|
|
|
@ -23,17 +23,19 @@ import java.util.List; |
|
|
|
|
*/ |
|
|
|
|
public class SecurityDesignRuleRepository implements RulesDefinition { |
|
|
|
|
public final static String REPOSITORY_KEY = "cxx-security-design-rules"; |
|
|
|
|
public final static String REPOSITORY_log_key = "log-security-design-rules"; |
|
|
|
|
public final static String REPOSITORY_LOG_KEY = "log-security-design-rules"; |
|
|
|
|
public final static String REPOSITORY_SQL_KEY = "sql-security-design-rules"; |
|
|
|
|
public final static String REPOSITORY_NAME = "C++信息安全性设计准则"; |
|
|
|
|
|
|
|
|
|
// 规则检查器的集合,当有新的规则开发完毕后,需要添加到下面的集合中
|
|
|
|
|
public final static List<Class> RULE_CHECKERS = Arrays.asList(ABCVarNameChecker.class,BufferDataChecker.class, CmdDataVerifyChecker.class, |
|
|
|
|
DLLVerifyChecker.class,EncryptionAlgorithmChecker.class,ErrorMessageChecker.class, |
|
|
|
|
FileAccessChecker.class,FormatFunctionCheck.class,FVNRPassWordChecker.class,FVNRShaChecker.class,HighEncryptDesChecker.class, |
|
|
|
|
HostIdentityVerifyChecker.class,IntegerCountVerifyChecker.class,LogChecker.class,LogFileWriteChecker.class,NumericalCopyChecker.class, |
|
|
|
|
HostIdentityVerifyChecker.class,IntegerCountVerifyChecker.class,LogFileWriteChecker.class,NumericalCopyChecker.class, |
|
|
|
|
PassWordCountChecker.class,PathVerifyChecker.class,PRNGVerifyChecker.class,ReallocMainChecker.class,SendMessageChecker.class, |
|
|
|
|
SQLVerifyChecker.class,UserInputPasswordChecker.class,ValidatePasswordCheck.class,VerificationPathChecker.class,VirtualLockUsageChecker.class); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public void define(Context context) { |
|
|
|
|
var repository = context.createRepository(REPOSITORY_KEY, CxxLanguage.KEY). |
|
|
|
@ -41,9 +43,14 @@ public class SecurityDesignRuleRepository implements RulesDefinition { |
|
|
|
|
new AnnotationBasedRulesDefinition(repository, CxxLanguage.KEY).addRuleClasses(false, RULE_CHECKERS); |
|
|
|
|
repository.done(); |
|
|
|
|
|
|
|
|
|
var repository1 = context.createRepository(REPOSITORY_log_key, LogLanguage.KEY). |
|
|
|
|
var repository1 = context.createRepository(REPOSITORY_LOG_KEY, LogLanguage.KEY). |
|
|
|
|
setName(REPOSITORY_NAME); |
|
|
|
|
new AnnotationBasedRulesDefinition(repository1, LogLanguage.KEY).addRuleClasses(false, RULE_CHECKERS); |
|
|
|
|
new AnnotationBasedRulesDefinition(repository1, LogLanguage.KEY).addRuleClasses(false, List.of(LogChecker.class)); |
|
|
|
|
repository1.done(); |
|
|
|
|
|
|
|
|
|
var repository2 = context.createRepository(REPOSITORY_SQL_KEY, CxxLanguage.KEY). |
|
|
|
|
setName(REPOSITORY_NAME); |
|
|
|
|
new AnnotationBasedRulesDefinition(repository2, CxxLanguage.KEY).addRuleClasses(false, List.of(SqlVarNameChecker.class)); |
|
|
|
|
repository2.done(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|