sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化:解决空语句报错

Browse Source
master
RenFengJiang 6 months ago
parent f1f377f8c1
commit 86a14b9342
4 changed files with 57 additions and 44 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 43
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
  2. 4
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
  3. 15
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ValidatePasswordCheck.java
  4. 39
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.java

43
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
Unescape View File

@ -43,30 +43,33 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
@Override
public void visitNode(AstNode astNode) {
var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
if(varName.contains("password") && !cache.containsKey(varName)){
cache.put(varName, astNode);
var next = astNode.getNextAstNode();
while (next != null){
var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(callNode != null){
var callList = callNode.getDescendants(CxxGrammarImpl.className);
if(!callList.isEmpty()) {
var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
var name = item.getTokenOriginalValue();
return name != null && ("password".equals(name) || "salt".equals(name));
})){
cache.remove(varName);
AstNode descendant = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
if(descendant != null){
var varName =descendant.getTokenValue();
if(varName.contains("password") && !cache.containsKey(varName)){
cache.put(varName, astNode);
var next = astNode.getNextAstNode();
while (next != null){
var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(callNode != null){
var callList = callNode.getDescendants(CxxGrammarImpl.className);
if(!callList.isEmpty()) {
var funName = callList.get(callList.size() - 1).getTokenValue();
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
var name = item.getTokenValue();
return name != null && ("password".equals(name) || "salt".equals(name));
})){
cache.remove(varName);
}
}
}
next = next.getNextSibling();
}
next = next.getNextSibling();
cache.values().forEach(item->{
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
});
}
cache.values().forEach(item->{
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
});
}
}
}

4
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
Unescape View File

@ -61,7 +61,7 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
}
private AstNode findIfstreamNode(AstNode node) {
if (node.getToken() != null && "ifstream".equals(node.getTokenOriginalValue())) {
if (node.getToken() != null && "ifstream".equals(node.getTokenValue())) {
return node;
}
for (AstNode child : node.getChildren()) {
@ -105,7 +105,7 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
if (parameterDeclarationNode != null) {
AstNode identifierNode = parameterDeclarationNode.getFirstDescendant(GenericTokenType.IDENTIFIER);
if (identifierNode != null) {
String ifstreamParam = identifierNode.getTokenOriginalValue();
String ifstreamParam = identifierNode.getTokenValue();
if (!conditionVariables.contains(ifstreamParam)) {
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", ifstreamNode);
}

15
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ValidatePasswordCheck.java
Unescape View File

@ -40,12 +40,15 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
public void visitNode(AstNode astNode) {
AstNode functionNameNode = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
String functionName = functionNameNode.getTokenOriginalValue();
if(functionNameNode != null){
String functionName = functionNameNode.getTokenValue();
//检查函数是否为main
if ("main".equals(functionName)) {
checkPasswordValidationInMain(astNode);
//检查函数是否为main
if ("main".equals(functionName)) {
checkPasswordValidationInMain(astNode);
}
}
}
private void checkPasswordValidationInMain(AstNode mainFunctionNode) {
@ -58,7 +61,7 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
AstNode declaratorId = initDeclarator.getFirstDescendant(CxxGrammarImpl.declaratorId);
if (declaratorId != null) {
String variableName = declaratorId.getTokenOriginalValue();
String variableName = declaratorId.getTokenValue();
// 检查变量是否命名为password
if ("password".equalsIgnoreCase(variableName)) {
@ -79,7 +82,7 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
if (initializationValue != null) {
String passwordValue = initializationValue.getTokenOriginalValue();
String passwordValue = initializationValue.getTokenValue();
if (!passwordValue.matches(passwordRegex)) {
getContext().createLineViolation(this, "口令不匹配足够复杂度", initializationValue);

39
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.java
Unescape View File

@ -43,31 +43,38 @@ public class VirtualLockUsageChecker extends SquidCheck<Grammar> {
@Override
public void visitNode(AstNode astNode) {
String varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
AstNode descendant = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
if(descendant != null){
String varName = descendant.getTokenValue();
for (String keyword : keywords) {
if (varName.equals(keyword) && (!caches.equals(keyword) || !caches.get(keyword).equals(varName))) {
caches.putIfAbsent(keyword, new HashMap<>());
caches.get(keyword).put(varName, astNode);
processNode(astNode, keyword);
for (String keyword : keywords) {
if (varName.equals(keyword) && (!caches.equals(keyword) || !caches.get(keyword).equals(varName))) {
caches.putIfAbsent(keyword, new HashMap<>());
caches.get(keyword).put(varName, astNode);
processNode(astNode, keyword);
}
}
}
}
private void processNode(AstNode astNode, String keyword) {
String varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
AstNode descendant = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
if (descendant != null){
String varName = descendant.getTokenValue();
AstNode currentNode = astNode.getNextAstNode();
while (currentNode != null) {
AstNode callNode = currentNode.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if (callNode != null && callNode.getTokenOriginalValue().equalsIgnoreCase("VirtualLock")) {
List<AstNode> paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if (paramList.stream().anyMatch(item -> item.getTokenOriginalValue().contains(keyword))) {
caches.get(keyword).remove(varName);
break;
AstNode currentNode = astNode.getNextAstNode();
while (currentNode != null) {
AstNode callNode = currentNode.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if (callNode != null && callNode.getTokenValue().equalsIgnoreCase("VirtualLock")) {
List<AstNode> paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if (paramList.stream().anyMatch(item -> item.getTokenValue().contains(keyword))) {
caches.get(keyword).remove(varName);
break;
}
}
currentNode = currentNode.getNextSibling();
}
currentNode = currentNode.getNextSibling();
}
}

Write Preview
Loading…
Cancel
Save