parent
a6bac91163
commit
8b351b1859
@ -0,0 +1,106 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx.rules.checkers; |
||||
|
||||
import com.sonar.cxx.sslr.api.AstNode; |
||||
import com.sonar.cxx.sslr.api.Grammar; |
||||
import com.sun.source.tree.ExpressionTree; |
||||
import org.sonar.check.Priority; |
||||
import org.sonar.check.Rule; |
||||
import org.sonar.cxx.parser.CxxGrammarImpl; |
||||
import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
||||
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
||||
import org.sonar.cxx.squidbridge.api.CheckMessage; |
||||
import org.sonar.cxx.squidbridge.api.SourceFile; |
||||
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
||||
|
||||
import java.util.List; |
||||
|
||||
/** |
||||
* 在访问文件或目录前对路径名进行验证 |
||||
* |
||||
* @author GuoXin |
||||
* @date 2024/1/6 |
||||
*/ |
||||
|
||||
@Rule(key = "FileAccessChecker", name = "在访问文件或目录前对路径名进行验证", description = "在访问文件或目录前对路径名进行验证", priority = Priority.INFO, tags = {"28suo"}) |
||||
@ActivatedByDefault |
||||
@SqaleConstantRemediation("5min") |
||||
public class FileAccessChecker extends SquidCheck<Grammar> { |
||||
private boolean filePathChecked = false; |
||||
|
||||
@Override |
||||
public void init() { |
||||
subscribeTo(CxxGrammarImpl.selectionStatement, CxxGrammarImpl.declaration, CxxGrammarImpl.statement); |
||||
} |
||||
|
||||
@Override |
||||
public void visitNode(AstNode astNode) { |
||||
if (astNode.is(CxxGrammarImpl.selectionStatement)) { |
||||
checkIfStatement(astNode); |
||||
} else if (astNode.is(CxxGrammarImpl.declaration)) { |
||||
checkDeclaration(astNode); |
||||
} else if (astNode.is(CxxGrammarImpl.statement)) { |
||||
checkStatement(astNode); |
||||
} |
||||
} |
||||
|
||||
private void checkIfStatement(AstNode ifStatement) { |
||||
AstNode condition = ifStatement.getFirstChild(CxxGrammarImpl.condition); |
||||
|
||||
if (containsFilePathCheck(condition)) { |
||||
filePathChecked = true; |
||||
} |
||||
} |
||||
|
||||
private void checkDeclaration(AstNode declaration) { |
||||
AstNode declaratorNode = declaration.getFirstDescendant(CxxGrammarImpl.declarator); |
||||
|
||||
if (declaratorNode != null) { |
||||
String variableName = declaratorNode.getTokenOriginalValue(); |
||||
|
||||
if ("filePath".equals(variableName)) { |
||||
if (!filePathChecked) { |
||||
System.out.println("在访问文件或目录前需要对路径名进行验证:"+variableName); |
||||
getContext().createLineViolation(this, "在访问文件或目录前需要对路径名进行验证", declaratorNode); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
|
||||
private void checkStatement(AstNode statement) { |
||||
AstNode condition = statement.getFirstChild(CxxGrammarImpl.condition); |
||||
|
||||
if (containsFilePathCheck(condition)) { |
||||
filePathChecked = true; |
||||
} |
||||
} |
||||
|
||||
private boolean containsFilePathCheck(AstNode condition) { |
||||
return recursiveCheck(condition); |
||||
} |
||||
|
||||
private boolean recursiveCheck(AstNode node) { |
||||
if (node == null) { |
||||
return false; |
||||
} |
||||
if (node.is(CxxGrammarImpl.identifierList)) { |
||||
// 如果是标识符,检查是否是 filePath
|
||||
String identifierName = node.getTokenOriginalValue(); |
||||
return "filePath".equals(identifierName); |
||||
} else { |
||||
// 递归检查子节点
|
||||
for (AstNode child : node.getChildren()) { |
||||
if (recursiveCheck(child)) { |
||||
return true; |
||||
} |
||||
} |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
} |
@ -0,0 +1,33 @@ |
||||
/* |
||||
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
||||
* 项目名称:C++ 信息安全性设计准则 |
||||
* 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 |
||||
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
||||
*/ |
||||
package com.keyware.sonar.cxx.rules.checkers; |
||||
|
||||
import com.keyware.sonar.cxx.CxxFileTesterHelper; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.sonar.cxx.CxxAstScanner; |
||||
import org.sonar.cxx.squidbridge.api.SourceFile; |
||||
import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; |
||||
|
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* TODO FileAccessCheckerTest |
||||
* |
||||
* @author WuHaoYang |
||||
* @date 2024/1/15 |
||||
*/ |
||||
public class FileAccessCheckerTest { |
||||
@Test |
||||
public void checkTest() throws IOException { |
||||
var checker = new FileAccessChecker(); |
||||
var tester = CxxFileTesterHelper.create("FileAccessChecker.cc"); |
||||
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); |
||||
CheckMessagesVerifier.verify(file.getCheckMessages()) |
||||
.next().atLine(8).withMessage("在访问文件或目录前需要对路径名进行验证") |
||||
.noMore(); |
||||
} |
||||
} |
@ -0,0 +1,24 @@ |
||||
// FileAccessChecker
|
||||
#include <iostream> |
||||
#include <fstream> |
||||
#include <regex> |
||||
using namespace std; |
||||
|
||||
int main() { |
||||
string filePath = "C:\\Users\\user\\Desktop\\test.txt";//error
|
||||
|
||||
|
||||
if (filePath) { |
||||
ifstream file(filePath); |
||||
|
||||
cout << "File opened successfully." << endl; |
||||
|
||||
file.close(); |
||||
} else { |
||||
|
||||
cerr << "Unable to open file: " << filePath << endl; |
||||
|
||||
} |
||||
|
||||
return 0; |
||||
} |
Loading…
Reference in new issue