diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java new file mode 100644 index 0000000..c63f787 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import javax.annotation.Nonnull; +import java.util.List; + +/** + * TODO 应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法 + * + * @author RenFengJiang + * @date 2024/1/23 + */ +@Rule(key = "PRNGVerifyChecker", name = "应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法", description = "使用目前被业界专家认为较强的经过良好审核的加密PRNG算法,初始化随机数生成器时使用具有足够长度且不固定的种子", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class PRNGVerifyChecker extends SquidCheck { + + List lists = List.of("minstd_rand0","minstd_rand","mt19937","mt19937_64","ranlux24_base","ranlux48_base","ranlux24","ranlux48","knuth_b"); + @Override + public void init() { + // 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点 + this.subscribeTo( + CxxGrammarImpl.declarationStatement + ); + } + + /** + * 访问AST节点 + * + * @param node 要处理的AST节点,该节点类型为通过subscribeTo方法订阅的类型 + */ + @Override + public void visitNode(@Nonnull AstNode node) { + List descendants = node.getDescendants(CxxGrammarImpl.typeName); + for (AstNode desc:descendants) { + if(lists.contains(desc.getTokenValue())){ + getContext().createLineViolation(this, "应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法", node); + break; + } + } + + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java new file mode 100644 index 0000000..090e9e7 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyCheckerTest.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO PRNGVerifyCheckerTest + * + * @author RenFengJiang + * @date 2024/1/23 + */ +public class PRNGVerifyCheckerTest { + + @Test + public void checkTest() throws IOException { + var checker = new PRNGVerifyChecker(); + var tester = CxxFileTesterHelper.create("PRNGVerifyChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().atLine(4).withMessage("应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法") + .next().atLine(6).withMessage("应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法") + .next().atLine(8).withMessage("应使用目前被业界专家认为较强的经过良好审核的加密PRNG算法") + .noMore(); + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc new file mode 100644 index 0000000..4d9d4c6 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PRNGVerifyChecker.cc @@ -0,0 +1,10 @@ +int main(){ + std::mt19937 generator(time(0)); // mt19937是32比特的 + std::cout << generator() << std::endl; + std::ranlux24_base generator(time(0)); // ranlux24_base是24比特的 + std::cout << generator() << std::endl; + std::knuth_b generator(time(0)); + std::cout << generator() << std::endl; + + return 0; +} \ No newline at end of file diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java index baec100..c1a0251 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ABCVarNameChecker.java @@ -15,7 +15,7 @@ import java.util.Collections; import java.util.List; /** - * TODO ABCVarNameChecker + * Test * * @author GuoXin * @date 2024/1/6 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java index 8b94dbe..87bce29 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AuthenticationChecker.java @@ -18,8 +18,7 @@ import java.util.*; /** - * TODO 通过用户名口令、数据证书等其他手段对用户身份进行验证。 - * AuthenticationChecker + * 通过用户名口令、数据证书等其他手段对用户身份进行验证。 * * @author WuHaoYang * @date 2024/1/23 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AvoidSensitiveInfoInLogsCheck.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AvoidSensitiveInfoInLogsCheck.java index 6fa6ffe..8479c81 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AvoidSensitiveInfoInLogsCheck.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/AvoidSensitiveInfoInLogsCheck.java @@ -12,7 +12,12 @@ import org.sonar.plugins.java.api.semantic.Symbol; import org.sonar.plugins.java.api.tree.*; import java.util.*; - +/** + * 日志中包含敏感信息 + * + * @author WuHaoYang + * @date 2024/1/23 + */ @Rule(key = "AvoidSensitiveInfoInLogsCheck") public class AvoidSensitiveInfoInLogsCheck extends IssuableSubscriptionVisitor { diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java index c4342ff..b8e4257 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigCheck.java @@ -12,7 +12,7 @@ import org.sonar.api.batch.sensor.SensorContext; import org.sonar.api.rule.RuleKey; /** - * TODO ConfigCheck + * ConfigCheck * * @author RenFengJiang * @date 2024/1/23 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java index d87578c..2646b78 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/ConfigurationFileChecker.java @@ -29,7 +29,7 @@ import java.util.Scanner; /** - * TODO ConfigurationFileChecker + * 禁止在容易受攻击的地方明文存储口令密码 * * @author WuHaoYang * @date 2024/1/22 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/CookieSensitiveParameterCheck.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/CookieSensitiveParameterCheck.java index c7dd97a..61614bd 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/CookieSensitiveParameterCheck.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/CookieSensitiveParameterCheck.java @@ -15,6 +15,12 @@ import org.sonar.plugins.java.api.IssuableSubscriptionVisitor; import java.util.*; +/** + * Cookie参数设置中包含敏感字段 + * + * @author WuHaoYang + * @date 2024/1/22 + */ @Rule(key = "CookieSensitiveParameterCheck") public class CookieSensitiveParameterCheck extends IssuableSubscriptionVisitor { diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java index f57f3b1..094a3cb 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/DynamicCodeChecker.java @@ -16,7 +16,12 @@ import java.util.List; @Rule(key = "DynamicCodeChecker") - +/** + * 程序设计时禁止动态构建代码进行功能实现 + * + * @author renfengshan + * @date 2024/1/22 + */ //检测代码中包含动态代码执行操作时,工具进行提示 public class DynamicCodeChecker extends IssuableSubscriptionVisitor { diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java index d0145dd..f0bd642 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HashSaltPassWordChecker.java @@ -19,7 +19,7 @@ import java.util.Collections; import java.util.List; /** - * TODO HashSaltPassWordChecker + * 应使用盐值计算口令 * * @author RenFengJiang * @date 2024/1/11 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java index 75a8928..8319b56 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java @@ -20,7 +20,7 @@ import java.util.Collections; import java.util.List; /** - * TODO HttpInputDataChecker + * HTTP输入数据验证 * * @author RenFengJiang * @date 2024/1/12 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/InputSQLVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/InputSQLVerifyChecker.java index cec7585..b47c471 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/InputSQLVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/InputSQLVerifyChecker.java @@ -18,7 +18,7 @@ import java.util.Collections; import java.util.List; /** - * TODO InputSQLVerifyChecker + * 使用sql语句前应对其进行验证 * * @author RenFengJiang * @date 2024/1/14 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java index 6f2d85f..a69d8c9 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/Md5PassWordVerifyChecker.java @@ -20,7 +20,7 @@ import java.util.List; import java.util.Locale; /** - * TODO Md5PassWordVerifyChecker + * 应使用单向不可逆的加密算法 * * @author RenFengJiang * @date 2024/1/13 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java index 3c98438..c4652d0 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/RSAEncryptionChecker.java @@ -17,7 +17,7 @@ import java.util.Collections; import java.util.List; /** - * TODO RSAEncryptionChecker + * 使用RSA最优加密填充 * * @author RenFengJiang * @date 2024/1/11 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java index 1dd3e4e..7896e7c 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SecurityCookieChecker.java @@ -14,7 +14,7 @@ import java.util.Collections; import java.util.List; /** - * TODO SecurityCookieChecker + * 设置HTTPS会话中cookie的安全属性 * * @author RenFengJiang * @date 2024/1/10 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SendMessageVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SendMessageVerifyChecker.java index 6146324..ac0d253 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SendMessageVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SendMessageVerifyChecker.java @@ -22,7 +22,7 @@ import java.util.List; * 发送信息规则检查 * 检测类似发送信息的函数中的参数是否敏感信息,如敏感信息的字段 * 1.获取到方法调用节点 - * 2. + * 2.对获取到的节点进行判断 * * @author RenFengJiang * @date 2024/1/20 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java index 114bde9..ee49984 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/SessionDateChecker.java @@ -21,7 +21,7 @@ import java.util.Map; import java.util.Scanner; /** - * TODO SessionDateChecker + * 设置会话过期的日期 * * @author RenFengJiang * @date 2024/1/22 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java index 9feace8..4bdb220 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UploadFileVerifyChecker.java @@ -14,7 +14,7 @@ import java.util.Collections; import java.util.List; /** - * TODO 上传文件检查规则 + * 上传文件检查规则 * * @author RenFengJiang * @date 2024/1/8 diff --git a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java index 9e7726a..9394a5a 100644 --- a/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java +++ b/sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/UpperCycleLimitRuleChecker.java @@ -13,7 +13,12 @@ import org.sonar.plugins.java.api.tree.*; import java.util.List; - +/** + * 规定循环次数的上限,在将用户输入的数据用于循环条件前进行验证用户输入的数据是否超过上限 + * + * @author renfengshan + * @date 2024/1/8 + */ @Rule(key = "UpperCycleLimitRuleChecker") public class UpperCycleLimitRuleChecker extends IssuableSubscriptionVisitor { @Override