sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化准则:应使用单向加密算法对口令进行加密并存储

Browse Source
wuhaoyang
wuhaoyang 10 months ago
parent c0365cb297
commit 28d4ce998d
3 changed files with 25 additions and 15 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 18
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
  2. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java
  3. 20
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc

18
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
Unescape View File

@ -41,7 +41,6 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
); );
} }
@Override @Override
public void visitNode(AstNode astNode) { public void visitNode(AstNode astNode) {
var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
@ -52,19 +51,20 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression); var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(callNode != null){ if(callNode != null){
var callList = callNode.getDescendants(CxxGrammarImpl.className); var callList = callNode.getDescendants(CxxGrammarImpl.className);
var funName = callList.get(callList.size() - 1).getTokenOriginalValue(); if(!callList.isEmpty()) {
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
if("generateHash".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> { var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
var name = item.getTokenOriginalValue(); if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
return name != null && name.contains("password"); var name = item.getTokenOriginalValue();
})){ return name != null && ("password".equals(name) || "salt".equals(name));
cache.remove(varName); })){
cache.remove(varName);
}
} }
} }
next = next.getNextSibling(); next = next.getNextSibling();
} }
cache.values().forEach(item->{ cache.values().forEach(item->{
System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用单向加密算法对口令进行加密并存储");
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item); getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
}); });
} }

2
sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java
Unescape View File

@ -29,7 +29,7 @@ public class EncryptionAlgorithmCheckerTest {
var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc"); var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages()) CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(8).withMessage("特定字段未使用单向加密算法对口令进行加密并存储") .next().atLine(9).withMessage("特定字段未使用单向加密算法对口令进行加密并存储")
.noMore(); .noMore();
} }

20
sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc
Unescape View File

@ -1,13 +1,23 @@
#include <iostream> #include <iostream>
#include <string> #include <string>
#include <bcrypt/BCrypt.hpp> #include <bcrypt.h>
using namespace std; using namespace std;
using namespace bcrypt;
int main() int main() {
{ // 用户输入的原始密码
string password = "abc123"; // 初始化密码 string password = "userPassword123";
// string hashedPassword = BCrypt::generateHash(password); // bcrypt 密码 // 使用cpp-bcrypt生成盐和哈希
// bcrypt::generate_salt(); // 生成一个随机盐
// string salt = bcrypt::get_salt();
// 使用盐和密码生成哈希
// string hashed_password;
// bcrypt::hashpw(password.c_str(), salt.c_str(), hashed_password);
// 打印生成的哈希值
// cout << "Generated bcrypt hash: " << hashed_password << endl;
return 0; return 0;
} }
Write Preview
Loading…
Cancel
Save