修复：使用realloc函数前应先清空敏感信息规则检查误报的问题

10 months ago · 7355607511
parent 9211d5e728
commit 7355607511
2 changed files with 3 additions and 2 deletions
--- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.java
+++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.java
@ -27,7 +27,7 @@ import java.util.List;
 * @author RenFengJiang
 * @date 2024/1/13
 */
-@Rule(key = "ReallocMainChecker", name = "使用realloc函数前应先清楚敏感信息", description = "使用realloc()函数前先清空该内存块中的敏感信息", priority = Priority.INFO, tags = {"28suo"})
+@Rule(key = "ReallocMainChecker", name = "使用realloc函数前应先清空敏感信息", description = "使用realloc()函数前先清空该内存块中的敏感信息", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault
@SqaleConstantRemediation("5min")
 public class ReallocMainChecker extends SquidCheck<Grammar> {
--- a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.cc
+++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.cc
@ -24,7 +24,8 @@ int main() {
    // C++ 中使用 new 进行重新分配
    User* tempUsers = new User[10];
    if (users != nullptr) {
-        std::memcpy(tempUsers, users, 5 * sizeof(User)); // 复制已有数据到新内存
+        users = (User*)realloc(users, 10 * sizeof(User));
        //std::memcpy(tempUsers, users, 5 * sizeof(User)); // 复制已有数据到新内存
        delete[] users; // 释放旧内存
    }
    users = tempUsers;