diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java new file mode 100644 index 0000000..45664aa --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:C++ 信息安全性设计准则 + * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ +package com.keyware.sonar.cxx.rules.checkers; + + + +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; + +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import java.util.HashMap; +import java.util.Map; + +/** + * TODO 应使用单向加密算法对口令进行加密并存储 + * + * @author WuHaoYang + * @date 2024/1/18 + */ +@Rule(key = "EncryptionAlgorithmChecker", name = "应使用单向加密算法对口令进行加密并存储", description = "应使用单向加密算法对口令进行加密并存储", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class EncryptionAlgorithmChecker extends SquidCheck { + + private Map cache = new HashMap<>(); + + @Override + public void init() { + subscribeTo( + CxxGrammarImpl.declarationStatement + ); + } + + + @Override + public void visitNode(AstNode astNode) { + var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue(); + if(varName.contains("password") && !cache.containsKey(varName)){ + cache.put(varName, astNode); + var next = astNode.getNextAstNode(); + while (next != null){ + var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression); + if(callNode != null){ + var callList = callNode.getDescendants(CxxGrammarImpl.className); + var funName = callList.get(callList.size() - 1).getTokenOriginalValue(); + var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList); + if("generateHash".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> { + var name = item.getTokenOriginalValue(); + return name != null && name.contains("password"); + })){ + cache.remove(varName); + break; + } + } + next = next.getNextSibling(); + } + cache.values().forEach(item->{ + System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用VirtualLock()函数锁定存放敏感信息的内存"); + getContext().createLineViolation(this, "特定字段未使用VirtualLock()函数锁定存放敏感信息的内存", item); + }); + } + } +} diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java index e8d1b59..237e154 100644 --- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SendMessageChecker.java @@ -1,10 +1,9 @@ /* * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 项目名称:C++ 信息安全性设计准则 + * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 */ - package com.keyware.sonar.cxx.rules.checkers; import com.sonar.cxx.sslr.api.AstNode; diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java new file mode 100644 index 0000000..03ddd5b --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:C++ 信息安全性设计准则 + * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO EncryptionAlgorithmCheckerTest + * + * @author WuHaoYang + * @date 2024/1/18 + */ + +public class EncryptionAlgorithmCheckerTest { + + @Test + public void checkTest() throws IOException { + var checker = new EncryptionAlgorithmChecker(); + var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().atLine(8).withMessage("特定字段未使用VirtualLock()函数锁定存放敏感信息的内存") + .noMore(); + } + + +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/SendMessageCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/SendMessageCheckerTest.java index 992ef40..db0b9d4 100644 --- a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/SendMessageCheckerTest.java +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/SendMessageCheckerTest.java @@ -1,10 +1,9 @@ /* * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. - * 项目名称:信息安全性设计准则检查插件 - * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 项目名称:C++ 信息安全性设计准则 + * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 */ - package com.keyware.sonar.cxx.rules.checkers; import com.keyware.sonar.cxx.CxxFileTesterHelper; diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc new file mode 100644 index 0000000..39c09cb --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc @@ -0,0 +1,13 @@ +#include +#include +#include +using namespace std; + +int main() +{ + string password = "abc123"; // 初始化密码 + +// string hashedPassword = BCrypt::generateHash(password); // bcrypt 密码 + + return 0; +} \ No newline at end of file