diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java index abe3e3c..ea1fe3d 100644 --- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java @@ -41,7 +41,6 @@ public class EncryptionAlgorithmChecker extends SquidCheck { ); } - @Override public void visitNode(AstNode astNode) { var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); @@ -52,19 +51,20 @@ public class EncryptionAlgorithmChecker extends SquidCheck { var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression); if(callNode != null){ var callList = callNode.getDescendants(CxxGrammarImpl.className); - var funName = callList.get(callList.size() - 1).getTokenOriginalValue(); - var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); - if("generateHash".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> { - var name = item.getTokenOriginalValue(); - return name != null && name.contains("password"); - })){ - cache.remove(varName); + if(!callList.isEmpty()) { + var funName = callList.get(callList.size() - 1).getTokenOriginalValue(); + var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); + if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> { + var name = item.getTokenOriginalValue(); + return name != null && ("password".equals(name) || "salt".equals(name)); + })){ + cache.remove(varName); + } } } next = next.getNextSibling(); } cache.values().forEach(item->{ - System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用单向加密算法对口令进行加密并存储"); getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item); }); } diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java index f71abf9..7665e3e 100644 --- a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java @@ -29,7 +29,7 @@ public class EncryptionAlgorithmCheckerTest { var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc"); SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); CheckMessagesVerifier.verify(file.getCheckMessages()) - .next().atLine(8).withMessage("特定字段未使用单向加密算法对口令进行加密并存储") + .next().atLine(9).withMessage("特定字段未使用单向加密算法对口令进行加密并存储") .noMore(); } diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc index 39c09cb..9521a21 100644 --- a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc @@ -1,13 +1,23 @@ #include #include -#include +#include using namespace std; +using namespace bcrypt; -int main() -{ - string password = "abc123"; // 初始化密码 +int main() { + // 用户输入的原始密码 + string password = "userPassword123"; -// string hashedPassword = BCrypt::generateHash(password); // bcrypt 密码 + // 使用cpp-bcrypt生成盐和哈希 +// bcrypt::generate_salt(); // 生成一个随机盐 +// string salt = bcrypt::get_salt(); + + // 使用盐和密码生成哈希 +// string hashed_password; +// bcrypt::hashpw(password.c_str(), salt.c_str(), hashed_password); + + // 打印生成的哈希值 +// cout << "Generated bcrypt hash: " << hashed_password << endl; return 0; } \ No newline at end of file