cxx优化准则以及配置

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java

@@ -501,6 +501,7 @@ public class CxxSquidSensor implements ProjectSensor {
 
                 RuleKey ruleKey = checks.ruleKey(checker);
                 if (ruleKey != null) {
+                    try {
                         var newIssue = context.newIssue().forRule(RuleKey.of(repositoryKey, ruleKey.rule()));
                         var location = newIssue.newLocation();
                         if (sourceCode instanceof SourceFile) {
@@ -512,6 +513,9 @@ public class CxxSquidSensor implements ProjectSensor {
 
                         newIssue.at(location);
                         newIssue.save();
+                    }catch (Exception e){
+                        LOG.error("save issue error, rule key: {}", message);
+                    }
                 } else {
                     LOG.debug("Unknown rule key: %s", message);
                 }

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/FlagLineSensor.java

@@ -6,6 +6,7 @@
  */
 package com.keyware.sonar.cxx;
 
+import com.keyware.sonar.cxx.rules.SecurityDesignRuleRepository;
 import com.keyware.sonar.cxx.rules.checkers.FlagLineRule;
 import com.keyware.sonar.cxx.rules.checkers.SqlVarNameChecker;
 import org.sonar.api.batch.fs.FilePredicates;
@@ -21,18 +22,18 @@ public class FlagLineSensor implements Sensor {
 
 
     public FlagLineSensor(CheckFactory checkFactory) {
-        checks = checkFactory.create("cxx-security-design-rules");
+        checks = checkFactory.create(SecurityDesignRuleRepository.REPOSITORY_SQL_KEY);
         checks.addAnnotatedChecks(SqlVarNameChecker.class);
     }
 
     @Override
     public void describe(SensorDescriptor descriptor) {
         //传感器名称
-        descriptor.name("FlagLine1Rule" + "sensor");
+        descriptor.name("FlagLine1RuleSensor");
         //传感器识别的语言
         descriptor.onlyOnLanguages(CxxLanguage.KEY);
         //传感器扫描的规则库
-        descriptor.createIssuesForRuleRepository("cxx-security-design-rules");
+        descriptor.createIssuesForRuleRepository(SecurityDesignRuleRepository.REPOSITORY_SQL_KEY);
     }
 
     @Override

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SqlVarNameChecker.java

@@ -25,7 +25,7 @@ import java.util.Scanner;
  * @author GuoXin
  * @date 2024/1/6
  */
-@Rule(key = "FlagLine1Rule", name = "sql注入", description = "sql注入有一定风险", priority = Priority.INFO, tags = {"28suo"})
+@Rule(key = "SqlVarNameChecker", name = "sql注入", description = "sql注入有一定风险", priority = Priority.INFO, tags = {"28suo"})
 @ActivatedByDefault
 @SqaleConstantRemediation("5min")
 public class SqlVarNameChecker implements FlagLineRule {
@@ -54,25 +54,5 @@ public class SqlVarNameChecker implements FlagLineRule {
             throw new RuntimeException(e);
         }
     }
-/*
+
-    @Override
-    public void visitNode(AstNode node) {
-        File file = getContext().getFile();
-        System.out.println("文件路径: " + file.getAbsolutePath());
-        try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
-            String line;
-            int lineNumber = 0;
-            while ((line = reader.readLine()) != null) {
-                lineNumber++;
-                if (line.contains("= '") || line.contains("OR 1=1") || line.contains("='")
-                        || line.contains("DROP TABLE") || line.contains("' OR 'a'='a") || line.contains("'; DROP TABLE users; --")
-                        || line.contains("'; EXEC xp_cmdshell 'dir'") || line.contains("' OR username LIKE '%") || line.contains("' AND SLEEP(5)")
-                        || line.contains("= \\'' +") || line.contains("= ?")) {
-                    getContext().createLineViolation(ABCVarNameChecker.this, "sql 注入有一定风险", lineNumber);
-                }
-            }
-        } catch (IOException e) {
-            e.printStackTrace();
-        }
-    }*/
 }