优化准则:应使用单向加密算法对口令进行加密并存储

wuhaoyang
wuhaoyang 10 months ago
parent c0365cb297
commit 28d4ce998d
  1. 8
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
  2. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java
  3. 20
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc

@ -41,7 +41,6 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
); );
} }
@Override @Override
public void visitNode(AstNode astNode) { public void visitNode(AstNode astNode) {
var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
@ -52,19 +51,20 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression); var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(callNode != null){ if(callNode != null){
var callList = callNode.getDescendants(CxxGrammarImpl.className); var callList = callNode.getDescendants(CxxGrammarImpl.className);
if(!callList.isEmpty()) {
var funName = callList.get(callList.size() - 1).getTokenOriginalValue(); var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if("generateHash".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> { if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
var name = item.getTokenOriginalValue(); var name = item.getTokenOriginalValue();
return name != null && name.contains("password"); return name != null && ("password".equals(name) || "salt".equals(name));
})){ })){
cache.remove(varName); cache.remove(varName);
} }
} }
}
next = next.getNextSibling(); next = next.getNextSibling();
} }
cache.values().forEach(item->{ cache.values().forEach(item->{
System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用单向加密算法对口令进行加密并存储");
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item); getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
}); });
} }

@ -29,7 +29,7 @@ public class EncryptionAlgorithmCheckerTest {
var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc"); var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages()) CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(8).withMessage("特定字段未使用单向加密算法对口令进行加密并存储") .next().atLine(9).withMessage("特定字段未使用单向加密算法对口令进行加密并存储")
.noMore(); .noMore();
} }

@ -1,13 +1,23 @@
#include <iostream> #include <iostream>
#include <string> #include <string>
#include <bcrypt/BCrypt.hpp> #include <bcrypt.h>
using namespace std; using namespace std;
using namespace bcrypt;
int main() int main() {
{ // 用户输入的原始密码
string password = "abc123"; // 初始化密码 string password = "userPassword123";
// string hashedPassword = BCrypt::generateHash(password); // bcrypt 密码 // 使用cpp-bcrypt生成盐和哈希
// bcrypt::generate_salt(); // 生成一个随机盐
// string salt = bcrypt::get_salt();
// 使用盐和密码生成哈希
// string hashed_password;
// bcrypt::hashpw(password.c_str(), salt.c_str(), hashed_password);
// 打印生成的哈希值
// cout << "Generated bcrypt hash: " << hashed_password << endl;
return 0; return 0;
} }
Loading…
Cancel
Save