Line 0
Link Here
|
|
|
1 |
/* |
2 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
3 |
* |
4 |
* Copyright 2015 Oracle and/or its affiliates. All rights reserved. |
5 |
* |
6 |
* Oracle and Java are registered trademarks of Oracle and/or its affiliates. |
7 |
* Other names may be trademarks of their respective owners. |
8 |
* |
9 |
* The contents of this file are subject to the terms of either the GNU |
10 |
* General Public License Version 2 only ("GPL") or the Common |
11 |
* Development and Distribution License("CDDL") (collectively, the |
12 |
* "License"). You may not use this file except in compliance with the |
13 |
* License. You can obtain a copy of the License at |
14 |
* http://www.netbeans.org/cddl-gplv2.html |
15 |
* or nbbuild/licenses/CDDL-GPL-2-CP. See the License for the |
16 |
* specific language governing permissions and limitations under the |
17 |
* License. When distributing the software, include this License Header |
18 |
* Notice in each file and include the License file at |
19 |
* nbbuild/licenses/CDDL-GPL-2-CP. Oracle designates this |
20 |
* particular file as subject to the "Classpath" exception as provided |
21 |
* by Oracle in the GPL Version 2 section of the License file that |
22 |
* accompanied this code. If applicable, add the following below the |
23 |
* License Header, with the fields enclosed by brackets [] replaced by |
24 |
* your own identifying information: |
25 |
* "Portions Copyrighted [year] [name of copyright owner]" |
26 |
* |
27 |
* If you wish your version of this file to be governed by only the CDDL |
28 |
* or only the GPL Version 2, indicate your decision by adding |
29 |
* "[Contributor] elects to include this software in this distribution |
30 |
* under the [CDDL or GPL Version 2] license." If you do not indicate a |
31 |
* single choice of license, a recipient has the option to distribute |
32 |
* your version of this file under either the CDDL, the GPL Version 2 or |
33 |
* to extend the choice of license to its licensees as provided above. |
34 |
* However, if you add GPL Version 2 code and therefore, elected the GPL |
35 |
* Version 2 license, then the option applies only if the new code is |
36 |
* made subject to such option by the copyright holder. |
37 |
* |
38 |
* Contributor(s): |
39 |
* |
40 |
* Portions Copyrighted 2015 Sun Microsystems, Inc. |
41 |
*/ |
42 |
package org.netbeans.modules.cnd.highlight.security; |
43 |
|
44 |
import org.netbeans.modules.cnd.analysis.api.AnalyzerResponse; |
45 |
import org.netbeans.modules.cnd.api.model.CsmFile; |
46 |
import org.netbeans.modules.cnd.api.model.CsmFunction; |
47 |
import org.netbeans.modules.cnd.api.model.syntaxerr.AbstractCodeAudit; |
48 |
import org.netbeans.modules.cnd.api.model.syntaxerr.AuditPreferences; |
49 |
import org.netbeans.modules.cnd.api.model.syntaxerr.CodeAuditFactory; |
50 |
import org.netbeans.modules.cnd.api.model.syntaxerr.CsmErrorInfo; |
51 |
import org.netbeans.modules.cnd.api.model.syntaxerr.CsmErrorProvider; |
52 |
import org.netbeans.modules.cnd.api.model.util.CsmKindUtilities; |
53 |
import org.netbeans.modules.cnd.api.model.xref.CsmReference; |
54 |
import org.netbeans.modules.cnd.api.model.xref.CsmReferenceResolver; |
55 |
import org.netbeans.modules.cnd.highlight.hints.ErrorInfoImpl; |
56 |
import org.openide.util.NbBundle; |
57 |
import org.openide.util.lookup.ServiceProvider; |
58 |
|
59 |
/** |
60 |
* |
61 |
* @author Danila Sergeyev |
62 |
*/ |
63 |
public class UsingUnsafeFunctions extends AbstractCodeAudit { |
64 |
private final Checks.Level level; |
65 |
private static final String avoidName = "UsingUnsafeFunctions.Avoid.name"; // NOI18N |
66 |
private static final String avoidDescription = "UsingUnsafeFunctions.Avoid.description"; // NOI18N |
67 |
private static final String unsafeName = "UsingUnsafeFunctions.Unsafe.name"; // NOI18N |
68 |
private static final String unsafeDescription = "UsingUnsafeFunctions.Unsafe.description"; // NOI18N |
69 |
|
70 |
private UsingUnsafeFunctions(Checks.Level level, String id, String name, String description, String defaultSeverity, boolean defaultEnabled, AuditPreferences myPreferences) { |
71 |
super(id, name, description, defaultSeverity, defaultEnabled, myPreferences); |
72 |
this.level = level; |
73 |
} |
74 |
|
75 |
@Override |
76 |
public boolean isSupportedEvent(CsmErrorProvider.EditorEvent kind) { |
77 |
return kind == CsmErrorProvider.EditorEvent.FileBased; |
78 |
} |
79 |
|
80 |
@Override |
81 |
public void doGetErrors(CsmErrorProvider.Request request, CsmErrorProvider.Response response) { |
82 |
CsmFile file = request.getFile(); |
83 |
if (file != null) { |
84 |
if (request.isCancelled()) { |
85 |
return; |
86 |
} |
87 |
|
88 |
for (CsmReference ref : CsmReferenceResolver.getDefault().getReferences(file)) { |
89 |
if (CsmKindUtilities.isFunction(ref.getReferencedObject())) { |
90 |
CsmFunction function = (CsmFunction) ref.getReferencedObject(); |
91 |
if (Checks.getInstance(level).isUnsecuredFunction(function)) { |
92 |
String message = NbBundle.getMessage(UsingUnsafeFunctions.class |
93 |
,(level == Checks.Level.AVOID)?avoidDescription:avoidName); |
94 |
CsmErrorInfo.Severity severity = toSeverity(minimalSeverity()); |
95 |
if (response instanceof AnalyzerResponse) { |
96 |
((AnalyzerResponse) response).addError(AnalyzerResponse.AnalyzerSeverity.DetectedError, null, file.getFileObject(), |
97 |
new ErrorInfoImpl(SecurityCheckProvider.NAME, getID(), getName()+"\n"+message, severity, ref.getStartOffset(), ref.getEndOffset())); // NOI18N |
98 |
} else { |
99 |
response.addError(new ErrorInfoImpl(SecurityCheckProvider.NAME, getID(), message, severity, ref.getStartOffset(), ref.getEndOffset())); |
100 |
} |
101 |
} |
102 |
} |
103 |
} |
104 |
} |
105 |
} |
106 |
|
107 |
@ServiceProvider(path = CodeAuditFactory.REGISTRATION_PATH+SecurityCheckProvider.NAME, service = CodeAuditFactory.class, position = 1300) |
108 |
public static final class UnsafeFunctionsAuditFactory implements CodeAuditFactory { |
109 |
@Override |
110 |
public AbstractCodeAudit create(AuditPreferences preferences) { |
111 |
String id = NbBundle.getMessage(UsingUnsafeFunctions.class, unsafeName); |
112 |
String description = NbBundle.getMessage(UsingUnsafeFunctions.class, unsafeDescription); |
113 |
return new UsingUnsafeFunctions(Checks.Level.UNSAFE, id, id, description, "error", true, preferences); // NOI18N |
114 |
} |
115 |
} |
116 |
|
117 |
@ServiceProvider(path = CodeAuditFactory.REGISTRATION_PATH+SecurityCheckProvider.NAME, service = CodeAuditFactory.class, position = 1300) |
118 |
public static final class AvoidFunctionsAuditFactory implements CodeAuditFactory { |
119 |
@Override |
120 |
public AbstractCodeAudit create(AuditPreferences preferences) { |
121 |
String id = NbBundle.getMessage(UsingUnsafeFunctions.class, avoidName); |
122 |
String description = NbBundle.getMessage(UsingUnsafeFunctions.class, avoidDescription); |
123 |
return new UsingUnsafeFunctions(Checks.Level.AVOID, id, id, description, "error", true, preferences); // NOI18N |
124 |
} |
125 |
} |
126 |
|
127 |
} |