-
Notifications
You must be signed in to change notification settings - Fork 108
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3084 from artbear/internet-access
Правило "Обращение к Интернет-ресурсам" - ГОТОВО
- Loading branch information
Showing
8 changed files
with
204 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Обращение к Интернет-ресурсам (InternetAccess) | ||
|
||
<!-- Блоки выше заполняются автоматически, не трогать --> | ||
## Описание диагностики | ||
<!-- Описание диагностики заполняется вручную. Необходимо понятным языком описать смысл и схему работу --> | ||
Проверьте обращение к Интернет-ресурсам и набор передаваемых данных для исключения передачи конфиденциальной или защищенной информации. | ||
|
||
## Примеры | ||
<!-- В данном разделе приводятся примеры, на которые диагностика срабатывает, а также можно привести пример, как можно исправить ситуацию --> | ||
```bsl | ||
HTTPСоединение = Новый HTTPСоединение("zabbix.localhost", 80); // замечание | ||
FTPСоединение = Новый FTPСоединение(Сервер, Порт, Пользователь, Пароль); // замечание | ||
``` | ||
|
||
## Источники | ||
<!-- Необходимо указывать ссылки на все источники, из которых почерпнута информация для создания диагностики --> | ||
<!-- Примеры источников | ||
* Источник: [Стандарт: Тексты модулей](https://its.1c.ru/db/v8std#content:456:hdoc) | ||
* Полезная информация: [Отказ от использования модальных окон](https://its.1c.ru/db/metod8dev#content:5272:hdoc) | ||
* Источник: [Cognitive complexity, ver. 1.4](https://www.sonarsource.com/docs/CognitiveComplexity.pdf) --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# Referring to Internet resources (InternetAccess) | ||
|
||
<!-- Блоки выше заполняются автоматически, не трогать --> | ||
## Description | ||
<!-- Описание диагностики заполняется вручную. Необходимо понятным языком описать смысл и схему работу --> | ||
|
||
## Examples | ||
<!-- В данном разделе приводятся примеры, на которые диагностика срабатывает, а также можно привести пример, как можно исправить ситуацию --> | ||
|
||
## Sources | ||
<!-- Необходимо указывать ссылки на все источники, из которых почерпнута информация для создания диагностики --> | ||
<!-- Примеры источников | ||
* Источник: [Стандарт: Тексты модулей](https://its.1c.ru/db/v8std#content:456:hdoc) | ||
* Полезная информация: [Отказ от использования модальных окон](https://its.1c.ru/db/metod8dev#content:5272:hdoc) | ||
* Источник: [Cognitive complexity, ver. 1.4](https://www.sonarsource.com/docs/CognitiveComplexity.pdf) --> |
61 changes: 61 additions & 0 deletions
61
...n/java/com/github/_1c_syntax/bsl/languageserver/diagnostics/InternetAccessDiagnostic.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
/* | ||
* This file is a part of BSL Language Server. | ||
* | ||
* Copyright (c) 2018-2024 | ||
* Alexey Sosnoviy <[email protected]>, Nikita Fedkin <[email protected]> and contributors | ||
* | ||
* SPDX-License-Identifier: LGPL-3.0-or-later | ||
* | ||
* BSL Language Server is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU Lesser General Public | ||
* License as published by the Free Software Foundation; either | ||
* version 3.0 of the License, or (at your option) any later version. | ||
* | ||
* BSL Language Server is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public | ||
* License along with BSL Language Server. | ||
*/ | ||
package com.github._1c_syntax.bsl.languageserver.diagnostics; | ||
|
||
import com.github._1c_syntax.bsl.languageserver.diagnostics.metadata.DiagnosticMetadata; | ||
import com.github._1c_syntax.bsl.languageserver.diagnostics.metadata.DiagnosticSeverity; | ||
import com.github._1c_syntax.bsl.languageserver.diagnostics.metadata.DiagnosticTag; | ||
import com.github._1c_syntax.bsl.languageserver.diagnostics.metadata.DiagnosticType; | ||
import com.github._1c_syntax.bsl.languageserver.utils.bsl.Constructors; | ||
import com.github._1c_syntax.bsl.parser.BSLParser; | ||
import com.github._1c_syntax.utils.CaseInsensitivePattern; | ||
import org.antlr.v4.runtime.tree.ParseTree; | ||
|
||
import java.util.regex.Pattern; | ||
|
||
@DiagnosticMetadata( | ||
type = DiagnosticType.VULNERABILITY, | ||
severity = DiagnosticSeverity.MAJOR, | ||
minutesToFix = 60, | ||
tags = { | ||
DiagnosticTag.SUSPICIOUS | ||
}, | ||
activatedByDefault = false | ||
) | ||
|
||
public class InternetAccessDiagnostic extends AbstractVisitorDiagnostic { | ||
private static final Pattern PATTERN_NEW_EXPRESSION = CaseInsensitivePattern.compile( | ||
"FTPСоединение|FTPConnection|HTTPСоединение|HTTPConnection|WSОпределения|WSDefinitions|WSПрокси|WSProxy" + | ||
"|ИнтернетПочтовыйПрофиль|InternetMailProfile|ИнтернетПочта|InternetMail|Почта|Mail|HTTPЗапрос|HTTPRequest|" + | ||
"ИнтернетПрокси|InternetProxy"); | ||
|
||
@Override | ||
public ParseTree visitNewExpression(BSLParser.NewExpressionContext ctx) { | ||
Constructors.typeName(ctx).ifPresent((String typeName) -> { | ||
var matcherTypeName = PATTERN_NEW_EXPRESSION.matcher(typeName); | ||
if (matcherTypeName.matches()) { | ||
diagnosticStorage.addDiagnostic(ctx); | ||
} | ||
}); | ||
return super.visitNewExpression(ctx); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
...m/github/_1c_syntax/bsl/languageserver/diagnostics/InternetAccessDiagnostic_en.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
diagnosticMessage=Check the reference to Internet resources | ||
diagnosticName=Referring to Internet resources |
2 changes: 2 additions & 0 deletions
2
...m/github/_1c_syntax/bsl/languageserver/diagnostics/InternetAccessDiagnostic_ru.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
diagnosticMessage=Проверьте обращение к Интернет-ресурсам | ||
diagnosticName=Обращение к Интернет-ресурсам |
57 changes: 57 additions & 0 deletions
57
...va/com/github/_1c_syntax/bsl/languageserver/diagnostics/InternetAccessDiagnosticTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
/* | ||
* This file is a part of BSL Language Server. | ||
* | ||
* Copyright (c) 2018-2024 | ||
* Alexey Sosnoviy <[email protected]>, Nikita Fedkin <[email protected]> and contributors | ||
* | ||
* SPDX-License-Identifier: LGPL-3.0-or-later | ||
* | ||
* BSL Language Server is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU Lesser General Public | ||
* License as published by the Free Software Foundation; either | ||
* version 3.0 of the License, or (at your option) any later version. | ||
* | ||
* BSL Language Server is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public | ||
* License along with BSL Language Server. | ||
*/ | ||
package com.github._1c_syntax.bsl.languageserver.diagnostics; | ||
|
||
import org.eclipse.lsp4j.Diagnostic; | ||
import org.junit.jupiter.api.Test; | ||
|
||
import java.util.List; | ||
|
||
import static com.github._1c_syntax.bsl.languageserver.util.Assertions.assertThat; | ||
|
||
class InternetAccessDiagnosticTest extends AbstractDiagnosticTest<InternetAccessDiagnostic> { | ||
InternetAccessDiagnosticTest() { | ||
super(InternetAccessDiagnostic.class); | ||
} | ||
|
||
@Test | ||
void test() { | ||
|
||
List<Diagnostic> diagnostics = getDiagnostics(); | ||
|
||
assertThat(diagnostics, true) | ||
.hasRange(1, 20, 75) | ||
.hasRange(3, 18, 72) | ||
.hasRange(5, 16, 80) | ||
.hasRange(8, 8, 111) | ||
.hasRange(13, 21, 65) | ||
.hasRange(14, 17, 35) | ||
.hasRange(15, 17, 47) | ||
.hasRange(16, 17, 43) | ||
.hasRange(17, 21, 51) | ||
.hasRange(21, 14, 43) | ||
.hasRange(27, 14, 32) | ||
.hasRange(31, 14, 35) | ||
.hasRange(34, 10, 21) | ||
.hasSize(13); | ||
} | ||
} |
35 changes: 35 additions & 0 deletions
35
src/test/resources/diagnostics/InternetAccessDiagnostic.bsl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
Процедура Тест1() | ||
FTPСоединение = Новый FTPСоединение(Сервер, Порт, Пользователь, Пароль); // ошибка | ||
|
||
Определения = Новый WSОпределения("http://localhost/test.asmx?WSDL"); // ошибка | ||
|
||
ПроксиДва = Новый WSПрокси(Определения, "http://localhost/", "test", "test"); // ошибка | ||
|
||
Определения = | ||
Новый WSОпределения("http://localhost/test.asmx?WSDL", "Пользователь", "Пароль", Неопределено, Таймаут); // ошибка | ||
|
||
КонецПроцедуры | ||
|
||
Процедура HTTP() | ||
HTTPСоединение = Новый HTTPСоединение("zabbix.localhost", 80); // ошибка | ||
HTTPЗапрос = Новый HTTPЗапрос(); // ошибка | ||
HTTPЗапрос = Новый HTTPЗапрос("zabbix", 80); // ошибка | ||
HTTPЗапрос = Новый HTTPЗапрос("zabbix"); // ошибка | ||
ИнтернетПрокси = Новый ИнтернетПрокси("zabbix"); // ошибка | ||
КонецПроцедуры | ||
|
||
Функция НовыйИнтернетПочтовыйПрофильБезТаймАута() | ||
Профиль = Новый ИнтернетПочтовыйПрофиль; // ошибка | ||
Профиль.Пользователь = "admin"; | ||
Возврат Профиль; | ||
КонецФункции | ||
|
||
Функция InternetMail() | ||
Профиль = Новый InternetMail; // ошибка | ||
КонецФункции | ||
|
||
Функция InternetMail_НовыйИмя() | ||
Профиль = Новый("InternetMail"); // ошибка | ||
КонецФункции | ||
|
||
Профиль = Новый Почта; // ошибка |