新增“在构建路径名前对数据进行校验”准则

wuhaoyang
renfengshan 10 months ago
parent f7f3bba34b
commit b5b8aac9cd
  1. 66
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/VerificationPathChecker.java
  2. 21
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/VerificationPathCheckerTest.java
  3. 26
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/VerificationPathChecker.cc

@ -0,0 +1,66 @@
package com.keyware.sonar.cxx.rules.checkers;
import com.sonar.cxx.sslr.api.AstNode;
import com.sonar.cxx.sslr.api.Grammar;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.cxx.parser.CxxGrammarImpl;
import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.cxx.squidbridge.checks.SquidCheck;
import java.util.ArrayList;
import java.util.List;
import static com.sonar.cxx.sslr.api.GenericTokenType.IDENTIFIER;
@Rule(key = "VerificationPathChecker", name = "在构建路径名前对数据进行校验", description = "对输入数据进行校验", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault
@SqaleConstantRemediation("5min")
public class VerificationPathChecker extends SquidCheck<Grammar> {
@Override
public void init() {
// 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点
this.subscribeTo(
CxxGrammarImpl.functionBody
);
}
public void visitNode(AstNode astNode) {
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.statement);
for (AstNode ast:descendants) {
List<AstNode> descendants1 = ast.getDescendants(CxxGrammarImpl.shiftExpression);
for (AstNode desc :descendants1) {
if("cin".equals(desc.getTokenValue())){
List<AstNode> children = desc.getChildren();
for (AstNode chil:children) {
if("IDENTIFIER".equals(chil.getName())){
if(chil.getTokenValue().toLowerCase().contains("path")){
boolean boo = true;
List<AstNode> exprs = astNode.getDescendants(CxxGrammarImpl.postfixExpression);
for (AstNode expr:exprs) {
if(expr.getTokenValue().contains("check") || expr.getTokenValue().contains("verify") || expr.getTokenValue().contains("valid")){
List<AstNode> astNodeList = expr.getDescendants(CxxGrammarImpl.expressionList);
for (AstNode asrList:astNodeList) {
if(chil.getTokenValue().equals(asrList.getTokenValue())){
boo = false;
}
}
}
}
if(boo){
getContext().createLineViolation(this, "在构建路径名前对数据进行校验", chil);
}
}
}
}
}
}
}
}
}

@ -0,0 +1,21 @@
package com.keyware.sonar.cxx.rules.checkers;
import com.keyware.sonar.cxx.CxxFileTesterHelper;
import org.junit.jupiter.api.Test;
import org.sonar.cxx.CxxAstScanner;
import org.sonar.cxx.squidbridge.api.SourceFile;
import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier;
import java.io.IOException;
public class VerificationPathCheckerTest {
@Test
public void checkTest() throws IOException {
var checker = new VerificationPathChecker();
var tester = CxxFileTesterHelper.create("VerificationPathChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(18).withMessage("在构建路径名前对数据进行校验")
.noMore();
}
}

@ -0,0 +1,26 @@
using namespace std;
//void func1(){
// string userPath;
// cout << "Enter a path: ";
// cin >> userPath; // 用户输入语句
//
// checkPath(userPath); // 合规,因为已经对userPath进行校验,方法名称包含check
// verifyPath(userPath); // 合规,因为已经对userPath进行校验,方法名称包含verify
// validPath(userPath); // 合规,因为已经对userPath进行校验,方法名称包含valid
//
//}
void main(){
string userPath;
cout <<uPath;
cin >> userPath;// error
// verifyPath(userPath);
// 违规,因为没有对userPath进行校验
return userPath;
}
Loading…
Cancel
Save