Check the Maven plug-in for ibatis SQL Injection in maven projects.

Record: CheckMojo. java01package com. neeao. security. ibatis_ SQL _injection_check; 02 import java. io. file; 03 import java. io. IOException; 04 import java. util. arrayList; 05 06 import org. apache. commons. io. fileUtils; 07 import org. apache. maven. plugin. abstractMojo; 08 import org. apache. maven. plugin. mojoExecutionException; 09 10/** 11 * @ author Neeao12 * @ goal check13 * @ phase prepare-package14 */15 public class CheckMojo extends AbstractMojo {16/** 17 * Web resource file directory 18*19 * @ parameter expression = "$ {basedir}/src/main/resources" 20 */21 private File resourcesDirectory; 22 23 public void execute () throws MojoExecutionException {24 getLog (). info ("start SQL injection check... "); 25 26 File resourcesDir = resourcesDirectory; 27 if (resourcesDir. exists () {28 getLog (). info ("Find ibatis xml file... "); 29 findFiles (resourcesDir); 30 31} 32} 33/** 34 * find the File 35 * @ param dir36 */37 private void findFiles (File dir) {38 File [] files = dir. listFiles (); 39 for (File f: files) {40 if (f. isFile () & f. getName (). toLowerCase (). endsWith (". xml ") {41 getLog (). info ("find xml file:" + f. getAbsolutePath (); 42 checkFile (f. getAbsolutePath (); 43} else if (f. isDirectory () {44 findFiles (f); 45} 46} 47} 48/** 49 * check file 50 * @ param filename51 */52 private void checkFile (String filename) {53 ArrayList <String> content = new ArrayList <String> (); 54 try {55 content = (ArrayList <String>) FileUtils. readLines (new File (filename); 56 int I = 1; 57 for (String line: content) {58 if (line. contains ("$") {59 getLog (). error (filename + ", line:" + I + "," + line); 60} 61 I ++; 62} 63} catch (IOException e) {64 e. printStackTrace (); 65} 66} 67 68 public File getResourcesDirectory () {69 return resourcesDirectory; 70} 71 72 public void setResourcesDirectory (File resourcesDirectory) {73 this. resourcesDirectory = resourcesDirectory; 74} 75} 1pom. xml file: 01 <project xmlns =" http://maven.apache.org /POM/4.0.0 "xmlns: xsi =" http://www.w3.org/2001/XMLSchema-instance "02 xsi: schemaLocation =" http://maven.apache.org /POM/4.0.0 http://maven.apache.org /Maven-v4_0_0.xsd "> 03 <modelVersion> 4.0.0 </modelVersion> 04 <groupId> com. neeao. security </groupId> 05 <artifactId> SQL -- injection-check </artifactId> 06 <packaging> maven-plugin </packaging> 07 <version> 1.0 </version> 08 <name> SQL-injection-check Maven Mojo </name> 09 <url> http://maven.apache.org </Url> 10 <dependencies> 11 <dependency> 12 <groupId> org. apache. maven </groupId> 13 <artifactId> maven-plugin-api </artifactId> 14 <version> 2.0 </version> 15 </dependency> 16 <dependency> 17 <groupId> commons-io </groupId> 18 <artifactId> commons-io </artifactId> 19 <version> 2.4 </version> 20 </dependency> 21 </dependencies> 22 </ project> test method: mvn clear mvn packape mvn install D: \ workspace \ ibatis-SQL-injection-check> mvn com. neeao. security: SQL -- injection-check: 1.0: check [INFO] Scanning for projects... [INFO] [INFO] detail [INFO] Building SQL-injection-check Maven Mojo 1.0 [INFO] detail [INFO] [INFO] --- SQL -- injection-check: 1.0: check (default-cli) @ SQL -- injection-check --- www.2cto.com [INFO] start SQL injection check... [INFO] Find ibatis xml file... [INFO] find xml file: D: \ workspace \ ibatis-SQL-injection-check \ src \ main \ resources \ NewFile. xml [ERROR] D: \ workspace \ ibatis-SQL-injection-check \ src \ main \ resources \ NewFile. xml, line: 3, name like '% $ name $ %' [INFO] ------------------------------------------------------------------ [INFO] build success [INFO] detail [INFO] Total time: 0.196 s [INFO] Finished at: Tue Nov 27 23:59:25 CST 2012 [INFO] Final Memory: 2 M/15 M [INFO] ------------------------------------------------------