parent
d0e58ae674
commit
13c9b916b4
@ -0,0 +1,54 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx.rules.checkers; |
||||
|
||||
import com.sonar.cxx.sslr.api.AstNode; |
||||
import com.sonar.cxx.sslr.api.Grammar; |
||||
import org.sonar.check.Priority; |
||||
import org.sonar.check.Rule; |
||||
import org.sonar.cxx.parser.CxxGrammarImpl; |
||||
import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
||||
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
||||
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
||||
|
||||
import javax.annotation.Nullable; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* TODO HighEncryptDesChecker |
||||
* |
||||
* @author RenFengJiang |
||||
* @date 2024/1/15 |
||||
*/ |
||||
@Rule(key = "HighEncryptDesChecker", name = "应采用加密强度较高的标准加密算法", description = "采用目前加密领域中加密强度较高的标准加密算法,常见加密强度高的算法AES、DES-512等", priority = Priority.INFO, tags = {"28suo"}) |
||||
@ActivatedByDefault |
||||
@SqaleConstantRemediation("5min") |
||||
public class HighEncryptDesChecker extends SquidCheck<Grammar> { |
||||
|
||||
@Override |
||||
public void init() { |
||||
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
|
||||
this.subscribeTo( |
||||
CxxGrammarImpl.translationUnit |
||||
); |
||||
} |
||||
|
||||
|
||||
public void visitFile(@Nullable AstNode astNode) { |
||||
//逐行获取内容
|
||||
List<String> inputFileLines = getContext().getInputFileLines(); |
||||
for (String str:inputFileLines) { |
||||
if(str.startsWith("#include")){ |
||||
if(str.contains("<openssl/") || str.contains("<cryptopp/") ){ |
||||
if(!str.contains("aes.h>") && !str.contains("des.h>") ){ |
||||
getContext().createFileViolation(this, "应采用加密强度较高的标准加密算法"); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,32 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx.rules.checkers; |
||||
|
||||
import com.keyware.sonar.cxx.CxxFileTesterHelper; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.sonar.cxx.CxxAstScanner; |
||||
import org.sonar.cxx.squidbridge.api.SourceFile; |
||||
import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; |
||||
|
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* TODO HighEncryptDesCheckerTest |
||||
* |
||||
* @author RenFengJiang |
||||
* @date 2024/1/15 |
||||
*/ |
||||
public class HighEncryptDesCheckerTest { |
||||
@Test |
||||
public void checkTest() throws IOException { |
||||
var checker = new HighEncryptDesChecker(); |
||||
var tester = CxxFileTesterHelper.create("HighEncryptDesChecker.cc"); |
||||
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); |
||||
CheckMessagesVerifier.verify(file.getCheckMessages()) |
||||
.next().withMessage("应采用加密强度较高的标准加密算法"); |
||||
} |
||||
} |
@ -0,0 +1,34 @@ |
||||
#include <iostream> |
||||
#include <cryptopp/aes.h> |
||||
#include <cryptopp/des.h> |
||||
#include <cryptopp/blake2.h>// error |
||||
|
||||
#include <string.h> |
||||
|
||||
// AES-256 加密示例
|
||||
void aes256_encrypt(const unsigned char* plaintext, size_t plaintext_len, |
||||
const unsigned char key[AES_BLOCK_SIZE], unsigned char iv[AES_BLOCK_SIZE], |
||||
unsigned char* ciphertext) { |
||||
AES_KEY aes; |
||||
|
||||
// 初始化加密密钥
|
||||
if (AES_set_encrypt_key(key, 256, &aes) < 0) { |
||||
// 错误处理:密钥长度不正确等
|
||||
} |
||||
|
||||
// 创建一个用于CBC模式的加密上下文结构体
|
||||
AES_cbc_encrypt(plaintext, ciphertext, plaintext_len, &aes, iv, AES_ENCRYPT); |
||||
} |
||||
|
||||
int main() { |
||||
unsigned char plaintext[AES_BLOCK_SIZE] = { /* 填充原始数据 */ }; |
||||
unsigned char key[AES_BLOCK_SIZE] = { /* 填充密钥 */ }; |
||||
unsigned char iv[AES_BLOCK_SIZE] = { /* 填充初始化向量(IV) */ }; |
||||
unsigned char ciphertext[AES_BLOCK_SIZE]; |
||||
|
||||
aes256_encrypt(plaintext, sizeof(plaintext), key, iv, ciphertext); |
||||
|
||||
// ... 然后可以进一步处理密文 ...
|
||||
|
||||
return 0; |
||||
} |
Loading…
Reference in new issue