记录下:
CheckMojo.java
package com.neeao.security.ibatis_sql_injection_check;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import org.apache测试数据mons.io.FileUtils;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
/**
* @author Neeao
* @goal check
* @phase prepare-package
*/
public class CheckMojo extends AbstractMojo {
/**
* Web资源文件目录
*
* @parameter expression="${basedir}/src/main/resources"
*/
private File resourcesDirectory;
public void execute() throws MojoExecutionException {
getLog().info("start sql injection check...");
File resourcesDir = resourcesDirectory;
if (resourcesDir.exists()) {
getLog().info("Find ibatis xml file...");
findFiles(resourcesDir);
}
}
/**
* 查找文件
* @param dir
*/
private void findFiles(File dir) {
File[] files = dir.listFiles();
for (File f : files) {
if (f.isFile()&&f.getName().toLowerCase().endsWith(".xml")) {
getLog().info("find xml file:" + f.getAbsolutePath());
checkFile(f.getAbsolutePath());
} else if (f.isDirectory()) {
findFiles(f);
}
}
}
/**
* 检查文件
* @param filename
*/
private void checkFile(String filename) {
ArrayList<String> content = new ArrayList<String>();
try {
content = (ArrayList<String>) FileUtils.readLines(new File(filename));
int i=1;
for (String line : content) {
if (line.contains("$")) {
getLog().error(filename+",line:"+i+","+line);
}
i++;
}
} catch (IOException e) {
e.printStackTrace();
}
}
public File getResourcesDirectory() {
return resourcesDirectory;
}
public void setResourcesDirectory(File resourcesDirectory) {
this.resourcesDirectory = resourcesDirectory;
}
}
pom.xml文件:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://HdhCmsTestw3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.neeao.security</groupId>
<artifactId>sql--injection-check</artifactId>
<packaging>maven-plugin</packaging>
<version>1.0</version>
<name>sql-injection-check Maven Mojo</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
</dependencies>
</project>
test方法:
mvn clear
mvn packape
mvn install
D:\workspace\ibatis-sql-injection-check>mvn com.neeao.security:sql--injection-ch
eck:1.0:check
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- sql--injection-check:1.0:check (default-cli) @ sql--injection-check -
-- HdhCmsTest2cto测试数据
[INFO] start sql injection check...
[INFO] Find ibatis xml file...
[INFO] find xml file:D:\workspace\ibatis-sql-injection-check\src\main\resources\
NewFile.xml
[ERROR] D:\workspace\ibatis-sql-injection-check\src\main\resources\NewFile.xml,l
ine:3, name like '%$name$%'
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.196s
[INFO] Final Memory: 2M/15M
[INFO] ------------------------------------------------------------------------
查看更多关于检查Maven项目中ibatis的SQL注入的maven插件 - 网站安的详细内容...