Compare commits

...

3 Commits

  1. 5
      sonar-keyware-plugins-cxx/pom.xml
  2. 109
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/CxxSquidSensor.java
  3. 2
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.java
  4. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/CxxPluginTest.java
  5. 4
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/CxxSquidSensorTest.java
  6. 3
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/ReallocMainChecker.cc

@ -87,11 +87,6 @@
<artifactId>snakeyaml</artifactId> <artifactId>snakeyaml</artifactId>
<version>1.28</version> <version>1.28</version>
</dependency> </dependency>
<dependency>
<groupId>springframework</groupId>
<artifactId>spring</artifactId>
<version>1.2.6</version>
</dependency>
<dependency> <dependency>
<groupId>com.google.code.findbugs</groupId> <groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId> <artifactId>jsr305</artifactId>

@ -9,6 +9,7 @@ package com.keyware.sonar.cxx;
import com.keyware.sonar.cxx.rules.SecurityDesignRuleRepository; import com.keyware.sonar.cxx.rules.SecurityDesignRuleRepository;
import com.sonar.cxx.sslr.api.Grammar; import com.sonar.cxx.sslr.api.Grammar;
import org.sonar.api.PropertyType; import org.sonar.api.PropertyType;
import org.sonar.api.batch.fs.InputComponent;
import org.sonar.api.batch.fs.InputFile; import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.fs.TextRange; import org.sonar.api.batch.fs.TextRange;
import org.sonar.api.batch.rule.CheckFactory; import org.sonar.api.batch.rule.CheckFactory;
@ -39,7 +40,6 @@ import org.sonar.cxx.squidbridge.SquidAstVisitor;
import org.sonar.cxx.squidbridge.api.SourceCode; import org.sonar.cxx.squidbridge.api.SourceCode;
import org.sonar.cxx.squidbridge.api.SourceFile; import org.sonar.cxx.squidbridge.api.SourceFile;
import org.sonar.cxx.squidbridge.api.SourceProject; import org.sonar.cxx.squidbridge.api.SourceProject;
import org.sonar.cxx.squidbridge.indexer.QueryByType;
import org.sonar.cxx.visitors.CxxCpdVisitor; import org.sonar.cxx.visitors.CxxCpdVisitor;
import org.sonar.cxx.visitors.CxxHighlighterVisitor; import org.sonar.cxx.visitors.CxxHighlighterVisitor;
import org.sonar.cxx.visitors.CxxPublicApiVisitor; import org.sonar.cxx.visitors.CxxPublicApiVisitor;
@ -316,7 +316,7 @@ public class CxxSquidSensor implements ProjectSensor {
Iterable<InputFile> inputFiles = getInputFiles(context, squidConfig); Iterable<InputFile> inputFiles = getInputFiles(context, squidConfig);
scanner.scanInputFiles(inputFiles); scanner.scanInputFiles(inputFiles);
Collection<SourceCode> squidSourceFiles = scanner.getIndex().search(new QueryByType(SourceProject.class), new QueryByType(SourceFile.class)); Collection<SourceCode> squidSourceFiles = scanner.getIndex().search();
save(squidSourceFiles); save(squidSourceFiles);
} }
@ -403,20 +403,21 @@ public class CxxSquidSensor implements ProjectSensor {
private void save(Collection<SourceCode> sourceCodeFiles) { private void save(Collection<SourceCode> sourceCodeFiles) {
for (var sourceCode : sourceCodeFiles) { for (var sourceCode : sourceCodeFiles) {
try { try {
if (sourceCode instanceof SourceFile) { if (sourceCode instanceof SourceFile || sourceCode instanceof SourceProject) {
var sourceFile = (SourceFile) sourceCode; /*var sourceFile = (SourceFile) sourceCode;*/
InputFile inputFile = context.fileSystem().inputFile( InputFile inputFile = context.fileSystem().inputFile(
context.fileSystem().predicates().hasPath(sourceFile.getKey()) context.fileSystem().predicates().hasPath(sourceCode.getKey())
); );
saveMeasures(inputFile, sourceFile); saveMeasures(inputFile, sourceCode);
saveViolations(inputFile, sourceFile); saveViolations(inputFile, sourceCode);
saveFileLinesContext(inputFile, sourceFile); saveFileLinesContext(inputFile, sourceCode);
saveCpdTokens(inputFile, sourceFile); saveCpdTokens(inputFile, sourceCode);
saveHighlighting(inputFile, sourceFile); saveHighlighting(inputFile, sourceCode);
} else if (sourceCode instanceof SourceProject) { }
/*} else if (sourceCode instanceof SourceProject) {
var sourceProject = (SourceProject) sourceCode; var sourceProject = (SourceProject) sourceCode;
saveProjectViolations(sourceProject); saveProjectViolations(sourceProject);
} }*/
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
var msg = "Cannot save all measures for file '" + sourceCode.getKey() + "'"; var msg = "Cannot save all measures for file '" + sourceCode.getKey() + "'";
@ -425,19 +426,23 @@ public class CxxSquidSensor implements ProjectSensor {
} }
} }
private void saveMeasures(InputFile inputFile, SourceFile sourceFile) { private void saveMeasures(InputFile inputFile, SourceCode sourceCode) {
InputComponent input = inputFile;
if(sourceCode instanceof SourceFile){
// NOSONAR // NOSONAR
noSonarFilter.noSonarInFile(inputFile, sourceFile.getNoSonarTagLines()); noSonarFilter.noSonarInFile(inputFile, ((SourceFile)sourceCode).getNoSonarTagLines());
}else{
input = context.project();
}
// CORE METRICS // CORE METRICS
saveMetric(inputFile, CoreMetrics.NCLOC, sourceFile.getInt(CxxMetric.LINES_OF_CODE)); saveMetric(input, CoreMetrics.NCLOC, sourceCode.getInt(CxxMetric.LINES_OF_CODE));
saveMetric(inputFile, CoreMetrics.STATEMENTS, sourceFile.getInt(CxxMetric.STATEMENTS)); saveMetric(input, CoreMetrics.STATEMENTS, sourceCode.getInt(CxxMetric.STATEMENTS));
saveMetric(inputFile, CoreMetrics.FUNCTIONS, sourceFile.getInt(CxxMetric.FUNCTIONS)); saveMetric(input, CoreMetrics.FUNCTIONS, sourceCode.getInt(CxxMetric.FUNCTIONS));
saveMetric(inputFile, CoreMetrics.CLASSES, sourceFile.getInt(CxxMetric.CLASSES)); saveMetric(input, CoreMetrics.CLASSES, sourceCode.getInt(CxxMetric.CLASSES));
saveMetric(inputFile, CoreMetrics.COMPLEXITY, sourceFile.getInt(CxxMetric.COMPLEXITY)); saveMetric(input, CoreMetrics.COMPLEXITY, sourceCode.getInt(CxxMetric.COMPLEXITY));
saveMetric(inputFile, CoreMetrics.COGNITIVE_COMPLEXITY, sourceFile.getInt(CxxMetric.COGNITIVE_COMPLEXITY)); saveMetric(input, CoreMetrics.COGNITIVE_COMPLEXITY, sourceCode.getInt(CxxMetric.COGNITIVE_COMPLEXITY));
saveMetric(inputFile, CoreMetrics.COMMENT_LINES, sourceFile.getInt(CxxMetric.COMMENT_LINES)); saveMetric(input, CoreMetrics.COMMENT_LINES, sourceCode.getInt(CxxMetric.COMMENT_LINES));
// CUSTOM METRICS // CUSTOM METRICS
// //
@ -445,17 +450,17 @@ public class CxxSquidSensor implements ProjectSensor {
// below metrics are calculated by means of DensityMeasureComputer // below metrics are calculated by means of DensityMeasureComputer
// //
// 1. PUBLIC API // 1. PUBLIC API
saveMetric(inputFile, CxxMetrics.PUBLIC_API, sourceFile.getInt(CxxMetric.PUBLIC_API)); saveMetric(input, CxxMetrics.PUBLIC_API, sourceCode.getInt(CxxMetric.PUBLIC_API));
saveMetric(inputFile, CxxMetrics.PUBLIC_UNDOCUMENTED_API, sourceFile.getInt(CxxMetric.PUBLIC_UNDOCUMENTED_API)); saveMetric(input, CxxMetrics.PUBLIC_UNDOCUMENTED_API, sourceCode.getInt(CxxMetric.PUBLIC_UNDOCUMENTED_API));
// 2. FUNCTION COMPLEXITY // 2. FUNCTION COMPLEXITY
saveMetric(inputFile, CxxMetrics.COMPLEX_FUNCTIONS, sourceFile.getInt(CxxMetric.COMPLEX_FUNCTIONS)); saveMetric(input, CxxMetrics.COMPLEX_FUNCTIONS, sourceCode.getInt(CxxMetric.COMPLEX_FUNCTIONS));
saveMetric(inputFile, CxxMetrics.COMPLEX_FUNCTIONS_LOC, sourceFile.getInt(CxxMetric.COMPLEX_FUNCTIONS_LOC)); saveMetric(input, CxxMetrics.COMPLEX_FUNCTIONS_LOC, sourceCode.getInt(CxxMetric.COMPLEX_FUNCTIONS_LOC));
// 3. FUNCTION SIZE // 3. FUNCTION SIZE
saveMetric(inputFile, CxxMetrics.LOC_IN_FUNCTIONS, sourceFile.getInt(CxxMetric.LOC_IN_FUNCTIONS)); saveMetric(input, CxxMetrics.LOC_IN_FUNCTIONS, sourceCode.getInt(CxxMetric.LOC_IN_FUNCTIONS));
saveMetric(inputFile, CxxMetrics.BIG_FUNCTIONS, sourceFile.getInt(CxxMetric.BIG_FUNCTIONS)); saveMetric(input, CxxMetrics.BIG_FUNCTIONS, sourceCode.getInt(CxxMetric.BIG_FUNCTIONS));
saveMetric(inputFile, CxxMetrics.BIG_FUNCTIONS_LOC, sourceFile.getInt(CxxMetric.BIG_FUNCTIONS_LOC)); saveMetric(input, CxxMetrics.BIG_FUNCTIONS_LOC, sourceCode.getInt(CxxMetric.BIG_FUNCTIONS_LOC));
} }
@ -480,9 +485,9 @@ public class CxxSquidSensor implements ProjectSensor {
}); });
} }
private void saveViolations(InputFile inputFile, SourceFile sourceFile) { private void saveViolations(InputFile inputFile, SourceCode sourceCode) {
if (sourceFile.hasCheckMessages()) { if (sourceCode.hasCheckMessages()) {
for (var message : sourceFile.getCheckMessages()) { for (var message : sourceCode.getCheckMessages()) {
var line = 1; var line = 1;
if (message.getLine() != null && message.getLine() > 0) { if (message.getLine() != null && message.getLine() > 0) {
line = message.getLine(); line = message.getLine();
@ -497,10 +502,13 @@ public class CxxSquidSensor implements ProjectSensor {
RuleKey ruleKey = checks.ruleKey(checker); RuleKey ruleKey = checks.ruleKey(checker);
if (ruleKey != null) { if (ruleKey != null) {
var newIssue = context.newIssue().forRule(RuleKey.of(repositoryKey, ruleKey.rule())); var newIssue = context.newIssue().forRule(RuleKey.of(repositoryKey, ruleKey.rule()));
var location = newIssue.newLocation() var location = newIssue.newLocation();
.on(inputFile) if(sourceCode instanceof SourceFile){
.at(inputFile.selectLine(line)) location.on(inputFile).at(inputFile.selectLine(line));
.message(message.getText(Locale.CHINA)); }else{
location.on(context.project());
}
location.message(message.getText(Locale.CHINA));
newIssue.at(location); newIssue.at(location);
newIssue.save(); newIssue.save();
@ -509,7 +517,8 @@ public class CxxSquidSensor implements ProjectSensor {
} }
} }
} }
if(sourceCode instanceof SourceFile) {
var sourceFile = (SourceFile) sourceCode;
if (MultiLocatitionSquidCheck.hasMultiLocationCheckMessages(sourceFile)) { if (MultiLocatitionSquidCheck.hasMultiLocationCheckMessages(sourceFile)) {
for (var issue : MultiLocatitionSquidCheck.getMultiLocationCheckMessages(sourceFile)) { for (var issue : MultiLocatitionSquidCheck.getMultiLocationCheckMessages(sourceFile)) {
var newIssue = context.newIssue().forRule(RuleKey.of(CheckList.REPOSITORY_KEY, issue.getRuleId())); var newIssue = context.newIssue().forRule(RuleKey.of(CheckList.REPOSITORY_KEY, issue.getRuleId()));
@ -530,11 +539,15 @@ public class CxxSquidSensor implements ProjectSensor {
MultiLocatitionSquidCheck.eraseMultilineCheckMessages(sourceFile); MultiLocatitionSquidCheck.eraseMultilineCheckMessages(sourceFile);
} }
} }
}
private void saveFileLinesContext(InputFile inputFile, SourceFile sourceFile) { private void saveFileLinesContext(InputFile inputFile, SourceCode sourceCode) {
if(sourceCode instanceof SourceProject || inputFile == null){
return;
}
// measures for the lines of file // measures for the lines of file
var fileLinesContext = fileLinesContextFactory.createFor(inputFile); var fileLinesContext = fileLinesContextFactory.createFor(inputFile);
List<Integer> linesOfCode = (List<Integer>) sourceFile.getData(CxxMetric.NCLOC_DATA); List<Integer> linesOfCode = (List<Integer>) sourceCode.getData(CxxMetric.NCLOC_DATA);
linesOfCode.stream().sequential().distinct().forEach((line) -> { linesOfCode.stream().sequential().distinct().forEach((line) -> {
try { try {
fileLinesContext.setIntValue(CoreMetrics.NCLOC_DATA_KEY, line, 1); fileLinesContext.setIntValue(CoreMetrics.NCLOC_DATA_KEY, line, 1);
@ -543,7 +556,7 @@ public class CxxSquidSensor implements ProjectSensor {
LOG.debug("NCLOC error in file '{}' at line:{}", inputFile.filename(), line); LOG.debug("NCLOC error in file '{}' at line:{}", inputFile.filename(), line);
} }
}); });
List<Integer> executableLines = (List<Integer>) sourceFile.getData(CxxMetric.EXECUTABLE_LINES_DATA); List<Integer> executableLines = (List<Integer>) sourceCode.getData(CxxMetric.EXECUTABLE_LINES_DATA);
executableLines.stream().sequential().distinct().forEach((line) -> { executableLines.stream().sequential().distinct().forEach((line) -> {
try { try {
fileLinesContext.setIntValue(CoreMetrics.EXECUTABLE_LINES_DATA_KEY, line, 1); fileLinesContext.setIntValue(CoreMetrics.EXECUTABLE_LINES_DATA_KEY, line, 1);
@ -555,10 +568,13 @@ public class CxxSquidSensor implements ProjectSensor {
fileLinesContext.save(); fileLinesContext.save();
} }
private void saveCpdTokens(InputFile inputFile, SourceFile sourceFile) { private void saveCpdTokens(InputFile inputFile, SourceCode sourceCode) {
if(sourceCode instanceof SourceProject || inputFile == null){
return;
}
NewCpdTokens cpdTokens = context.newCpdTokens().onFile(inputFile); NewCpdTokens cpdTokens = context.newCpdTokens().onFile(inputFile);
List<CxxCpdVisitor.CpdToken> data = (List<CxxCpdVisitor.CpdToken>) sourceFile.getData(CxxMetric.CPD_TOKENS_DATA); List<CxxCpdVisitor.CpdToken> data = (List<CxxCpdVisitor.CpdToken>) sourceCode.getData(CxxMetric.CPD_TOKENS_DATA);
data.forEach((item) -> { data.forEach((item) -> {
try { try {
TextRange range = inputFile.newRange(item.startLine, item.startCol, item.endLine, item.endCol); TextRange range = inputFile.newRange(item.startLine, item.startCol, item.endLine, item.endCol);
@ -572,10 +588,13 @@ public class CxxSquidSensor implements ProjectSensor {
cpdTokens.save(); cpdTokens.save();
} }
private void saveHighlighting(InputFile inputFile, SourceFile sourceFile) { private void saveHighlighting(InputFile inputFile, SourceCode sourceCode) {
if(sourceCode instanceof SourceProject || inputFile == null){
return;
}
NewHighlighting newHighlighting = context.newHighlighting().onFile(inputFile); NewHighlighting newHighlighting = context.newHighlighting().onFile(inputFile);
List<CxxHighlighterVisitor.Highlight> data = (List<CxxHighlighterVisitor.Highlight>) sourceFile.getData( List<CxxHighlighterVisitor.Highlight> data = (List<CxxHighlighterVisitor.Highlight>) sourceCode.getData(
CxxMetric.HIGHLIGTHING_DATA); CxxMetric.HIGHLIGTHING_DATA);
data.forEach((item) -> { data.forEach((item) -> {
try { try {
@ -591,7 +610,7 @@ public class CxxSquidSensor implements ProjectSensor {
newHighlighting.save(); newHighlighting.save();
} }
private <T extends Serializable> void saveMetric(InputFile file, Metric<T> metric, T value) { private <T extends Serializable> void saveMetric(InputComponent file, Metric<T> metric, T value) {
context.<T>newMeasure() context.<T>newMeasure()
.withValue(value) .withValue(value)
.forMetric(metric) .forMetric(metric)

@ -27,7 +27,7 @@ import java.util.List;
* @author RenFengJiang * @author RenFengJiang
* @date 2024/1/13 * @date 2024/1/13
*/ */
@Rule(key = "ReallocMainChecker", name = "使用realloc函数前应先清敏感信息", description = "使用realloc()函数前先清空该内存块中的敏感信息", priority = Priority.INFO, tags = {"28suo"}) @Rule(key = "ReallocMainChecker", name = "使用realloc函数前应先清敏感信息", description = "使用realloc()函数前先清空该内存块中的敏感信息", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault @ActivatedByDefault
@SqaleConstantRemediation("5min") @SqaleConstantRemediation("5min")
public class ReallocMainChecker extends SquidCheck<Grammar> { public class ReallocMainChecker extends SquidCheck<Grammar> {

@ -28,7 +28,7 @@ class CxxPluginTest {
var context = new Plugin.Context(runtime); var context = new Plugin.Context(runtime);
var plugin = new CxxPlugin(); var plugin = new CxxPlugin();
plugin.define(context); plugin.define(context);
assertThat(context.getExtensions()).hasSize(85); assertThat(context.getExtensions()).hasSize(87);
} }
} }

@ -153,8 +153,8 @@ class CxxSquidSensorTest {
softly.assertThat(context.measure(inputFile.key(), CxxMetrics.PUBLIC_DOCUMENTED_API_DENSITY_KEY)).isNull(); // see DensityMeasureComputer softly.assertThat(context.measure(inputFile.key(), CxxMetrics.PUBLIC_DOCUMENTED_API_DENSITY_KEY)).isNull(); // see DensityMeasureComputer
String moduleKey = context.project().key(); String moduleKey = context.project().key();
softly.assertThat(context.measure(moduleKey, CxxMetrics.PUBLIC_API_KEY)).isNull(); // see AggregateMeasureComputer softly.assertThat(context.measure(moduleKey, CxxMetrics.PUBLIC_API_KEY)).isNotNull(); // see AggregateMeasureComputer
softly.assertThat(context.measure(moduleKey, CxxMetrics.PUBLIC_UNDOCUMENTED_API_KEY)).isNull(); // see AggregateMeasureComputer softly.assertThat(context.measure(moduleKey, CxxMetrics.PUBLIC_UNDOCUMENTED_API_KEY)).isNotNull(); // see AggregateMeasureComputer
softly.assertThat(context.measure(moduleKey, CxxMetrics.PUBLIC_DOCUMENTED_API_DENSITY_KEY)).isNull(); // see AggregateMeasureComputer softly.assertThat(context.measure(moduleKey, CxxMetrics.PUBLIC_DOCUMENTED_API_DENSITY_KEY)).isNull(); // see AggregateMeasureComputer
softly.assertAll(); softly.assertAll();
} }

@ -24,7 +24,8 @@ int main() {
// C++ 中使用 new 进行重新分配 // C++ 中使用 new 进行重新分配
User* tempUsers = new User[10]; User* tempUsers = new User[10];
if (users != nullptr) { if (users != nullptr) {
std::memcpy(tempUsers, users, 5 * sizeof(User)); // 复制已有数据到新内存 users = (User*)realloc(users, 10 * sizeof(User));
//std::memcpy(tempUsers, users, 5 * sizeof(User)); // 复制已有数据到新内存
delete[] users; // 释放旧内存 delete[] users; // 释放旧内存
} }
users = tempUsers; users = tempUsers;

Loading…
Cancel
Save