diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.java new file mode 100644 index 0000000..56dd168 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.java @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import javax.annotation.Nonnull; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * 使用关键资源时指定资源所在的路径 + * 1.获取到声明预计 + * 2.判断是不是路径 + * 3.判断是不是绝对路径 + * + * @author RenFengJiang + * @date 2024/1/22 + */ +@Rule(key = "PathVerifyChecker", name = "使用关键资源时指定资源所在的路径", description = "使用关键资源时指定资源所在的路径", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class PathVerifyChecker extends SquidCheck { + @Override + public void init() { + // 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点 + this.subscribeTo( + CxxGrammarImpl.declarationStatement + ); + } + + /** + * 访问AST节点 + * + * @param node 要处理的AST节点,该节点类型为通过subscribeTo方法订阅的类型 + */ + @Override + public void visitNode(@Nonnull AstNode node) { + //获取参数 + AstNode firstDescendant = node.getFirstDescendant(CxxGrammarImpl.initializer); + List children = firstDescendant.getChildren(); + for(AstNode chil : children){ + //判断参数类型 + if("STRING".equals(chil.getName())){ + String result = chil.getTokenValue().replace("\"", ""); + if(isPath(result)){ + //判断是不是windows或linux的绝对路径 + if(!isWindowsAbsolutePath(result) && !isLinuxAbsolutePath(result)){ + getContext().createLineViolation(this, "使用关键资源时指定资源所在的路径", chil); + } + } + } + } + } + + //判断是不是路径 + public static boolean isPath(String str) { + // 检查字符串是否至少包含一个有效的路径分隔符 + return (str.contains("/") || str.contains("\\")); // 注意:Java中需要双反斜杠来表示单个反斜杠字符 + } + + //windows下判断是否是绝对路径 + public static boolean isWindowsAbsolutePath(String path) { + // 正则表达式匹配以驱动器号(如C:)开始的路径 + String regex = "^([A-Za-z]):\\\\.*"; + Pattern pattern = Pattern.compile(regex); + Matcher matcher = pattern.matcher(path); + return matcher.matches(); + } + + //判断linux下判断是否是绝对路径 + public static boolean isLinuxAbsolutePath(String path) { + // 正则表达式匹配以根目录(/)开始的路径 + String regex = "^/"; + Pattern pattern = Pattern.compile(regex); + Matcher matcher = pattern.matcher(path); + + return matcher.find(); // 使用find()而不是matches(),因为matches()要求整个字符串都符合模式 + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyCheckerTest.java new file mode 100644 index 0000000..9ae8478 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/PathVerifyCheckerTest.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO PathVerifyCheckerTest + * + * @author RenFengJiang + * @date 2024/1/22 + */ +public class PathVerifyCheckerTest { + @Test + public void checkTest() throws IOException { + var checker = new PathVerifyChecker(); + var tester = CxxFileTesterHelper.create("PathVerifyChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().atLine(3).withMessage("使用关键资源时指定资源所在的路径") + .next().atLine(4).withMessage("使用关键资源时指定资源所在的路径") + .noMore(); + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.cc new file mode 100644 index 0000000..2e1abc8 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/PathVerifyChecker.cc @@ -0,0 +1,7 @@ +int main() { + //std::String a = "/path/to/your/file.txt"; + std::String a = "path/to/your/file.txt"; + std::String testString1 = "User\\Documents"; + //std::String testString1 = "C:\\Users\\User\\Documents"; + return 0; +} \ No newline at end of file