiteralExpression).value
+                    (args[argIndex] as PsiLiteralExpression).value == false
                 ) {
                     holder.registerProblem(
                         expression,
@@ -73,9 +59,7 @@ class NettyResponseSplitting : BaseLocalInspectionTool() {
         }
     }
 
-    /**
-     * 快速修复类
-     */
+
     class NettyResponseSplittingQuickFix(private val fixArgIndex: Int) : LocalQuickFix {
 
         override fun getFamilyName(): String {
@@ -92,4 +76,8 @@ class NettyResponseSplitting : BaseLocalInspectionTool() {
             }
         }
     }
+
+    override fun inspectFile(psiFile: PsiFile, problemsHolder: ProblemsHolder) {
+        psiFile.accept(buildVisitor(problemsHolder, false))
+    }
 }

src/main/kotlin/org/skgroup/securityinspector/inspectors/InspectionTool.kt

@@ -1,39 +1,20 @@
-package com.skgroup.securityinspector.rules.dos
+package org.skgroup.securityinspector.rules.dos
 
 import com.intellij.codeInspection.ProblemHighlightType
 import com.intellij.codeInspection.ProblemsHolder
 import com.intellij.psi.*
 import com.siyeh.ig.psiutils.MethodCallUtils
-import com.skgroup.securityinspector.inspectors.BaseLocalInspectionTool
-import com.skgroup.securityinspector.utils.InspectionBundle
-import com.skgroup.securityinspector.utils.SecExpressionUtils
+import org.skgroup.securityinspector.inspectors.BaseLocalInspectionTool
+import org.skgroup.securityinspector.utils.InspectionBundle
+import org.skgroup.securityinspector.utils.SecExpressionUtils
 import org.jetbrains.annotations.NotNull
-import org.jetbrains.annotations.Nullable
 import java.util.regex.Pattern
-/**
- * 1039
- * 正则表达式拒绝服务攻击 (RegexDos)
- *
- * 当编写校验的正则表达式存在缺陷时，攻击者可以构造特殊的字符串来大量消耗服务器的资源，造成服务中断或停止。
- * ref: https://cloud.tencent.com/developer/article/1041326
- *
- * check:
- * java.util.regex.Pattern#compile args:0
- * java.util.regex.Pattern#matches args:0
- *
- * fix:
- * (1) 优化正则表达式
- * (2) 使用 com.google.re2j 库
- *
- * notes:
- * `isExponentialRegex` 方法来源于 CodeQL
- */
-const val PATTERN_DOS_MESSAGE = "pattern.matches.type.msg"
+
 
 class PatternDOS : BaseLocalInspectionTool() {
 
     companion object {
-        private val MESSAGE = InspectionBundle.message(PATTERN_DOS_MESSAGE)
+        private val MESSAGE = InspectionBundle.message("vuln.massage.PatternMatchesDOS")
 
         /**
          * 检查是否为指数型正则表达式
@@ -69,10 +50,6 @@ class PatternDOS : BaseLocalInspectionTool() {
         }
     }
 
-    /**
-     * 提取字面量表达式
-     */
-    @Nullable
     private fun getLiteralExpression(expression: PsiExpression?): PsiLiteralExpression? {
         return when (expression) {
             is PsiReferenceExpression -> {