sonarqube-plugins
/
sonar-keyware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sonarqube-plugins:b5b8aac9cdb0b5512c90ff63db59c87f03963830
Branches Tags
sonarqube-plugins:master
sonarqube-plugins:wuhaoyang
...
compare: sonarqube-plugins:a6bac911638438003b0d920aece7e37f535f4395
Branches Tags
sonarqube-plugins:master
sonarqube-plugins:wuhaoyang

2 Commits
b5b8aac9cd ... a6bac91163

Author SHA1 Message Date
RenFengJiang a6bac91163 优化:增加判断方式
8 months ago
RenFengJiang 9f5710ea29 新增:应对读写缓冲区的数据长度进行检查
8 months ago
5 changed files with 170 additions and 7 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 108
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.java
  2. 10
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/CmdDataVerifyChecker.java
  3. 9
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SQLVerifyChecker.java
  4. 33
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/BufferDataCheckerTest.java
  5. 17
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.cc

108
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.java
Unescape View File

@ -0,0 +1,108 @@
/*
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
* 项目名称信息安全性设计准则检查插件
* 项目描述用于检查源代码的安全性设计准则的Sonarqube插件
* 版权说明本软件属北京关键科技股份有限公司所有在未获得北京关键科技股份有限公司正式授权情况下任何企业和个人不能获取阅读安装传播本软件涉及的任何受知识产权保护的内容
*/
package com.keyware.sonar.cxx.rules.checkers;
import com.keyware.sonar.cxx.SubscriptionAstVisitor;
import com.sonar.cxx.sslr.api.AstNode;
import com.sonar.cxx.sslr.api.AstNodeType;
import com.sonar.cxx.sslr.api.Grammar;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.cxx.parser.CxxGrammarImpl;
import org.sonar.cxx.squidbridge.annotations.ActivatedByDefault;
import org.sonar.cxx.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.cxx.squidbridge.checks.SquidCheck;
import javax.annotation.Nonnull;
import java.util.ArrayList;
import java.util.List;
/**
* TODO BufferDataChecker
*
* @author RenFengJiang
* @date 2024/1/15
*/
@Rule(key = "BufferDataChecker", name = "应对读写缓冲区的数据长度进行检查", description = "在对缓冲区进行读或写时,对读写缓冲区的数据长度进行检查,确保读写的内存在被分配的内存空间之内", priority = Priority.INFO, tags = {"28suo"})
@ActivatedByDefault
@SqaleConstantRemediation("5min")
public class BufferDataChecker extends SquidCheck<Grammar> {
@Override
public void init() {
// 指定当前访问器需要访问的节点类型,functionBody(函数)主体节点
this.subscribeTo(
CxxGrammarImpl.functionBody
);
}
/**
* 访问AST节点
*
* @param node 要处理的AST节点该节点类型为通过subscribeTo方法订阅的类型
*/
@Override
public void visitNode(@Nonnull AstNode node) {
IfBuffer ifBuffer = new IfBuffer(this);
ifBuffer.accept(node);
}
class IfBuffer extends SubscriptionAstVisitor {
List lists = new ArrayList<String>();
public IfBuffer(SquidCheck<Grammar> checker){
super(checker);
}
@Override
public List<AstNodeType> visitNodeTypes() {
// 指定当前访问器需要访问的节点类型,这里指定了simpleDeclaration(简单声明)节点类型
return List.of(CxxGrammarImpl.functionBody);
}
@Override
public void visitNode(@Nonnull AstNode node) {
//选择节点语句
List<AstNode> nodeDescendants = node.getDescendants(CxxGrammarImpl.selectionStatement);
for (AstNode astNode:nodeDescendants) {
//判断节点是不是if节点
if("if".equals(astNode.getToken().getValue())){
//获取其中的参数
List<AstNode> astNodeList = astNode.getDescendants(CxxGrammarImpl.expressionList);
for (AstNode expr:astNodeList) {
lists.add(expr.getToken().getValue());
}
if(astNodeList.size() == 0){
List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.relationalExpression);
for (AstNode as:astNodes) {
List<AstNode> children = as.getChildren();
for (AstNode chil:children) {
lists.add(chil.getTokenValue());
}
}
}
}
}
//获取表达是数据信息
List<AstNode> descendants = node.getDescendants(CxxGrammarImpl.expression);
for (AstNode ast:descendants) {
String name = ast.getParent().getToken().getValue();
//判断是否时使用sanitizeString方法
if("memcpy".equals(name) || "strncpy".equals(name) || "memset".equals(name)){
//判断方法参数是否进行校验
List<AstNode> astNodeList = ast.getDescendants(CxxGrammarImpl.initializerList);
AstNode astNode = astNodeList.get(astNodeList.size() - 1);
List<AstNode> childrens = astNode.getChildren();
String tokenValue = childrens.get(childrens.size() - 1).getTokenValue();
if(!lists.contains(tokenValue)){
reportIssue(ast, "应对读写缓冲区的数据长度进行检查");
}
}
}
}
}
}

10
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/CmdDataVerifyChecker.java
Unescape View File

@ -76,11 +76,13 @@ public class CmdDataVerifyChecker extends SquidCheck<Grammar> {
for (AstNode expr:astNodeList) { for (AstNode expr:astNodeList) {
lists.add(expr.getToken().getValue()); lists.add(expr.getToken().getValue());
} }
if(astNodeList.size() == 0){ if(astNodeList.size() == 0){
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.condition); List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.relationalExpression);
for (AstNode desc:descendants) { for (AstNode as:astNodes) {
lists.add(desc.getToken().getValue()); List<AstNode> children = as.getChildren();
for (AstNode chil:children) {
lists.add(chil.getTokenValue());
}
} }
} }
} }

9
sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/SQLVerifyChecker.java
Unescape View File

@ -77,9 +77,12 @@ public class SQLVerifyChecker extends SquidCheck<Grammar> {
lists.add(expr.getToken().getValue()); lists.add(expr.getToken().getValue());
} }
if(astNodeList.size() == 0){ if(astNodeList.size() == 0){
List<AstNode> descendants = astNode.getDescendants(CxxGrammarImpl.condition); List<AstNode> astNodes = astNode.getDescendants(CxxGrammarImpl.relationalExpression);
for (AstNode desc:descendants) { for (AstNode as:astNodes) {
lists.add(desc.getToken().getValue()); List<AstNode> children = as.getChildren();
for (AstNode chil:children) {
lists.add(chil.getTokenValue());
}
} }
} }
} }

33
sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/BufferDataCheckerTest.java
Unescape View File

@ -0,0 +1,33 @@
/*
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved.
* 项目名称信息安全性设计准则检查插件
* 项目描述用于检查源代码的安全性设计准则的Sonarqube插件
* 版权说明本软件属北京关键科技股份有限公司所有在未获得北京关键科技股份有限公司正式授权情况下任何企业和个人不能获取阅读安装传播本软件涉及的任何受知识产权保护的内容
*/
package com.keyware.sonar.cxx.rules.checkers;
import com.keyware.sonar.cxx.CxxFileTesterHelper;
import org.junit.jupiter.api.Test;
import org.sonar.cxx.CxxAstScanner;
import org.sonar.cxx.squidbridge.api.SourceFile;
import org.sonar.cxx.squidbridge.checks.CheckMessagesVerifier;
import java.io.IOException;
/**
* TODO BufferDataCheckerTest
*
* @author RenFengJiang
* @date 2024/1/15
*/
public class BufferDataCheckerTest {
@Test
public void checkTest() throws IOException {
var checker = new BufferDataChecker();
var tester = CxxFileTesterHelper.create("BufferDataChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(12).withMessage("应对读写缓冲区的数据长度进行检查")
.noMore();
}
}

17
sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/BufferDataChecker.cc
Unescape View File

@ -0,0 +1,17 @@
void writeIntoBuffer(const char* data, size_t dataSize) {
// 检查要写入的数据是否超过缓冲区的剩余空间
if (dataSize > bufferSize) {
std::cerr << "Error: Data size exceeds buffer capacity." << std::endl;
return;
}
if(as(length)){
}
// 安全地复制数据到缓冲区
memcpy(buffer, data, 1);
strncpy(buffer, data, length);
memset(buffer, data, length);
// 更新缓冲区已使用的空间
bufferSize -= dataSize;
}
Write Preview
Loading…
Cancel
Save