|
|
@ -6,7 +6,9 @@ |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
package com.keyware.sonar.cxx.rules.checkers; |
|
|
|
package com.keyware.sonar.cxx.rules.checkers; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import com.keyware.sonar.cxx.SubscriptionAstVisitor; |
|
|
|
import com.sonar.cxx.sslr.api.AstNode; |
|
|
|
import com.sonar.cxx.sslr.api.AstNode; |
|
|
|
|
|
|
|
import com.sonar.cxx.sslr.api.AstNodeType; |
|
|
|
import com.sonar.cxx.sslr.api.Grammar; |
|
|
|
import com.sonar.cxx.sslr.api.Grammar; |
|
|
|
import org.sonar.check.Priority; |
|
|
|
import org.sonar.check.Priority; |
|
|
|
import org.sonar.check.Rule; |
|
|
|
import org.sonar.check.Rule; |
|
|
@ -15,6 +17,7 @@ import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
|
|
|
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
|
|
|
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
|
|
|
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
|
|
|
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import javax.annotation.Nonnull; |
|
|
|
import java.util.ArrayList; |
|
|
|
import java.util.ArrayList; |
|
|
|
import java.util.List; |
|
|
|
import java.util.List; |
|
|
|
|
|
|
|
|
|
|
@ -31,12 +34,36 @@ public class ReallocMainChecker extends SquidCheck<Grammar> { |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public void init() { |
|
|
|
public void init() { |
|
|
|
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
|
|
|
|
// 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点
|
|
|
|
this.subscribeTo( |
|
|
|
this.subscribeTo( |
|
|
|
CxxGrammarImpl.expression |
|
|
|
CxxGrammarImpl.functionBody |
|
|
|
); |
|
|
|
); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* 访问AST节点 |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @param node 要处理的AST节点,该节点类型为通过subscribeTo方法订阅的类型 |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
@Override |
|
|
|
|
|
|
|
public void visitNode(@Nonnull AstNode node) { |
|
|
|
|
|
|
|
IfChildren ifChildren = new IfChildren(this); |
|
|
|
|
|
|
|
ifChildren.accept(node); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class IfChildren extends SubscriptionAstVisitor { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public IfChildren(SquidCheck<Grammar> checker){ |
|
|
|
|
|
|
|
super(checker); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
|
|
|
public List<AstNodeType> visitNodeTypes() { |
|
|
|
|
|
|
|
// 指定当前访问器需要访问的节点类型,这里指定了simpleDeclaration(简单声明)节点类型
|
|
|
|
|
|
|
|
return List.of(CxxGrammarImpl.expression); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private List<String> lists = new ArrayList(); |
|
|
|
private List<String> lists = new ArrayList(); |
|
|
|
/** |
|
|
|
/** |
|
|
|
* 检查AST节点 |
|
|
|
* 检查AST节点 |
|
|
@ -65,49 +92,11 @@ public class ReallocMainChecker extends SquidCheck<Grammar> { |
|
|
|
String name = as.getToken().getValue(); |
|
|
|
String name = as.getToken().getValue(); |
|
|
|
//判断参数是否存在在集合中
|
|
|
|
//判断参数是否存在在集合中
|
|
|
|
if(!lists.contains(name)){ |
|
|
|
if(!lists.contains(name)){ |
|
|
|
getContext().createLineViolation(this,"使用realloc函数前应先清楚敏感信息",as); |
|
|
|
reportIssue(as, "使用realloc函数前应先清楚敏感信息"); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
// class IfChildren extends SquidCheck<Grammar>{
|
|
|
|
|
|
|
|
// private final String name ;
|
|
|
|
|
|
|
|
// private boolean boo = true;
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// IfChildren(String name){
|
|
|
|
|
|
|
|
// this.name = name;
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// @Override
|
|
|
|
|
|
|
|
// public void init() {
|
|
|
|
|
|
|
|
// // 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
|
|
|
|
|
|
|
|
// this.subscribeTo(
|
|
|
|
|
|
|
|
// CxxGrammarImpl.expression
|
|
|
|
|
|
|
|
// );
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// @Override
|
|
|
|
|
|
|
|
// public void visitNode(AstNode astNode) {
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.expressionStatement);
|
|
|
|
|
|
|
|
// for (AstNode as :astNodes) {
|
|
|
|
|
|
|
|
// if("memset".equals(as.getToken().getValue())){
|
|
|
|
|
|
|
|
// List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.expressionList);
|
|
|
|
|
|
|
|
// for (AstNode ast :descendants) {
|
|
|
|
|
|
|
|
// if(name.equals(ast.getToken().getValue())){
|
|
|
|
|
|
|
|
// boo = false;
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.postfixExpression);
|
|
|
|
|
|
|
|
// for (AstNode ast :descendants) {
|
|
|
|
|
|
|
|
// if(name.equals(ast.getToken().getValue())){
|
|
|
|
|
|
|
|
// boo = false;
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|