cxx优化准则以及配置

master
wuhaoyang 9 months ago
parent 4488230206
commit 99536a6b4b
  1. 22
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java
  2. 7
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/FlagLineSensor.java
  3. 24
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SqlVarNameChecker.java

@ -428,10 +428,10 @@ public class CxxSquidSensor implements ProjectSensor {
private void saveMeasures(InputFile inputFile, SourceCode sourceCode) {
InputComponent input = inputFile;
if(sourceCode instanceof SourceFile){
if (sourceCode instanceof SourceFile) {
// NOSONAR
noSonarFilter.noSonarInFile(inputFile, ((SourceFile)sourceCode).getNoSonarTagLines());
}else{
noSonarFilter.noSonarInFile(inputFile, ((SourceFile) sourceCode).getNoSonarTagLines());
} else {
input = context.project();
}
@ -501,23 +501,27 @@ public class CxxSquidSensor implements ProjectSensor {
RuleKey ruleKey = checks.ruleKey(checker);
if (ruleKey != null) {
try {
var newIssue = context.newIssue().forRule(RuleKey.of(repositoryKey, ruleKey.rule()));
var location = newIssue.newLocation();
if(sourceCode instanceof SourceFile){
if (sourceCode instanceof SourceFile) {
location.on(inputFile).at(inputFile.selectLine(line));
}else{
} else {
location.on(context.project());
}
location.message(message.getText(Locale.CHINA));
newIssue.at(location);
newIssue.save();
}catch (Exception e){
LOG.error("save issue error, rule key: {}", message);
}
} else {
LOG.debug("Unknown rule key: %s", message);
}
}
}
if(sourceCode instanceof SourceFile) {
if (sourceCode instanceof SourceFile) {
var sourceFile = (SourceFile) sourceCode;
if (MultiLocatitionSquidCheck.hasMultiLocationCheckMessages(sourceFile)) {
for (var issue : MultiLocatitionSquidCheck.getMultiLocationCheckMessages(sourceFile)) {
@ -542,7 +546,7 @@ public class CxxSquidSensor implements ProjectSensor {
}
private void saveFileLinesContext(InputFile inputFile, SourceCode sourceCode) {
if(sourceCode instanceof SourceProject || inputFile == null){
if (sourceCode instanceof SourceProject || inputFile == null) {
return;
}
// measures for the lines of file
@ -569,7 +573,7 @@ public class CxxSquidSensor implements ProjectSensor {
}
private void saveCpdTokens(InputFile inputFile, SourceCode sourceCode) {
if(sourceCode instanceof SourceProject || inputFile == null){
if (sourceCode instanceof SourceProject || inputFile == null) {
return;
}
NewCpdTokens cpdTokens = context.newCpdTokens().onFile(inputFile);
@ -589,7 +593,7 @@ public class CxxSquidSensor implements ProjectSensor {
}
private void saveHighlighting(InputFile inputFile, SourceCode sourceCode) {
if(sourceCode instanceof SourceProject || inputFile == null){
if (sourceCode instanceof SourceProject || inputFile == null) {
return;
}
NewHighlighting newHighlighting = context.newHighlighting().onFile(inputFile);

@ -6,6 +6,7 @@
*/
package com.keyware.sonar.cxx;
import com.keyware.sonar.cxx.rules.SecurityDesignRuleRepository;
import com.keyware.sonar.cxx.rules.checkers.FlagLineRule;
import com.keyware.sonar.cxx.rules.checkers.SqlVarNameChecker;
import org.sonar.api.batch.fs.FilePredicates;
@ -21,18 +22,18 @@ public class FlagLineSensor implements Sensor {
public FlagLineSensor(CheckFactory checkFactory) {
checks = checkFactory.create("cxx-security-design-rules");
checks = checkFactory.create(SecurityDesignRuleRepository.REPOSITORY_SQL_KEY);
checks.addAnnotatedChecks(SqlVarNameChecker.class);
}
@Override
public void describe(SensorDescriptor descriptor) {
//传感器名称
descriptor.name("FlagLine1Rule" + "sensor");
descriptor.name("FlagLine1RuleSensor");
//传感器识别的语言
descriptor.onlyOnLanguages(CxxLanguage.KEY);
//传感器扫描的规则库
descriptor.createIssuesForRuleRepository("cxx-security-design-rules");
descriptor.createIssuesForRuleRepository(SecurityDesignRuleRepository.REPOSITORY_SQL_KEY);
}
@Override

@ -25,7 +25,7 @@ import java.util.Scanner;
* @author GuoXin
* @date 2024/1/6
*/
@Rule(key = "FlagLine1Rule", name = "sql注入", description = "sql注入有一定风险", priority = Priority.INFO, tags = {"28suo"})
@Rule(key = "SqlVarNameChecker", name = "sql注入", description = "sql注入有一定风险", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault
@SqaleConstantRemediation("5min")
public class SqlVarNameChecker implements FlagLineRule {
@ -54,25 +54,5 @@ public class SqlVarNameChecker implements FlagLineRule {
throw new RuntimeException(e);
}
}
/*
@Override
public void visitNode(AstNode node) {
File file = getContext().getFile();
System.out.println("文件路径: " + file.getAbsolutePath());
try (BufferedReader reader = new BufferedReader(new FileReader(file))) {
String line;
int lineNumber = 0;
while ((line = reader.readLine()) != null) {
lineNumber++;
if (line.contains("= '") || line.contains("OR 1=1") || line.contains("='")
|| line.contains("DROP TABLE") || line.contains("' OR 'a'='a") || line.contains("'; DROP TABLE users; --")
|| line.contains("'; EXEC xp_cmdshell 'dir'") || line.contains("' OR username LIKE '%") || line.contains("' AND SLEEP(5)")
|| line.contains("= \\'' +") || line.contains("= ?")) {
getContext().createLineViolation(ABCVarNameChecker.this, "sql 注入有一定风险", lineNumber);
}
}
} catch (IOException e) {
e.printStackTrace();
}
}*/
}

Loading…
Cancel
Save