|
|
|
|
@ -28,6 +28,7 @@ import org.sonar.cxx.squidbridge.checks.SquidCheck; |
|
|
|
|
@SqaleConstantRemediation("5min") |
|
|
|
|
public class FileAccessChecker extends SquidCheck<Grammar> { |
|
|
|
|
private boolean filePathChecked = false; |
|
|
|
|
private boolean filePathUsedInIf = false; |
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public void init() { |
|
|
|
|
@ -47,56 +48,47 @@ public class FileAccessChecker extends SquidCheck<Grammar> { |
|
|
|
|
|
|
|
|
|
private void checkIfStatement(AstNode ifStatement) { |
|
|
|
|
AstNode condition = ifStatement.getFirstChild(CxxGrammarImpl.condition); |
|
|
|
|
|
|
|
|
|
if (containsFilePathCheck(condition)) { |
|
|
|
|
filePathChecked = true; |
|
|
|
|
filePathUsedInIf = containsFilePathCheck(condition); |
|
|
|
|
if (!filePathUsedInIf) { |
|
|
|
|
createViolation(ifStatement, "在访问文件或目录前需要对路径名进行验证"); |
|
|
|
|
} |
|
|
|
|
filePathUsedInIf = false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private void checkDeclaration(AstNode declaration) { |
|
|
|
|
AstNode declaratorNode = declaration.getFirstDescendant(CxxGrammarImpl.declarator); |
|
|
|
|
|
|
|
|
|
if (declaratorNode != null) { |
|
|
|
|
filePathChecked = containsFilePathCheck(declaratorNode); |
|
|
|
|
if (declaratorNode != null && !filePathChecked) { |
|
|
|
|
String variableName = declaratorNode.getTokenOriginalValue(); |
|
|
|
|
|
|
|
|
|
if ("filePath".equals(variableName)) { |
|
|
|
|
if (!filePathChecked) { |
|
|
|
|
System.out.println("在访问文件或目录前需要对路径名进行验证:"+variableName); |
|
|
|
|
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", declaratorNode); |
|
|
|
|
} |
|
|
|
|
if (variableName != null && variableName.equals("filePath")) { |
|
|
|
|
System.out.println(variableName); |
|
|
|
|
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", declaratorNode); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private void checkStatement(AstNode statement) { |
|
|
|
|
AstNode condition = statement.getFirstChild(CxxGrammarImpl.condition); |
|
|
|
|
|
|
|
|
|
if (containsFilePathCheck(condition)) { |
|
|
|
|
filePathChecked = true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private boolean containsFilePathCheck(AstNode condition) { |
|
|
|
|
return recursiveCheck(condition); |
|
|
|
|
filePathChecked = containsFilePathCheck(condition); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private boolean recursiveCheck(AstNode node) { |
|
|
|
|
if (node == null) { |
|
|
|
|
return false; |
|
|
|
|
private boolean containsFilePathCheck(AstNode node) { |
|
|
|
|
if (node != null && node.getTokenOriginalValue().equals("filePath")) { |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
if (node.is(CxxGrammarImpl.identifierList)) { |
|
|
|
|
// 如果是标识符,检查是否是 filePath
|
|
|
|
|
String identifierName = node.getTokenOriginalValue(); |
|
|
|
|
return "filePath".equals(identifierName); |
|
|
|
|
} else { |
|
|
|
|
// 递归检查子节点
|
|
|
|
|
if (node != null) { |
|
|
|
|
for (AstNode child : node.getChildren()) { |
|
|
|
|
if (recursiveCheck(child)) { |
|
|
|
|
// 如果 if 中使用了 filePath,则停止递归并跳过 ifstream file(filePath) 检查
|
|
|
|
|
if (containsFilePathCheck(child)) { |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
return false; // 节点或其任何子节点中找不到“filePath”
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private void createViolation(AstNode node, String message) { |
|
|
|
|
getContext().createLineViolation(this, message, node); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
