|
|
|
@ -16,10 +16,12 @@ import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
|
|
|
|
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
|
|
|
|
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
|
|
|
|
|
|
|
|
|
import java.util.ArrayList; |
|
|
|
|
import java.io.BufferedReader; |
|
|
|
|
import java.io.File; |
|
|
|
|
import java.io.FileReader; |
|
|
|
|
import java.io.IOException; |
|
|
|
|
import java.util.List; |
|
|
|
|
|
|
|
|
|
import static com.sonar.cxx.sslr.api.GenericTokenType.IDENTIFIER; |
|
|
|
|
|
|
|
|
|
@Rule(key = "VerificationPathChecker", name = "在构建路径名前对数据进行校验", description = "对输入数据进行校验", priority = Priority.INFO, tags = {"28suo"}) |
|
|
|
|
@ActivatedByDefault |
|
|
|
@ -28,45 +30,66 @@ public class VerificationPathChecker extends SquidCheck<Grammar> { |
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public void init() { |
|
|
|
|
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
|
|
|
|
|
this.subscribeTo( |
|
|
|
|
CxxGrammarImpl.functionBody |
|
|
|
|
); |
|
|
|
|
this.subscribeTo(CxxGrammarImpl.functionBody); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public void visitNode(AstNode astNode) { |
|
|
|
|
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.statement); |
|
|
|
|
for (AstNode ast:descendants) { |
|
|
|
|
List<AstNode> descendants1 = ast.getDescendants(CxxGrammarImpl.shiftExpression); |
|
|
|
|
for (AstNode desc :descendants1) { |
|
|
|
|
if("cin".equals(desc.getTokenValue())){ |
|
|
|
|
for (AstNode ast : descendants) { |
|
|
|
|
if (processAst(ast)) { |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private boolean processAst(AstNode ast) { |
|
|
|
|
List<AstNode> innerDescendants = ast.getDescendants(CxxGrammarImpl.shiftExpression); |
|
|
|
|
for (AstNode desc : innerDescendants) { |
|
|
|
|
if ("cin".equals(desc.getTokenValue())) { |
|
|
|
|
List<AstNode> children = desc.getChildren(); |
|
|
|
|
for (AstNode chil:children) { |
|
|
|
|
if("IDENTIFIER".equals(chil.getName())){ |
|
|
|
|
if(chil.getTokenValue().toLowerCase().contains("path")){ |
|
|
|
|
for (AstNode chil : children) { |
|
|
|
|
if ("IDENTIFIER".equals(chil.getName())) { |
|
|
|
|
if (chil.getTokenValue().toLowerCase().contains("path")) { |
|
|
|
|
boolean boo = true; |
|
|
|
|
List<AstNode> exprs = astNode.getDescendants(CxxGrammarImpl.postfixExpression); |
|
|
|
|
for (AstNode expr:exprs) { |
|
|
|
|
if(expr.getTokenValue().contains("check") || expr.getTokenValue().contains("verify") || expr.getTokenValue().contains("valid")){ |
|
|
|
|
List<AstNode> exprs = ast.getDescendants(CxxGrammarImpl.postfixExpression); |
|
|
|
|
for (AstNode expr : exprs) { |
|
|
|
|
if (expr.getTokenValue().contains("check") || expr.getTokenValue().contains("verify") || expr.getTokenValue().contains("valid")) { |
|
|
|
|
List<AstNode> astNodeList = expr.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
|
for (AstNode asrList:astNodeList) { |
|
|
|
|
if(chil.getTokenValue().equals(asrList.getTokenValue())){ |
|
|
|
|
for (AstNode asrList : astNodeList) { |
|
|
|
|
if (chil.getTokenValue().equals(asrList.getTokenValue())) { |
|
|
|
|
boo = false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if(boo){ |
|
|
|
|
int lineNumber = chil.getTokenLine(); |
|
|
|
|
if (boo && isLineInFile(lineNumber)) { |
|
|
|
|
getContext().createLineViolation(this, "在构建路径名前对数据进行校验", chil); |
|
|
|
|
} |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private boolean isLineInFile(int lineNumber) { |
|
|
|
|
try { |
|
|
|
|
int totalLines = countLines(getContext().getFile()); |
|
|
|
|
return lineNumber <= totalLines; |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
throw new RuntimeException(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public int countLines(File file) throws IOException { |
|
|
|
|
try (BufferedReader reader = new BufferedReader(new FileReader(file))) { |
|
|
|
|
int lines = 0; |
|
|
|
|
while (reader.readLine() != null) lines++; |
|
|
|
|
return lines; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|