优化:解决空语句报错

master
RenFengJiang 8 months ago
parent f1f377f8c1
commit 86a14b9342
  1. 43
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
  2. 4
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FileAccessChecker.java
  3. 15
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ValidatePasswordCheck.java
  4. 39
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VirtualLockUsageChecker.java

@ -43,30 +43,33 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
@Override @Override
public void visitNode(AstNode astNode) { public void visitNode(AstNode astNode) {
var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); AstNode descendant = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
if(varName.contains("password") && !cache.containsKey(varName)){ if(descendant != null){
cache.put(varName, astNode); var varName =descendant.getTokenValue();
var next = astNode.getNextAstNode(); if(varName.contains("password") && !cache.containsKey(varName)){
while (next != null){ cache.put(varName, astNode);
var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression); var next = astNode.getNextAstNode();
if(callNode != null){ while (next != null){
var callList = callNode.getDescendants(CxxGrammarImpl.className); var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(!callList.isEmpty()) { if(callNode != null){
var funName = callList.get(callList.size() - 1).getTokenOriginalValue(); var callList = callNode.getDescendants(CxxGrammarImpl.className);
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); if(!callList.isEmpty()) {
if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> { var funName = callList.get(callList.size() - 1).getTokenValue();
var name = item.getTokenOriginalValue(); var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
return name != null && ("password".equals(name) || "salt".equals(name)); if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
})){ var name = item.getTokenValue();
cache.remove(varName); return name != null && ("password".equals(name) || "salt".equals(name));
})){
cache.remove(varName);
}
} }
} }
next = next.getNextSibling();
} }
next = next.getNextSibling(); cache.values().forEach(item->{
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
});
} }
cache.values().forEach(item->{
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
});
} }
} }
} }

@ -61,7 +61,7 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
} }
private AstNode findIfstreamNode(AstNode node) { private AstNode findIfstreamNode(AstNode node) {
if (node.getToken() != null && "ifstream".equals(node.getTokenOriginalValue())) { if (node.getToken() != null && "ifstream".equals(node.getTokenValue())) {
return node; return node;
} }
for (AstNode child : node.getChildren()) { for (AstNode child : node.getChildren()) {
@ -105,7 +105,7 @@ public class FileAccessChecker extends SquidCheck<Grammar> {
if (parameterDeclarationNode != null) { if (parameterDeclarationNode != null) {
AstNode identifierNode = parameterDeclarationNode.getFirstDescendant(GenericTokenType.IDENTIFIER); AstNode identifierNode = parameterDeclarationNode.getFirstDescendant(GenericTokenType.IDENTIFIER);
if (identifierNode != null) { if (identifierNode != null) {
String ifstreamParam = identifierNode.getTokenOriginalValue(); String ifstreamParam = identifierNode.getTokenValue();
if (!conditionVariables.contains(ifstreamParam)) { if (!conditionVariables.contains(ifstreamParam)) {
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", ifstreamNode); getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", ifstreamNode);
} }

@ -40,12 +40,15 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
public void visitNode(AstNode astNode) { public void visitNode(AstNode astNode) {
AstNode functionNameNode = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId); AstNode functionNameNode = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
String functionName = functionNameNode.getTokenOriginalValue(); if(functionNameNode != null){
String functionName = functionNameNode.getTokenValue();
//检查函数是否为main //检查函数是否为main
if ("main".equals(functionName)) { if ("main".equals(functionName)) {
checkPasswordValidationInMain(astNode); checkPasswordValidationInMain(astNode);
}
} }
} }
private void checkPasswordValidationInMain(AstNode mainFunctionNode) { private void checkPasswordValidationInMain(AstNode mainFunctionNode) {
@ -58,7 +61,7 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
AstNode declaratorId = initDeclarator.getFirstDescendant(CxxGrammarImpl.declaratorId); AstNode declaratorId = initDeclarator.getFirstDescendant(CxxGrammarImpl.declaratorId);
if (declaratorId != null) { if (declaratorId != null) {
String variableName = declaratorId.getTokenOriginalValue(); String variableName = declaratorId.getTokenValue();
// 检查变量是否命名为password // 检查变量是否命名为password
if ("password".equalsIgnoreCase(variableName)) { if ("password".equalsIgnoreCase(variableName)) {
@ -79,7 +82,7 @@ public class ValidatePasswordCheck extends SquidCheck<Grammar> {
if (initializationValue != null) { if (initializationValue != null) {
String passwordValue = initializationValue.getTokenOriginalValue(); String passwordValue = initializationValue.getTokenValue();
if (!passwordValue.matches(passwordRegex)) { if (!passwordValue.matches(passwordRegex)) {
getContext().createLineViolation(this, "口令不匹配足够复杂度", initializationValue); getContext().createLineViolation(this, "口令不匹配足够复杂度", initializationValue);

@ -43,31 +43,38 @@ public class VirtualLockUsageChecker extends SquidCheck<Grammar> {
@Override @Override
public void visitNode(AstNode astNode) { public void visitNode(AstNode astNode) {
String varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); AstNode descendant = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
if(descendant != null){
String varName = descendant.getTokenValue();
for (String keyword : keywords) { for (String keyword : keywords) {
if (varName.equals(keyword) && (!caches.equals(keyword) || !caches.get(keyword).equals(varName))) { if (varName.equals(keyword) && (!caches.equals(keyword) || !caches.get(keyword).equals(varName))) {
caches.putIfAbsent(keyword, new HashMap<>()); caches.putIfAbsent(keyword, new HashMap<>());
caches.get(keyword).put(varName, astNode); caches.get(keyword).put(varName, astNode);
processNode(astNode, keyword); processNode(astNode, keyword);
}
} }
} }
} }
private void processNode(AstNode astNode, String keyword) { private void processNode(AstNode astNode, String keyword) {
String varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); AstNode descendant = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId);
if (descendant != null){
String varName = descendant.getTokenValue();
AstNode currentNode = astNode.getNextAstNode(); AstNode currentNode = astNode.getNextAstNode();
while (currentNode != null) { while (currentNode != null) {
AstNode callNode = currentNode.getFirstDescendant(CxxGrammarImpl.postfixExpression); AstNode callNode = currentNode.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if (callNode != null && callNode.getTokenOriginalValue().equalsIgnoreCase("VirtualLock")) { if (callNode != null && callNode.getTokenValue().equalsIgnoreCase("VirtualLock")) {
List<AstNode> paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); List<AstNode> paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if (paramList.stream().anyMatch(item -> item.getTokenOriginalValue().contains(keyword))) { if (paramList.stream().anyMatch(item -> item.getTokenValue().contains(keyword))) {
caches.get(keyword).remove(varName); caches.get(keyword).remove(varName);
break; break;
}
} }
currentNode = currentNode.getNextSibling();
} }
currentNode = currentNode.getNextSibling();
} }
} }

Loading…
Cancel
Save