Merge pull request #24 from SpringKill-team/feature/register

springkill · web-flow · commit 48cff36d78e0 · 2025-03-11T23:31:54.000+08:00
fix: Fix sink finder sorting bug #5 #12
diff --git a/src/main/kotlin/org/skgroup/securityinspector/analysis/ast/ProjectIssue.kt b/src/main/kotlin/org/skgroup/securityinspector/analysis/ast/ProjectIssue.kt
@@ -12,6 +12,8 @@ import org.skgroup.securityinspector.enums.SinkCallMode
 data class ProjectIssue(
     val file: VirtualFile,
     val line: Int,
+    val sinkClass: String,
+    val sinkMethod: String,
     val type: String,
     val subType: String,
     val callMode: SinkCallMode
diff --git a/src/main/kotlin/org/skgroup/securityinspector/ui/IssueViewWindow.kt b/src/main/kotlin/org/skgroup/securityinspector/ui/IssueViewWindow.kt
@@ -9,6 +9,7 @@ import com.intellij.openapi.project.Project
 import com.intellij.openapi.vfs.VirtualFile
 import com.intellij.openapi.wm.ToolWindow
 import com.intellij.openapi.wm.ToolWindowFactory
+import com.intellij.ui.components.JBPanel
 import com.intellij.ui.components.JBScrollPane
 import com.intellij.ui.content.ContentFactory
 import com.intellij.ui.table.JBTable
@@ -19,8 +20,8 @@ import java.awt.BorderLayout
 import java.awt.event.MouseAdapter
 import java.awt.event.MouseEvent
 import javax.swing.JButton
-import javax.swing.JPanel
 import javax.swing.table.DefaultTableModel
+import javax.swing.table.TableRowSorter
 
 /**
  * 类描述：IssueViewWindow 类用于创建SinkFinder。
@@ -31,15 +32,19 @@ import javax.swing.table.DefaultTableModel
 class IssueViewWindow : ToolWindowFactory {
 
     override fun createToolWindowContent(project: Project, toolWindow: ToolWindow) {
-        val panel = JPanel(BorderLayout())
-        val tableModel = DefaultTableModel(arrayOf("File", "Line", "Type", "SubType", "CallMode"), 0)
+        val panel = JBPanel<JBPanel<*>>(BorderLayout())
+        val tableModel =
+            DefaultTableModel(arrayOf("File", "Line", "SinkClass", "SinkMethod", "Type", "SubType", "CallMode"), 0)
         val refreshButton = JButton("Init Sink")
         val table = object : JBTable(tableModel) {
             override fun isCellEditable(row: Int, column: Int): Boolean {
                 return false
             }
         }
 
+        val sorter = TableRowSorter(tableModel)
+        table.rowSorter = sorter
+
         table.apply {
             columnModel.getColumn(0).cellRenderer = FirstColumnRenderer()
             columnModel.getColumn(4).cellRenderer = HighlightRenderer()
@@ -49,9 +54,9 @@ class IssueViewWindow : ToolWindowFactory {
                     if (e.clickCount == 2) {
                         val selectedRow = table.selectedRow
                         if (selectedRow != -1) {
-
-                            val file = tableModel.getValueAt(selectedRow, 0) as VirtualFile
-                            val line = tableModel.getValueAt(selectedRow, 1).toString().toInt()
+                            val modelRow = table.rowSorter.convertRowIndexToModel(selectedRow)
+                            val file = tableModel.getValueAt(modelRow, 0) as VirtualFile
+                            val line = tableModel.getValueAt(modelRow, 1).toString().toInt()
 
                             OpenFileDescriptor(project, file, line, 0).navigate(true)
                         }
@@ -69,8 +74,19 @@ class IssueViewWindow : ToolWindowFactory {
                             ApplicationManager.getApplication().invokeLater {
                                 tableModel.rowCount = 0
                                 issues.forEach { issue ->
-                                    tableModel.addRow(arrayOf(issue.file, issue.line.toString(), issue.type, issue.subType, issue.callMode))
+                                    tableModel.addRow(
+                                        arrayOf(
+                                            issue.file,
+                                            issue.line.toString(),
+                                            issue.sinkClass,
+                                            issue.sinkMethod,
+                                            issue.type,
+                                            issue.subType,
+                                            issue.callMode
+                                        )
+                                    )
                                 }
+                                sorter.sort()
                             }
                         })
                     }
diff --git a/src/main/kotlin/org/skgroup/securityinspector/ui/component/CallGraphUIComponents.kt b/src/main/kotlin/org/skgroup/securityinspector/ui/component/CallGraphUIComponents.kt
@@ -278,7 +278,7 @@ class CallGraphUIComponents(val project: Project) {
         }
 
         // 组合底部信息面板
-        return JPanel(BorderLayout()).apply {
+        return JBPanel<JBPanel<*>>(BorderLayout()).apply {
             add(verticalSplit, BorderLayout.CENTER)
             add(infoPanel, BorderLayout.SOUTH)
 
@@ -290,7 +290,7 @@ class CallGraphUIComponents(val project: Project) {
         }
     }
 
-    private fun createTitledPanel(title: String, component: JComponent): JPanel {
+    private fun createTitledPanel(title: String, component: JComponent): JBPanel<JBPanel<*>> {
         return JBPanel<JBPanel<*>>(BorderLayout()).apply {
             border = BorderFactory.createTitledBorder(title)
             add(component, BorderLayout.CENTER)
diff --git a/src/main/kotlin/org/skgroup/securityinspector/utils/GraphUtils.kt b/src/main/kotlin/org/skgroup/securityinspector/utils/GraphUtils.kt
@@ -375,8 +375,8 @@ object GraphUtils {
                                         val methodName = call.methodExpression.referenceName ?: return
                                         val className = call.resolveMethod()?.containingClass?.qualifiedName ?: return
 
-                                        val sinkMatch = SinkList.ALL_SUB_VUL_DEFINITIONS.firstOrNull { sink ->
-                                            sink.methodSinks[className]?.contains(methodName) == true
+                                        val sinkMatch = SinkList.ALL_SUB_VUL_DEFINITIONS.firstOrNull { callSink ->
+                                            callSink.methodSinks[className]?.contains(methodName) == true
                                         } ?: return
 
                                         val document = PsiDocumentManager.getInstance(project).getDocument(psiFile)
@@ -396,6 +396,46 @@ object GraphUtils {
                                                 ProjectIssue(
                                                     virtualFile,
                                                     line,
+                                                    className,
+                                                    methodName,
+                                                    sinkMatch.subType.parent.name,
+                                                    sinkMatch.subType.name,
+                                                    callMode
+                                                )
+                                            )
+                                        }
+                                    }
+
+                                    override fun visitNewExpression(new: PsiNewExpression) {
+                                        if (!new.isValid || indicator.isCanceled) return
+
+
+                                        val methodName = "<init>"
+                                        val className = new.classReference?.qualifiedName ?: return
+
+                                        val sinkMatch = SinkList.ALL_SUB_VUL_DEFINITIONS.firstOrNull { conSink ->
+                                            conSink.constructorSinks.contains(className)
+                                        } ?: return
+
+                                        val document = PsiDocumentManager.getInstance(project).getDocument(psiFile)
+                                        val line = document?.getLineNumber(new.textRange.startOffset)?.plus(1) ?: -1
+
+                                        var callMode = SinkCallMode.SINGLE_SINK
+                                        val method = new.resolveMethod()
+                                        val hasCall = method?.let {
+                                            ReferencesSearch.search(it, ProjectScope.getProjectScope(project))
+                                                .findFirst()
+                                        } != null
+                                        synchronized(issues) {
+                                            if (hasCall) {
+                                                callMode = SinkCallMode.HAS_CALL
+                                            }
+                                            issues.add(
+                                                ProjectIssue(
+                                                    virtualFile,
+                                                    line,
+                                                    className,
+                                                    methodName,
                                                     sinkMatch.subType.parent.name,
                                                     sinkMatch.subType.name,
                                                     callMode
@@ -412,5 +452,4 @@ object GraphUtils {
         }
     }
 
-
 }

Original file line number	Diff line number	Diff line change
`@@ -278,7 +278,7 @@ class CallGraphUIComponents(val project: Project) {`
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`// 组合底部信息面板`
`281`		`- return JPanel(BorderLayout()).apply {`
	`281`	`+ return JBPanel<JBPanel<*>>(BorderLayout()).apply {`
`282`	`282`	`add(verticalSplit, BorderLayout.CENTER)`
`283`	`283`	`add(infoPanel, BorderLayout.SOUTH)`
`284`	`284`
`@@ -290,7 +290,7 @@ class CallGraphUIComponents(val project: Project) {`
`290`	`290`	`}`
`291`	`291`	`}`
`292`	`292`
`293`		`- private fun createTitledPanel(title: String, component: JComponent): JPanel {`
	`293`	`+ private fun createTitledPanel(title: String, component: JComponent): JBPanel<JBPanel<*>> {`
`294`	`294`	`return JBPanel<JBPanel<*>>(BorderLayout()).apply {`
`295`	`295`	`border = BorderFactory.createTitledBorder(title)`
`296`	`296`	`add(component, BorderLayout.CENTER)`