检查Maven项目中ibatis的SQL注入的maven插件

检查Maven项目中ibatis的SQL注入的maven插件 - 网站安

来源：自学PHP网时间：2015-04-17 12:00 作者：阅读:次

[导读] 记录下：CheckMojo.java01package com.neeao.security.ibatis_sql_injection_check;02import java.io.File;03import java.io.IOException;04import java.util.ArrayList;0506import org.apache.commons.io.......

记录下：

CheckMojo.java

package com.neeao.security.ibatis_sql_injection_check;

import java.io.File;

import java.io.IOException;

import java.util.ArrayList;

import org.apache.commons.io.FileUtils;

import org.apache.maven.plugin.AbstractMojo;

import org.apache.maven.plugin.MojoExecutionException;

/**

* @author Neeao

* @goal check

* @phase prepare-package

public class CheckMojo extends AbstractMojo {

/**

* Web资源文件目录

* @parameter expression="${basedir}/src/main/resources"

private File resourcesDirectory;

public void execute() throws MojoExecutionException {

getLog().info("start sql injection check...");

File resourcesDir = resourcesDirectory;

if (resourcesDir.exists()) {

getLog().info("Find ibatis xml file...");

findFiles(resourcesDir);

}

/**

* 查找文件

* @param dir

private void findFiles(File dir) {

File[] files = dir.listFiles();

for (File f : files) {

if (f.isFile()&&f.getName().toLowerCase().endsWith(".xml")) {

getLog().info("find xml file:" + f.getAbsolutePath());

checkFile(f.getAbsolutePath());

} else if (f.isDirectory()) {

findFiles(f);

}

/**

* 检查文件

* @param filename

private void checkFile(String filename) {

ArrayList<String> content = new ArrayList<String>();

try {

content = (ArrayList<String>) FileUtils.readLines(new File(filename));

int i=1;

for (String line : content) {

if (line.contains("$")) {

getLog().error(filename+",line:"+i+","+line);

}

i++;

}

} catch (IOException e) {

e.printStackTrace();

}

public File getResourcesDirectory() {

return resourcesDirectory;

}

public void setResourcesDirectory(File resourcesDirectory) {

this.resourcesDirectory = resourcesDirectory;

}

pom.xml文件：

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<groupId>com.neeao.security</groupId>

<artifactId>sql--injection-check</artifactId>

<packaging>maven-plugin</packaging>

<name>sql-injection-check Maven Mojo</name>

<url>http://maven.apache.org</url>

<groupId>org.apache.maven</groupId>

<artifactId>maven-plugin-api</artifactId>

</dependency>

<groupId>commons-io</groupId>

<artifactId>commons-io</artifactId>

</dependency>

</dependencies>

</project>

test方法：

mvn clear

mvn packape

mvn install

D:\workspace\ibatis-sql-injection-check>mvn com.neeao.security:sql--injection-ch

eck:1.0:check

[INFO] Scanning for projects...

[INFO]

[INFO] ------------------------------------------------------------------------

[INFO] Building sql-injection-check Maven Mojo 1.0

[INFO] ------------------------------------------------------------------------

[INFO]

[INFO] --- sql--injection-check:1.0:check (default-cli) @ sql--injection-check -

-- www.2cto.com

[INFO] start sql injection check...

[INFO] Find ibatis xml file...

[INFO] find xml file:D:\workspace\ibatis-sql-injection-check\src\main\resources\

NewFile.xml

[ERROR] D:\workspace\ibatis-sql-injection-check\src\main\resources\NewFile.xml,l

ine:3, name like '%$name$%'

[INFO] ------------------------------------------------------------------------

[INFO] BUILD SUCCESS

[INFO] ------------------------------------------------------------------------

[INFO] Total time: 0.196s

[INFO] Finished at: Tue Nov 27 23:59:25 CST 2012

[INFO] Final Memory: 2M/15M

[INFO] ------------------------------------------------------------------------

对公司服务器的一次渗透 - 网站安全 - 自学php

PHP一句话木马及查杀 - 网站安全 - 自学php

子栏目

检查Maven项目中ibatis的SQL注入的maven插件 - 网站安

最新评论

添加评论

更多文章推荐

添加评论