作业提交，完成5个check

ruleSet.json

@@ -254,6 +254,11 @@
     "@stability/image-sync-blur-check": 3
   },
   "plugin:@software-sec/all": {
-    "@software-sec/checker19241042/command-execution-check": 1
+    "@software-sec/checker19241042/command-execution-check": 1,
+    "@software-sec/checker22373030/sql-injection-check": 2,
+    "@software-sec/checker22373030/xss-attack-check": 2,
+    "@software-sec/checker22373030/hardcoded-password-check": 2,
+    "@software-sec/checker22373030/unsafe-file-operation-check": 2,
+    "@software-sec/checker22373030/unsafe-network-request-check": 2
   }
 }

sample/Sample22373030/Issue1/projectConfig.json

@@ -0,0 +1,16 @@
+{
+  "projectName": "Issue1",
+  "projectPath": "./sample/Sample22373030/Issue1",
+  "logPath": "./HomeCheck.log",
+  "ohosSdkPath": "./resources/sdk/openharmony/ets",
+  "hmsSdkPath": "./resources/sdk/hms/ets",
+  "checkPath": "",
+  "sdkVersion": 14,
+  "fix": "false",
+  "npmPath": "",
+  "npmInstallDir": "./",
+  "reportDir": "./report",
+  "arkCheckPath": "./",
+  "product": "default",
+  "sdksThirdParty": []
+}

sample/Sample22373030/Issue1/ruleConfig.json

@@ -0,0 +1,26 @@
+{
+  "files": [
+    "**/*.ets",
+    "**/*.ts"
+  ],
+  "ignore": [
+    "**/ohosTest/**/*",
+    "**/node_modules/**/*",
+    "**/build/**/*",
+    "**/hvigorfile/**/*",
+    "**/oh_modules/**/*",
+    "**/.preview/**/*"
+  ],
+  "rules": {
+    "@software-sec/checker22373030/sql-injection-check": 2
+  },
+  "ruleSet": [
+    "plugin:@correctness/all",
+    "plugin:@performance/all",
+    "plugin:@cross-device-app-dev/all",
+    "plugin:@security/all",
+    "plugin:@stability/all"
+  ],
+  "overrides": [],
+  "extRuleSet": []
+}

sample/Sample22373030/Issue1/sample1.ts

@@ -0,0 +1,24 @@
+import { rdb } from '@ohos.data.relationalStore';
+
+class DatabaseManager {
+  private rdbStore: rdb.RdbStore;
+
+  async queryUser(userId: string) {
+    // 不安全的SQL查询 - 直接拼接用户输入
+    const sql = `SELECT * FROM users WHERE id = '${userId}'`;
+    const resultSet = await this.rdbStore.querySql(sql);
+    return resultSet;
+  }
+
+  async searchUsers(searchTerm: string) {
+    // 另一个SQL注入示例
+    const query = "SELECT * FROM users WHERE name LIKE '%" + searchTerm + "%'";
+    return await this.rdbStore.querySql(query);
+  }
+
+  async deleteUser(userId: string) {
+    // 危险的删除操作
+    const deleteSql = `DELETE FROM users WHERE id = ${userId}`;
+    await this.rdbStore.executeSql(deleteSql);
+  }
+}

sample/Sample22373030/Issue2/projectConfig.json

@@ -0,0 +1,16 @@
+{
+  "projectName": "Issue2",
+  "projectPath": "./sample/Sample22373030/Issue2",
+  "logPath": "./HomeCheck.log",
+  "ohosSdkPath": "./resources/sdk/openharmony/ets",
+  "hmsSdkPath": "./resources/sdk/hms/ets",
+  "checkPath": "",
+  "sdkVersion": 14,
+  "fix": "false",
+  "npmPath": "",
+  "npmInstallDir": "./",
+  "reportDir": "./report",
+  "arkCheckPath": "./",
+  "product": "default",
+  "sdksThirdParty": []
+}

sample/Sample22373030/Issue2/ruleConfig.json

@@ -0,0 +1,26 @@
+{
+  "files": [
+    "**/*.ets",
+    "**/*.ts"
+  ],
+  "ignore": [
+    "**/ohosTest/**/*",
+    "**/node_modules/**/*",
+    "**/build/**/*",
+    "**/hvigorfile/**/*",
+    "**/oh_modules/**/*",
+    "**/.preview/**/*"
+  ],
+  "rules": {
+    "@software-sec/checker22373030/xss-attack-check": 2
+  },
+  "ruleSet": [
+    "plugin:@correctness/all",
+    "plugin:@performance/all",
+    "plugin:@cross-device-app-dev/all",
+    "plugin:@security/all",
+    "plugin:@stability/all"
+  ],
+  "overrides": [],
+  "extRuleSet": []
+}

sample/Sample22373030/Issue2/sample2.ts

@@ -0,0 +1,23 @@
+import { web } from '@ohos.web.webview';
+
+class WebViewManager {
+  private webView: web.WebviewController;
+
+  displayUserContent(userContent: string) {
+    // 不安全的HTML内容渲染 - 直接插入用户输入
+    const html = `<div>${userContent}</div>`;
+    this.webView.loadData(html, 'text/html', 'UTF-8');
+  }
+
+  renderComment(comment: string) {
+    // 另一个XSS示例 - 直接拼接HTML
+    const commentHtml = `<p class="comment">${comment}</p>`;
+    this.webView.loadData(commentHtml, 'text/html', 'UTF-8');
+  }
+
+  showNotification(message: string) {
+    // 危险的JavaScript执行
+    const script = `<script>alert('${message}');</script>`;
+    this.webView.loadData(script, 'text/html', 'UTF-8');
+  }
+}

sample/Sample22373030/Issue3/projectConfig.json

@@ -0,0 +1,16 @@
+{
+  "projectName": "Issue3",
+  "projectPath": "./sample/Sample22373030/Issue3",
+  "logPath": "./HomeCheck.log",
+  "ohosSdkPath": "./resources/sdk/openharmony/ets",
+  "hmsSdkPath": "./resources/sdk/hms/ets",
+  "checkPath": "",
+  "sdkVersion": 14,
+  "fix": "false",
+  "npmPath": "",
+  "npmInstallDir": "./",
+  "reportDir": "./report",
+  "arkCheckPath": "./",
+  "product": "default",
+  "sdksThirdParty": []
+}

sample/Sample22373030/Issue3/ruleConfig.json

@@ -0,0 +1,26 @@
+{
+  "files": [
+    "**/*.ets",
+    "**/*.ts"
+  ],
+  "ignore": [
+    "**/ohosTest/**/*",
+    "**/node_modules/**/*",
+    "**/build/**/*",
+    "**/hvigorfile/**/*",
+    "**/oh_modules/**/*",
+    "**/.preview/**/*"
+  ],
+  "rules": {
+    "@software-sec/checker22373030/hardcoded-password-check": 2
+  },
+  "ruleSet": [
+    "plugin:@correctness/all",
+    "plugin:@performance/all",
+    "plugin:@cross-device-app-dev/all",
+    "plugin:@security/all",
+    "plugin:@stability/all"
+  ],
+  "overrides": [],
+  "extRuleSet": []
+}

sample/Sample22373030/Issue3/sample3.ts

@@ -0,0 +1,24 @@
+class DatabaseConnection {
+    // 硬编码的数据库密码
+    private dbPassword = "admin123";
+    private apiKey = "sk-1234567890abcdef";
+
+    connect() {
+      const connectionString = `mongodb://admin:${this.dbPassword}@localhost:27017`;
+      console.log("Connecting to database...");
+    }
+
+    authenticate() {
+      // 硬编码的认证信息
+      const credentials = {
+        username: "admin",
+        password: "password123"
+      };
+      return credentials;
+    }
+
+    getApiKey() {
+      // 硬编码的API密钥
+      return "sk-abcdefghijklmnopqrstuvwxyz123456";
+    }
+  }

sample/Sample22373030/Issue4/projectConfig.json

@@ -0,0 +1,16 @@
+{
+  "projectName": "Issue1",
+  "projectPath": "./sample/Sample22373030/Issue1",
+  "logPath": "./HomeCheck.log",
+  "ohosSdkPath": "./resources/sdk/openharmony/ets",
+  "hmsSdkPath": "./resources/sdk/hms/ets",
+  "checkPath": "",
+  "sdkVersion": 14,
+  "fix": "false",
+  "npmPath": "",
+  "npmInstallDir": "./",
+  "reportDir": "./report",
+  "arkCheckPath": "./",
+  "product": "default",
+  "sdksThirdParty": []
+}

sample/Sample22373030/Issue4/ruleConfig.json

@@ -0,0 +1,26 @@
+{
+  "files": [
+    "**/*.ets",
+    "**/*.ts"
+  ],
+  "ignore": [
+    "**/ohosTest/**/*",
+    "**/node_modules/**/*",
+    "**/build/**/*",
+    "**/hvigorfile/**/*",
+    "**/oh_modules/**/*",
+    "**/.preview/**/*"
+  ],
+  "rules": {
+    "@software-sec/checker22373030/unsafe-file-operation-check": 2
+  },
+  "ruleSet": [
+    "plugin:@correctness/all",
+    "plugin:@performance/all",
+    "plugin:@cross-device-app-dev/all",
+    "plugin:@security/all",
+    "plugin:@stability/all"
+  ],
+  "overrides": [],
+  "extRuleSet": []
+}

sample/Sample22373030/Issue4/sample4.ts

@@ -0,0 +1,26 @@
+import { fileio } from '@ohos.fileio';
+
+class FileManager {
+  readFile(filePath: string) {
+    // 不安全的文件操作 - 直接使用用户输入
+    const content = fileio.readTextSync(filePath);
+    return content;
+  }
+
+  deleteFile(fileName: string) {
+    // 路径遍历攻击风险
+    const fullPath = `/data/storage/el2/base/files/${fileName}`;
+    fileio.unlinkSync(fullPath);
+  }
+
+  writeFile(fileName: string, content: string) {
+    // 不安全的文件写入
+    const path = `/data/storage/el2/base/files/${fileName}`;
+    fileio.writeTextSync(path, content);
+  }
+
+  copyFile(source: string, destination: string) {
+    // 直接使用用户输入的文件路径
+    fileio.copyFileSync(source, destination);
+  }
+}

sample/Sample22373030/Issue5/projectConfig.json

@@ -0,0 +1,16 @@
+{
+  "projectName": "Issue1",
+  "projectPath": "./sample/Sample22373030/Issue1",
+  "logPath": "./HomeCheck.log",
+  "ohosSdkPath": "./resources/sdk/openharmony/ets",
+  "hmsSdkPath": "./resources/sdk/hms/ets",
+  "checkPath": "",
+  "sdkVersion": 14,
+  "fix": "false",
+  "npmPath": "",
+  "npmInstallDir": "./",
+  "reportDir": "./report",
+  "arkCheckPath": "./",
+  "product": "default",
+  "sdksThirdParty": []
+}

sample/Sample22373030/Issue5/ruleConfig.json

@@ -0,0 +1,26 @@
+{
+  "files": [
+    "**/*.ets",
+    "**/*.ts"
+  ],
+  "ignore": [
+    "**/ohosTest/**/*",
+    "**/node_modules/**/*",
+    "**/build/**/*",
+    "**/hvigorfile/**/*",
+    "**/oh_modules/**/*",
+    "**/.preview/**/*"
+  ],
+  "rules": {
+    "@software-sec/checker22373030/unsafe-network-request-check": 2
+  },
+  "ruleSet": [
+    "plugin:@correctness/all",
+    "plugin:@performance/all",
+    "plugin:@cross-device-app-dev/all",
+    "plugin:@security/all",
+    "plugin:@stability/all"
+  ],
+  "overrides": [],
+  "extRuleSet": []
+}

sample/Sample22373030/Issue5/sample5.ts

@@ -0,0 +1,46 @@
+import { http } from '@ohos.net.http';
+
+class NetworkManager {
+  async fetchUserData(userId: string) {
+    // 不安全的HTTP请求
+    const httpRequest = http.createHttp();
+    const response = await httpRequest.request(
+      `http://api.example.com/users/${userId}`,
+      {
+        method: http.RequestMethod.GET,
+        header: {
+          'Content-Type': 'application/json'
+        }
+      }
+    );
+    return response;
+  }
+
+  async sendLoginData(credentials: any) {
+    // 使用HTTP发送敏感数据
+    const httpRequest = http.createHttp();
+    const response = await httpRequest.request(
+      "http://login.example.com/auth",
+      {
+        method: http.RequestMethod.POST,
+        header: {
+          'Content-Type': 'application/json'
+        },
+        extraData: JSON.stringify(credentials)
+      }
+    );
+    return response;
+  }
+
+  async downloadFile(fileUrl: string) {
+    // 不安全的文件下载
+    const httpRequest = http.createHttp();
+    const response = await httpRequest.request(
+      `http://download.example.com/files/${fileUrl}`,
+      {
+        method: http.RequestMethod.GET
+      }
+    );
+    return response;
+  }
+}