Support for C/C++ Language and OpenSSL library#377
Open
chmodshubham wants to merge 13 commits into
Open
Conversation
Author
|
Hi @n1ckl0sk0rtge, I have a questtion regarding adding sonar-cxx plugin in parent pom.xml file. Unlike other sonar language plugins, sonar-cxx is not hosted on central maven repository. And currently, I am referencing the plugin from my local maven cache. So, can you suggest what should be the right way to reference here? Should I/cbomkit host the artifacts on github packages and then reference it in pom.xml or add instructions in readme to download the sonar-cxx plugin locally? |
Contributor
|
Hi @chmodshubham, thanks for the question! I looked a bit around and think JitPack could be a good solution. JitPack builds and serves Maven artifacts directly from GitHub repositories on demand. Something like that should work: Add the JitPack repository to the parent <repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository> Reference the sonar-cxx dependency using the GitHub coordinates: <dependency>
<groupId>com.github.SonarOpenCommunity</groupId>
<artifactId>sonar-cxx</artifactId>
<version>{commit-hash-or-tag}</version>
</dependency>The first time someone builds, JitPack fetches the source from GitHub, builds it, and caches the artifact. After that it's served like any normal Maven dependency. This avoids both the manual local install step for every contributor and the maintenance burden of hosting/re-publishing artifacts ourselves. What do you think? |
Author
|
Hi @n1ckl0sk0rtge, Ohh, nice, this tool is good. It will definitely solve this hosting problem. Btw, I have also raised the same issue in sonar-cxx, SonarOpenCommunity/sonar-cxx#3037, in the hope that they may host it like other sonar language plugins. Will look how it will resolve, and if it goes well, will not have to put effort on this; otherwise, will do it. Though this doesn’t look like much work. Good finding. Thanks |
Author
|
Hi @n1ckl0sk0rtge, I have added the jitpack-based artifact build support, and it's working too. And I guess it will take a while to come to a resolution for sonar-cxx on whether to have a gh-pkg hosting or not, so it’s better to keep it this way. We can modify it once it is hosted; until then, we can use this approach. |
chmodshubham
force-pushed
the
cpp-support
branch
from
50ca26d to
73cbfb3
Compare
Contributor
|
Hi @chmodshubham, Thank you very much for adding C/C++ language supportm to CBOMkit. This is a long-wanted feature and we greatly appreciate your contributions. I had a look into the PR and could easily build the code. @n1ckl0sk0rtge - very good idea to use jitpack. I saw that although there is infrastructure for tests in the cpp module, there are no real test cases yet. Could you add test cases for the rules in |
Author
Hi @san-zrl, Thanks for the review. I plan to add the tests by the end of this month or next month. Apologies for the delay. If that's fine, I can raise a separate PR for it so this one doesn't get held up. Let me know if this works. |
Contributor
|
Hi @chmodshubham - no problem. We will start merging when the tests are available. I'll keep this PR open until then. |
Author
|
Ok, sure. That will work. |
This was referenced May 20, 2026
Open
This was referenced May 23, 2026
Author
|
Hi there, Apologies for late following up. I have a quick question: currently, sonar-cxx builds the AST tree after preprocessing, which causes the macros to be expanded to the underlying functions. For example, SSL_CTX_set_min_proto_version are actually macros that expand to underlying functions like SSL_CTX_ctrl (ref). Therefore, in the detection rule, instead of matching SSL_CTX_set_min_proto_version, I had to match SSL_CTX_ctrl with the appropriate constant (123 / SSL_CTRL_SET_MIN_PROTO_VERSION). So, does this work, or do I need to find a workaround for it? |
Contributor
|
Hi @chmodshubham - I think this should work. The only challenge I see is when you have macros that expand to multiple lines. In this case the location reporting would break. Don't know if this is an issue for SSL macros. |
Author
|
Hi @san-zrl, I checked the sonar-cxx code to see how it handles macro expansion, specifically for multi-line macros. So basically, sonar-cxx doesn't care whether a macro is defined on one line or spread across multiple lines. It reassembles the macro body into one logical line of text. the raw line layout in the header file doesn't matter at all. For example, So, yes, I also think sticking with writing the detection rules based on the macro expansion should be fine for now. Moving forward with this! |
chmodshubham
force-pushed
the
cpp-support
branch
from
370e466 to
25c9f75
Compare
Adds a new `cpp` Maven module enabling SonarQube analysis of C/C++ source code via the sonar-cxx community plugin (v2.2.2). - engine: add CxxDetectionEngine, CxxLanguageSupport, CxxSemantic, CxxLanguageTranslation, and CxxScanContext for AST-based detection - cpp module: add CxxCheckRegistrar, CxxScannerRuleDefinition, CxxAggregator, CxxRuleList, and CxxInventoryRule for SonarQube integration - translation: add context translators for cipher, digest, key, MAC, KDF, signature, key agreement, PRNG, and protocol - detection base: add CxxBaseDetectionRule and CxxDetectionRules aggregator - test infra: add CxxVerifier and TestBase - build: register cpp module in root pom.xml, add sonar-cxx dependency, extend plugin with C/C++ file extensions (cxx, cpp, c, h, hpp) - ci: update workflow action versions and add C/C++ to README Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Adds full OpenSSL detection rules for the C/C++ module and new mapper models for post-quantum and hybrid key exchange algorithms introduced in OpenSSL 3.x. OpenSSL detection rules (cpp module): - EVP API: ciphers (EvpCipher, EvpCipherFetch), message digests, MACs, KDFs, key agreement, key generation, and signatures - Legacy API: RSA, DSA, EC, DH, cipher, digest, and MAC functions - SSL/TLS: version detection via OpenSSLLibssl and OpenSSLVersionValue - PRNG: RAND_bytes and related functions New mapper algorithm models: - SLH-DSA (FIPS 205): stateless hash-based digital signature algorithm - X25519MLKEM768, X448MLKEM1024: X25519/X448 + ML-KEM hybrid key exchange - SecP256r1MLKEM768, SecP384r1MLKEM1024: ECDH + ML-KEM hybrid key exchange Mapper fixes: - SSLVersionMapper: anchor TLS version regex with ^ to prevent DTLS strings from matching as TLS versions - BcMessageSignerMapper: replace legacy Dilithium/SPHINCSPlus references with standardized MLDSA/SLHDSA names Signed-off-by: Shubham Kumar <chmodshubham@gmail.com> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
…yAction mappings Changes over PR cbomkit#428: return the KeyAction switch result (original discarded it and always returned empty); use top-level imports to match sibling translators. Signed-off-by: Divyateja2709 <indrakantidivyateja@gmail.com> Co-Authored-By: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
chmodshubham
force-pushed
the
cpp-support
branch
from
25c9f75 to
0df1635
Compare
There was a problem hiding this comment.
Pull request overview
This PR adds first-class C/C++ support to the sonar-cryptography plugin via the community sonar-cxx analyzer, including a comprehensive OpenSSL (libcrypto/libssl) detection rule set and the corresponding translation pipeline to produce CBOM assets.
Changes:
- Introduces a new
cppmodule with OpenSSL detection rules, translators, reorganizer rules, and extensive C++ fixture-based tests. - Wires C++ into the plugin runtime (extensions registration + aggregation) and engine language support.
- Updates mapper logic/tests (TLS version parsing, PQ/hybrid algorithm models) and documentation to reflect C/C++ + OpenSSL support.
Reviewed changes
Copilot reviewed 108 out of 109 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/maven.yml |
Updates CI Java version used for builds. |
.github/workflows/maven-publish.yml |
Updates Java version used for Maven deploy. |
pom.xml |
Adds cpp module; adds sonar-cxx dependencies/repo; updates compiler target. |
README.md |
Documents C/C++ + OpenSSL support and updates tables/formatting. |
sonar-cryptography-plugin/pom.xml |
Adds dependency on cpp module; updates requiredForLanguages. |
sonar-cryptography-plugin/src/main/java/com/ibm/plugin/CryptographyPlugin.java |
Registers C++ rule definition + check registrar as plugin extensions. |
sonar-cryptography-plugin/src/main/java/com/ibm/plugin/ScannerManager.java |
Aggregates C++ detected nodes and resets C++ aggregator state. |
sonar-cryptography-plugin/src/test/java/com/ibm/plugin/PluginTest.java |
Updates expected extension count after adding C++ extensions. |
engine/pom.xml |
Adds sonar-cxx dependency needed by engine-side C++ support types. |
engine/src/main/java/com/ibm/engine/language/LanguageSupporter.java |
Adds cxxLanguageSupporter() factory for sonar-cxx types. |
engine/src/main/java/com/ibm/engine/language/cxx/CxxBaseMethodVisitor.java |
Adds C++ AST traversal and detection entry points. |
engine/src/main/java/com/ibm/engine/language/cxx/CxxDetectionEngine.java |
Implements detection engine integration for C++ AST/symbol model. |
engine/src/main/java/com/ibm/engine/language/cxx/CxxLanguageSupport.java |
Adds C++ language support implementation (matchers, visitors, translation hooks). |
engine/src/main/java/com/ibm/engine/language/cxx/CxxLanguageTranslation.java |
Adds translation utilities for C++ AST → engine abstraction. |
engine/src/main/java/com/ibm/engine/language/cxx/CxxScanContext.java |
Adds scan context wrapper for sonar-cxx checks/issues. |
engine/src/main/java/com/ibm/engine/language/cxx/CxxSemantic.java |
Adds C++ semantic/symbol utilities used by translation/detection. |
engine/src/main/java/com/ibm/engine/language/go/tree/CompositeLiteralWithBlockTree.java |
Adjusts nullness annotation usage. |
engine/src/main/java/com/ibm/engine/language/go/tree/FunctionInvocationWIthIdentifiersTree.java |
Adjusts nullness annotation usage. |
engine/src/main/java/com/ibm/engine/language/go/tree/IdentifierWithBlockTree.java |
Adjusts nullness annotation usage. |
engine/src/main/java/com/ibm/engine/language/go/tree/TreeWithBlock.java |
Adjusts nullness annotation usage. |
mapper/src/main/java/com/ibm/mapper/mapper/bc/BcMessageSignerMapper.java |
Updates BC signer mappings (Dilithium→ML-DSA, SPHINCS+→SLH-DSA). |
mapper/src/main/java/com/ibm/mapper/mapper/ssl/SSLVersionMapper.java |
Tightens TLS version parsing regex to avoid matching mid-string. |
mapper/src/main/java/com/ibm/mapper/model/algorithms/SLHDSA.java |
Adds SLH-DSA algorithm model. |
mapper/src/main/java/com/ibm/mapper/model/algorithms/SecP256r1MLKEM768.java |
Adds hybrid PQ named-group algorithm model. |
mapper/src/main/java/com/ibm/mapper/model/algorithms/SecP384r1MLKEM1024.java |
Adds hybrid PQ named-group algorithm model. |
mapper/src/main/java/com/ibm/mapper/model/algorithms/X25519MLKEM768.java |
Adds hybrid PQ named-group algorithm model. |
mapper/src/main/java/com/ibm/mapper/model/algorithms/X448MLKEM1024.java |
Adds hybrid PQ named-group algorithm model. |
mapper/src/test/java/com/ibm/mapper/mapper/ssl/SSLVersionMapperTest.java |
Migrates to JUnit Jupiter, renames tests, adds DTLS negative tests. |
cpp/pom.xml |
Adds new module build/test setup, including OpenSSL header fetching/generation for fixtures. |
cpp/src/main/java/com/ibm/plugin/CxxAggregator.java |
Adds C++ aggregator and language supporter wiring. |
cpp/src/main/java/com/ibm/plugin/CxxCheckRegistrar.java |
Registers custom sonar-cxx checks for this plugin’s rule repository. |
cpp/src/main/java/com/ibm/plugin/CxxRuleList.java |
Declares C++ rule classes list. |
cpp/src/main/java/com/ibm/plugin/CxxScannerRuleDefinition.java |
Defines C++ rules repository metadata and loads rule descriptions. |
cpp/src/main/java/com/ibm/plugin/rules/CxxInventoryRule.java |
Adds C++ inventory rule implementation. |
cpp/src/main/java/com/ibm/plugin/rules/detection/CxxBaseDetectionRule.java |
Adds sonar-cxx SquidCheck base integrating the detection engine and reporting. |
cpp/src/main/java/com/ibm/plugin/rules/detection/CxxDetectionRules.java |
Aggregates C++ detection rules (currently OpenSSL). |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/OpenSSLDetectionRules.java |
Aggregates OpenSSL rule categories (EVP, legacy, SSL/TLS, etc.). |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/cipher/OpenSSLEvpCipher.java |
Adds OpenSSL EVP cipher detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/cipher/OpenSSLEvpCipherFetch.java |
Adds EVP_CIPHER_fetch-based detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/digest/OpenSSLEvpMessageDigest.java |
Adds EVP digest detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/kdf/OpenSSLEvpKdf.java |
Adds EVP KDF detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/keyagreement/OpenSSLEvpKeyAgreement.java |
Adds EVP key agreement/KEM detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/keygen/OpenSSLEvpKeyGen.java |
Adds EVP key generation / keymgmt detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyCipher.java |
Adds legacy cipher API detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyDh.java |
Adds legacy DH detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyDigest.java |
Adds legacy digest detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyDsa.java |
Adds legacy DSA detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyEc.java |
Adds legacy EC/ECDSA/ECDH-related detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyMac.java |
Adds legacy HMAC/CMAC detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyRsa.java |
Adds legacy RSA detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/mac/OpenSSLEvpMac.java |
Adds EVP MAC detection rules (HMAC/CMAC/GMAC/etc.). |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/rand/OpenSSLRand.java |
Adds RAND/DRBG detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/signature/OpenSSLEvpSignature.java |
Adds EVP signature-related detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/ssl/OpenSSLLibssl.java |
Adds libssl protocol/config detection rules. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/ssl/OpenSSLVersionDetectionFactory.java |
Adds custom value factory for extracting OpenSSL TLS min/max version params. |
cpp/src/main/java/com/ibm/plugin/rules/detection/openssl/ssl/OpenSSLVersionValue.java |
Adds OpenSSL TLS version value type with AST-based extraction. |
cpp/src/main/java/com/ibm/plugin/translation/CxxTranslationProcess.java |
Adds translation/reorganize/enrich pipeline for C++ findings. |
cpp/src/main/java/com/ibm/plugin/translation/reorganizer/CxxReorganizerRules.java |
Defines reorganizer rules used for C++ translation trees. |
cpp/src/main/java/com/ibm/plugin/translation/translator/CxxTranslator.java |
Adds detection-store → mapper-node translation for C++ contexts. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxCipherContextTranslator.java |
Adds cipher context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxDigestContextTranslator.java |
Adds digest context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxKeyAgreementContextTranslator.java |
Adds key agreement context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxKeyContextTranslator.java |
Adds key context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxKeyDerivationFunctionContextTranslator.java |
Adds KDF context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxMacContextTranslator.java |
Adds MAC context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxPRNGContextTranslator.java |
Adds PRNG context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxProtocolContextTranslator.java |
Adds protocol/TLS context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxSecretKeyContextTranslator.java |
Adds secret key context translation logic for OpenSSL detections. |
cpp/src/main/java/com/ibm/plugin/translation/translator/contexts/CxxSignatureContextTranslator.java |
Adds signature context translation logic for OpenSSL detections. |
cpp/src/main/resources/org/sonar/l10n/cpp/rules/cpp/Inventory.html |
Adds localized HTML rule description for C++ inventory rule. |
cpp/src/main/resources/org/sonar/l10n/cpp/rules/cpp/Inventory.json |
Adds localized JSON metadata for C++ inventory rule. |
cpp/src/test/java/com/ibm/plugin/CxxPluginTest.java |
Adds basic registrar/rule-repo unit test. |
cpp/src/test/java/com/ibm/plugin/CxxVerifier.java |
Adds test scanner/verifier harness for sonar-cxx fixtures. |
cpp/src/test/java/com/ibm/plugin/TestBase.java |
Adds C++ rule test base to assert findings and translated nodes. |
cpp/src/test/java/com/ibm/plugin/rules/detection/CxxDetectionRulesTest.java |
Tests that C++ detection rules are registered. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/cipher/OpenSSLEvpCipherFetchTest.java |
Tests EVP_CIPHER_fetch rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/cipher/OpenSSLEvpCipherTest.java |
Tests EVP cipher rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/digest/OpenSSLEvpMessageDigestTest.java |
Tests EVP digest rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/kdf/OpenSSLEvpKdfTest.java |
Tests EVP KDF rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/keyagreement/OpenSSLEvpKeyAgreementTest.java |
Tests EVP key agreement rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/keygen/OpenSSLEvpKeyGenTest.java |
Tests EVP keygen/keymgmt rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyCipherTest.java |
Tests legacy cipher rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyDhTest.java |
Tests legacy DH rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyDigestTest.java |
Tests legacy digest rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyDsaTest.java |
Tests legacy DSA rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyEcTest.java |
Tests legacy EC rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyMacTest.java |
Tests legacy MAC rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/legacy/OpenSSLLegacyRsaTest.java |
Tests legacy RSA rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/mac/OpenSSLEvpMacTest.java |
Tests EVP MAC rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/rand/OpenSSLRandTest.java |
Tests RAND/DRBG rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/signature/OpenSSLEvpSignatureTest.java |
Tests EVP signature rules against fixture. |
cpp/src/test/java/com/ibm/plugin/rules/detection/openssl/ssl/OpenSSLLibsslTest.java |
Tests libssl protocol/config rules against fixture. |
cpp/src/test/files/rules/detection/openssl/cipher/OpenSSLEvpCipherFetchTestFile.cc |
Fixture for EVP_CIPHER_fetch rules. |
cpp/src/test/files/rules/detection/openssl/cipher/OpenSSLEvpCipherTestFile.cc |
Fixture for EVP cipher rules. |
cpp/src/test/files/rules/detection/openssl/digest/OpenSSLEvpMessageDigestTestFile.cc |
Fixture for EVP digest rules. |
cpp/src/test/files/rules/detection/openssl/kdf/OpenSSLEvpKdfTestFile.cc |
Fixture for EVP KDF rules. |
cpp/src/test/files/rules/detection/openssl/keyagreement/OpenSSLEvpKeyAgreementTestFile.cc |
Fixture for EVP key agreement rules. |
cpp/src/test/files/rules/detection/openssl/keygen/OpenSSLEvpKeyGenTestFile.cc |
Fixture for EVP keygen rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyCipherTestFile.cc |
Fixture for legacy cipher rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyDhTestFile.cc |
Fixture for legacy DH rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyDigestTestFile.cc |
Fixture for legacy digest rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyDsaTestFile.cc |
Fixture for legacy DSA rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyEcTestFile.cc |
Fixture for legacy EC rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyMacTestFile.cc |
Fixture for legacy MAC rules. |
cpp/src/test/files/rules/detection/openssl/legacy/OpenSSLLegacyRsaTestFile.cc |
Fixture for legacy RSA rules. |
cpp/src/test/files/rules/detection/openssl/mac/OpenSSLEvpMacTestFile.cc |
Fixture for EVP MAC rules. |
cpp/src/test/files/rules/detection/openssl/rand/OpenSSLRandTestFile.cc |
Fixture for RAND/DRBG rules. |
cpp/src/test/files/rules/detection/openssl/signature/OpenSSLEvpSignatureTestFile.cc |
Fixture for EVP signature rules. |
cpp/src/test/files/rules/detection/openssl/ssl/OpenSSLLibsslTestFile.cc |
Fixture for libssl protocol/config rules. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
39
to
+41
| <properties> | ||
| <maven.compiler.source>17</maven.compiler.source> | ||
| <maven.compiler.target>17</maven.compiler.target> | ||
| <maven.compiler.source>21</maven.compiler.source> | ||
| <maven.compiler.target>21</maven.compiler.target> |
Comment on lines
73
to
75
| <!-- This line must specify all file extensions which should be scanned by the plugin --> | ||
| <requiredForLanguages>java,jsp,py,ipynb,go</requiredForLanguages> | ||
| <requiredForLanguages>java,jsp,py,ipynb,go,cxx,cpp,c,h,hpp</requiredForLanguages> | ||
| <pluginApiMinVersion>${sonar.minVersion}</pluginApiMinVersion> |
Author
There was a problem hiding this comment.
sonar-cxx pom.xml uses cxx,cpp,c++,c as its requiredForLanguages (https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/sonar-cxx-plugin/pom.xml#L113). Corrected this.
Comment on lines
+14
to
+22
| <properties> | ||
| <maven.compiler.source>21</maven.compiler.source> | ||
| <maven.compiler.target>21</maven.compiler.target> | ||
| <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
| <!-- OpenSSL headers auto-fetched for test fixtures (see build/plugins section). --> | ||
| <openssl.version>3.6.2</openssl.version> | ||
| <openssl.download.url>https://github.com/openssl/openssl/releases/download/openssl-${openssl.version}/openssl-${openssl.version}.tar.gz</openssl.download.url> | ||
| <openssl.headers.dir>${project.build.directory}/test-headers/openssl-${openssl.version}/include</openssl.headers.dir> | ||
| </properties> |
Author
There was a problem hiding this comment.
sonar-cxx requires Java 21, so the cpp module must match.
Comment on lines
+144
to
+147
| } catch (Exception e) { | ||
| LOGGER.error(e.getLocalizedMessage()); | ||
| return null; | ||
| } |
| public class SLHDSA extends Algorithm implements Signature { | ||
| private static final String NAME = "SLH-DSA"; | ||
|
|
||
| /** Returns a name of the form "SLH-DSA-XXX" where XXX is the parameter set identifer */ |
Comment on lines
+26
to
+31
| - name: Set up JDK 21 | ||
| uses: actions/setup-java@v5 | ||
| with: | ||
| java-version: "21" | ||
| distribution: "temurin" | ||
| cache: maven |
Comment on lines
20
to
24
| - name: Set up JDK | ||
| uses: actions/setup-java@v5 | ||
| with: | ||
| java-version: '17' | ||
| java-version: '21' | ||
| distribution: 'temurin' |
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
…arnings - Fix SSLv3/DTLS methods being incorrectly wrapped as TLS nodes in CxxProtocolContextTranslator; strings not starting with tls now emit generic Protocol nodes instead - Add recursion into child stores in cpp TestBase.getStoresOfValueType so nested detection findings are correctly surfaced in tests - Replace deprecated KeyContext(Kind)/SignatureContext(Kind) constructors with no-arg equivalents across all OpenSSL legacy detection rules - Fix redundant double .stream().toList() call in CxxTranslationProcess - Pin maven-resources-plugin version in cpp/pom.xml to silence build warning - Fix @nonnull placement on generic method in output/Utils.java (Java 21 rejects annotation between type parameter and return type) - Suppress unchecked varargs warning in CxxVerifier caused by sonar-cxx API accepting SquidAstVisitor<Grammar>... varargs - Add descriptive @disabled reason to JcaPRNGMapperTest documenting that NativePRNGBlocking mapping is not yet implemented - Set sonar-cxx dependencies to provided scope in root pom.xml - Remove Java 17 version override from sonar-cryptography-plugin pom.xml Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Author
|
Ready for review! |
Contributor
|
Hi @chmodshubham - Thank you very much; this was quite a lot of work. I'm on vacation right now returning on Jul 6. Hi @n1ckl0sk0rtge - could you have a look at this if time permits. Tx. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For detailed reference, follow Issue: #374.
Signed-off-by: Shubham Kumar chmodshubham@gmail.com