新增：c++应采用加密强度较高的标准加密算法

10 months ago · 13c9b916b4
parent d0e58ae674
commit 13c9b916b4
3 changed files with 120 additions and 0 deletions
--- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/HighEncryptDesChecker.java
+++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/HighEncryptDesChecker.java
@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules.checkers;
+
+import com.sonar.cxx.sslr.api.AstNode;
+import com.sonar.cxx.sslr.api.Grammar;
+import org.sonar.check.Priority;
+import org.sonar.check.Rule;
+import org.sonar.cxx.parser.CxxGrammarImpl;
+import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
+import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
+import org.sonar.cxx.squidbridge.checks.SquidCheck;
+
+import javax.annotation.Nullable;
+import java.util.List;
+
+/**
+ * TODO HighEncryptDesChecker
+ *
+ * @author RenFengJiang
+ * @date 2024/1/15
+ */
+@Rule(key = "HighEncryptDesChecker", name = "应采用加密强度较高的标准加密算法", description = "采用目前加密领域中加密强度较高的标准加密算法，常见加密强度高的算法AES、DES-512等", priority = Priority.INFO, tags = {"28suo"})
+@ActivatedByDefault
+@SqaleConstantRemediation("5min")
+public class HighEncryptDesChecker extends SquidCheck<Grammar> {
+
+    @Override
+    public void init() {
+        // 订阅要检查AST节点类型，用于在visitNode方法中检查该类型节点
+        this.subscribeTo(
+                CxxGrammarImpl.translationUnit
+        );
+    }
+
+
+    public void visitFile(@Nullable AstNode astNode) {
+        //逐行获取内容
+        List<String> inputFileLines = getContext().getInputFileLines();
+        for (String str:inputFileLines) {
+            if(str.startsWith("#include")){
+                if(str.contains("<openssl/") || str.contains("<cryptopp/") ){
+                    if(!str.contains("aes.h>") && !str.contains("des.h>") ){
+                        getContext().createFileViolation(this, "应采用加密强度较高的标准加密算法");
+                    }
+                }
+            }
+        }
+    }
+}
--- a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/HighEncryptDesCheckerTest.java
+++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/HighEncryptDesCheckerTest.java
@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules.checkers;
+
+import com.keyware.sonar.cxx.CxxFileTesterHelper;
+import org.junit.jupiter.api.Test;
+import org.sonar.cxx.CxxAstScanner;
+import org.sonar.cxx.squidbridge.api.SourceFile;
+import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier;
+
+import java.io.IOException;
+
+/**
+ * TODO HighEncryptDesCheckerTest
+ *
+ * @author RenFengJiang
+ * @date 2024/1/15
+ */
+public class HighEncryptDesCheckerTest {
+    @Test
+    public void checkTest() throws IOException {
+        var checker = new HighEncryptDesChecker();
+        var tester = CxxFileTesterHelper.create("HighEncryptDesChecker.cc");
+        SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
+        CheckMessagesVerifier.verify(file.getCheckMessages())
+                .next().withMessage("应采用加密强度较高的标准加密算法");
+    }
+}
--- a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/HighEncryptDesChecker.cc
+++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/HighEncryptDesChecker.cc
@ -0,0 +1,34 @@
+#include <iostream>
+#include <cryptopp/aes.h>
+#include <cryptopp/des.h>
+#include <cryptopp/blake2.h>// error
+
+#include <string.h>
+
+// AES-256 加密示例
+void aes256_encrypt(const unsigned char* plaintext, size_t plaintext_len,
+                    const unsigned char key[AES_BLOCK_SIZE], unsigned char iv[AES_BLOCK_SIZE],
+                    unsigned char* ciphertext) {
+    AES_KEY aes;
+
+    // 初始化加密密钥
+    if (AES_set_encrypt_key(key, 256, &aes) < 0) {
+        // 错误处理：密钥长度不正确等
+    }
+
+    // 创建一个用于CBC模式的加密上下文结构体
+    AES_cbc_encrypt(plaintext, ciphertext, plaintext_len, &aes, iv, AES_ENCRYPT);
+}
+
+int main() {
+    unsigned char plaintext[AES_BLOCK_SIZE] = { /* 填充原始数据 */ };
+    unsigned char key[AES_BLOCK_SIZE] = { /* 填充密钥 */ };
+    unsigned char iv[AES_BLOCK_SIZE] = { /* 填充初始化向量（IV） */ };
+    unsigned char ciphertext[AES_BLOCK_SIZE];
+
+    aes256_encrypt(plaintext, sizeof(plaintext), key, iv, ciphertext);
+
+    // ... 然后可以进一步处理密文 ...
+
+    return 0;
+}