2727import org .sonar .check .Rule ;
2828import org .sonar .java .checks .methods .AbstractMethodDetection ;
2929import org .sonar .java .checks .methods .MethodMatcher ;
30+ import org .sonar .java .checks .methods .TypeCriteria ;
3031import org .sonar .java .model .LiteralUtils ;
3132import org .sonar .plugins .java .api .tree .ExpressionTree ;
3233import org .sonar .plugins .java .api .tree .IdentifierTree ;
4950@ SqaleConstantRemediation ("30min" )
5051public class DeprecatedHashAlgorithmCheck extends AbstractMethodDetection {
5152
53+ private static final String JAVA_LANG_STRING = "java.lang.String" ;
5254 private static final String MD5 = "MD5" ;
53- private static final String SHA1 = "SHA-1 " ;
55+ private static final String SHA1 = "SHA1 " ;
5456
5557 private static final Map <String , String > ALGORITHM_BY_METHOD_NAME = ImmutableMap .<String , String >builder ()
5658 .put ("getMd5Digest" , MD5 )
@@ -70,11 +72,16 @@ protected List<MethodMatcher> getMethodInvocationMatchers() {
7072 .add (MethodMatcher .create ()
7173 .typeDefinition ("java.security.MessageDigest" )
7274 .name ("getInstance" )
73- .addParameter ("java.lang.String" ))
75+ .addParameter (JAVA_LANG_STRING ))
76+ .add (MethodMatcher .create ()
77+ .typeDefinition ("java.security.MessageDigest" )
78+ .name ("getInstance" )
79+ .addParameter (JAVA_LANG_STRING )
80+ .addParameter (TypeCriteria .anyType ()))
7481 .add (MethodMatcher .create ()
7582 .typeDefinition ("org.apache.commons.codec.digest.DigestUtils" )
7683 .name ("getDigest" )
77- .addParameter ("java.lang.String" ));
84+ .addParameter (JAVA_LANG_STRING ));
7885 for (String methodName : ALGORITHM_BY_METHOD_NAME .keySet ()) {
7986 builder .add (MethodMatcher .create ()
8087 .typeDefinition ("org.apache.commons.codec.digest.DigestUtils" )
@@ -94,30 +101,31 @@ protected void onMethodInvocationFound(MethodInvocationTree mit) {
94101 String methodName = methodName (mit );
95102 String algorithm = ALGORITHM_BY_METHOD_NAME .get (methodName );
96103 if (algorithm == null ) {
97- List <ExpressionTree > arguments = mit .arguments ();
98- algorithm = algorithm (arguments .get (0 ));
104+ algorithm = algorithm (mit .arguments ().get (0 ));
99105 }
100- if (MD5 .equals (algorithm ) || SHA1 .equals (algorithm )) {
101- addIssue (mit , "Use a stronger encryption algorithm than " + algorithm + "." );
106+ boolean isMd5 = MD5 .equalsIgnoreCase (algorithm );
107+ boolean isSha1 = SHA1 .equalsIgnoreCase (algorithm );
108+ if (isMd5 || isSha1 ) {
109+ String msgAlgo = isSha1 ? "SHA-1" : algorithm ;
110+ addIssue (mit , "Use a stronger encryption algorithm than " + msgAlgo + "." );
102111 }
103112 }
104113
105114 private static String methodName (MethodInvocationTree mit ) {
106115 String name = null ;
107116 ExpressionTree methodSelect = mit .methodSelect ();
108117 if (methodSelect .is (Tree .Kind .MEMBER_SELECT )) {
109- MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree ) methodSelect ;
110- name = memberSelectExpressionTree .identifier ().name ();
118+ name = ((MemberSelectExpressionTree ) methodSelect ).identifier ().name ();
111119 } else if (methodSelect .is (Tree .Kind .IDENTIFIER )) {
112- IdentifierTree identifier = (IdentifierTree ) methodSelect ;
113- name = identifier .name ();
120+ name = ((IdentifierTree ) methodSelect ).name ();
114121 }
115122 return name ;
116123 }
117124
118125 private static String algorithm (ExpressionTree invocationArgument ) {
119126 if (invocationArgument .is (Tree .Kind .STRING_LITERAL )) {
120- return LiteralUtils .trimQuotes (((LiteralTree ) invocationArgument ).value ());
127+ String algo = LiteralUtils .trimQuotes (((LiteralTree ) invocationArgument ).value ());
128+ return algo .replaceAll ("-" , "" );
121129 }
122130 return null ;
123131 }
0 commit comments