From 6bc841bd707eee3ef7bd4833e9fbffef286337dd Mon Sep 17 00:00:00 2001 From: wuhaoyang <2507865306@qq.com> Date: Wed, 7 Feb 2024 17:10:41 +0800 Subject: [PATCH] =?UTF-8?q?cxx=E6=B7=BB=E5=8A=A0=E6=89=AB=E6=8F=8F?= =?UTF-8?q?=E8=A7=84=E5=88=99=E4=BB=A5=E5=8F=8Alog=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E6=89=AB=E6=8F=8F=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cxx/rules/SecurityDesignRuleRepository.java | 15 +++++++++++---- .../sonar/cxx/rules/SecurityDesignWayProfile.java | 7 +++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignRuleRepository.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignRuleRepository.java index 6c824ba..84443f6 100644 --- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignRuleRepository.java +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignRuleRepository.java @@ -23,17 +23,19 @@ import java.util.List; */ public class SecurityDesignRuleRepository implements RulesDefinition { public final static String REPOSITORY_KEY = "cxx-security-design-rules"; - public final static String REPOSITORY_log_key = "log-security-design-rules"; + public final static String REPOSITORY_LOG_KEY = "log-security-design-rules"; + public final static String REPOSITORY_SQL_KEY = "sql-security-design-rules"; public final static String REPOSITORY_NAME = "C++信息安全性设计准则"; // 规则检查器的集合,当有新的规则开发完毕后,需要添加到下面的集合中 public final static List RULE_CHECKERS = Arrays.asList(ABCVarNameChecker.class,BufferDataChecker.class, CmdDataVerifyChecker.class, DLLVerifyChecker.class,EncryptionAlgorithmChecker.class,ErrorMessageChecker.class, FileAccessChecker.class,FormatFunctionCheck.class,FVNRPassWordChecker.class,FVNRShaChecker.class,HighEncryptDesChecker.class, - HostIdentityVerifyChecker.class,IntegerCountVerifyChecker.class,LogChecker.class,LogFileWriteChecker.class,NumericalCopyChecker.class, + HostIdentityVerifyChecker.class,IntegerCountVerifyChecker.class,LogFileWriteChecker.class,NumericalCopyChecker.class, PassWordCountChecker.class,PathVerifyChecker.class,PRNGVerifyChecker.class,ReallocMainChecker.class,SendMessageChecker.class, SQLVerifyChecker.class,UserInputPasswordChecker.class,ValidatePasswordCheck.class,VerificationPathChecker.class,VirtualLockUsageChecker.class); + @Override public void define(Context context) { var repository = context.createRepository(REPOSITORY_KEY, CxxLanguage.KEY). @@ -41,9 +43,14 @@ public class SecurityDesignRuleRepository implements RulesDefinition { new AnnotationBasedRulesDefinition(repository, CxxLanguage.KEY).addRuleClasses(false, RULE_CHECKERS); repository.done(); - var repository1 = context.createRepository(REPOSITORY_log_key, LogLanguage.KEY). + var repository1 = context.createRepository(REPOSITORY_LOG_KEY, LogLanguage.KEY). setName(REPOSITORY_NAME); - new AnnotationBasedRulesDefinition(repository1, LogLanguage.KEY).addRuleClasses(false, RULE_CHECKERS); + new AnnotationBasedRulesDefinition(repository1, LogLanguage.KEY).addRuleClasses(false, List.of(LogChecker.class)); repository1.done(); + + var repository2 = context.createRepository(REPOSITORY_SQL_KEY, CxxLanguage.KEY). + setName(REPOSITORY_NAME); + new AnnotationBasedRulesDefinition(repository2, CxxLanguage.KEY).addRuleClasses(false, List.of(SqlVarNameChecker.class)); + repository2.done(); } } diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignWayProfile.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignWayProfile.java index d9994b0..e53f57d 100644 --- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignWayProfile.java +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/SecurityDesignWayProfile.java @@ -22,7 +22,7 @@ public class SecurityDesignWayProfile implements BuiltInQualityProfilesDefinitio @Override public void define(Context context) { var way = context.createBuiltInQualityProfile("C++信息安全性设计准则", CxxLanguage.KEY); - way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ABCVarNameChecker"); + //way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ABCVarNameChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "BufferDataChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "CmdDataVerifyChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "DLLVerifyChecker"); @@ -42,7 +42,6 @@ public class SecurityDesignWayProfile implements BuiltInQualityProfilesDefinitio way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "PRNGVerifyChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ReallocMainChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "SendMessageChecker"); - way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "FlagLine1Rule"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "SQLVerifyChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "UserInputPasswordChecker"); way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "ValidatePasswordCheck"); @@ -50,8 +49,8 @@ public class SecurityDesignWayProfile implements BuiltInQualityProfilesDefinitio way.activateRule(SecurityDesignRuleRepository.REPOSITORY_KEY, "VirtualLockUsageChecker"); way.done(); - var way1 = context.createBuiltInQualityProfile("LogLanguage信息安全性设计准则", LogLanguage.KEY); - way1.activateRule(SecurityDesignRuleRepository.REPOSITORY_log_key, "LogChecker"); + var way1 = context.createBuiltInQualityProfile("log信息安全性设计准则", LogLanguage.KEY); + way1.activateRule(SecurityDesignRuleRepository.REPOSITORY_LOG_KEY, "LogChecker"); way1.done(); } }