Home / dromara / Sa-Token
Repository Analysis

dromara/Sa-Token

✨ 开源、免费、一站式 Java 权限认证框架,让鉴权变得简单、优雅!—— 登录认证、权限认证、分布式 Session 会话、微服务网关鉴权、SSO 单点登录、OAuth2.0 统一认证、jwt 集成、API Key 秘钥授权、API 参数签名

2.1 Likely human-written View on GitHub
2.1
Adjusted Score
2.1
Raw Score
100%
Time Factor
2026-05-27
Last Push
18,852
Stars
Java
Language
162,965
Lines of Code
1442
Files
78
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 17HIGH 0MEDIUM 1LOW 60

Pattern Findings

78 matches across 4 categories. Click a row to expand file-level details.

Hallucination Indicators17 hits · 278 pts
SeverityFileLineSnippet
CRITICAL…src/main/resources/WEB-INF/static/sa-res/jquery.min.js2!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):f
CRITICAL…-server/src/main/resources/static/sa-res/jquery.min.js2!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):f
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java25 * at tools.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:399)
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java26 * at tools.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:361)
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java27 * at tools.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:265)
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java28 * at tools.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:24
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java29 * at tools.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:158)
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java31 * at tools.jackson.databind.deser.jdk.UntypedObjectDeserializer._findCustomDeser(UntypedObjectDeserializer.jav
CRITICAL…st/java/com/pj/test/SaJsonTemplateForJackson3Test.java32 * at tools.jackson.databind.deser.jdk.UntypedObjectDeserializer.resolve(UntypedObjectDeserializer.java:152)
CRITICAL…k-login/src/main/resources/static/sa-res/jquery.min.js2!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):f
CRITICALsa-token-doc/fun/async--mock.md56 at cn.dev33.satoken.context.SaTokenContextForThreadLocalStaff.getModelBox(SaTokenContextForThreadLocalStaff.java:73) ~[
CRITICALsa-token-doc/more/common-questions.md531 at cn.dev33.satoken.spring.pathmatch.SaPathPatternParserUtil.match(SaPathPatternParserUtil.java:40)
CRITICALsa-token-doc/more/common-questions.md532 at cn.dev33.satoken.reactor.spring.SaTokenContextForSpringReactor.matchPath(SaTokenContextForSpringReactor.java:34)
CRITICALsa-token-doc/more/common-questions.md533 at cn.dev33.satoken.router.SaRouter.isMatch(SaRouter.java:58)
CRITICALsa-token-doc/more/common-questions.md534 at cn.dev33.satoken.router.SaRouter.isMatch(SaRouter.java:72)
CRITICALsa-token-doc/static/docsify.min.js1!function(){function c(i){var o=Object.create(null);return function(e){var n=f(e)?e:JSON.stringify(e);return o[n]||(o[n]
CRITICALsa-token-doc/static/jquery.min.js2!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):f
Over-Commented Block57 hits · 57 pts
SeverityFileLineSnippet
LOW…se/src/main/java/com/pj/cases/up/SecureController.java61// String text = "Sa-Token 一个轻量级java权限认证框架";
LOW…-demo-oauth2-server/src/main/resources/application.yml21 enable-client-credentials: true
LOW…a/com/pj/oauth2/custom_scope/UserinfoScopeHandler.java1//package com.pj.oauth2.custom_scope;
LOW…a/com/pj/oauth2/custom_scope/UserinfoScopeHandler.java21// public String getHandlerScope() {
LOW…a/com/pj/oauth2/custom_scope/UserinfoScopeHandler.java41// @Override
LOW…com/pj/oauth2/custom_scope/CustomOidcScopeHandler.java1//package com.pj.oauth2.custom_scope;
LOW…com/pj/oauth2/custom_scope/CustomOidcScopeHandler.java21// idToken.extraData.put("uid", userId); // 用户id
LOW…/pj/oauth2/custom_grant_type/PhoneLoginController.java1//package com.pj.oauth2.custom_grant_type;
LOW…/pj/oauth2/custom_grant_type/PhoneLoginController.java21// SaManager.getSaTokenDao().set("phone_code:" + phone, code, 60 * 5);
LOW…/custom_grant_type/CustomPasswordGrantTypeHandler.java1//package com.pj.oauth2.custom_grant_type;
LOW…/custom_grant_type/CustomPasswordGrantTypeHandler.java21// return new PasswordAuthResult(userId);
LOW…auth2/custom_grant_type/PhoneCodeGrantTypeHandler.java1//package com.pj.oauth2.custom_grant_type;
LOW…auth2/custom_grant_type/PhoneCodeGrantTypeHandler.java21//public class PhoneCodeGrantTypeHandler implements SaOAuth2GrantTypeHandlerInterface {
LOW…auth2/custom_grant_type/PhoneCodeGrantTypeHandler.java41// // 2、校验通过,删除验证码
LOW…server-solon/src/main/java/com/pj/h5/H5Controller.java41 }
LOW…oken-demo-test/src/main/java/com/pj/model/SysRole.java1package com.pj.model;
LOW…oken-demo-test/src/main/java/com/pj/model/SysRole.java21// /**
LOW…oken-demo-test/src/main/java/com/pj/model/SysRole.java41// public void setId(long id) {
LOW…oken-demo-test/src/main/java/com/pj/model/SysRole.java61// return "SysRole [id=" + id + ", name=" + name + "]";
LOW…est/src/main/java/com/pj/satoken/SaTokenConfigure.java101 @Bean
LOW…redis/src/main/java/com/pj/current/NotFoundHandle.java1//package com.pj.current;
LOW…redis/src/main/java/com/pj/current/NotFoundHandle.java21// public Object error(HttpServletRequest request, HttpServletResponse response) throws IOException {
LOW…ot-test/src/test/java/cn/dev33/satoken/util/SoMap.java661// }
LOW…easy-test/src/test/java/com/pj/test/model/SysRole.java1package com.pj.test.model;
LOW…easy-test/src/test/java/com/pj/test/model/SysRole.java21// /**
LOW…easy-test/src/test/java/com/pj/test/model/SysRole.java41// public void setId(long id) {
LOW…easy-test/src/test/java/com/pj/test/model/SysRole.java61// return "SysRole [id=" + id + ", name=" + name + "]";
LOW…json-test/src/test/java/com/pj/test/model/SysRole.java1package com.pj.test.model;
LOW…json-test/src/test/java/com/pj/test/model/SysRole.java21// /**
LOW…json-test/src/test/java/com/pj/test/model/SysRole.java41// public void setId(long id) {
LOW…json-test/src/test/java/com/pj/test/model/SysRole.java61// return "SysRole [id=" + id + ", name=" + name + "]";
LOW…izer-test/src/test/java/com/pj/test/model/SysRole.java21//
LOW…izer-test/src/test/java/com/pj/test/model/SysRole.java41// * @param id 要设置的 id
LOW…izer-test/src/test/java/com/pj/test/model/SysRole.java61// @Override
LOW…son3-test/src/test/java/com/pj/test/model/SysRole.java1package com.pj.test.model;
LOW…son3-test/src/test/java/com/pj/test/model/SysRole.java21// /**
LOW…son3-test/src/test/java/com/pj/test/model/SysRole.java41// public void setId(long id) {
LOW…son3-test/src/test/java/com/pj/test/model/SysRole.java61// return "SysRole [id=" + id + ", name=" + name + "]";
LOW…gy/hooks/SaFirewallCheckHookForDirectoryTraversal.java101// test("/.abcdef", true); // 合法隐藏文件
LOW…cn/dev33/satoken/oauth2/template/SaOAuth2Template.java161 url = url.substring(0, qIndex);
LOW…cn/dev33/satoken/oauth2/template/SaOAuth2Template.java221 // allow-url=http://*.sa-oauth-client.com/
LOW…cn/dev33/satoken/sso/template/SaSsoServerTemplate.java421 if(qIndex != -1) {
LOW…cn/dev33/satoken/sso/template/SaSsoServerTemplate.java481 // sa-token.sso-server.allow-url=http://*.sa-sso-client1.com
LOW…r/sa-token-solon-plugin/src/test/java/demo/Config.java1//package demo;
LOW…r/sa-token-solon-plugin/src/test/java/demo/Config.java21// .addInclude("/**").addExclude("/favicon.ico")
LOW…r/sa-token-solon-plugin/src/test/java/demo/Config.java41// }
LOW…/sa-token-solon-plugin/src/test/java/demo2/Config.java21// .setAuth(s -> {
LOWsa-token-doc/index.html1241 // let bgColor = this.style.backgroundColor;
LOWsa-token-doc/index.html1261 // bgColor = hexToRgba(bgColor, 0.97);
LOWsa-token-doc/index.html1281 // if (len == 3) {
LOWsa-token-doc/doc.html441 // 预览版提示
LOWsa-token-doc/plugin/quick-login.md141 # 登录页标题
LOWsa-token-doc/static/docsify-plugin.js61 // if($('.zanzhu-count').length && $('.zanzhu-box table').length) {
LOWsa-token-doc/static/docsify-plugin.js81 // </p>`;
LOWsa-token-doc/static/docsify-plugin.js101 // }
LOW…tatic/custom-docsify-plugins/doc-lock-by-gzh-plugin.js401
LOW…n-doc/static/custom-docsify-plugins/doc-lock-plugin.js401
Hyper-Verbose Identifiers3 hits · 3 pts
SeverityFileLineSnippet
LOW…-demo-oauth2/sa-token-demo-oauth2-client-h5/index.html382 function buildAuthorizationCodeUrl() {
LOWsa-token-doc/static/donate/donate-fun.js35function getCopyDonateListByDateSort() {
LOWsa-token-doc/static/donate/donate-fun.js47function getCopyDonateListByMoneySort() {
AI Slop Vocabulary1 hit · 2 pts
SeverityFileLineSnippet
MEDIUM…token-doc/static/water-change-theme/gsap-3.12.2.min.js10!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?def