cxx添加扫描规则以及log文件扫描配置

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignRuleRepository.java

@@ -23,17 +23,19 @@ import java.util.List;
  */
 public class SecurityDesignRuleRepository implements RulesDefinition {
     public final static String REPOSITORY_KEY = "cxx-security-design-rules";
-    public final static String REPOSITORY_log_key = "log-security-design-rules";
+    public final static String REPOSITORY_LOG_KEY = "log-security-design-rules";
+    public final static String REPOSITORY_SQL_KEY = "sql-security-design-rules";
     public final static String REPOSITORY_NAME = "C++信息安全性设计准则";
 
     // 规则检查器的集合，当有新的规则开发完毕后，需要添加到下面的集合中
     public final static List<Class> RULE_CHECKERS = Arrays.asList(ABCVarNameChecker.class,BufferDataChecker.class, CmdDataVerifyChecker.class,
              DLLVerifyChecker.class,EncryptionAlgorithmChecker.class,ErrorMessageChecker.class,
             FileAccessChecker.class,FormatFunctionCheck.class,FVNRPassWordChecker.class,FVNRShaChecker.class,HighEncryptDesChecker.class,
-            HostIdentityVerifyChecker.class,IntegerCountVerifyChecker.class,LogChecker.class,LogFileWriteChecker.class,NumericalCopyChecker.class,
+            HostIdentityVerifyChecker.class,IntegerCountVerifyChecker.class,LogFileWriteChecker.class,NumericalCopyChecker.class,
             PassWordCountChecker.class,PathVerifyChecker.class,PRNGVerifyChecker.class,ReallocMainChecker.class,SendMessageChecker.class,
             SQLVerifyChecker.class,UserInputPasswordChecker.class,ValidatePasswordCheck.class,VerificationPathChecker.class,VirtualLockUsageChecker.class);
 
+
     @Override
     public void define(Context context) {
         var repository = context.createRepository(REPOSITORY_KEY, CxxLanguage.KEY).
@@ -41,9 +43,14 @@ public class SecurityDesignRuleRepository implements RulesDefinition {
         new AnnotationBasedRulesDefinition(repository, CxxLanguage.KEY).addRuleClasses(false, RULE_CHECKERS);
         repository.done();
 
-        var repository1 = context.createRepository(REPOSITORY_log_key, LogLanguage.KEY).
+        var repository1 = context.createRepository(REPOSITORY_LOG_KEY, LogLanguage.KEY).
                 setName(REPOSITORY_NAME);
-        new AnnotationBasedRulesDefinition(repository1, LogLanguage.KEY).addRuleClasses(false, RULE_CHECKERS);
+        new AnnotationBasedRulesDefinition(repository1, LogLanguage.KEY).addRuleClasses(false, List.of(LogChecker.class));
         repository1.done();
+
+        var repository2 = context.createRepository(REPOSITORY_SQL_KEY, CxxLanguage.KEY).
+                setName(REPOSITORY_NAME);
+        new AnnotationBasedRulesDefinition(repository2, CxxLanguage.KEY).addRuleClasses(false, List.of(SqlVarNameChecker.class));
+        repository2.done();
     }
 }

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignWayProfile.java

@@ -22,7 +22,7 @@ public class SecurityDesignWayProfile implements BuiltInQualityProfilesDefinitio
     @Override
     public void define(Context context) {
         var way = context.createBuiltInQualityProfile("C++信息安全性设计准则", CxxLanguage.KEY);
-        way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ABCVarNameChecker");
+        //way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ABCVarNameChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "BufferDataChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "CmdDataVerifyChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "DLLVerifyChecker");
@@ -42,7 +42,6 @@ public class SecurityDesignWayProfile implements BuiltInQualityProfilesDefinitio
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "PRNGVerifyChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ReallocMainChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "SendMessageChecker");
-        way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "FlagLine1Rule");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "SQLVerifyChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "UserInputPasswordChecker");
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ValidatePasswordCheck");
@@ -50,8 +49,8 @@ public class SecurityDesignWayProfile implements BuiltInQualityProfilesDefinitio
         way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "VirtualLockUsageChecker");
         way.done();
 
-        var way1 = context.createBuiltInQualityProfile("LogLanguage信息安全性设计准则", LogLanguage.KEY);
-        way1.activateRule(SecurityDesignRuleRepository.REPOSITORY_log_key, "LogChecker");
+        var way1 = context.createBuiltInQualityProfile("log信息安全性设计准则", LogLanguage.KEY);
+        way1.activateRule(SecurityDesignRuleRepository.REPOSITORY_LOG_KEY, "LogChecker");
         way1.done();
     }
 }