|
|
@ -32,6 +32,7 @@ import java.util.Map; |
|
|
|
public class DLLVerifyChecker extends SquidCheck<Grammar> { |
|
|
|
public class DLLVerifyChecker extends SquidCheck<Grammar> { |
|
|
|
|
|
|
|
|
|
|
|
private static String name = "在动态加载库前对输入数据进行验证"; |
|
|
|
private static String name = "在动态加载库前对输入数据进行验证"; |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public void init() { |
|
|
|
public void init() { |
|
|
|
// 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点
|
|
|
|
// 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点
|
|
|
@ -48,101 +49,86 @@ public class DLLVerifyChecker extends SquidCheck<Grammar> { |
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public void visitNode(@Nonnull AstNode node) { |
|
|
|
public void visitNode(@Nonnull AstNode node) { |
|
|
|
Map<String, Integer> map = ifParam(node); |
|
|
|
Map<String, Integer> map = ifParam(node); |
|
|
|
List<AstNode> simps = node.getDescendants(CxxGrammarImpl.simpleDeclaration); |
|
|
|
List<AstNode> descendants = node.getDescendants(CxxGrammarImpl.postfixExpression); |
|
|
|
for(AstNode simp :simps){ |
|
|
|
for (AstNode desc :descendants){ |
|
|
|
//判断动态加载库类型
|
|
|
|
if("dlopen".equals(desc.getTokenValue())){ |
|
|
|
if("HINSTANCE".equals(simp.getTokenValue())){ |
|
|
|
loadParam(map,desc); |
|
|
|
loadParam(map,simp); |
|
|
|
}else if ("LoadLibrary".equals(desc.getTokenValue())){ |
|
|
|
}else if ("void".equals(simp.getTokenValue())){ |
|
|
|
openParam(map,desc); |
|
|
|
openParam(map,simp); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
//判断是否是dlopen格式的动态加载库
|
|
|
|
//判断是否是dlopen格式的动态加载库
|
|
|
|
public void openParam(Map<String,Integer> map,AstNode simp){ |
|
|
|
public void openParam(Map<String, Integer> map, AstNode simp) { |
|
|
|
//获取方法名
|
|
|
|
//获取其中的参数列表
|
|
|
|
List<AstNode> descendants = simp.getDescendants(CxxGrammarImpl.postfixExpression); |
|
|
|
AstNode firstDescendant = simp.getFirstDescendant(CxxGrammarImpl.expressionList); |
|
|
|
if(descendants != null){ |
|
|
|
if (firstDescendant != null) { |
|
|
|
for(AstNode desc : descendants){ |
|
|
|
List<AstNode> children = firstDescendant.getChildren(); |
|
|
|
//判断是否式动态加载库
|
|
|
|
for (AstNode dren : children) { |
|
|
|
if("dlopen".equals(desc.getTokenValue())){ |
|
|
|
//获取参数并进行判断是否是传入的参数
|
|
|
|
//获取其中的参数列表
|
|
|
|
if ("IDENTIFIER".equals(dren.getName()) || "initializerList".equals(dren.getName())) { |
|
|
|
AstNode firstDescendant = desc.getFirstDescendant(CxxGrammarImpl.expressionList); |
|
|
|
if (map.containsKey(dren.getTokenValue())) { |
|
|
|
if(firstDescendant != null){ |
|
|
|
//判断参数是否进行过校验
|
|
|
|
List<AstNode> children = firstDescendant.getChildren(); |
|
|
|
Integer integer = map.get(dren.getTokenValue()); |
|
|
|
for(AstNode dren : children){ |
|
|
|
//判断参数校验是否在使用之前
|
|
|
|
//获取参数并进行判断是否是传入的参数
|
|
|
|
if (dren.getTokenLine() < integer) { |
|
|
|
if("IDENTIFIER".equals(dren.getName()) || "initializerList".equals(dren.getName())){ |
|
|
|
getContext().createLineViolation(this, name, dren); |
|
|
|
if(map.containsKey(dren.getTokenValue())){ |
|
|
|
|
|
|
|
//判断参数是否进行过校验
|
|
|
|
|
|
|
|
Integer integer = map.get(dren.getTokenValue()); |
|
|
|
|
|
|
|
//判断参数校验是否在使用之前
|
|
|
|
|
|
|
|
if(dren.getTokenLine() < integer){ |
|
|
|
|
|
|
|
getContext().createLineViolation(this,name,dren); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
}else { |
|
|
|
|
|
|
|
getContext().createLineViolation(this,name,dren); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
getContext().createLineViolation(this, name, dren); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
//对LoadLibrary格式的动态加载库进行校验
|
|
|
|
//对LoadLibrary格式的动态加载库进行校验
|
|
|
|
public void loadParam(Map<String,Integer> map,AstNode simp){ |
|
|
|
public void loadParam(Map<String, Integer> map, AstNode simp) { |
|
|
|
//获取方法名
|
|
|
|
List<AstNode> descendants = simp.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
AstNode firstDescendant = simp.getFirstDescendant(CxxGrammarImpl.postfixExpression); |
|
|
|
if (descendants != null) { |
|
|
|
if(firstDescendant != null){ |
|
|
|
for (AstNode desc : descendants) { |
|
|
|
if("LoadLibrary".equals(firstDescendant.getTokenValue())){ |
|
|
|
//判断参数是否进行过校验
|
|
|
|
//获取其中的参数列表
|
|
|
|
if (map.containsKey(desc.getTokenValue())) { |
|
|
|
List<AstNode> descendants = firstDescendant.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
//判断参数校验是否在使用之前
|
|
|
|
if(descendants != null){ |
|
|
|
int tokenLine = map.get(desc.getTokenValue()); |
|
|
|
for (AstNode desc : descendants){ |
|
|
|
if (desc.getTokenLine() < tokenLine) { |
|
|
|
//判断参数是否进行过校验
|
|
|
|
getContext().createLineViolation(this, name, desc); |
|
|
|
if (map.containsKey(desc.getTokenValue())){ |
|
|
|
break; |
|
|
|
//判断参数校验是否在使用之前
|
|
|
|
|
|
|
|
int tokenLine = map.get(desc.getTokenValue()); |
|
|
|
|
|
|
|
if(desc.getTokenLine() < tokenLine){ |
|
|
|
|
|
|
|
getContext().createLineViolation(this,name,desc); |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
}else { |
|
|
|
|
|
|
|
getContext().createLineViolation(this,name,desc); |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
}else { |
|
|
|
} else { |
|
|
|
getContext().createLineViolation(this,name,firstDescendant); |
|
|
|
getContext().createLineViolation(this, name, desc); |
|
|
|
|
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
getContext().createLineViolation(this, name, simp); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
//获取if判断中的参数
|
|
|
|
//获取if判断中的参数
|
|
|
|
public static Map<String, Integer> ifParam(AstNode node){ |
|
|
|
public static Map<String, Integer> ifParam(AstNode node) { |
|
|
|
Map<String, Integer> map = new HashMap<>(); |
|
|
|
Map<String, Integer> map = new HashMap<>(); |
|
|
|
//选择节点语句
|
|
|
|
//选择节点语句
|
|
|
|
List<AstNode> nodeDescendants = node.getDescendants(CxxGrammarImpl.selectionStatement); |
|
|
|
List<AstNode> nodeDescendants = node.getDescendants(CxxGrammarImpl.selectionStatement); |
|
|
|
for (AstNode astNode:nodeDescendants) { |
|
|
|
for (AstNode astNode : nodeDescendants) { |
|
|
|
//判断节点是不是if节点
|
|
|
|
//判断节点是不是if节点
|
|
|
|
if("if".equals(astNode.getToken().getValue())){ |
|
|
|
if ("if".equals(astNode.getToken().getValue())) { |
|
|
|
//获取其中的参数
|
|
|
|
//获取其中的参数
|
|
|
|
List<AstNode> astNodeList = astNode.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
List<AstNode> astNodeList = astNode.getDescendants(CxxGrammarImpl.expressionList); |
|
|
|
astNodeList.addAll(astNode.getDescendants(CxxGrammarImpl.condition)); |
|
|
|
astNodeList.addAll(astNode.getDescendants(CxxGrammarImpl.condition)); |
|
|
|
for (AstNode expr:astNodeList) { |
|
|
|
for (AstNode expr : astNodeList) { |
|
|
|
map.put(expr.getTokenValue(),expr.getTokenLine()); |
|
|
|
map.put(expr.getTokenValue(), expr.getTokenLine()); |
|
|
|
} |
|
|
|
} |
|
|
|
//判断第二种情况获取到if里面的参数
|
|
|
|
//判断第二种情况获取到if里面的参数
|
|
|
|
if(astNodeList.size() == 0){ |
|
|
|
if (astNodeList.size() == 0) { |
|
|
|
List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.relationalExpression); |
|
|
|
List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.relationalExpression); |
|
|
|
for (AstNode as:astNodes) { |
|
|
|
for (AstNode as : astNodes) { |
|
|
|
List<AstNode> children = as.getChildren(); |
|
|
|
List<AstNode> children = as.getChildren(); |
|
|
|
for (AstNode chil:children) { |
|
|
|
for (AstNode chil : children) { |
|
|
|
map.put(chil.getTokenValue(),chil.getTokenLine()); |
|
|
|
map.put(chil.getTokenValue(), chil.getTokenLine()); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|