Package org.sonar.java.checks

Class AbstractHardCodedCredentialChecker

java.lang.Object

org.sonar.java.ast.visitors.SubscriptionVisitor

org.sonar.plugins.java.api.IssuableSubscriptionVisitor

org.sonar.java.checks.AbstractHardCodedCredentialChecker

All Implemented Interfaces:

JavaCheck, JavaFileScanner

Direct Known Subclasses:

HardCodedPasswordCheck, HardCodedSecretCheck

public abstract class AbstractHardCodedCredentialChecker
extends IssuableSubscriptionVisitor

Field Summary

Fields

Modifier and Type	Field	Description
protected static final MethodMatchers	EQUALS_MATCHER
protected static final MethodMatchers	STRING_TO_CHAR_ARRAY

Fields inherited from class org.sonar.java.ast.visitors.SubscriptionVisitor

context

Constructor Summary

Constructors

Constructor	Description
AbstractHardCodedCredentialChecker()

Method Summary

Modifier and Type	Method	Description
protected abstract String	getCredentialWords()
protected void	handleAssignment(AssignmentExpressionTree tree)
protected void	handleEqualsMethod(MethodInvocationTree mit, MemberSelectExpressionTree methodSelect)
protected void	handleStringLiteral(LiteralTree tree)
protected void	handleVariable(VariableTree tree)
protected boolean	isCallOnStringLiteral(ExpressionTree expr)
protected abstract boolean	isCredentialContainingPattern(ExpressionTree expression)	Determine if the actual hardcoded credential from the expression, contains one of the credentials pattern.
protected Optional<String>	isCredentialLikeName(String name)
protected Optional<String>	isCredentialVariable(ExpressionTree variable)
protected boolean	isPotentialCredential(String literal)
protected boolean	isPotentialCredential(ExpressionTree expression)
protected Optional<String>	isSettingCredential(MethodInvocationTree tree)
protected abstract void	report(Tree tree, String match)

Methods inherited from class org.sonar.plugins.java.api.IssuableSubscriptionVisitor

addIssue, addIssueOnFile, leaveFile, reportIssue, reportIssue, reportIssue, scanFile, scanTree, setContext

Methods inherited from class org.sonar.java.ast.visitors.SubscriptionVisitor

leaveNode, nodesToVisit, visitNode, visitToken, visitTrivia

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.sonar.plugins.java.api.JavaFileScanner

scanWithoutParsing

Field Details

STRING_TO_CHAR_ARRAY

protected static final MethodMatchers STRING_TO_CHAR_ARRAY

EQUALS_MATCHER

protected static final MethodMatchers EQUALS_MATCHER

Constructor Details

AbstractHardCodedCredentialChecker

public AbstractHardCodedCredentialChecker()

Method Details

getCredentialWords

protected abstract String getCredentialWords()

isCredentialContainingPattern

protected abstract boolean isCredentialContainingPattern(ExpressionTree expression)

Determine if the actual hardcoded credential from the expression, contains one of the credentials pattern. This is typically used to ignore constant declaration.

report

protected abstract void report(Tree tree,
 String match)

isSettingCredential

protected Optional<String> isSettingCredential(MethodInvocationTree tree)

isCredentialLikeName

protected Optional<String> isCredentialLikeName(String name)

isCredentialVariable

protected Optional<String> isCredentialVariable(ExpressionTree variable)

isCallOnStringLiteral

protected boolean isCallOnStringLiteral(ExpressionTree expr)

handleStringLiteral

protected void handleStringLiteral(LiteralTree tree)

isPotentialCredential

protected boolean isPotentialCredential(String literal)

handleVariable

protected void handleVariable(VariableTree tree)

handleAssignment

protected void handleAssignment(AssignmentExpressionTree tree)

isPotentialCredential

protected boolean isPotentialCredential(ExpressionTree expression)

handleEqualsMethod

protected void handleEqualsMethod(MethodInvocationTree mit,
 MemberSelectExpressionTree methodSelect)