From cf37c3e79bb44c7d17dc2e3f6aeeb162affc658b Mon Sep 17 00:00:00 2001 From: RenFengJiang <1111> Date: Sat, 20 Jan 2024 14:23:04 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9AC++=E6=8A=9B?= =?UTF-8?q?=E5=87=BA=E5=BC=82=E5=B8=B8=E6=B6=88=E6=81=AF=E4=B8=8D=E5=BE=97?= =?UTF-8?q?=E5=8C=85=E5=90=AB=E6=95=8F=E6=84=9F=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rules/checkers/ErrorMessageChecker.java | 79 +++++++++++++++++++ .../checkers/ErrorMessageCheckerTest.java | 35 ++++++++ .../cxx/rules/checkers/ErrorMessageChecker.cc | 15 ++++ 3 files changed, 129 insertions(+) create mode 100644 sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java create mode 100644 sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageCheckerTest.java create mode 100644 sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.cc diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java new file mode 100644 index 0000000..c8de936 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.java @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import javax.annotation.Nonnull; +import java.util.ArrayList; +import java.util.List; + +/** + * 实现异常不得包含敏感信息 + * 1.获取到throw节点 + * 2.后去此节点中的参数 + * 3.判断参数是否包含敏感字段 + * + * @author RenFengJiang + * @date 2024/1/20 + */ +@Rule(key = "ErrorMessageChecker", name = "抛出异常消息不得包含敏感信息", description = "确保错误消息中仅包含有对目标受众有用的少量细节,不允许包含用户单位、上下级关系、武器参数、重要控制命令等信息", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class ErrorMessageChecker extends SquidCheck { + + private static List lists = new ArrayList<>(){{ + add("weapon"); + add("unit"); + add("param"); + }}; + @Override + public void init() { + // 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点 + this.subscribeTo( + CxxGrammarImpl.throwExpression + ); + } + + /** + * 访问AST节点 + * + * @param node 要处理的AST节点,该节点类型为通过subscribeTo方法订阅的类型 + */ + @Override + public void visitNode(@Nonnull AstNode node) { + //声明集合 + List children; + //获取第一种情况参数列表 + AstNode firstDescendant = node.getFirstDescendant(CxxGrammarImpl.additiveExpression); + if(firstDescendant != null){ + //第一种情况获取参数列表 + children = firstDescendant.getChildren(); + }else { + //获取第二种情况获取参数列表 + AstNode descendant = node.getFirstDescendant(CxxGrammarImpl.initializerList); + children = descendant.getChildren(); + } + //判断参数列表是否包含违规参数 + for(AstNode chil : children){ + if("IDENTIFIER".equals(chil.getName())){ + if(lists.contains(chil.getTokenValue())){ + getContext().createLineViolation(this,"抛出异常消息不得包含敏感信息",chil); + } + } + } + + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageCheckerTest.java new file mode 100644 index 0000000..89c7b96 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/ErrorMessageCheckerTest.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:信息安全性设计准则检查插件 + * 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ + +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO ErrorMessageCheckerTest + * + * @author RenFengJiang + * @date 2024/1/20 + */ +public class ErrorMessageCheckerTest { + + @Test + public void checkTest() throws IOException { + var checker = new ErrorMessageChecker(); + var tester = CxxFileTesterHelper.create("ErrorMessageChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().atLine(8).withMessage("抛出异常消息不得包含敏感信息") + .noMore(); + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.cc new file mode 100644 index 0000000..09a5d46 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ErrorMessageChecker.cc @@ -0,0 +1,15 @@ +#include +using namespace std; +int main() { + try { + std::String weapon = "手枪"; + // 抛出一个异常 +// throw "C++ Exception" + an; + throw MyException(weapon ); + } + catch (const char* e) { + // 捕获异常并处理 + cout << "Caught an exception: " << e << endl; + } + return 0; +} \ No newline at end of file