sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sonarqube-plugins:b2e20c1dec95c157d54e0494e6b4ce9cab058213
Branches Tags
sonarqube-plugins:master
sonarqube-plugins:wuhaoyang
..
compare: sonarqube-plugins:7699baf98d636be182222dbe4e16098f3b2184ff
Branches Tags
sonarqube-plugins:master
sonarqube-plugins:wuhaoyang

No commits in common. 'b2e20c1dec95c157d54e0494e6b4ce9cab058213' and '7699baf98d636be182222dbe4e16098f3b2184ff' have entirely different histories.
b2e20c1dec ... 7699baf98d

5 changed files with 41 additions and 234 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 10
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/DLLVerifyChecker.java
  2. 4
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/DLLVerifyCheckerTest.java
  3. 48
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/DLLVerifyChecker.cc
  4. 18
      sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java
  5. 193
      sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java

10
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/DLLVerifyChecker.java
Unescape View File

@ -68,17 +68,17 @@ public class DLLVerifyChecker extends SquidCheck<Grammar> {
//判断是否式动态加载库 //判断是否式动态加载库
if("dlopen".equals(desc.getTokenValue())){ if("dlopen".equals(desc.getTokenValue())){
//获取其中的参数列表 //获取其中的参数列表
AstNode firstDescendant = desc.getFirstDescendant(CxxGrammarImpl.expressionList); AstNode firstDescendant = desc.getFirstDescendant(CxxGrammarImpl.additiveExpression);
if(firstDescendant != null){ if(firstDescendant != null){
List<AstNode> children = firstDescendant.getChildren(); List<AstNode> children = firstDescendant.getChildren();
for(AstNode dren : children){ for(AstNode dren : children){
//获取参数并进行判断是否是传入的参数 //获取参数并进行判断是否是传入的参数
if("IDENTIFIER".equals(dren.getName()) || "initializerList".equals(dren.getName())){ if("IDENTIFIER".equals(dren.getName())){
if(map.containsKey(dren.getTokenValue())){ if(map.containsKey(dren.getTokenValue())){
//判断参数是否进行过校验 //判断参数是否进行过校验
Integer integer = map.get(dren.getTokenValue()); Integer integer = map.get(dren.getTokenValue());
//判断参数校验是否在使用之前 //判断参数校验是否在使用之前
if(dren.getTokenLine() < integer){ if(dren.getTokenLine() > integer){
getContext().createLineViolation(this,name,dren); getContext().createLineViolation(this,name,dren);
} }
}else { }else {
@ -86,6 +86,8 @@ public class DLLVerifyChecker extends SquidCheck<Grammar> {
} }
} }
} }
}else {
getContext().createLineViolation(this,name,desc);
} }
} }
} }
@ -106,7 +108,7 @@ public class DLLVerifyChecker extends SquidCheck<Grammar> {
if (map.containsKey(desc.getTokenValue())){ if (map.containsKey(desc.getTokenValue())){
//判断参数校验是否在使用之前 //判断参数校验是否在使用之前
int tokenLine = map.get(desc.getTokenValue()); int tokenLine = map.get(desc.getTokenValue());
if(desc.getTokenLine() < tokenLine){ if(desc.getTokenLine() > tokenLine){
getContext().createLineViolation(this,name,desc); getContext().createLineViolation(this,name,desc);
break; break;
} }

4
sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/DLLVerifyCheckerTest.java
Unescape View File

@ -27,8 +27,8 @@ public class DLLVerifyCheckerTest {
var tester = CxxFileTesterHelper.create("DLLVerifyChecker.cc"); var tester = CxxFileTesterHelper.create("DLLVerifyChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker); SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages()) CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(22).withMessage("在动态加载库前对输入数据进行验证") .next().atLine(13).withMessage("在动态加载库前对输入数据进行验证")
.next().atLine(44).withMessage("在动态加载库前对输入数据进行验证") .next().atLine(36).withMessage("在动态加载库前对输入数据进行验证")
.noMore(); .noMore();
} }
} }

48
sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/DLLVerifyChecker.cc
Unescape View File

@ -1,54 +1,46 @@
#include <iostream> #include <iostream>
#ifdef _WIN32 #ifdef _WIN32
#include <windows.h> #include <windows.h>
#include <dlfcn.h>
#else #else
#include <dlfcn.h> #include <dlfcn.h>
#endif #endif
int main() int main()
{ {
std::string a = "your_dll.dll";
// if (a != "a") { std::String a = "your_dll.dll";
// // 这个条件语句块目前为空,如果需要可以添加相关逻辑 if(a != "a"){
// } }
//#ifdef _WIN32 HINSTANCE hInsts = LoadLibrary(a);//error
std::wstring wideDLLName(a.begin(), a.end()); // C++11及以后版本可以直接转换 //加载dll
// std::string a = "aa"; // HINSTANCE hInst = LoadLibrary("your_dll.dll");
// std::wstring wideA(a.begin(), a.end());
// if(wideDLLName == wideA){
// }
std::wstring wideDLLName(a.begin(), a.end());
HINSTANCE hInst = LoadLibrary(wideDLLName.c_str());//error
if (hInst == NULL) { if (hInst == NULL) {
std::cout << "无法加载库" << std::endl; std::cout << "无法加载库" << std::endl;
return -1; return -1;
} }
//获取函数
typedef void (*FuncType)(); typedef void (*FuncType)();
FuncType func = (FuncType)GetProcAddress(hInst, "函数名称"); FuncType func = (FuncType)GetProcAddress(hInst, "函数名称");
if (func == NULL) { if (func == NULL) {
std::cout << "无法获取函数" << std::endl; std::cout << "无法获取函数" << std::endl;
FreeLibrary(hInst);
return -1; return -1;
} }
//调用函数
func(); func();
//卸载dll
FreeLibrary(hInst); FreeLibrary(hInst);
//#else
std::string b = "c";
// if (b != "a") {
// // 这个条件语句块目前为空,如果需要可以添加相关逻辑
// }
void *handle = dlopen(b.c_str(), RTLD_LAZY);//error std::String b = "c";
//加载so库
if(b != "a"){
}
void *handle = dlopen(b, RTLD_LAZY);//error
if (!handle) { if (!handle) {
std::cerr << "无法打开库:" << dlerror() << '\n'; std::cerr << "无法打开库:" << dlerror() << '\n';
return 1; return 1;
} }
//获取函数
dlerror(); // 清除上一次调用产生的错误信息
typedef void (*FuncType)(); typedef void (*FuncType)();
dlerror();
FuncType func = (FuncType)dlsym(handle, "函数名称"); FuncType func = (FuncType)dlsym(handle, "函数名称");
const char *dlsym_error = dlerror(); const char *dlsym_error = dlerror();
if (dlsym_error) { if (dlsym_error) {
@ -56,10 +48,10 @@ int main()
dlclose(handle); dlclose(handle);
return 1; return 1;
} }
//调用函数
func(); func();
//关闭库文件
dlclose(handle); dlclose(handle);
//#endif #endif
return 0; return 0;
} }

18
sonar-keyware-plugins-java/src/main/java/com/keyware/sonar/java/rules/checkers/HttpInputDataChecker.java
Unescape View File

@ -8,7 +8,7 @@ package com.keyware.sonar.java.rules.checkers;
import org.sonar.check.Rule; import org.sonar.check.Rule;
import org.sonar.java.ast.parser.ArgumentListTreeImpl; import org.sonar.java.ast.parser.ArgumentListTreeImpl;
import org.sonar.java.model.expression.BinaryExpressionTreeImpl; import org.sonar.java.model.expression.AssignmentExpressionTreeImpl;
import org.sonar.java.model.expression.IdentifierTreeImpl; import org.sonar.java.model.expression.IdentifierTreeImpl;
import org.sonar.java.model.expression.LiteralTreeImpl; import org.sonar.java.model.expression.LiteralTreeImpl;
import org.sonar.java.model.expression.MemberSelectExpressionTreeImpl; import org.sonar.java.model.expression.MemberSelectExpressionTreeImpl;
@ -54,15 +54,9 @@ public class HttpInputDataChecker extends IssuableSubscriptionVisitor {
@Override @Override
public void visitIfStatement(IfStatementTree tree) { public void visitIfStatement(IfStatementTree tree) {
ExpressionTree condition = tree.condition(); ExpressionTree condition = tree.condition();
if (condition instanceof BinaryExpressionTreeImpl) { if(condition instanceof AssignmentExpressionTreeImpl){
BinaryExpressionTreeImpl binaryExpressionTree = (BinaryExpressionTreeImpl) condition; AssignmentExpressionTreeImpl assignmentExpressionTree = (AssignmentExpressionTreeImpl) condition;
List<Tree> children = binaryExpressionTree.children(); list.add(assignmentExpressionTree.variable().toString());
for (Tree child:children) {
if(child instanceof IdentifierTreeImpl){
IdentifierTreeImpl identifierTree = (IdentifierTreeImpl) child;
list.add(identifierTree.name());
}
}
} }
} }
@ -93,5 +87,9 @@ public class HttpInputDataChecker extends IssuableSubscriptionVisitor {
} }
} }
} }
} }
} }

193
sonar-keyware-plugins-java/src/test/files/HttpInputDataRule.java
Unescape View File

@ -1,193 +1,8 @@
public class HttpInputDataRule {
public class HttpInputDataRule {
public static void main(String[] args) { public static void main(String[] args) {
// 假设有一个HttpServletResponse对象 // 假设有一个HttpServletResponse对象
HttpServletResponse response = new HttpServletResponse() { HttpServletResponse response = new HttpServletResponse();
@Override
public String getCharacterEncoding() {
return null;
}
@Override
public String getContentType() {
return null;
}
@Override
public ServletOutputStream getOutputStream() throws IOException {
return null;
}
@Override
public PrintWriter getWriter() throws IOException {
return null;
}
@Override
public void setCharacterEncoding(String s) {
}
@Override
public void setContentLength(int i) {
}
@Override
public void setContentLengthLong(long l) {
}
@Override
public void setContentType(String s) {
}
@Override
public void setBufferSize(int i) {
}
@Override
public int getBufferSize() {
return 0;
}
@Override
public void flushBuffer() throws IOException {
}
@Override
public void resetBuffer() {
}
@Override
public boolean isCommitted() {
return false;
}
@Override
public void reset() {
}
@Override
public void setLocale(Locale locale) {
}
@Override
public Locale getLocale() {
return null;
}
@Override
public void addCookie(Cookie cookie) {
}
@Override
public boolean containsHeader(String s) {
return false;
}
@Override
public String encodeURL(String s) {
return null;
}
@Override
public String encodeRedirectURL(String s) {
return null;
}
@Override
public String encodeUrl(String s) {
return null;
}
@Override
public String encodeRedirectUrl(String s) {
return null;
}
@Override
public void sendError(int i, String s) throws IOException {
}
@Override
public void sendError(int i) throws IOException {
}
@Override
public void sendRedirect(String s) throws IOException {
}
@Override
public void setDateHeader(String s, long l) {
}
@Override
public void addDateHeader(String s, long l) {
}
@Override
public void setHeader(String s, String s1) {
}
@Override
public void addHeader(String s, String s1) {
}
@Override
public void setIntHeader(String s, int i) {
}
@Override
public void addIntHeader(String s, int i) {
}
@Override
public void setStatus(int i) {
}
@Override
public void setStatus(int i, String s) {
}
@Override
public int getStatus() {
return 0;
}
@Override
public String getHeader(String s) {
return null;
}
@Override
public Collection<String> getHeaders(String s) {
return null;
}
@Override
public Collection<String> getHeaderNames() {
return null;
}
};
// 设置单个报头 // 设置单个报头
response.setHeader("Content-Type", "text/plain"); // Noncompliant {{HTTP输入数据验证}} response.setHeader("Content-Type", "text/plain"); // Noncompliant {{HTTP输入数据验证}}
@ -195,10 +10,10 @@ public class HttpInputDataRule {
// 添加多个报头 // 添加多个报头
String a = "Cache-Control"; String a = "Cache-Control";
String b = "no-cache" ; String b = "no-cache" ;
if(a == "asds"){ if(a = "asds"){
} }
if(b == "asds"){ if(b = "asds"){
} }

Write Preview
Loading…
Cancel
Save