From d5bd30de2c5d04ea878ddac942ea87b08487e831 Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 14:48:40 +0300 Subject: [PATCH 1/7] cilang_rules_config.yaml --- cilang_rules_config.yaml | 3773 ++++++++++++++++++++++++++++++++++++++ tools/.gitlab-ci.yml | 14 + 2 files changed, 3787 insertions(+) create mode 100644 cilang_rules_config.yaml diff --git a/cilang_rules_config.yaml b/cilang_rules_config.yaml new file mode 100644 index 000000000..9727f091b --- /dev/null +++ b/cilang_rules_config.yaml @@ -0,0 +1,3773 @@ +rules: +- id: WordsTool.52 CoreML + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.282 不会更便宜了 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.8 aidl + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.STD.07-CPP 禁止使用std::string存储敏感信息 + level: critical + engine: codemars + language: C++ + description: 严禁使用string类存储敏感信息,关键字包括password、psw、pwd、passwd + cwe: '226' + enabled: true +- id: G.PRE.13 所有#else、#elif、#endif和与之对应的#if、#ifdef、#ifndef预处理指令应出现在同一文件中【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改预处理指令在同一个文件中闭合。 + cwe: '150' + enabled: true +- id: G.FMT.03 使用统一的大括号换行风格【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "建议通过格式化工具自动修复。\r\n使用K&R风格或者Allman风格,并保持风格一致。" + cwe: '1078' + enabled: true +- id: WordsTool.252 独一无二 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.MEM.04 内存中的敏感信息使用完毕后立即清0 + level: critical + engine: codemars + language: C++ + description: 内存中的敏感信息使用完毕后立即清零,关键字包括password、psw、pwd、passwd + cwe: '226' + enabled: true +- id: G.FUU.13 禁止封装安全函数 + level: critical + engine: codemars + language: C++ + description: 对安全函数做封装时,正确理解destMax的用法,不要用count替代destMax + cwe: '676' + enabled: true +- id: G.FMT.11 用空格突出关键字和重要信息--类型转换【C】 + level: warning + engine: clangtidy + language: C++ + description: 移除被强制转换的变量与类型之间多余的空格。 + cwe: '1114' + enabled: true +- id: WordsTool.231 一流 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.38-CPP switch语句中至少有两个条件分支 + level: critical + engine: fixbotengine-cxx + language: C++ + description: switch至少要有两个分支,单分支的情况可以改为if语句。 + cwe: 187,1071,1076 + enabled: true +- id: WordsTool.190 V8 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.222 最受欢迎 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.109 Intellj + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.130 low memory killer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.35-CPP 使用nullptr作为空指针常量 + level: critical + engine: clangtidy + language: C++ + description: 使用nullptr替换空指针常量。 + cwe: '1024' + enabled: true +- id: WordsTool.220 最高级 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.38 CarHvacManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 弱加密算法【C】 + level: critical + engine: codemars + language: C++ + description: 使用安全的加密函数 + cwe: '1240' + enabled: true +- id: WordsTool.303 色情 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.10 Android + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.6 Activity + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.117 Javap + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.29-CPP 比较两个表达式时,左侧倾向于变化,右侧倾向于不变 + level: warning + engine: clangtidy + language: C++ + description: 将变量放在比较表达式左侧 + cwe: '1076' + enabled: true +- id: G.RES.05-CPP 当lambda会逃逸出函数外面时,禁止按引用捕获局部变量 + level: critical + engine: clangtidy + language: C++ + description: lambda 按值捕获局部变量。 + cwe: '562' + enabled: true +- id: WordsTool.79 DropBox + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.75 dex + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.210 WTF + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.02 定义宏时,要使用完备的括号 + level: critical + engine: clangtidy + language: C++ + description: 函数式宏参数使用时添加括号 + cwe: '783' + enabled: true +- id: WordsTool.83 EuiccCardController + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.03 含有变量自增或自减运算的表达式中禁止再次引用该变量【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 自增或自减运算提到表达式之外,单独放一行。 + cwe: '758' + enabled: true +- id: WordsTool.173 SoudPool + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.10 指针类型"*"跟随变量或者函数名【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 修改`*`跟随变量名或者函数名。 + cwe: '1076' + enabled: true +- id: G.ERR.08-CPP 如果catch子句中不做任何操作,应添加注释说明原因 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "1. 如果是遗漏了catch中的操作,请添加。\r\n2. 如果是有意的catch不做任何操作,应该添加注释说明原因。" + cwe: '390' + enabled: true +- id: G.FUD.05 函数要简短--函数大小【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "函数不超过50行(非空非注释),可通过一些重构方法进行改进,修改方法如:\r\n\r\n1. 拆分函数:将函数拆分成多个较小的函数,每个函数负责完成特定的任务。\r\ + \n\r\n2. 提取子函数:将函数中的一部分代码提取出来,封装成一个独立的子函数。这样可以减少主函数的代码行数,并且可以复用这个子函数。\r\n\r\n\ + 3. 提取重复代码块:检查函数中是否有重复的代码块,如果有,可以将其提取出来,封装成一个独立的函数或者方法。\r\n\r\n4. 使用设计模式:使用适当的设计模式可以帮助将复杂的函数拆分成更小的模块。" + cwe: 1080,1124 + enabled: true +- id: G.EXP.30-CPP 用括号明确表达式的操作顺序,避免过分依赖默认优先级 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 添加括号明确表达式顺序。 + cwe: '783' + enabled: true +- id: 不安全函数[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '242' + enabled: true +- id: G.ERR.06-CPP 禁止给函数加"throw"异常说明 + level: critical + engine: clangtidy + language: C++ + description: 用noexcept标记 + cwe: '477' + enabled: true +- id: WordsTool.262 冠军 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.12 正确设置安全函数中的destMax参数--检查destMax和count参数【C】 + level: critical + engine: codemars + language: C++ + description: 正确设置memcpy_s、strcpy_s等函数的destMax和count参数。 + cwe: '687' + enabled: true +- id: G.STD.17-CPP 禁止调用kill、TerminateProcess函数直接终止其他进程 + level: critical + engine: codemars + language: C++ + description: 禁止调用kill、TerminateProcess函数直接终止其他进程。 + cwe: '459' + enabled: true +- id: WordsTool.27 Bionic + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.STD.01-CPP 使用新的标准头文件 + level: critical + engine: clangtidy + language: C++ + description: "用C++标准头文件``替换C标准头文件``。\r\n举例如下\r\n| C标准头文件 | C++标准头文件\ + \ |\r\n| ------- | ------- |\r\n| stdlib.h | cstdlib |\r\n| time.h | ctime |\r\ + \n| math.h | cmath |\r\n| stdio.h | cstdio |\r\n| ... | ... |" + cwe: '1076' + enabled: true +- id: WordsTool.119 JD-Eclipse + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.113 Jad + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CTL.03 循环必须安全退出【C】 + level: info + engine: codemars + language: C++ + description: 确保循环能够正常退出,不出现死循环的情况。 + cwe: 570,571,835 + enabled: true +- id: G.INT.04 整型表达式比较或赋值为一种更大类型之前必须用这种更大类型对它进行求值【C】 + level: warning + engine: codemars + language: C++ + description: 当组合表达式的运算结果赋值给比它更大类型,或者与比它更大类型进行运算时,应显式转换其中一个操作数为较大的类型。 + cwe: 192,843 + enabled: true +- id: WordsTool.136 monkeyrunner + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.15 只能使用华为安全函数库中的安全函数或经华为认可的其他安全函数--检查安全函数定义是否在安全函数库中【C】 + level: critical + engine: codemars + language: C++ + description: 不要自定义安全函数。 + cwe: '676' + enabled: true +- id: WordsTool.258 领导者 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.09 禁止使用realloc()函数【C】 + level: critical + engine: codemars + language: C++ + description: 禁止调用realloc函数 + cwe: '676' + enabled: true +- id: WordsTool.30 Build flavor + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.176 STM + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.14-CPP 指针类型"*"和引用类型"&"只跟随类型或变量名--指针类型 + level: warning + engine: fixbotengine-cxx + language: C++ + description: '"*"和"&"按要求跟随类型或者名称。' + cwe: '1076' + enabled: true +- id: WordsTool.277 免抽检 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.ERR.02-CPP 抛异常时,抛对象本身,而不是指向对象的指针 + level: critical + engine: clangtidy + language: C++ + description: 抛出对象本身而非指针。 + cwe: 401,755 + enabled: true +- id: WordsTool.115 Java Crash + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.51 ConnectionServiceAdapter + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.13 禁止封装安全函数【C】 + level: critical + engine: codemars + language: C++ + description: 对安全函数做封装时,正确理解destMax的用法,不要用count替代destMax + cwe: '676' + enabled: true +- id: G.FUU.21 禁止使用内存操作类不安全函数【C】 + level: warning + engine: codemars + language: C++ + description: 使用安全函数替代危险函数。 + cwe: '242' + enabled: true +- id: G.FMT.13-CPP case/default语句相对switch缩进一层 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按要求进行缩进。 + cwe: '1078' + enabled: true +- id: WordsTool.264 遥遥领先 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.306 病毒 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.227 最新科技 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.INT.09 确保枚举常量映射到唯一值【C】 + level: critical + engine: clangtidy + language: C++ + description: "1、不提供显式的整数赋值。\r\n2、如果第一个枚举值不需要从0开始的话,只对第一个成员赋值,其它成员不提供显示的整数赋值。\r\n\ + 3、如果枚举类型的多个成员确实需要分配相同的值,需要提供显式的整数赋值,并写一条注释,解释为什么这样做。" + cwe: '462' + enabled: true +- id: G.FMT.14-CPP 指针类型"*"和引用类型"&"只跟随类型或变量名--引用类型 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "1. 确认选用的规则是跟随类型还是跟随变量名或函数名,根据确认结果修改。\r\n\r\n2. 可通过格式化工具修复问题,可配置是**跟随类型**或**跟随变量名或函数名**。" + cwe: '1076' + enabled: true +- id: WordsTool.152 WordsTool.1PKEraserTool + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.232 国家级 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.02 定义宏时,要使用完备的括号【C】 + level: critical + engine: clangtidy + language: C++ + description: "在宏定义中加上括号,如:\r\n```c\r\n#define SQUARE(x) x * x // 不符合\r\n```\r\n\ + 改为\r\n```c\r\n#define SQUARE(x) ((x) * (x)) // 符合\r\n```" + cwe: '783' + enabled: true +- id: WordsTool.249 首次 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.141 MyScript + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.VAR.05 指向资源句柄或描述符的变量,在资源释放后立即赋予新值【C】 + level: critical + engine: codemars + language: C++ + description: 对于局部变量,调用closesocket、free、close、delete等函数释放资源后,需要重新赋值后再继续使用;对于全局变量,释放后在函数结束前需要被重新赋值 + cwe: '416' + enabled: true +- id: WordsTool.224 最高搭载 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.185 traceview + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.05-CPP 移动构造函数和移动赋值操作符应该同时声明 + level: warning + engine: clangtidy + language: C++ + description: 同时声明移动构造函数和移动赋值操作符,包括自定义实现、`=default`和`=delete`。 + cwe: '1076' + enabled: true +- id: WordsTool.165 ReleaseAndSwap + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.139 multidex + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.261 之王 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.04 禁止把带副作用的表达式作为参数传递给函数式宏【C】 + level: critical + engine: clangtidy + language: C++ + description: 不要将带副作用的表达式作为宏的参数。 + cwe: '687' + enabled: true +- id: WordsTool.256 领袖品牌 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.195 VMS + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.4 AAudio + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.05-CPP 行宽不超过120个字符 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 在合适的位置换行。 + cwe: '1078' + enabled: true +- id: WordsTool.217 最快 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.15 只能使用华为安全函数库中的安全函数或经华为认可的其他安全函数--检查安全函数定义是否在安全函数库中 + level: critical + engine: codemars + language: C++ + description: 不要自定义安全函数。 + cwe: '676' + enabled: true +- id: G.AST.01 断言必须使用宏定义,且只能在调试版本中生效【C】 + level: critical + engine: codemars + language: C++ + description: 断言必须使用宏定义,且只能在调试版本中生效。 + cwe: '617' + enabled: true +- id: WordsTool.279 机关推荐 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.33 canvasViewDidBeginUsingTool + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.291 真皮 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.312 地震 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.21 AudioFocus + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.24 BarringActive + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.06-CPP 换行时将操作符留在行末,新行缩进一层或进行同类对齐--数据初始化换行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按要求进行对齐。 + cwe: '1114' + enabled: true +- id: WordsTool.140 MYFITNESSPAL + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.101 HWC + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.205 libomp + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.99 HoldAndAnswer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.153 places + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.AST.03 禁止用断言检测程序在运行期间可能导致的错误,可能发生的错误要用错误处理代码来处理 + level: warning + engine: codemars + language: C++ + description: 不要在发布版本上使用assert检查程序运行过程中发生的错误。 + cwe: '617' + enabled: true +- id: WordsTool.171 SmsManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.110 Intent + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.63 CXCallUpdate + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.254 金牌 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.7 adb + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.11 用空格突出关键字和重要信息--二元表达式【C】 + level: warning + engine: clangtidy + language: C++ + description: "二元操作符左右两边需要有一个空格,请补齐。\r\n\r\n建议通过格式化工具自动修复。" + cwe: '1114' + enabled: true +- id: G.ERR.07-CPP 在构造函数的函数级try-catch的catch块内,不能使用基类以及成员变量 + level: critical + engine: clangtidy + language: C++ + description: 在构造函数的函数级try-catch的catch块内,不要使用基类以及成员变量。 + cwe: '1076' + enabled: true +- id: WordsTool.230 TOP.1 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.146 NuPlayer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.26-CPP 整型表达式比较或赋值为一种更大类型之前必须用这种更大类型对它进行求值 + level: warning + engine: codemars + language: C++ + description: 当组合表达式的运算结果赋值给比它更大类型,或者与比它更大类型进行运算时,应显式转换其中一个操作数为较大的类型。 + cwe: '190' + enabled: true +- id: G.INC.02 头文件的扩展名只使用.h,不使用非习惯用法的扩展名,如.inc【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 修改头文件扩展名为.h。 + cwe: '1099' + enabled: true +- id: WordsTool.238 极品 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.188 UsbManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.RES.10-CPP 使用std::make_shared 而不是new 创建std::shared_ptr + level: critical + engine: fixbotengine-cxx + language: C++ + description: 使用`make_shared`创建`shared_ptr`。 + cwe: '1076' + enabled: true +- id: WordsTool.54 CreateMultiparty + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.105 InCallAdapter + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.124 Kotlin + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.5 无LICENSE文件 + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.11 必须检查安全函数返回值,并进行正确的处理 + level: warning + engine: codemars + language: C++ + description: 需要对安全函数的返回值进行检查,并在返回错误状态时,做出相应的错误处理。 + cwe: '252' + enabled: true +- id: G.CNS.01-CPP 禁止使用小写字母"l"作为数值型字面量后缀 + level: critical + engine: clangtidy + language: C++ + description: 小写"l"替换成大写"L"。 + cwe: '1107' + enabled: true +- id: WordsTool.214 安卓 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.73 DefaultDialerManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.207 mingw + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.125 liblog + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CMT.04-CPP 不写空有格式的函数头注释 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 补充内容或者删除空有格式的注释。 + cwe: '1116' + enabled: true +- id: G.NAM.03-CPP 使用统一的命名风格 + level: info + engine: clangtidy + language: C++ + description: 根据提示信息验证代码风格。 + cwe: '1099' + enabled: true +- id: WordsTool.138 Morpho + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CTL.06 goto语句只能向下跳转【C】 + level: critical + engine: clangtidy + language: C++ + description: "1. 除了必须使用goto的场景(如在函数末尾进行错误处理)外,不应使用goto语句,可使用结构化的控制语句(如if、for、while等)来实现程序逻辑。\r\ + \n2. 必须使用goto的场景,goto语句不要向上跳转,只能向下跳转。" + cwe: '1075' + enabled: true +- id: WordsTool.90 FirstBeat + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.200 profiler + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.180 Telecom + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.179 Talkback + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.88 Fernflower + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: FossScan.1 OpenSource Software + level: warning + engine: FossScan + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.257 世界领先 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.09 case/default 语句相对 switch 缩进一层【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "建议通过格式化工具自动修复。\r\ncase/default语句相对switch缩进一层,case中的语句相对case缩进一层。" + cwe: '1078' + enabled: true +- id: WordsTool.91 flutter + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.42 CarSensor + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.60 CXAction + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CMT.02 代码注释置于对应代码的上方或右边【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "将注释放置于代码`上一行`或`右边`。\r\n1. 当注释内容不长时,可考虑置于对应代码右边。\r\n2. 如果注释内容超过行宽,或者注释内容多行时,可考虑将注释置于代码上一行。可通过工具格式化。注释符与代码之间留有1个空格。" + cwe: '1113' + enabled: true +- id: WordsTool.122 jetpack + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.11 用空格突出关键字和重要信息--三元条件表达式【C】 + level: warning + engine: clangtidy + language: C++ + description: "条件表达式`问号`和`冒号`左右两边需要有一个空格,请补齐。\r\n\r\n建议通过格式化工具自动修复。" + cwe: '1114' + enabled: true +- id: WordsTool.236 顶尖 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUN.07-CPP 不要使用std::move 返回函数局部变量 + level: critical + engine: clangtidy + language: C++ + description: 返回函数局部变量时,不要使用 std::move()。 + cwe: '562' + enabled: true +- id: WordsTool.215 ADT + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.196 VNDK + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.112 ios CoreData + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.97 harmonyos + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.147 openjdk + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.04-CPP 拷贝构造函数和拷贝赋值操作符应该同时声明 + level: critical + engine: clangtidy + language: C++ + description: 同时声明拷贝构造函数和拷贝赋值操作符,包括自定义实现、=default和=delete。 + cwe: '1076' + enabled: true +- id: G.PRE.07 宏的名称不应与关键字相同 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改宏的名称。 + cwe: '1109' + enabled: true +- id: G.STD.05-CPP 确保用于字符串操作的缓冲区有足够的空间容纳字符数据和结束符,并且字符串以null结束符结束 + level: critical + engine: codemars + language: C++ + description: '1. 使用itoa/ltoa函数需确保目的缓冲区有足够的长度存储转换后的字符串,防止溢出; + + 2. 使用realpath函数的第二个参数应为系统提供的PATH_MAX或_PC_PATH_MAX,不能使用自定义的宏。linux环境:PATH_MAX的定义在/usr/include/linux/limits.h;windows环境:MAX_PATH的定义在minwindef.h + (visual studio 2017)' + cwe: '119' + enabled: true +- id: G.EXP.05 不要向sizeof传递有副作用的操作数【C】 + level: warning + engine: codemars + language: C++ + description: 禁止通过对指针变量进行sizeof操作来获取数组大小。 + cwe: '687' + enabled: true +- id: WordsTool.276 质量检测 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.87 FastApp + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.55 CTCall/CXCall + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.INT.03 确保除法和余数运算不会导致除零错误(被零除)【C】 + level: critical + engine: codemars + language: C++ + description: 如果除数为外部变量,则需要在使用前进行非零校验 + cwe: '369' + enabled: true +- id: G.FMT.01 非纯ASCII码源文件使用 UTF-8 编码【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 使用UTF-8编码格式。 + cwe: '174' + enabled: true +- id: WordsTool.172 SmsMessage + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.06 函数式宏要简短 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 减少函数式宏的复杂度或者改成函数。 + cwe: '1080' + enabled: true +- id: G.FUU.11 必须检查安全函数返回值,并进行正确的处理【C】 + level: warning + engine: codemars + language: C++ + description: 需要对安全函数的返回值进行检查,并在返回错误状态时,做出相应的错误处理。 + cwe: '252' + enabled: true +- id: WordsTool.48 CommandsInterface + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.11 ANR + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.96 GsmCdmaCall + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.142 Nbaio + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.85 EuiccController + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.01 处理函数的返回值【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "1. 对返回值进行及时、正确的处理。\r\n2. 如果调用者有意不处理返回值,在经过充分考虑之后,可用`(void)`显式忽略掉。" + cwe: 252,253,754 + enabled: true +- id: WordsTool.289 万能 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.202 clang + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.18 Asset Studio + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.233 全球级 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.120 JD-GUI + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.VAR.01 禁止使用未经初始化的变量【C】 + level: critical + engine: clangtidy + language: C++ + description: "1. 应该始终在读取变量之前对其进行初始化。\r\n2. 指针解引用前应确保已初始化且非空。\r\n3. 一元操作符的操作数在被读取之前要求具有符合预期的确定值。" + cwe: '457' + enabled: true +- id: WordsTool.104 InboundSmsTracker + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.2 许可证兼容性 + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.154 play-services + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.STR.01 确保字符串存储有足够的空间容纳字符数据和null结束符【C】 + level: critical + engine: codemars + language: C++ + description: '1. 使用itoa/ltoa函数需确保目的缓冲区有足够的长度存储转换后的字符串,防止溢出; + + 2. 使用realpath函数的第二个参数应为系统提供的PATH_MAX或_PC_PATH_MAX,不能使用自定义的宏。linux环境:PATH_MAX的定义在/usr/include/linux/limits.h;windows环境:MAX_PATH的定义在minwindef.h + (visual studio 2017)。' + cwe: '119' + enabled: true +- id: WordsTool.35 canvasViewDidFinishRendering + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.OTH.03 禁用rand函数产生用于安全用途的伪随机数 + level: warning + engine: codemars + language: C++ + description: '1. 加解密场景必须使用安全随机数(非加解密场景可按误报处理); + + 2. IPSI组件的CRYPT_random,须确保开启了NIST SP 800-90A标准的DRBG后才可使用。' + cwe: '338' + enabled: true +- id: G.EXP.12-CPP 禁止逐位操作非trivially copyable 对象 + level: warning + engine: clangtidy + language: C++ + description: 使用构造函数或赋值构造函数来进行初始化或赋值。 + cwe: '1076' + enabled: true +- id: G.FMT.11 用空格突出关键字和重要信息--函数名【C】 + level: warning + engine: clangtidy + language: C++ + description: "函数参数列表的小括号与函数名之间不加空格,移除多余的空格。\r\n\r\n建议通过格式化工具自动修复。" + cwe: '1114' + enabled: true +- id: WordsTool.221 最低价 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.22-CPP 确保除法和余数运算不会导致除零错误(被零除) + level: critical + engine: codemars + language: C++ + description: 如果除数为外部变量,则需要在使用前进行非零校验。 + cwe: '369' + enabled: true +- id: G.VAR.02 不要在子作用域中重用变量名【C】 + level: critical + engine: clangtidy + language: C++ + description: 修改变量名,保证两个作用域中变量不重名。 + cwe: '1109' + enabled: true +- id: G.STD.13-CPP 调用格式化输入/输出函数时,使用有效的格式字符串--格式化类型不匹配 + level: critical + engine: codemars + language: C++ + description: 确保format函数参数类型和实际类型一致。 + cwe: '628' + enabled: true +- id: G.RES.06-CPP 避免lambda表达式使用默认捕获模式 + level: warning + engine: clangtidy + language: C++ + description: 明确写出lambda需要捕获的变量。 + cwe: '477' + enabled: true +- id: WordsTool.250 首款 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.74 devtools + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CTL.03 循环必须安全退出 + level: info + engine: codemars + language: C++ + description: 确保循环能够正常退出,不出现死循环的情况。 + cwe: 570,571,835 + enabled: true +- id: WordsTool.150 PhoneAccountHandle + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.199 zidaneAAPT + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.118 jdec + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.206 musl + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.114 Jadx + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.244 超级 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.156 Procyon-decompiler + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.32 bytecode-viewer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.80 DumpSys + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.11-CPP 在派生类中重写虚函数时禁止重新定义缺省参数值 + level: critical + engine: clangtidy + language: C++ + description: 在派生类中重写虚函数时不重新定义缺省参数值。 + cwe: '1076' + enabled: true +- id: WordsTool.201 libcore + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.155 PrivateChat + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.16-CPP 用空格突出关键字和重要信息--三元条件表达式 + level: warning + engine: clangtidy + language: C++ + description: 按要求增加/减少空格。 + cwe: '1114' + enabled: true +- id: WordsTool.226 最强 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.INC.06 头文件必须用#define保护,防止重复包含【C】 + level: critical + engine: clangtidy + language: C++ + description: "1. 不要使用`#pragma once`来防止头文件被重复包含,要使用`#define`。\r\n2. 定义包含保护符`#define`时,应该遵守如下规则:\r\ + \n - 保护符命名时,避免首尾是下划线`_`;\r\n - 保护符使用唯一名称;\r\n - 建议考虑项目源代码树顶层以下的文件路径,不要在受保护部分的前后放置代码或者注释,文件头注释除外。" + cwe: '1041' + enabled: true +- id: G.INC.05-CPP 禁止在extern "C"中包含头文件 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改include位置,避免出现extern "C"嵌套。 + cwe: '1076' + enabled: true +- id: G.FUU.06 禁用pthread_exit、ExitThread函数【C】 + level: critical + engine: codemars + language: C++ + description: 不要调用pthread_exit、ExitThread函数 + cwe: '676' + enabled: true +- id: G.FUD.06 内联函数要尽可能短,避免超过10行【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 拆分内联函数或者改为非内联函数。 + cwe: '1076' + enabled: true +- id: G.EXP.43-CPP 不用的代码段直接删除,不要注释掉 + level: critical + engine: fixbotengine-cxx + language: C++ + description: "不用的代码段直接删除掉。若再需要时,考虑移植或重写这段代码。\r\n这里说的“注释掉”的方式,除了`/* */` 或`//`、还包括`#if\ + \ 0`、`#ifdef NEVER_DEFINED`等,但**注释中的代码示例**不属于被注释掉的代码。" + cwe: '561' + enabled: true +- id: WordsTool.285 抢购 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.248 独家 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.149 PhoneAccount + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.16-CPP 用空格突出关键字和重要信息--关键信息 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按要求增加/减少空格。 + cwe: '1114' + enabled: true +- id: WordsTool.67 dalvik + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.17 ART + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CMT.04 不写空有格式的函数头注释【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 补充内容或者删除空有格式的注释。 + cwe: '1116' + enabled: true +- id: G.PRE.04 禁止把带副作用的表达式作为参数传递给函数式宏 + level: critical + engine: clangtidy + language: C++ + description: 不要将副作用表达式作为宏的参数 + cwe: '687' + enabled: true +- id: G.FUU.05 禁止调用kill、TerminateProcess函数直接终止其他进程【C】 + level: critical + engine: codemars + language: C++ + description: 禁止调用kill、TerminateProcess函数直接终止其他进程。 + cwe: '459' + enabled: true +- id: WordsTool.302 宗教 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.66 d8 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.181 TelephonyManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.36 canvasViewDrawingDidChange + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.143 NDK + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.NAM.01-CPP C++文件以.cpp为扩展名,头文件以.h为扩展名 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "1. 修改头文件文件扩展名为.h,修改源文件扩展名为.cpp。\r\n2. 如果当前老项目中已经使用了`.hh, .hpp, .hxx`,\ + \ `.cc, .cxx, .C`扩展名,可以继续使用。" + cwe: '1076' + enabled: true +- id: WordsTool.57 CTCellularData + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.19 atrace + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.14 禁止用宏重命名安全函数 + level: warning + engine: codemars + language: C++ + description: 禁止在宏定义中重定义安全函数。 + cwe: '676' + enabled: true +- id: WordsTool.3 aar + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.270 永远 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.301 台湾 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.160 quick application + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.03-CPP 单参数构造函数声明为explicit + level: warning + engine: clangtidy + language: C++ + description: "以下函数应该加上explicit声明。\r\n- 类的构造函数只有一个参数时。如`A(int i)`、`A(int i = 1)`。\r\ + \n- 类的构造函数中除了第一个参数以外,其他参数都有默认值的时候。(第一个参数可以有默认值,也可以没有)。如`A(int i, int j = 0)`、`A(int\ + \ i = 1, int j = 0)`。\r\n- 自定义的类型转换函数。如`operator 类型()`。" + cwe: '1076' + enabled: true +- id: WordsTool.208 nodejs + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.72 DebugD + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.164 ReleaseAndAnswer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CMT.02-CPP 代码注释置于对应代码的上方或右边 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按照要求放置代码注释。 + cwe: '1113' + enabled: true +- id: G.CTL.07 switch语句要有default分支--没有default分支【C】 + level: critical + engine: clangtidy + language: C++ + description: "1. 增加default分支。\r\n2. 统一将default分支放到switch语句块的最后位置。" + cwe: '478' + enabled: true +- id: WordsTool.274 专供 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.65 CXTransaction + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.RES.02-CPP 内存申请前,必须对申请内存大小进行合法性校验 + level: critical + engine: codemars + language: C++ + description: 申请内存之前,对申请大小的变量做校验。 + cwe: '789' + enabled: true +- id: WordsTool.20 AudioFlinger + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.28 blacklist + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.304 战争 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.13-CPP 禁止重新定义继承而来的非虚函数 + level: warning + engine: clangtidy + language: C++ + description: 如果要在派生类中新增行为,请使用新的函数名,而不是重定义基类中的非虚函数。 + cwe: '1062' + enabled: true +- id: WordsTool.204 libc++ + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.05-CPP 所有#else、#elif、#endif和与之对应的#if、#ifdef、#ifndef预处理指令应出现在同一文件中 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 预处理指令在同一个文件中闭合。 + cwe: '152' + enabled: true +- id: WordsTool.308 恐怖袭击 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 超大函数[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '1080' + enabled: true +- id: G.FUU.14 禁止用宏重命名安全函数【C】 + level: warning + engine: codemars + language: C++ + description: 不要以宏的方式调用安全函数,直接调用安全函数。 + cwe: '676' + enabled: true +- id: WordsTool.189 uuDeJava + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.05 函数式宏定义中慎用 return、goto、continue、break 等改变程序流程的语句 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 重构代码逻辑,避免安全隐患。 + cwe: '705' + enabled: true +- id: G.EXP.09-CPP 变量被使用时才声明并初始化 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 变量使用时才声明并初始化。 + cwe: 453,456,457,1126 + enabled: true +- id: WordsTool.284 万人疯抢 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.12 避免连续3个或更多空行【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 删除多余空行 + cwe: '1114' + enabled: true +- id: G.FUU.12 正确设置安全函数中的destMax参数--检查destMax参数是否设置正确 + level: critical + engine: codemars + language: C++ + description: 安全函数的destMax参数设置应当准确、有效。 + cwe: '687' + enabled: true +- id: G.FMT.16-CPP 用空格突出关键字和重要信息--二元表达式 + level: warning + engine: clangtidy + language: C++ + description: 按要求增加/减少空格。 + cwe: '1114' + enabled: true +- id: WordsTool.184 ToneGenerator + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.07-CPP 多态基类中的拷贝构造函数、拷贝赋值操作符、移动构造函数、移动赋值操作符必须为非public函数或者为delete函数 + level: critical + engine: clangtidy + language: C++ + description: 为了防止出现切片问题,多态基类中的拷贝构造函数、拷贝赋值操作符、移动构造函数、移动赋值操作符必须为非public函数或者为delete函数。 + cwe: '1076' + enabled: true +- id: G.AST.02 避免在代码中直接使用assert()【C】 + level: critical + engine: codemars + language: C++ + description: 断言必须使用宏定义,且只能在调试版本中生效。 + cwe: '617' + enabled: true +- id: WordsTool.192 Vehicle Network Service + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.INT.09 确保枚举常量映射到唯一值 + level: critical + engine: clangtidy + language: C++ + description: '修复建议 + + + (1)纠正编码错误,或者(2)显式指定枚举值' + cwe: '462' + enabled: true +- id: G.CNS.01 禁止使用小写字母"l"作为数值型常量后缀【C】 + level: critical + engine: clangtidy + language: C++ + description: 小写"l"替换成大写"L"。 + cwe: '1107' + enabled: true +- id: G.AST.04 禁止在断言内改变运行环境【C】 + level: warning + engine: codemars + language: C++ + description: 调用ASSERT,入参中不能使用赋值(例如 =、+=、-= 或<<=)、递增和递减(例如++或—)、修改堆(例如 ASSERT(new + xxx))。 + cwe: '617' + enabled: true +- id: WordsTool.128 Logcat + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.1 aab + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 超大源文件[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '1080' + enabled: true +- id: G.FUU.10 禁止使用alloca()函数申请栈上内存【C】 + level: critical + engine: codemars + language: C++ + description: 禁止调用alloca函数,请使用malloc从堆中动态分配内存。 + cwe: '676' + enabled: true +- id: WordsTool.229 No.1 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.280 机关检测 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 检查通过代码注释屏蔽coverity告警的方式 + level: warning + engine: codemars + language: C++ + description: 不要通过代码注释屏蔽coverity告警。 + cwe: '546' + enabled: true +- id: G.FUD.05 函数要简短--函数嵌套层次【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "函数的代码块嵌套不要超过4层,修改方法参考如下:\r\n\r\n1. 用卫语句来减少嵌套深度。\r\n\r\n2. 重构函数:如果嵌套过深,可能意味着函数功能过于复杂,可以考虑将函数拆分成多个小函数,每个函数只处理部分功能,使函数更加简单易懂。" + cwe: 1080,1124 + enabled: true +- id: G.RES.08-CPP 使用RAII技术管理资源的生命周期 + level: warning + engine: clangtidy + language: C++ + description: "使用RAII技术管理生命周期。如:\r\n1. 比如new/delete,可使用智能指针。\r\n2. 比如lock/unlock,可使用std::lock_guard。" + cwe: '762' + enabled: true +- id: WordsTool.157 proguard + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.121 JD-IntelliJ + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.19-CPP 禁止使用std::move操作const对象 + level: critical + engine: clangtidy + language: C++ + description: "禁止`std::move`操作`const`对象。\r\n1. 如果对象不需要移动且不能修改,则不需要使用移动操作,使用拷贝操作。\r\ + \n2. 如果对象需要移动,则对象不需要const修饰,这时可使用`std::move`进行数据移动操作。" + cwe: '471' + enabled: true +- id: G.FUN.01-CPP 函数功能要单一--函数嵌套层次 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 对代码进行重构,减少函数复杂度。 + cwe: '1080' + enabled: true +- id: G.PRE.07 宏的名称不应与关键字相同【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: "修改宏名,不要和关键字相同,如:\r\n\r\n```c\r\nbreak:用于跳出循环或switch语句。\r\nelse:用于定义if语句中的否定分支。\r\ + \ncase:用于定义switch语句中的分支。\r\nenum:用于定义枚举类型。\r\nchar:用于声明字符类型。\r\nextern:用于声明外部变量或函数。\r\ + \nconst:用于声明常量。\r\nfloat:用于声明单精度浮点数类型。\r\ncontinue:用于跳过当前循环的剩余部分。\r\nfor:用于定义for循环。\r\ + \ndefault:用于定义switch语句中的默认分支。\r\ngoto:用于无条件跳转到指定的标签。\r\ndo:用于定义do-while循环。\r\n\ + if:用于定义条件语句。\r\ndouble:用于声明双精度浮点数类型。\r\ninline:用于声明内联函数。\r\nint:用于声明整数类型。\r\n\ + long:用于声明长整数类型。\r\nregister:用于声明寄存器变量。\r\nreturn:用于从函数中返回值。\r\nshort:用于声明短整数类型。\r\ + \nsigned:用于声明有符号类型。\r\nsizeof:用于获取变量或类型的大小。\r\nstatic:用于声明静态变量或函数。\r\nstruct:用于定义结构体类型。\r\ + \nswitch:用于定义多分支选择语句。\r\ntypedef:用于定义类型别名。\r\nunion:用于定义联合类型。\r\nunsigned:用于声明无符号类型。\r\ + \nvoid:用于声明无类型。\r\nvolatile:用于声明易变变量。\r\n...\r\n```" + cwe: '1109' + enabled: true +- id: G.PRE.08 禁止宏调用参数中出现预编译指令 + level: critical + engine: clangtidy + language: C++ + description: 预处理指令在宏调用之外进行保护 + cwe: '758' + enabled: true +- id: G.STD.04-CPP 不要保存std::string类型的c_str和data成员函数返回的指针 + level: critical + engine: clangtidy + language: C++ + description: "1. 不要保存std::string类型的c_str()和data()的结果,而是在每次需要时直接调用。\r\n2. 不要返回局部变量的c_str()和data()的结果。" + cwe: '825' + enabled: true +- id: WordsTool.148 perfeto + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.01-CPP 非纯ASCII码源文件使用 UTF-8 编码 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 使用UTF-8编码。 + cwe: '174' + enabled: true +- id: WordsTool.278 领导人推荐 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.15 Applets + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.151 PKCanvasView + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.281 再不抢就没了 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.10-CPP 不要在嵌套作用域中重用名称 + level: critical + engine: clangtidy + language: C++ + description: 重命名变量 + cwe: '1109' + enabled: true +- id: WordsTool.260 领袖 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 'WordsTool.213 小程序 ' + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.4 版权头 + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.12-CPP 避免将if/else/else if写在同一行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 将`else`、`else if`语句拆分到多行。 + cwe: '1078' + enabled: true +- id: G.INC.07 禁止通过声明的方式引用外部函数接口、变量【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改为通过头文件引入外部变量和函数。 + cwe: '646' + enabled: true +- id: WordsTool.29 broadcastreceiver + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.9 AMS + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.05-CPP 禁止通过声明的方式引用外部函数接口和变量 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 通过头文件包含来使用接口。 + cwe: '646' + enabled: true +- id: WordsTool.161 QuickApp + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.ARR.03 禁止通过对指针变量进行sizeof操作来获取数组大小【C】 + level: warning + engine: codemars + language: C++ + description: 禁止通过对指针变量进行sizeof操作来获取数组大小。 + cwe: '467' + enabled: true +- id: WordsTool.288 全网最低价 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.247 首选 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.92 GatewayInfo + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.10-CPP 函数的返回类型及修饰符与函数名同行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 函数返回值及修饰符与函数名调整到同一行。 + cwe: '1078' + enabled: true +- id: WordsTool.41 CarProperty + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.37 CarAppFocusManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 超大圈复杂度[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '1121' + enabled: true +- id: WordsTool.315 黄赌毒 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.292 纯天然 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.294 全面 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.144 NEURALA + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.259 至尊 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.10-CPP 通过基类指针释放派生类时,必须将基类中析构函数声明为虚函数 + level: critical + engine: clangtidy + language: C++ + description: 如果类作为多态基类使用,析构函数需声明为虚函数。 + cwe: '1079' + enabled: true +- id: G.STD.15-CPP 禁止外部可控数据作为进程启动函数的参数或者作为dlopen/LoadLibrary等模块加载函数的参数 + level: warning + engine: codemars + language: C++ + description: 优先考虑使用C标准函数实现需要的功能。如果确实需要使用这些函数,请使用白名单机制确保这些函数的参数不受任何外来数据的影响 + cwe: '78' + enabled: true +- id: WordsTool.126 libunwindstack + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.21 禁止使用内存操作类不安全函数 + level: warning + engine: codemars + language: C++ + description: 使用安全函数替代危险函数。 + cwe: '242' + enabled: true +- id: WordsTool.197 VoiceCallManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.2 aapt2 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.299 香港 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.ARR.07 声明一个带有外部链接的数组时,必须显式指定它的大小【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "数组声明时,同时显式指定其大小,如:\r\n1. 固定长度数组\r\n```c\r\nextern int g_array[MAX_LEN];\ + \ \r\n```\r\n2. 需要通过计算的数组长度,注意**数组和数组长度参数**的声明放一起,中间不要有间隔。\r\n```c\r\nconst char\ + \ g_array[];\r\nconst size_t g_arrayLen;\r\n```" + cwe: '129' + enabled: true +- id: G.FUU.03 调用格式化输入/输出函数时,使用有效的格式字符串【C】 + level: critical + engine: codemars + language: C++ + description: 确保format函数参数个数和实际参数个数一致。 + cwe: '628' + enabled: true +- id: G.EXP.04 用括号明确表达式的操作顺序,避免过分依赖默认优先级【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 添加括号来明确表达式的操作顺序。 + cwe: '783' + enabled: true +- id: WordsTool.84 EuiccConnector + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.183 tombstone + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.223 最先进 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.AST.05 一个断言只用于检查一个错误【C】 + level: critical + engine: codemars + language: C++ + description: 一个断言只用于检查一个错误。 + cwe: '617' + enabled: true +- id: WordsTool.314 地图 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.309 妖魔鬼怪 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.298 Atomic Ability + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.DCL.01 不要声明或定义保留的标识符【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改标识符名称。 + cwe: '1099' + enabled: true +- id: WordsTool.194 VM Reboot VM WatchDog + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.OTH.01 删除无效或永不执行的代码 + level: critical + engine: clangtidy + language: C++ + description: 删除不可执行代码 + cwe: 561,1041 + enabled: true +- id: G.FUU.10 禁止使用alloca()函数申请栈上内存 + level: critical + engine: codemars + language: C++ + description: 禁止调用alloca函数,请使用malloc从堆中动态分配内存。 + cwe: '676' + enabled: true +- id: WordsTool.94 GMV + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.15 只能使用华为安全函数库中的安全函数或经华为认可的其他安全函数--检查用户自定义类安全函数【C】 + level: warning + engine: codemars + language: C++ + description: 不要自定义安全函数。 + cwe: '676' + enabled: true +- id: G.PRE.10 宏定义不应依赖宏外部的局部变量名【C】 + level: critical + engine: clangtidy + language: C++ + description: "1. 将需要引用的局部变量作为宏参数传递进来。\r\n2. 将宏定义中引用外部局部变量的代码分离出去。" + cwe: '1109' + enabled: true +- id: WordsTool.234 世界级 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.04 一行只有一条语句【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 将语句拆分到多行,一行只有一条语句。 + cwe: '1078' + enabled: true +- id: WordsTool.76 dex2oat + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.311 枪杀 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.08 禁止宏调用参数中出现预编译指令【C】 + level: critical + engine: clangtidy + language: C++ + description: 宏参数不要出现预编译指令,可改为在每个预编译指令下均调用一次宏。 + cwe: '758' + enabled: true +- id: WordsTool.25 bicdriod + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.268 前所未见 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.5 Accessibility + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.44 Carservice + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.78 DriverCall + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.219 最美 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.266 史无前例 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.174 SoundTrigger + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.15-CPP 声明中的非类型描述符应该在类型描述符左边 + level: warning + engine: clangtidy + language: C++ + description: 非类型描述符(如:static、virtual、volatile、extern)放在类型描述符的左边。 + cwe: '1076' + enabled: true +- id: WordsTool.300 澳门 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.10 特殊词汇 + level: critical + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.06-CPP 换行时将操作符留在行末,新行缩进一层或进行同类对齐--操作符换行 + level: warning + engine: clangtidy + language: C++ + description: 按要求进行对齐。 + cwe: '1114' + enabled: true +- id: OAT.1 二进制文件 + level: critical + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.RES.12-CPP 自定义new/delete操作符需要配对定义,且行为与被替换的操作符一致 + level: warning + engine: clangtidy + language: C++ + description: "1. 如果自定义了`operator new`,必须同时自定义对应的`operator delete`。\r\n2. 如果自定义了`operator\ + \ new[]`,必须同时自定义对应的`operator delete[]`。" + cwe: 401,762 + enabled: true +- id: WordsTool.198 VUE + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.12 正确设置安全函数中的destMax参数--检查destMax和count参数 + level: critical + engine: codemars + language: C++ + description: 正确设置memcpy_s、strcpy_s等函数的destMax和count参数。 + cwe: '687' + enabled: true +- id: G.EXP.14-CPP 使用由C++提供的类型转换操作 + level: critical + engine: clangtidy + language: C++ + description: "C++转换操作符用法说明参考如下,请根据业务场景合理选择:\r\n- dynamic_cast:主要用于继承体系下行转换,该转换具有类型检查的功能。应做好基类和派生类的设计,合理使用dynamic_cast:\r\ + \n 1. dynamic_cast的出现一般说明基类和派生类设计出现了问题,派生类破坏了基类的契约,不得不通过dynamic_cast转换到派生类进行特殊处理,这个时候更希望来改善类的设计,而不是通过dynamic_cast来解决问题。\r\ + \n 2. 如果强制转换不可避免,则应优先使用dynamic_cast,而不是使用static_cast,因为编译器将在运行时检查强制转换的有效性。\r\ + \n- static_cast:和C风格转换相似可做值的强制转换,或上行转换(把派生类的指针或引用转换成基类的指针或引用)。如果是纯粹的算术转换,那么可以使用大括号初始化方式转换。\r\ + \n- reinterpret_cast:用于转换不相关的类型,是一种不安全的转换,应尽量少用reinterpret_cast。\r\n- const_cast:用于移除对象的const属性,使对象变得可修改,这样会破坏数据的不变性,应尽量少用const_cast。" + cwe: 704,1076 + enabled: true +- id: G.FMT.16-CPP 用空格突出关键字和重要信息--一元表达式 + level: warning + engine: clangtidy + language: C++ + description: 按要求增加/减少空格。 + cwe: '1114' + enabled: true +- id: WordsTool.166 RN + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 超大深度函数[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '1124' + enabled: true +- id: G.FMT.02-CPP 使用空格进行缩进,每次缩进4个空格 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按要求进行缩进。 + cwe: '1114' + enabled: true +- id: G.CLS.08-CPP delete操作符、移动构造函数、移动赋值操作符、swap函数应该有noexcept声明 + level: warning + engine: clangtidy + language: C++ + description: 添加noexcept声明 + cwe: '1076' + enabled: true +- id: WordsTool.263 引领者 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.69 DcController + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.271 最强 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.61 CXCallController + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.240 绝佳 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.ERR.03-CPP 以左值引用的形式捕获异常 + level: critical + engine: clangtidy + language: C++ + description: 改成以左值引用形式捕获异常。 + cwe: 754,755 + enabled: true +- id: WordsTool.123 JetPlayer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.11 用空格突出关键字和重要信息--关键信息【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "1. 清除行尾空格,IDE可设置**保存文件自动删除行尾多余空格**。\r\n2. 清除小括号内部两侧的空格。\r\n3. 逗号,分号,冒号(不含三元操作符和表示位域的冒号)前的空格清除,其后需有空格。\r\ + \n4. `#include`指令与文件路径之间需要有空格。\r\n\r\n建议通过格式化工具自动修复。" + cwe: '1114' + enabled: true +- id: WordsTool.225 最高优惠 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.212 quick application + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.58 CTSubscriber + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FIL.03 不要在共享目录中创建临时文件【C】 + level: critical + engine: codemars + language: C++ + description: 不要在共享目录中创建临时文件。 + cwe: '379' + enabled: true +- id: G.OTH.03 禁用rand函数产生用于安全用途的伪随机数【C】 + level: warning + engine: codemars + language: C++ + description: '1. 加解密场景必须使用安全随机数(非加解密场景可按误报处理); + + 2. IPSI组件的CRYPT_random,须确保开启了NIST SP 800-90A标准的DRBG后才可使用。' + cwe: '338' + enabled: true +- id: WordsTool.255 王牌 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.89 firebase + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.111 iOS Background Modes + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.11 用空格突出关键字和重要信息--一元表达式【C】 + level: warning + engine: clangtidy + language: C++ + description: "一元操作符(`&`,`*`,`+`,`‐`,`~`,`!`)之后不加空格,移除多余的空格。\r\n\r\n建议通过格式化工具自动修复。" + cwe: '1114' + enabled: true +- id: G.FMT.05 行宽不超过 120 个字符【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 行宽超过120个字符要进行换行,换行请参考[G.FMT.06 换行时将操作符留在行末,新行缩进一层或进行同类对齐]。 + cwe: '1078' + enabled: true +- id: G.NAM.01 使用统一的命名风格【C】 + level: warning + engine: clangtidy + language: C++ + description: 修改标识符名称。 + cwe: '1099' + enabled: true +- id: G.CLS.15-CPP 禁止重载逗号操作符、&&操作符和||操作符 + level: critical + engine: clangtidy + language: C++ + description: 不要重载逗号操作符、&&操作符和||操作符 + cwe: 480,768 + enabled: true +- id: WordsTool.290 无敌 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.MEM.04 内存中的敏感信息使用完毕后立即清0【C】 + level: critical + engine: codemars + language: C++ + description: 内存中的敏感信息使用完毕后立即清零,关键字包括password、psw、pwd、passwd + cwe: '226' + enabled: true +- id: WordsTool.31 Build Variant + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.22 AudioState + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.AST.03 禁止用断言检测程序在运行期间可能导致的错误,可能发生的错误要用错误处理代码来处理【C】 + level: warning + engine: codemars + language: C++ + description: 不要在发布版本上使用assert检查程序运行过程中发生的错误。 + cwe: '617' + enabled: true +- id: 'WordsTool.211 快应用 ' + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 查不同分支分别调用了危险函数和对应的安全函数 + level: warning + engine: codemars + language: C++ + description: 不同分支禁止同时调用危险函数和对应的安全函数。 + cwe: '242' + enabled: true +- id: WordsTool.237 尖端 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.175 Stagefright + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 弱加密算法 + level: critical + engine: codemars + language: C++ + description: 使用安全的加密函数 + cwe: '1240' + enabled: true +- id: WordsTool.98 HIDL + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.178 systrace + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.218 最佳 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.93 GMS + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.13 apk + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.267 绝无仅有 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.242 极致 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.245 超薄 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.235 顶级 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FIL.03 不要在共享目录中创建临时文件 + level: critical + engine: codemars + language: C++ + description: 不要在共享目录中创建临时文件。 + cwe: '379' + enabled: true +- id: WordsTool.doc1 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.246 首个 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.106 InCallService + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.307 末日 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.8 无README + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.56 CTCarrier + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.102IIccPhoneBook + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.ERR.04-CPP 多个catch子句,前者不能隐藏后者 + level: critical + engine: clangtidy + language: C++ + description: "1. catch先捕获派生类,后捕获基类。\r\n2. catch (...)放最后。" + cwe: 544,754 + enabled: true +- id: WordsTool.159 PSI + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.86 eventlog + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.06-CPP 换行时将操作符留在行末,新行缩进一层或进行同类对齐--函数声明参数换行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按要求进行对齐。 + cwe: '1114' + enabled: true +- id: G.FUU.12 正确设置安全函数中的destMax参数--检查destMax参数是否设置正确【C】 + level: critical + engine: codemars + language: C++ + description: 安全函数的destMax参数设置应当准确、有效。 + cwe: '687' + enabled: true +- id: WordsTool.305 疫情 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.137 monkytest + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.09 宏定义不以分号结尾【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 删除宏定义结尾分号,将是否使用分号的决定权交给宏的使用者。 + cwe: '152' + enabled: true +- id: WordsTool.216 Cursor + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.11-CPP 选择、循环语句使用大括号 + level: warning + engine: clangtidy + language: C++ + description: 对条件或循环语句加大括号 + cwe: '1078' + enabled: true +- id: WordsTool.100 huawei + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.283 错过就没机会了 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.296 权威 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.269 永恒 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.9 三方软件版本 + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.17 禁止外部可控数据作为dlopen/LoadLibrary等模块加载函数的参数【C】 + level: warning + engine: codemars + language: C++ + description: 优先考虑使用C标准函数实现需要的功能。如果确实需要使用这些函数,请使用白名单机制确保这些函数的参数不受任何外来数据的影响 + cwe: '78' + enabled: true +- id: WordsTool.code1 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.03-CPP 使用统一的大括号换行风格 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 使用相应的大括号换行风格。 + cwe: '1078' + enabled: true +- id: WordsTool.64 CXProvider + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.09-CPP 构造函数初始化列表放在同一行或按4空格缩进并排多行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "构造函数初始化列表放在同一行,如果需要换行,则将冒号放置新行,首行缩进4空格,其余多行与首行的成员变量对齐缩进。\r\n请参考如下修复示例。" + cwe: '1078' + enabled: true +- id: G.FUU.04 禁用atexit函数【C】 + level: critical + engine: codemars + language: C++ + description: 禁止调用atexit函数 + cwe: '676' + enabled: true +- id: G.CTL.08 每个switch语句中至少有两个条件分支【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改为if语句 + cwe: '1076' + enabled: true +- id: G.STD.13-CPP 调用格式化输入/输出函数时,使用有效的格式字符串 + level: critical + engine: codemars + language: C++ + description: 确保format函数参数个数和实际参数个数一致。 + cwe: '628' + enabled: true +- id: WordsTool.16 ARCore_stub + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.286 疯抢 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.209 WEEX + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.47 Codec2 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.265 前所未有 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.313 洪水 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.06-CPP 换行时将操作符留在行末,新行缩进一层或进行同类对齐--函数调用参数换行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 按要求进行对齐。 + cwe: '1114' + enabled: true +- id: G.FUU.15 只能使用华为安全函数库中的安全函数或经华为认可的其他安全函数--检查用户自定义类安全函数 + level: warning + engine: codemars + language: C++ + description: 不要自定义安全函数。 + cwe: '676' + enabled: true +- id: G.INC.08 禁止在 extern "C" 中包含头文件【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改include位置,不要在extern "C"中include头文件。 + cwe: '1076' + enabled: true +- id: G.FUU.08 禁用abort函数【C】 + level: critical + engine: codemars + language: C++ + description: 禁用abort函数 + cwe: '676' + enabled: true +- id: WordsTool.12 AOSP + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.40 CarPackageManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.37-CPP switch语句要有default分支--default不是最后一个分支 + level: critical + engine: clangtidy + language: C++ + description: 添加default分支,或者将default分支移到最后 + cwe: '478' + enabled: true +- id: WordsTool.168 simpleperf + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.STD.16-CPP 禁用程序与线程的退出函数和atexit函数 + level: critical + engine: codemars + language: C++ + description: 禁止调用atexit函数 + cwe: '676' + enabled: true +- id: G.INC.08-CPP 不要在#include之前使用using导入namespace + level: critical + engine: fixbotengine-cxx + language: C++ + description: 不要在#include之前使用`using namespace`。 + cwe: '1076' + enabled: true +- id: G.FUD.05 函数要简短--函数参数个数【C】 + level: warning + engine: clangtidy + language: C++ + description: "函数的参数个数不应超过5个,修改方法参考如下:\r\n\r\n1. 使用结构体:将多个参数封装成一个结构体,作为函数的参数传递。\r\ + \n\r\n2. 重构函数:如果函数参数过多,可能意味着函数功能过于复杂,可以考虑将函数拆分成多个小函数,每个函数只处理部分参数,使函数更加简单易懂。" + cwe: 1064,1080,1124 + enabled: true +- id: WordsTool.162 react native + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.163 Reko + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 'WordsTool.145 NinePatchChunk ' + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.39 CarInfoManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.49 ConnectionRequest + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.133 Mediametrics + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.295 全金属机身 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.02-CPP 使用函数代替函数式宏 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 将函数式宏修改为函数。 + cwe: '1076' + enabled: true +- id: WordsTool.287 限时限量 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.RES.09-CPP 使用std::make_unique 而不是new 创建std::unique_ptr + level: critical + engine: fixbotengine-cxx + language: C++ + description: 使用`make_unique`创建`unique_ptr` 。 + cwe: '1076' + enabled: true +- id: G.PRE.10 宏定义不应依赖宏外部的局部变量名 + level: critical + engine: clangtidy + language: C++ + description: 将需要引用的局部变量作为参数传递进来 + cwe: '1109' + enabled: true +- id: WordsTool.167 Shell.APK + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.243 至薄 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.116 Java Decompiler + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CNS.02 不要使用难以理解的常量【C】 + level: critical + engine: fixbotengine-cxx + language: C++ + description: " - 如果某个字面量经常使用到,在使用的上下文中具有固定的含义,应该定义为宏或常量\r\n- 宏或常量的命名应是自注释的,不能自注释的,必要时可以添加注释加以说明。" + cwe: '1099' + enabled: true +- id: G.FMT.07 函数的返回类型及修饰符与函数名同行【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 函数声明和定义时,将函数的**返回类型**及**修饰符**和**函数名**放在同一行。 + cwe: '1076' + enabled: true +- id: WordsTool.186 Treble + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.293 全新 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CNS.02-CPP 不要使用难以理解的字面量 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 对于单点使用的难以理解的常量,按需增加注释说明。对于多处使用的难以理解的常量,应该定义宏或 const 变量,并通过符号命名自注释 。 + cwe: '1099' + enabled: true +- id: G.FMT.16-CPP 用空格突出关键字和重要信息--类型转换 + level: warning + engine: clangtidy + language: C++ + description: 按要求增加/减少空格。 + cwe: '1114' + enabled: true +- id: G.RES.07-CPP 指向资源句柄或描述符的变量,在资源释放后立即赋予新值 + level: critical + engine: codemars + language: C++ + description: 对于局部变量,调用closesocket、free、close、delete等函数释放资源后,需要重新赋值后再继续使用;对于全局变量,释放后在函数结束前需要被重新赋值 + cwe: '416' + enabled: true +- id: WordsTool.71 DDMS + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.OTH.05 禁止代码中包含公网地址 + level: critical + engine: codemars + language: C++ + description: 宏定义中、变量赋值中、特定函数(*strcmp、*strncmp、*memcmp)中禁止使用硬编码公网IP + cwe: '547' + enabled: true +- id: WordsTool.103 InboundSmsHandler + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.34 canvasViewDidEndUsingTool + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.17-CPP 合理安排空行 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 删除多余空行。 + cwe: '1114' + enabled: true +- id: OAT.7 无README.OpenSource + level: critical + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.02 表达式的比较,应当遵循左侧倾向于变化、右侧倾向于不变的原则【C】 + level: warning + engine: clangtidy + language: C++ + description: 比较表达式将常量放右边。 + cwe: '1076' + enabled: true +- id: G.INC.04-CPP 头文件必须采取保护措施,防止重复包含 + level: critical + engine: clangtidy + language: C++ + description: 添加合适的#define保护头文件 + cwe: '1041' + enabled: true +- id: WordsTool.134 Minjava + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FMT.02 使用空格进行缩进,每次缩进4个空格【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: "改为缩进 4 个空格。不允许使用Tab键进行缩进。\r\nLinux内核缩进风格与本规则有冲突,请参考《华为Linux内核编程规范》。" + cwe: '1114' + enabled: true +- id: G.FMT.16-CPP 用空格突出关键字和重要信息--函数名 + level: warning + engine: clangtidy + language: C++ + description: 按要求增加/减少空格。 + cwe: '1114' + enabled: true +- id: WordsTool.187 Trustlook + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.182 tensorflow + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.45 CarSetting + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.70 DcTracker + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.82 Espresso + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.23 AVD + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.191 Vehicle HAL + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.131 Luyten + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUN.01-CPP 函数功能要单一--函数参数个数 + level: warning + engine: clangtidy + language: C++ + description: 对代码进行重构,减少函数复杂度。 + cwe: '1080' + enabled: true +- id: G.EXP.01-CPP 不要声明或定义保留标识符 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 修改标识符名称。 + cwe: '1109' + enabled: true +- id: G.FMT.08 条件、循环语句使用大括号【C】 + level: warning + engine: clangtidy + language: C++ + description: 请给条件、循环语句增加大括号保护。 + cwe: '1078' + enabled: true +- id: WordsTool.251 首发 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.193 VideoProfile + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.241 绝对 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.62 CXCallObserver + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.EXP.33-CPP 含有变量自增或自减运算的表达式中禁止再次引用该变量 + level: critical + engine: fixbotengine-cxx + language: C++ + description: 自增或自减运算提到表达式之外。 + cwe: '758' + enabled: true +- id: WordsTool.272 中国驰名商标 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.OTH.01 删除无效或永不执行的代码【C】 + level: critical + engine: clangtidy + language: C++ + description: 删除无效或永不执行的代码。 + cwe: 561,1041 + enabled: true +- id: WordsTool.53 CreateML + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CMT.05-CPP 正式交付给客户的代码不应包含TODO/TBD/FIXME注释 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 改进代码或者删除注释。 + cwe: '546' + enabled: true +- id: WordsTool.107 IncomingLine + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 超大头文件[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '1080' + enabled: true +- id: WordsTool.127 LMK + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.297 AA + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.FUU.09 禁止使用realloc()函数 + level: critical + engine: codemars + language: C++ + description: 禁止调用realloc函数 + cwe: '676' + enabled: true +- id: WordsTool.59 CTTelephonyNetworkInfo + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.43 CarSensorManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.239 极佳 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.46 CarVendorExtensionManager + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 可查找对分配程序进行调用,并且在使用-或+运算符时将圆括号位置放错的很多情况 + level: warning + engine: codemars + language: C++ + description: 正确分配内存大小 + cwe: '789' + enabled: true +- id: G.FUN.01-CPP 函数功能要单一--函数大小 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 对代码进行重构,减少函数复杂度。 + cwe: '1080' + enabled: true +- id: WordsTool.108 installreferrer + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.ARR.03 禁止通过对指针变量进行sizeof操作来获取数组大小 + level: warning + engine: codemars + language: C++ + description: 禁止通过对指针变量进行sizeof操作来获取数组大小。 + cwe: '467' + enabled: true +- id: 不安全IPSI算法检查 + level: warning + engine: codemars + language: C++ + description: '禁止使用不安全IPSI算法检查,包括对称密码算法、非对称密码算法、哈希算法、消息认证码算法以及SSL/TLS配置协议版本和算法套件。 + + 建议使用安全的IPSI算法进行检查。' + cwe: '1240' + enabled: true +- id: G.FMT.04-CPP 每个变量单独一行进行声明或赋值 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 将语句拆分到多行。 + cwe: '1076' + enabled: true +- id: OAT.3 许可证头 + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.MEM.01 内存申请前,必须对申请内存大小进行合法性校验【C】 + level: critical + engine: codemars + language: C++ + description: 申请内存之前,对申请大小的变量做校验。 + cwe: '789' + enabled: true +- id: WordsTool.14 ApnContext + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: OAT.6 冗余或未定义的LICENSE文件 + level: warning + engine: oat + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.273 特供 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.310 车祸 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.81 EMUI + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.275 质量免检 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: 冗余代码[C++] + level: warning + engine: cmetrics + language: C++ + description: .nan + cwe: '1041' + enabled: true +- id: G.EXP.37-CPP switch语句要有default分支--没有default分支 + level: critical + engine: clangtidy + language: C++ + description: 添加default分支,或者将default分支移到最后 + cwe: '478' + enabled: true +- id: G.INC.10-CPP 不要在头文件中使用匿名namespace或static定义非外部可见符号 + level: critical + engine: clangtidy + language: C++ + description: 不要在头文件中使用匿名namespace或static定义非外部可见符号,如果在cpp文件中使用匿名namespace或static,具体参考[G.INC.12-CPP + 对于cpp文件中不需要导出的变量、常量或函数,应使用匿名namespace封装或者使用static修饰]。 + cwe: '1076' + enabled: true +- id: G.EXP.41-CPP 避免在基本for循环的循环体中修改循环控制变量 + level: warning + engine: clangtidy + language: C++ + description: 尽量将对循环变量的修改放在for语句中 + cwe: '1095' + enabled: true +- id: WordsTool.77 doze + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.OTH.05 禁止代码中包含公网地址【C】 + level: critical + engine: codemars + language: C++ + description: 宏定义中、变量赋值中、特定函数(*strcmp、*strncmp、*memcmp)中禁止使用硬编码公网IP。 + cwe: '547' + enabled: true +- id: WordsTool.135 MLKit + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.CLS.12-CPP 在重写虚函数时应明确指定override或final + level: critical + engine: clangtidy + language: C++ + description: "在派生类重写虚函数时:\r\n1. 无需再添加`virtual`关键字。\r\n2. 明确指定`override`或`final`。\r\ + \n - `override` 表示重写了基类中的虚函数,可以再被派生类重写\r\n - `final` 表示重写了基类中的虚函数,不能再被派生类重写" + cwe: '1076' + enabled: true +- id: WordsTool.253 大牌 + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.95 Google + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: WordsTool.50 ConnectionService + level: warning + engine: wordstool + language: C++ + description: .nan + cwe: .nan + enabled: true +- id: G.PRE.06 函数式宏要简短【C】 + level: warning + engine: fixbotengine-cxx + language: C++ + description: 如果函数式宏超过10行,建议使用函数代替,请参考[G.PRE.01 使用函数代替函数式宏]。 + cwe: '1080' + enabled: true diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index ba0f68fe1..6d503b4d4 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -20,3 +20,17 @@ install node modules (tools): - npx eslint && echo OK needs: - job: install node modules (tools) + + cilang code check: + stage: test + interruptible: true + extends: .linux-vm-shell-task + script: + - echo "Running cilang static check" + - cilang --config=tools/cilang_rules_config.yaml --input=src/ + needs: + - job: install node modules (tools) + artifacts: + paths: + - cilang-report.json + -- Gitee From 7f2345e04d40cdb226da5eec9d590d0278713103 Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 15:48:41 +0300 Subject: [PATCH 2/7] CHECK AVAILABLE BINARIES --- tools/.gitlab-ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index 6d503b4d4..a0d025bf3 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -34,3 +34,22 @@ install node modules (tools): paths: - cilang-report.json +debug-tools-check: + stage: test + script: + - echo "=== CHECK AVAILABLE BINARIES ===" + - which codemars || echo "codemars NOT found" + - which wordstool || echo "wordstool NOT found" + - which fixbot || echo "fixbot NOT found" + - which fixbotengine-cxx || echo "fixbotengine-cxx NOT found" + - which clangtidy || echo "clangtidy NOT found" + - which oat || echo "oat NOT found" + - echo "=== PATH ===" + - echo $PATH + - echo "=== ls /usr/bin ===" + - ls /usr/bin | grep -E 'code|clang|fix|word' + - echo "=== ls /opt ===" + - ls /opt || true + tags: + - shell + -- Gitee From b379aa4eaeda01587a9059c88fe2392cf8eb8c12 Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 16:05:24 +0300 Subject: [PATCH 3/7] CHECK AVAILABLE BINARIES --- tools/.gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index a0d025bf3..ffc41185f 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -50,6 +50,4 @@ debug-tools-check: - ls /usr/bin | grep -E 'code|clang|fix|word' - echo "=== ls /opt ===" - ls /opt || true - tags: - - shell - + allow_failure: true -- Gitee From 94a1c014aec5e887862dc7952d8c393124432dcb Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 16:07:33 +0300 Subject: [PATCH 4/7] CHECK AVAILABLE BINARIES --- tools/.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index ffc41185f..b4c612dc4 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -36,6 +36,8 @@ install node modules (tools): debug-tools-check: stage: test + extends: + - .linux-vm-shell-task script: - echo "=== CHECK AVAILABLE BINARIES ===" - which codemars || echo "codemars NOT found" @@ -47,7 +49,7 @@ debug-tools-check: - echo "=== PATH ===" - echo $PATH - echo "=== ls /usr/bin ===" - - ls /usr/bin | grep -E 'code|clang|fix|word' + - ls /usr/bin | grep -E 'code|clang|fix|word' || true - echo "=== ls /opt ===" - ls /opt || true allow_failure: true -- Gitee From a7fbfbd503a16ee190c9376378c2ef9aa921ee69 Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 16:26:05 +0300 Subject: [PATCH 5/7] debug-tools-check --- .gitlab-ci.yml | 1 + tools/.gitlab-ci.yml | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a55842637..47b6564eb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,6 +14,7 @@ image: "${KOALA_CI_IMAGE}" stages: + - debug - install-deps - build - build-ets diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index b4c612dc4..025bc5f12 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -35,7 +35,7 @@ install node modules (tools): - cilang-report.json debug-tools-check: - stage: test + stage: debug extends: - .linux-vm-shell-task script: @@ -48,8 +48,6 @@ debug-tools-check: - which oat || echo "oat NOT found" - echo "=== PATH ===" - echo $PATH - - echo "=== ls /usr/bin ===" - - ls /usr/bin | grep -E 'code|clang|fix|word' || true - - echo "=== ls /opt ===" + - ls /usr/bin | grep -Ei 'code|clang|fix|word' || true - ls /opt || true allow_failure: true -- Gitee From c4551a2ff47427a0a22cffd36ae11bc4fc3dfaeb Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 16:33:06 +0300 Subject: [PATCH 6/7] debug-tools-check --- tools/.gitlab-ci.yml | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index 025bc5f12..24e778957 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -40,14 +40,26 @@ debug-tools-check: - .linux-vm-shell-task script: - echo "=== CHECK AVAILABLE BINARIES ===" - - which codemars || echo "codemars NOT found" - - which wordstool || echo "wordstool NOT found" - - which fixbot || echo "fixbot NOT found" - - which fixbotengine-cxx || echo "fixbotengine-cxx NOT found" - - which clangtidy || echo "clangtidy NOT found" - - which oat || echo "oat NOT found" + + # Основные движки, которые могут использоваться + - echo "➡️ codemars:" && (which codemars || echo "❌ codemars NOT found") + - echo "➡️ wordstool:" && (which wordstool || echo "❌ wordstool NOT found") + - echo "➡️ fixbot:" && (which fixbot || echo "❌ fixbot NOT found") + - echo "➡️ fixbotengine-cxx:" && (which fixbotengine-cxx || echo "❌ fixbotengine-cxx NOT found") + - echo "➡️ clangtidy:" && (which clangtidy || echo "❌ clangtidy NOT found") + - echo "➡️ oat:" && (which oat || echo "❌ oat NOT found") + - echo "➡️ foss-scan / FossScan:" && (which foss-scan || echo "❌ foss-scan (FossScan) NOT found") + + # Дополнительно проверить пути - echo "=== PATH ===" - - echo $PATH - - ls /usr/bin | grep -Ei 'code|clang|fix|word' || true + - echo "$PATH" + + # Просмотреть содержимое системных путей + - echo "=== ls /usr/bin ===" + - ls /usr/bin | grep -Ei 'code|clang|fix|word|foss' || true + + - echo "=== ls /opt ===" - ls /opt || true + + - echo "=== Проверка завершена ===" allow_failure: true -- Gitee From 2a01e69f97563e09d367fa14f4014a7911d0ed7a Mon Sep 17 00:00:00 2001 From: sokolovairina Date: Wed, 23 Jul 2025 16:38:48 +0300 Subject: [PATCH 7/7] debug-tools-check --- tools/.gitlab-ci.yml | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/tools/.gitlab-ci.yml b/tools/.gitlab-ci.yml index 24e778957..f3da40399 100644 --- a/tools/.gitlab-ci.yml +++ b/tools/.gitlab-ci.yml @@ -34,32 +34,36 @@ install node modules (tools): paths: - cilang-report.json +install-static-analysis-tools: + stage: debug + extends: + - .linux-vm-shell-task + script: + - echo "🔧 Установка clang-tidy и зависимостей..." + - apt-get update && apt-get install -y clang-tidy clang curl unzip + - clang-tidy --version || echo "❌ clang-tidy не установился" + artifacts: + paths: + - /usr/bin/clang-tidy + expire_in: 1 day + debug-tools-check: stage: debug extends: - .linux-vm-shell-task + needs: + - job: install-static-analysis-tools script: - echo "=== CHECK AVAILABLE BINARIES ===" - - # Основные движки, которые могут использоваться - - echo "➡️ codemars:" && (which codemars || echo "❌ codemars NOT found") - - echo "➡️ wordstool:" && (which wordstool || echo "❌ wordstool NOT found") - - echo "➡️ fixbot:" && (which fixbot || echo "❌ fixbot NOT found") - - echo "➡️ fixbotengine-cxx:" && (which fixbotengine-cxx || echo "❌ fixbotengine-cxx NOT found") - - echo "➡️ clangtidy:" && (which clangtidy || echo "❌ clangtidy NOT found") - - echo "➡️ oat:" && (which oat || echo "❌ oat NOT found") - - echo "➡️ foss-scan / FossScan:" && (which foss-scan || echo "❌ foss-scan (FossScan) NOT found") - - # Дополнительно проверить пути + - which codemars || echo "❌ codemars NOT found" + - which wordstool || echo "❌ wordstool NOT found" + - which fixbot || echo "❌ fixbot NOT found" + - which fixbotengine-cxx || echo "❌ fixbotengine-cxx NOT found" + - which clangtidy || echo "❌ clangtidy NOT found" + - which oat || echo "❌ oat NOT found" + - which foss-scan || echo "❌ foss-scan NOT found" - echo "=== PATH ===" - echo "$PATH" - - # Просмотреть содержимое системных путей - - echo "=== ls /usr/bin ===" - ls /usr/bin | grep -Ei 'code|clang|fix|word|foss' || true - - - echo "=== ls /opt ===" - ls /opt || true - - - echo "=== Проверка завершена ===" allow_failure: true -- Gitee