From 24ccac44f7dde776c4384eabb6a2f46fe43fbe86 Mon Sep 17 00:00:00 2001 From: RenFengJiang <1111> Date: Wed, 24 Jan 2024 10:50:08 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9AC++=E5=BA=94?= =?UTF-8?q?=E4=BD=BF=E7=94=A8=E7=9B=AE=E5=89=8D=E8=A2=AB=E4=B8=9A=E7=95=8C?= =?UTF-8?q?=E4=B8=93=E5=AE=B6=E8=AE=A4=E4=B8=BA=E8=BE=83=E5=BC=BA=E7=9A=84?= =?UTF-8?q?=E7=BB=8F=E8=BF=87=E8=89=AF=E5=A5=BD=E5=AE=A1=E6=A0=B8=E7=9A=84?= =?UTF-8?q?=E5=8A=A0=E5=AF=86PRNG=E7=AE=97=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cxx/rules/checkers/PRNGVerifyChecker.java | 58 +++++++++++++++++++ .../rules/checkers/PRNGVerifyCheckerTest.java | 37 ++++++++++++ .../cxx/rules/checkers/PRNGVerifyChecker.cc | 10 ++++ 3 files changed, 105 insertions(+) create mode 100644 sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java create mode 100644 sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java create mode 100644 sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java new file mode 100644 index 0000000..c63f787 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import javax.annotation.Nonnull; +import java.util.List; + +/** + * TODO 应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法 + * + * @author RenFengJiang + * @date 2024/1/23 + */ +@Rule(key = "PRNGVerifyChecker", name = "应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法", description = "使用目前被业界专家认为较强的经过良好审核的加密PRNG算法,初始化随机数生成器时使用具有足够长度且不固定的种子", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class PRNGVerifyChecker extends SquidCheck { + + List lists = List.of("minstd_rand0","minstd_rand","mt19937","mt19937_64","ranlux24_base","ranlux48_base","ranlux24","ranlux48","knuth_b"); + @Override + public void init() { + // 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点 + this.subscribeTo( + CxxGrammarImpl.declarationStatement + ); + } + + /** + * 访问AST节点 + * + * @param node 要处理的AST节点,该节点类型为通过subscribeTo方法订阅的类型 + */ + @Override + public void visitNode(@Nonnull AstNode node) { + List descendants = node.getDescendants(CxxGrammarImpl.typeName); + for (AstNode desc:descendants) { + if(lists.contains(desc.getTokenValue())){ + getContext().createLineViolation(this, "应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法", node); + break; + } + } + + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java new file mode 100644 index 0000000..090e9e7 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO PRNGVerifyCheckerTest + * + * @author RenFengJiang + * @date 2024/1/23 + */ +public class PRNGVerifyCheckerTest { + + @Test + public void checkTest() throws IOException { + var checker = new PRNGVerifyChecker(); + var tester = CxxFileTesterHelper.create("PRNGVerifyChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().atLine(4).withMessage("应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法") + .next().atLine(6).withMessage("应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法") + .next().atLine(8).withMessage("应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法") + .noMore(); + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc new file mode 100644 index 0000000..4d9d4c6 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc @@ -0,0 +1,10 @@ +int main(){ + std::mt19937 generator(time(0)); // mt19937是32比特的 + std::cout << generator() << std::endl; + std::ranlux24_base generator(time(0)); // ranlux24_base是24比特的 + std::cout << generator() << std::endl; + std::knuth_b generator(time(0)); + std::cout << generator() << std::endl; + + return 0; +} \ No newline at end of file