From e0588d130e345e3cd913285e9c18840f95c7bca1 Mon Sep 17 00:00:00 2001 From: RenFengJiang <1111> Date: Mon, 15 Jan 2024 10:42:48 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9Ac++=E5=BA=94?= =?UTF-8?q?=E4=BD=BF=E7=94=A8=E5=8D=95=E5=90=91=E4=B8=8D=E5=8F=AF=E9=80=86?= =?UTF-8?q?=E7=AE=97=E6=B3=95=E5=AF=B9=E5=AF=86=E7=A0=81=E8=BF=9B=E8=A1=8C?= =?UTF-8?q?=E5=8A=A0=E5=AF=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rules/checkers/FVNRPassWordChecker.java | 54 +++++++++++++++++++ .../checkers/FVNRPassWordCheckerTest.java | 33 ++++++++++++ .../cxx/rules/checkers/FVNRPassWordChecker.cc | 34 ++++++++++++ 3 files changed, 121 insertions(+) create mode 100644 sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.java create mode 100644 sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordCheckerTest.java create mode 100644 sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.cc diff --git a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.java b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.java new file mode 100644 index 0000000..c14686c --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.java @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:C++ 信息安全性设计准则 + * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ +package com.keyware.sonar.cxx.rules.checkers; + +import com.sonar.cxx.sslr.api.AstNode; +import com.sonar.cxx.sslr.api.Grammar; +import org.sonar.check.Priority; +import org.sonar.check.Rule; +import org.sonar.cxx.parser.CxxGrammarImpl; +import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault; +import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation; +import org.sonar.cxx.squidbridge.checks.SquidCheck; + +import javax.annotation.Nullable; +import java.util.List; + + +/** + * TODO FVNRPassWordChecker + * + * @author RenFengJiang + * @date 2024/1/14 + */ +@Rule(key = "FVNRPassWordChecker", name = "应使用单向不可逆算法对密码进行加密", description = "应使用单向加密算法对口令进行加密并存储", priority = Priority.INFO, tags = {"28suo"}) +@ActivatedByDefault +@SqaleConstantRemediation("5min") +public class FVNRPassWordChecker extends SquidCheck { + @Override + public void init() { + // 订阅要检查AST节点类型,用于在visitNode方法中检查该类型节点 + this.subscribeTo( + CxxGrammarImpl.translationUnit + ); + } + + + public void visitFile(@Nullable AstNode astNode) { + //逐行获取内容 + List inputFileLines = getContext().getInputFileLines(); + for (String str:inputFileLines) { + if(str.startsWith("#include")){ + if(str.contains("")){ + getContext().createFileViolation(this, "应使用单向不可逆算法对密码进行加密"); + }else if(str.contains("")){ + getContext().createFileViolation(this, "应使用单向不可逆算法对密码进行加密"); + } + } + } + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordCheckerTest.java b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordCheckerTest.java new file mode 100644 index 0000000..47f3a87 --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordCheckerTest.java @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. + * 项目名称:C++ 信息安全性设计准则 + * 项目描述:用于检查C++源代码的安全性设计准则的Sonarqube插件 + * 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 + */ +package com.keyware.sonar.cxx.rules.checkers; + +import com.keyware.sonar.cxx.CxxFileTesterHelper; +import org.junit.jupiter.api.Test; +import org.sonar.cxx.CxxAstScanner; +import org.sonar.cxx.squidbridge.api.SourceFile; +import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier; + +import java.io.IOException; + +/** + * TODO FVNRPassWordCheckerTest + * + * @author RenFengJiang + * @date 2024/1/14 + */ +public class FVNRPassWordCheckerTest { + + @Test + public void checkTest() throws IOException { + var checker = new FVNRPassWordChecker(); + var tester = CxxFileTesterHelper.create("FVNRPassWordChecker.cc"); + SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); + CheckMessagesVerifier.verify(file.getCheckMessages()) + .next().withMessage("应使用单向不可逆算法对密码进行加密"); + } +} diff --git a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.cc b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.cc new file mode 100644 index 0000000..61a72ac --- /dev/null +++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.cc @@ -0,0 +1,34 @@ +#include // error +#include // error +#include + +void encryptWithAES(const unsigned char* plaintext, size_t plaintext_len, + const unsigned char key[AES_BLOCK_SIZE], unsigned char* ciphertext) { + AES_KEY aes; + + // 初始化加密密钥 + if (AES_set_encrypt_key(key, 128, &aes) < 0) { + // 错误处理:密钥长度不正确等 + } + + // 分配足够的空间来存储结果,因为AES是块加密算法,需要对齐数据块 + unsigned char encrypted[AES_BLOCK_SIZE]; + + // 对明文分块加密(这里假设明文已经填充为完整的块) + for (size_t i = 0; i < plaintext_len; i += AES_BLOCK_SIZE) { + AES_encrypt(plaintext + i, encrypted, &aes); + memcpy(ciphertext + i, encrypted, AES_BLOCK_SIZE); + } +} + +int main() { + unsigned char plaintext[16] = { /* 填充原始数据 */ }; + unsigned char key[AES_BLOCK_SIZE] = { /* 填充密钥 */ }; + unsigned char ciphertext[16]; // 用于存储加密后的数据 + + encryptWithAES(plaintext, sizeof(plaintext), key, ciphertext); + + // ... 然后可以进一步处理密文 ... + + return 0; +} \ No newline at end of file