diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.java new file mode 100644 index 0000000..365af42 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.java @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.SubscriptionAstVisitor; +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.AstNodeType; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import javax.annotation.Nonnull; +import java.util.ArrayList; +import java.util.List; + +/** + * TODO BufferDataChecker + * + * @author RenFengJiang + * @date 2024/1/15 + */ +@Rule(key = "BufferDataChecker", name = "应对读写缓冲区的数据长度进行检查", description = "在对缓冲区进行读或写时,对读写缓冲区的数据长度进行检查,确保读写的内存在被分配的内存空间之内", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class BufferDataChecker extends SquidCheck { + @Override + public void init() { + // 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点 + this.subscribeTo( + CxxGrammarImpl.functionBody + ); + } + + /** + * 访问AST节点 + * + * @param node 要处理的AST节点,该节点类型为通过subscribeTo方法订阅的类型 + */ + @Override + public void visitNode(@Nonnull AstNode node) { + IfBuffer ifBuffer = new IfBuffer(this); + ifBuffer.accept(node); + } + + class IfBuffer extends SubscriptionAstVisitor { + + List lists = new ArrayList(); + public IfBuffer(SquidCheck checker){ + super(checker); + } + + @Override + public List visitNodeTypes() { + // 指定当前访问器需要访问的节点类型,这里指定了simpleDeclaration(简单声明)节点类型 + return List.of(CxxGrammarImpl.functionBody); + } + + @Override + public void visitNode(@Nonnull AstNode node) { + //选择节点语句 + List nodeDescendants = node.getDescendants(CxxGrammarImpl.selectionStatement); + for (AstNode astNode:nodeDescendants) { + //判断节点是不是if节点 + if("if".equals(astNode.getToken().getValue())){ + //获取其中的参数 + List astNodeList = astNode.getDescendants(CxxGrammarImpl.expressionList); + for (AstNode expr:astNodeList) { + lists.add(expr.getToken().getValue()); + } + + if(astNodeList.size() == 0){ + List astNodes = astNode.getDescendants(CxxGrammarImpl.relationalExpression); + for (AstNode as:astNodes) { + List children = as.getChildren(); + for (AstNode chil:children) { + lists.add(chil.getTokenValue()); + } + } + } + } + } + //获取表达是数据信息 + List descendants = node.getDescendants(CxxGrammarImpl.expression); + for (AstNode ast:descendants) { + String name = ast.getParent().getToken().getValue(); + //判断是否时使用sanitizeString方法 + if("memcpy".equals(name) || "strncpy".equals(name) || "memset".equals(name)){ + //判断方法参数是否进行校验 + List astNodeList = ast.getDescendants(CxxGrammarImpl.initializerList); + AstNode astNode = astNodeList.get(astNodeList.size() - 1); + List childrens = astNode.getChildren(); + String tokenValue = childrens.get(childrens.size() - 1).getTokenValue(); + if(!lists.contains(tokenValue)){ + reportIssue(ast, "应对读写缓冲区的数据长度进行检查"); + } + } + } + } + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/BufferDataCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/BufferDataCheckerTest.java new file mode 100644 index 0000000..ab83c4a --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/BufferDataCheckerTest.java @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO BufferDataCheckerTest + * + * @author RenFengJiang + * @date 2024/1/15 + */ +public class BufferDataCheckerTest { + @Test + public void checkTest() throws IOException { + var checker = new BufferDataChecker(); + var tester = CxxFileTesterHelper.create("BufferDataChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().atLine(12).withMessage("应对读写缓冲区的数据长度进行检查") + .noMore(); + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.cc new file mode 100644 index 0000000..cbdbb6e --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.cc @@ -0,0 +1,17 @@ +void writeIntoBuffer(const char* data, size_t dataSize) { + // 检查要写入的数据是否超过缓冲区的剩余空间 + if (dataSize > bufferSize) { + std::cerr << "Error: Data size exceeds buffer capacity." << std::endl; + return; + } + if(as(length)){ + } + + // 安全地复制数据到缓冲区 + + memcpy(buffer, data, 1); + strncpy(buffer, data, length); + memset(buffer, data, length); + // 更新缓冲区已使用的空间 + bufferSize -= dataSize; +} \ No newline at end of file