修复:使用realloc函数前应先清空敏感信息规则检查误报的问题

wuhaoyang
Guo XIn 10 months ago
parent 9211d5e728
commit 7355607511
  1. 2
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.java
  2. 3
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.cc

@ -27,7 +27,7 @@ import java.util.List;
* @author RenFengJiang * @author RenFengJiang
* @date 2024/1/13 * @date 2024/1/13
*/ */
@Rule(key = "ReallocMainChecker", name = "使用realloc函数前应先清敏感信息", description = "使用realloc()函数前先清空该内存块中的敏感信息", priority = Priority.INFO, tags = {"28suo"}) @Rule(key = "ReallocMainChecker", name = "使用realloc函数前应先清敏感信息", description = "使用realloc()函数前先清空该内存块中的敏感信息", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault @ActivatedByDefault
@SqaleConstantRemediation("5min") @SqaleConstantRemediation("5min")
public class ReallocMainChecker extends SquidCheck<Grammar> { public class ReallocMainChecker extends SquidCheck<Grammar> {

@ -24,7 +24,8 @@ int main() {
// C++ 中使用 new 进行重新分配 // C++ 中使用 new 进行重新分配
User* tempUsers = new User[10]; User* tempUsers = new User[10];
if (users != nullptr) { if (users != nullptr) {
std::memcpy(tempUsers, users, 5 * sizeof(User)); // 复制已有数据到新内存 users = (User*)realloc(users, 10 * sizeof(User));
//std::memcpy(tempUsers, users, 5 * sizeof(User)); // 复制已有数据到新内存
delete[] users; // 释放旧内存 delete[] users; // 释放旧内存
} }
users = tempUsers; users = tempUsers;

Loading…
Cancel
Save