优化准则:在程序中指定允许访问的文件或目录,在访问文件或目录前对路径名进行验证,确保仅允许访问指定的文件或目录

wuhaoyang
wuhaoyang 10 months ago
parent 28d4ce998d
commit 064bb0309e
  1. 52
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
  2. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FileAccessCheckerTest.java
  3. 6
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.cc

@ -28,6 +28,7 @@ import org.sonar.cxx.squidbridge.checks.SquidCheck;
@SqaleConstantRemediation("5min")
public class FileAccessChecker extends SquidCheck<Grammar> {
private boolean filePathChecked = false;
private boolean filePathUsedInIf = false;
@Override
public void init() {
@ -47,56 +48,47 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
private void checkIfStatement(AstNode ifStatement) {
AstNode condition = ifStatement.getFirstChild(CxxGrammarImpl.condition);
if (containsFilePathCheck(condition)) {
filePathChecked = true;
filePathUsedInIf = containsFilePathCheck(condition);
if (!filePathUsedInIf) {
createViolation(ifStatement, "在访问文件或目录前需要对路径名进行验证");
}
filePathUsedInIf = false;
}
private void checkDeclaration(AstNode declaration) {
AstNode declaratorNode = declaration.getFirstDescendant(CxxGrammarImpl.declarator);
if (declaratorNode != null) {
filePathChecked = containsFilePathCheck(declaratorNode);
if (declaratorNode != null && !filePathChecked) {
String variableName = declaratorNode.getTokenOriginalValue();
if ("filePath".equals(variableName)) {
if (!filePathChecked) {
System.out.println("在访问文件或目录前需要对路径名进行验证:"+variableName);
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", declaratorNode);
}
if (variableName != null && variableName.equals("filePath")) {
System.out.println(variableName);
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", declaratorNode);
}
}
}
private void checkStatement(AstNode statement) {
AstNode condition = statement.getFirstChild(CxxGrammarImpl.condition);
if (containsFilePathCheck(condition)) {
filePathChecked = true;
}
}
private boolean containsFilePathCheck(AstNode condition) {
return recursiveCheck(condition);
filePathChecked = containsFilePathCheck(condition);
}
private boolean recursiveCheck(AstNode node) {
if (node == null) {
return false;
private boolean containsFilePathCheck(AstNode node) {
if (node != null && node.getTokenOriginalValue().equals("filePath")) {
return true;
}
if (node.is(CxxGrammarImpl.identifierList)) {
// 如果是标识符,检查是否是 filePath
String identifierName = node.getTokenOriginalValue();
return "filePath".equals(identifierName);
} else {
// 递归检查子节点
if (node != null) {
for (AstNode child : node.getChildren()) {
if (recursiveCheck(child)) {
// 如果 if 中使用了 filePath,则停止递归并跳过 ifstream file(filePath) 检查
if (containsFilePathCheck(child)) {
return true;
}
}
return false;
}
return false; // 节点或其任何子节点中找不到“filePath”
}
private void createViolation(AstNode node, String message) {
getContext().createLineViolation(this, message, node);
}
}

@ -27,7 +27,7 @@ public class FileAccessCheckerTest {
var tester = CxxFileTesterHelper.create("FileAccessChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(8).withMessage("在访问文件或目录前需要对路径名进行验证")
.next().atLine(13).withMessage("在访问文件或目录前需要对路径名进行验证")
.noMore();
}
}

@ -5,10 +5,12 @@
using namespace std;
int main() {
string filePath = "C:\\Users\\user\\Desktop\\test.txt";//error
string filePath = "C:\\Users\\user\\Desktop\\test.txt";
if (filePath) {
int a = 5;
if (a<5) {
ifstream file(filePath);
cout << "File opened successfully." << endl;

Loading…
Cancel
Save