新增：c++应使用单向不可逆算法对密码进行加密

8 months ago · e0588d130e
parent 8bf69cc6a6
commit e0588d130e
3 changed files with 121 additions and 0 deletions
--- a/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.java
+++ b/sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.java
@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules.checkers;
+
+import com.sonar.cxx.sslr.api.AstNode;
+import com.sonar.cxx.sslr.api.Grammar;
+import org.sonar.check.Priority;
+import org.sonar.check.Rule;
+import org.sonar.cxx.parser.CxxGrammarImpl;
+import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
+import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
+import org.sonar.cxx.squidbridge.checks.SquidCheck;
+
+import javax.annotation.Nullable;
+import java.util.List;
+
+
+/**
+ * TODO FVNRPassWordChecker
+ *
+ * @author RenFengJiang
+ * @date 2024/1/14
+ */
+@Rule(key = "FVNRPassWordChecker", name = "应使用单向不可逆算法对密码进行加密", description = "应使用单向加密算法对口令进行加密并存储", priority = Priority.INFO, tags = {"28suo"})
+@ActivatedByDefault
+@SqaleConstantRemediation("5min")
+public class FVNRPassWordChecker extends SquidCheck<Grammar> {
+    @Override
+    public void init() {
+        // 订阅要检查AST节点类型，用于在visitNode方法中检查该类型节点
+        this.subscribeTo(
+                CxxGrammarImpl.translationUnit
+        );
+    }
+
+
+    public void visitFile(@Nullable AstNode astNode) {
+        //逐行获取内容
+        List<String> inputFileLines = getContext().getInputFileLines();
+        for (String str:inputFileLines) {
+            if(str.startsWith("#include")){
+                if(str.contains("<openssl/aes.h>")){
+                    getContext().createFileViolation(this, "应使用单向不可逆算法对密码进行加密");
+                }else if(str.contains("<openssl/des.h>")){
+                    getContext().createFileViolation(this, "应使用单向不可逆算法对密码进行加密");
+                }
+            }
+        }
+    }
+}
--- a/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordCheckerTest.java
+++ b/sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordCheckerTest.java
@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
+ * 项目名称：C++ 信息安全性设计准则
+ * 项目描述：用于检查C++源代码的安全性设计准则的Sonarqube插件
+ * 版权说明：本软件属北京关键科技股份有限公司所有，在未获得北京关键科技股份有限公司正式授权情况下，任何企业和个人，不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。
+ */
+package com.keyware.sonar.cxx.rules.checkers;
+
+import com.keyware.sonar.cxx.CxxFileTesterHelper;
+import org.junit.jupiter.api.Test;
+import org.sonar.cxx.CxxAstScanner;
+import org.sonar.cxx.squidbridge.api.SourceFile;
+import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier;
+
+import java.io.IOException;
+
+/**
+ * TODO FVNRPassWordCheckerTest
+ *
+ * @author RenFengJiang
+ * @date 2024/1/14
+ */
+public class FVNRPassWordCheckerTest {
+
+    @Test
+    public void checkTest() throws IOException {
+        var checker = new FVNRPassWordChecker();
+        var tester = CxxFileTesterHelper.create("FVNRPassWordChecker.cc");
+        SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
+        CheckMessagesVerifier.verify(file.getCheckMessages())
+                .next().withMessage("应使用单向不可逆算法对密码进行加密");
+    }
+}
--- a/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.cc
+++ b/sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/FVNRPassWordChecker.cc
@ -0,0 +1,34 @@
+#include <openssl/aes.h>// error
+#include <openssl/des.h>// error
+#include <string.h>
+
+void encryptWithAES(const unsigned char* plaintext, size_t plaintext_len,
+                    const unsigned char key[AES_BLOCK_SIZE], unsigned char* ciphertext) {
+    AES_KEY aes;
+
+    // 初始化加密密钥
+    if (AES_set_encrypt_key(key, 128, &aes) < 0) {
+        // 错误处理：密钥长度不正确等
+    }
+
+    // 分配足够的空间来存储结果，因为AES是块加密算法，需要对齐数据块
+    unsigned char encrypted[AES_BLOCK_SIZE];
+
+    // 对明文分块加密（这里假设明文已经填充为完整的块）
+    for (size_t i = 0; i < plaintext_len; i += AES_BLOCK_SIZE) {
+        AES_encrypt(plaintext + i, encrypted, &aes);
+        memcpy(ciphertext + i, encrypted, AES_BLOCK_SIZE);
+    }
+}
+
+int main() {
+    unsigned char plaintext[16] = { /* 填充原始数据 */ };
+    unsigned char key[AES_BLOCK_SIZE] = { /* 填充密钥 */ };
+    unsigned char ciphertext[16]; // 用于存储加密后的数据
+
+    encryptWithAES(plaintext, sizeof(plaintext), key, ciphertext);
+
+    // ... 然后可以进一步处理密文 ...
+
+    return 0;
+}