parent
d0e58ae674
commit
13c9b916b4
@ -0,0 +1,54 @@ |
|||||||
|
/* |
||||||
|
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||||
|
* 项目名称:C++ 信息安全性设计准则 |
||||||
|
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||||
|
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||||
|
*/ |
||||||
|
package com.keyware.sonar.cxx.rules.checkers; |
||||||
|
|
||||||
|
import com.sonar.cxx.sslr.api.AstNode; |
||||||
|
import com.sonar.cxx.sslr.api.Grammar; |
||||||
|
import org.sonar.check.Priority; |
||||||
|
import org.sonar.check.Rule; |
||||||
|
import org.sonar.cxx.parser.CxxGrammarImpl; |
||||||
|
import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
||||||
|
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
||||||
|
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
||||||
|
|
||||||
|
import javax.annotation.Nullable; |
||||||
|
import java.util.List; |
||||||
|
|
||||||
|
/** |
||||||
|
* TODO HighEncryptDesChecker |
||||||
|
* |
||||||
|
* @author RenFengJiang |
||||||
|
* @date 2024/1/15 |
||||||
|
*/ |
||||||
|
@Rule(key = "HighEncryptDesChecker", name = "应采用加密强度较高的标准加密算法", description = "采用目前加密领域中加密强度较高的标准加密算法,常见加密强度高的算法AES、DES-512等", priority = Priority.INFO, tags = {"28suo"}) |
||||||
|
@ActivatedByDefault |
||||||
|
@SqaleConstantRemediation("5min") |
||||||
|
public class HighEncryptDesChecker extends SquidCheck<Grammar> { |
||||||
|
|
||||||
|
@Override |
||||||
|
public void init() { |
||||||
|
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
|
||||||
|
this.subscribeTo( |
||||||
|
CxxGrammarImpl.translationUnit |
||||||
|
); |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
public void visitFile(@Nullable AstNode astNode) { |
||||||
|
//逐行获取内容
|
||||||
|
List<String> inputFileLines = getContext().getInputFileLines(); |
||||||
|
for (String str:inputFileLines) { |
||||||
|
if(str.startsWith("#include")){ |
||||||
|
if(str.contains("<openssl/") || str.contains("<cryptopp/") ){ |
||||||
|
if(!str.contains("aes.h>") && !str.contains("des.h>") ){ |
||||||
|
getContext().createFileViolation(this, "应采用加密强度较高的标准加密算法"); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,32 @@ |
|||||||
|
/* |
||||||
|
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||||
|
* 项目名称:C++ 信息安全性设计准则 |
||||||
|
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||||
|
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||||
|
*/ |
||||||
|
package com.keyware.sonar.cxx.rules.checkers; |
||||||
|
|
||||||
|
import com.keyware.sonar.cxx.CxxFileTesterHelper; |
||||||
|
import org.junit.jupiter.api.Test; |
||||||
|
import org.sonar.cxx.CxxAstScanner; |
||||||
|
import org.sonar.cxx.squidbridge.api.SourceFile; |
||||||
|
import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; |
||||||
|
|
||||||
|
import java.io.IOException; |
||||||
|
|
||||||
|
/** |
||||||
|
* TODO HighEncryptDesCheckerTest |
||||||
|
* |
||||||
|
* @author RenFengJiang |
||||||
|
* @date 2024/1/15 |
||||||
|
*/ |
||||||
|
public class HighEncryptDesCheckerTest { |
||||||
|
@Test |
||||||
|
public void checkTest() throws IOException { |
||||||
|
var checker = new HighEncryptDesChecker(); |
||||||
|
var tester = CxxFileTesterHelper.create("HighEncryptDesChecker.cc"); |
||||||
|
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); |
||||||
|
CheckMessagesVerifier.verify(file.getCheckMessages()) |
||||||
|
.next().withMessage("应采用加密强度较高的标准加密算法"); |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,34 @@ |
|||||||
|
#include <iostream> |
||||||
|
#include <cryptopp/aes.h> |
||||||
|
#include <cryptopp/des.h> |
||||||
|
#include <cryptopp/blake2.h>// error |
||||||
|
|
||||||
|
#include <string.h> |
||||||
|
|
||||||
|
// AES-256 加密示例
|
||||||
|
void aes256_encrypt(const unsigned char* plaintext, size_t plaintext_len, |
||||||
|
const unsigned char key[AES_BLOCK_SIZE], unsigned char iv[AES_BLOCK_SIZE], |
||||||
|
unsigned char* ciphertext) { |
||||||
|
AES_KEY aes; |
||||||
|
|
||||||
|
// 初始化加密密钥
|
||||||
|
if (AES_set_encrypt_key(key, 256, &aes) < 0) { |
||||||
|
// 错误处理:密钥长度不正确等
|
||||||
|
} |
||||||
|
|
||||||
|
// 创建一个用于CBC模式的加密上下文结构体
|
||||||
|
AES_cbc_encrypt(plaintext, ciphertext, plaintext_len, &aes, iv, AES_ENCRYPT); |
||||||
|
} |
||||||
|
|
||||||
|
int main() { |
||||||
|
unsigned char plaintext[AES_BLOCK_SIZE] = { /* 填充原始数据 */ }; |
||||||
|
unsigned char key[AES_BLOCK_SIZE] = { /* 填充密钥 */ }; |
||||||
|
unsigned char iv[AES_BLOCK_SIZE] = { /* 填充初始化向量(IV) */ }; |
||||||
|
unsigned char ciphertext[AES_BLOCK_SIZE]; |
||||||
|
|
||||||
|
aes256_encrypt(plaintext, sizeof(plaintext), key, iv, ciphertext); |
||||||
|
|
||||||
|
// ... 然后可以进一步处理密文 ...
|
||||||
|
|
||||||
|
return 0; |
||||||
|
} |
Loading…
Reference in new issue