sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修改优化准则以及被测件

Browse Source
master
wuhaoyang 9 months ago
parent 65ed9f4927
commit 4488230206
10 changed files with 87 additions and 58 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 28
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/IntegerCountVerifyChecker.java
  2. 20
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.java
  3. 1
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/UserInputPasswordChecker.java
  4. 1
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ValidatePasswordCheck.java
  5. 77
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VerificationPathChecker.java
  6. 3
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.java
  7. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/VerificationPathCheckerTest.java
  8. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageCheckerTest.java
  9. 5
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/VerificationPathChecker.cc
  10. 6
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.cc

28
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/IntegerCountVerifyChecker.java
Unescape View File

@ -96,18 +96,22 @@ public class IntegerCountVerifyChecker extends SquidCheck<Grammar> {
}else if("std".equals(stList.getTokenValue())){
//获取到方法名称
AstNode firstDescendant = stList.getFirstDescendant(CxxGrammarImpl.qualifiedId);
List<AstNode> children = firstDescendant.getChildren();
for(AstNode desc : children){
//判断是否是用户输入方法
if("cin".equals(desc.getTokenValue())){
//获取用户输入中的参数变量
AstNode descendant = stList.getFirstDescendant(CxxGrammarImpl.shiftExpression);
List<AstNode> descendantChildren = descendant.getChildren();
for(AstNode dant:descendantChildren){
if("IDENTIFIER".equals(dant.getName())){
//判断输入的是否是整形变量
if(lists.contains(dant.getTokenValue())){
cinList.add(dant.getTokenValue());
if (firstDescendant!=null){
List<AstNode> children = firstDescendant.getChildren();
for(AstNode desc : children){
//判断是否是用户输入方法
if("cin".equals(desc.getTokenValue())){
//获取用户输入中的参数变量
AstNode descendant = stList.getFirstDescendant(CxxGrammarImpl.shiftExpression);
if (descendant!=null){
List<AstNode> descendantChildren = descendant.getChildren();
for(AstNode dant:descendantChildren){
if("IDENTIFIER".equals(dant.getName())){
//判断输入的是否是整形变量
if(lists.contains(dant.getTokenValue())){
cinList.add(dant.getTokenValue());
}
}
}
}
}

20
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.java
Unescape View File

@ -50,15 +50,17 @@ public class PathVerifyChecker extends SquidCheck<Grammar> {
public void visitNode(@Nonnull AstNode node) {
//获取参数
AstNode firstDescendant = node.getFirstDescendant(CxxGrammarImpl.initializer);
List<AstNode> children = firstDescendant.getChildren();
for(AstNode chil : children){
//判断参数类型
if("STRING".equals(chil.getName())){
String result = chil.getTokenValue().replace("\"", "");
if(isPath(result)){
//判断是不是windows或linux的绝对路径
if(!isWindowsAbsolutePath(result) && !isLinuxAbsolutePath(result)){
getContext().createLineViolation(this, "使用关键资源时指定资源所在的路径", chil);
if (firstDescendant!=null){
List<AstNode> children = firstDescendant.getChildren();
for(AstNode chil : children){
//判断参数类型
if("STRING".equals(chil.getName())){
String result = chil.getTokenValue().replace("\"", "");
if(isPath(result)){
//判断是不是windows或linux的绝对路径
if(!isWindowsAbsolutePath(result) && !isLinuxAbsolutePath(result)){
getContext().createLineViolation(this, "使用关键资源时指定资源所在的路径", chil);
}
}
}
}

1
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/UserInputPasswordChecker.java
Unescape View File

@ -82,5 +82,6 @@ public class UserInputPasswordChecker extends SquidCheck<Grammar> {
@Override
public void leaveFile(@Nullable AstNode astNode) {
fieldsMap.values().forEach(node -> getContext().createLineViolation(this, "用户输入口令时对口令域进行掩饰,通常,用户输入的每一个字符都应该以“*”形式回显", node));
fieldsMap.clear();
}
}

1
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ValidatePasswordCheck.java
Unescape View File

@ -82,7 +82,6 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
String passwordValue = initializationValue.getTokenOriginalValue();
if (!passwordValue.matches(passwordRegex)) {
System.out.println("未通过正则校验的口令:"+passwordValue);
getContext().createLineViolation(this, "口令不匹配足够复杂度", initializationValue);
}
}

77
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VerificationPathChecker.java
Unescape View File

@ -16,10 +16,12 @@ import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.cxx.squidbridge.checks.SquidCheck;
import java.util.ArrayList;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.List;
import static com.sonar.cxx.sslr.api.GenericTokenType.IDENTIFIER;
@Rule(key = "VerificationPathChecker", name = "在构建路径名前对数据进行校验", description = "对输入数据进行校验", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault
@ -28,45 +30,66 @@ public class VerificationPathChecker extends SquidCheck<Grammar> {
@Override
public void init() {
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
this.subscribeTo(
CxxGrammarImpl.functionBody
);
this.subscribeTo(CxxGrammarImpl.functionBody);
}
public void visitNode(AstNode astNode) {
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.statement);
for (AstNode ast:descendants) {
List<AstNode> descendants1 = ast.getDescendants(CxxGrammarImpl.shiftExpression);
for (AstNode desc :descendants1) {
if("cin".equals(desc.getTokenValue())){
List<AstNode> children = desc.getChildren();
for (AstNode chil:children) {
if("IDENTIFIER".equals(chil.getName())){
if(chil.getTokenValue().toLowerCase().contains("path")){
boolean boo = true;
List<AstNode> exprs = astNode.getDescendants(CxxGrammarImpl.postfixExpression);
for (AstNode expr:exprs) {
if(expr.getTokenValue().contains("check") || expr.getTokenValue().contains("verify") || expr.getTokenValue().contains("valid")){
List<AstNode> astNodeList = expr.getDescendants(CxxGrammarImpl.expressionList);
for (AstNode asrList:astNodeList) {
if(chil.getTokenValue().equals(asrList.getTokenValue())){
boo = false;
}
for (AstNode ast : descendants) {
if (processAst(ast)) {
break;
}
}
}
private boolean processAst(AstNode ast) {
List<AstNode> innerDescendants = ast.getDescendants(CxxGrammarImpl.shiftExpression);
for (AstNode desc : innerDescendants) {
if ("cin".equals(desc.getTokenValue())) {
List<AstNode> children = desc.getChildren();
for (AstNode chil : children) {
if ("IDENTIFIER".equals(chil.getName())) {
if (chil.getTokenValue().toLowerCase().contains("path")) {
boolean boo = true;
List<AstNode> exprs = ast.getDescendants(CxxGrammarImpl.postfixExpression);
for (AstNode expr : exprs) {
if (expr.getTokenValue().contains("check") || expr.getTokenValue().contains("verify") || expr.getTokenValue().contains("valid")) {
List<AstNode> astNodeList = expr.getDescendants(CxxGrammarImpl.expressionList);
for (AstNode asrList : astNodeList) {
if (chil.getTokenValue().equals(asrList.getTokenValue())) {
boo = false;
}
}
}
if(boo){
getContext().createLineViolation(this, "在构建路径名前对数据进行校验", chil);
}
}
int lineNumber = chil.getTokenLine();
if (boo && isLineInFile(lineNumber)) {
getContext().createLineViolation(this, "在构建路径名前对数据进行校验", chil);
return true;
}
}
}
}
}
}
return false;
}
private boolean isLineInFile(int lineNumber) {
try {
int totalLines = countLines(getContext().getFile());
return lineNumber <= totalLines;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
public int countLines(File file) throws IOException {
try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
int lines = 0;
while (reader.readLine() != null) lines++;
return lines;
}
}
}

3
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.java
Unescape View File

@ -46,7 +46,7 @@ public class VirtualLockUsageChecker extends SquidCheck<Grammar> {
String varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
for (String keyword : keywords) {
if (varName.contains(keyword) && (!caches.containsKey(keyword) || !caches.get(keyword).containsKey(varName))) {
if (varName.equals(keyword) && (!caches.equals(keyword) || !caches.get(keyword).equals(varName))) {
caches.putIfAbsent(keyword, new HashMap<>());
caches.get(keyword).put(varName, astNode);
processNode(astNode, keyword);
@ -79,7 +79,6 @@ public class VirtualLockUsageChecker extends SquidCheck<Grammar> {
private void reportViolations() {
caches.values().forEach(cache ->
cache.values().forEach(item -> {
System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用VirtualLock()函数锁定存放敏感信息的内存");
getContext().createLineViolation(this, "特定字段未使用VirtualLock()函数锁定存放敏感信息的内存", item);
})
);

2
sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/VerificationPathCheckerTest.java
Unescape View File

@ -21,7 +21,7 @@ public class VerificationPathCheckerTest {
var tester = CxxFileTesterHelper.create("VerificationPathChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(12).withMessage("在构建路径名前对数据进行校验")
.next().atLine(11).withMessage("在构建路径名前对数据进行校验")
.noMore();
}
}

2
sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageCheckerTest.java
Unescape View File

@ -30,6 +30,8 @@ public class VirtualLockUsageCheckerTest {
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(8).withMessage("特定字段未使用VirtualLock()函数锁定存放敏感信息的内存")
.next().atLine(10).withMessage("特定字段未使用VirtualLock()函数锁定存放敏感信息的内存")
.next().atLine(12).withMessage("特定字段未使用VirtualLock()函数锁定存放敏感信息的内存")
.noMore();
}
}

5
sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/VerificationPathChecker.cc
Unescape View File

@ -3,12 +3,11 @@
using namespace std;
// 假设以下两个函数用于检查和验证路径
void checkPath(const std::string& path);
void verifyPath(const std::string& path);
void checkPath(const string& path);
void verifyPath(const string& path);
int main(){
string userPath;
cout << "Enter a path: ";
cin >> userPath;
// 在获取用户输入之后立即对其进行验证

6
sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.cc
Unescape View File

@ -7,9 +7,9 @@ int main() {
string add = "北京市"; //error
// string keyword2 = "北京市"; //error
//
// string keyword3 = "北京市"; //error
string keyword2 = "北京市"; //error
string keyword3 = "北京市"; //error
// 利用vector<char>管理内存
// vector<char> addressBuffer(add.begin(), add.end());

Write Preview
Loading…
Cancel
Save