|
|
|
@ -6,7 +6,9 @@ |
|
|
|
|
*/ |
|
|
|
|
package com.keyware.sonar.cxx.rules.checkers; |
|
|
|
|
|
|
|
|
|
import com.keyware.sonar.cxx.SubscriptionAstVisitor; |
|
|
|
|
import com.sonar.cxx.sslr.api.AstNode; |
|
|
|
|
import com.sonar.cxx.sslr.api.AstNodeType; |
|
|
|
|
import com.sonar.cxx.sslr.api.Grammar; |
|
|
|
|
import org.sonar.check.Priority; |
|
|
|
|
import org.sonar.check.Rule; |
|
|
|
@ -15,6 +17,7 @@ import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; |
|
|
|
|
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; |
|
|
|
|
import org.sonar.cxx.squidbridge.checks.SquidCheck; |
|
|
|
|
|
|
|
|
|
import java.util.ArrayList; |
|
|
|
|
import java.util.List; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
@ -32,7 +35,7 @@ public class PassWordCountChecker extends SquidCheck<Grammar> { |
|
|
|
|
public void init() { |
|
|
|
|
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
|
|
|
|
|
this.subscribeTo( |
|
|
|
|
CxxGrammarImpl.simpleDeclaration |
|
|
|
|
CxxGrammarImpl.functionBody |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
@ -44,11 +47,69 @@ public class PassWordCountChecker extends SquidCheck<Grammar> { |
|
|
|
|
*/ |
|
|
|
|
@Override |
|
|
|
|
public void visitNode(AstNode astNode) { |
|
|
|
|
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.templateName); |
|
|
|
|
for (AstNode desc:descendants) { |
|
|
|
|
String value = desc.getToken().getValue(); |
|
|
|
|
if("hash".equals(value)){ |
|
|
|
|
getContext().createLineViolation(this, "使用盐值计算散列值", desc); |
|
|
|
|
BodyWay bodyWay = new BodyWay(this); |
|
|
|
|
bodyWay.accept(astNode); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
class BodyWay extends SubscriptionAstVisitor{ |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* 构造函数需要传入初代访问器 |
|
|
|
|
* |
|
|
|
|
* @param checker 初代规则检查器 |
|
|
|
|
*/ |
|
|
|
|
public BodyWay(SquidCheck<Grammar> checker) { |
|
|
|
|
super(checker); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public List<AstNodeType> visitNodeTypes() { |
|
|
|
|
return List.of(CxxGrammarImpl.functionBody); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public void visitNode(AstNode astNode) { |
|
|
|
|
//获取方法参数列表
|
|
|
|
|
List<AstNode> nodeDescendants = astNode.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
|
List<String> seqLists = new ArrayList<>(); |
|
|
|
|
for(AstNode desc :nodeDescendants){ |
|
|
|
|
seqLists.add(desc.getTokenValue()); |
|
|
|
|
} |
|
|
|
|
//判读入参有没有进行赋值操作
|
|
|
|
|
List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.assignmentExpression); |
|
|
|
|
List<String> aslists = new ArrayList<>(); |
|
|
|
|
for(AstNode ast : astNodes){ |
|
|
|
|
if(seqLists.contains(ast.getTokenValue())){ |
|
|
|
|
aslists.add(ast.getTokenValue()); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
//获取到声明hash变量名
|
|
|
|
|
List<String> lists = new ArrayList<>(); |
|
|
|
|
List<AstNode> astNodeDescendants = astNode.getDescendants(CxxGrammarImpl.simpleDeclaration); |
|
|
|
|
for(AstNode des :astNodeDescendants){ |
|
|
|
|
if("std".equals(des.getTokenValue())){ |
|
|
|
|
List<AstNode> descendants = des.getDescendants(CxxGrammarImpl.typeName); |
|
|
|
|
for (AstNode dan : descendants){ |
|
|
|
|
if("hash".equals(dan.getTokenValue())){ |
|
|
|
|
List<AstNode> nodeList = des.getDescendants(CxxGrammarImpl.initDeclarator); |
|
|
|
|
for (AstNode lis:nodeList) { |
|
|
|
|
lists.add(lis.getTokenValue()); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
//判断生成的散列值参数是否是进行赋后的入参
|
|
|
|
|
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.postfixExpression); |
|
|
|
|
for (AstNode desc:descendants) { |
|
|
|
|
if(lists.contains(desc.getTokenValue())){ |
|
|
|
|
List<AstNode> descDescendants = desc.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
|
for(AstNode dd : descDescendants){ |
|
|
|
|
if(!aslists.contains(dd.getTokenValue())){ |
|
|
|
|
reportIssue(dd, "使用盐值计算散列值"); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|