code-analysis/backend/app/core/analyzers/cpp_analyzer.py

"""
C++代码分析器
"""
import re
import os
from typing import List, Dict, Any
from .base_analyzer import BaseAnalyzer

class CppAnalyzer(BaseAnalyzer):
    """C++代码分析器"""
    
    def __init__(self):
        super().__init__()
        self.name = "C++ Analyzer"
        self.version = "1.0.0"
        self.supported_extensions = ["cpp", "cc", "cxx", "hpp", "h"]
        self.description = "C++代码静态分析器"
    
    async def analyze(self, project_path: str, config: Dict[str, Any] = None) -> List[Dict[str, Any]]:
        """分析C++代码"""
        vulnerabilities = []
        
        # 获取所有C++文件
        cpp_files = self.get_project_files(project_path)
        
        for file_path in cpp_files:
            try:
                # 读取文件内容
                content = self.read_file_content(file_path)
                if not content:
                    continue
                
                lines = content.split('\n')
                
                # 执行各种检查
                vulnerabilities.extend(self._check_memory_issues(lines, file_path))
                vulnerabilities.extend(self._check_security_issues(lines, file_path))
                vulnerabilities.extend(self._check_performance_issues(lines, file_path))
                
            except Exception as e:
                # 分析错误
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP000",
                    message=f"分析错误: {str(e)}",
                    file_path=file_path,
                    severity="high",
                    category="reliability"
                ))
        
        return vulnerabilities
    
    def _check_memory_issues(self, lines: List[str], file_path: str) -> List[Dict[str, Any]]:
        """检查内存相关问题"""
        vulnerabilities = []
        
        for i, line in enumerate(lines):
            line_num = i + 1
            line_stripped = line.strip()
            
            # 检查裸指针使用
            if re.search(r'\*[a-zA-Z_][a-zA-Z0-9_]*\s*[=;]', line_stripped):
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP101",
                    message="使用裸指针，建议使用智能指针",
                    file_path=file_path,
                    line_number=line_num,
                    severity="medium",
                    category="reliability",
                    code_snippet=line_stripped
                ))
            
            # 检查malloc/free使用
            elif 'malloc(' in line_stripped or 'free(' in line_stripped:
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP102",
                    message="使用malloc/free，建议使用new/delete或智能指针",
                    file_path=file_path,
                    line_number=line_num,
                    severity="medium",
                    category="reliability",
                    code_snippet=line_stripped
                ))
            
            # 检查数组越界风险
            elif re.search(r'\[[a-zA-Z_][a-zA-Z0-9_]*\]', line_stripped):
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP103",
                    message="数组访问未进行边界检查",
                    file_path=file_path,
                    line_number=line_num,
                    severity="high",
                    category="reliability",
                    code_snippet=line_stripped
                ))
        
        return vulnerabilities
    
    def _check_security_issues(self, lines: List[str], file_path: str) -> List[Dict[str, Any]]:
        """检查安全问题"""
        vulnerabilities = []
        
        for i, line in enumerate(lines):
            line_num = i + 1
            line_stripped = line.strip()
            
            # 检查strcpy使用
            if 'strcpy(' in line_stripped:
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP201",
                    message="使用strcpy()，存在缓冲区溢出风险",
                    file_path=file_path,
                    line_number=line_num,
                    severity="critical",
                    category="security",
                    code_snippet=line_stripped
                ))
            
            # 检查sprintf使用
            elif 'sprintf(' in line_stripped:
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP202",
                    message="使用sprintf()，存在缓冲区溢出风险",
                    file_path=file_path,
                    line_number=line_num,
                    severity="critical",
                    category="security",
                    code_snippet=line_stripped
                ))
            
            # 检查gets使用
            elif 'gets(' in line_stripped:
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP203",
                    message="使用gets()，存在缓冲区溢出风险",
                    file_path=file_path,
                    line_number=line_num,
                    severity="critical",
                    category="security",
                    code_snippet=line_stripped
                ))
            
            # 检查system调用
            elif 'system(' in line_stripped:
                vulnerabilities.append(self.create_vulnerability(
                    rule_id="CPP204",
                    message="使用system()调用，存在命令注入风险",
                    file_path=file_path,
                    line_number=line_num,
                    severity="high",
                    category="security",
                    code_snippet=line_stripped
                ))
        
        return vulnerabilities
    
    def _check_performance_issues(self, lines: List[str], file_path: str) -> List[Dict[str, Any]]:
        """检查性能问题"""
        vulnerabilities = []
        
        for i, line in enumerate(lines):
            line_num = i + 1
            line_stripped = line.strip()
            
            # 检查循环中的字符串连接
            if re.search(r'for\s*\([^)]*\)\s*\{', line_stripped):
                # 查找循环体中的字符串连接
                for j in range(i + 1, min(i + 20, len(lines))):  # 检查循环体前20行
                    loop_line = lines[j].strip()
                    if loop_line == '}':
                        break
                    if '+' in loop_line and ('"' in loop_line or "'" in loop_line):
                        vulnerabilities.append(self.create_vulnerability(
                            rule_id="CPP301",
                            message="循环中使用字符串连接，影响性能",
                            file_path=file_path,
                            line_number=j + 1,
                            severity="low",
                            category="performance",
                            code_snippet=loop_line
                        ))
            
            # 检查未使用的头文件包含
            elif line_stripped.startswith('#include'):
                # 这里可以添加更复杂的检查逻辑
                pass
        
        return vulnerabilities