1

加强自定义规则以检查是否调用了单例类的方法。此规则会引发警告问题,例如,如果有任何调用

com.abc.UserLookupHome.getInstance().findUserById(String id);

如果您能以任何方式帮助我,我们将不胜感激!

4

1 回答 1

2

这是一个可能适合您需求的语义规则:

<?xml version="1.0" encoding="UTF-8"?>
<RulePack xmlns="xmlns://www.fortifysoftware.com/schema/rules">
  <RulePackID>D82118B1-BBAE-4047-9066-5FC821E16456</RulePackID>
  <SKU>SKU-Singleton-Method</SKU>
  <Name><![CDATA[SKU-Singleton-Method]]></Name>
  <Version>1.0</Version>
  <Description><![CDATA[SKU-Singleton-Method]]></Description>
  <Rules version="3.14">
    <RuleDefinitions>
      <SemanticRule formatVersion="3.14" language="java">
        <MetaInfo>
          <Group name="Accuracy">5.0</Group>
          <Group name="Impact">5.0</Group>
          <Group name="RemediationEffort">1.0</Group>
          <Group name="Probability">5.0</Group>
        </MetaInfo>
        <RuleID>CE6FE84B-25A2-4EAC-AFA7-F40C601EEACD</RuleID>
        <VulnCategory>Singleton Method Call</VulnCategory>
        <DefaultSeverity>4.0</DefaultSeverity>
        <Description/>
        <Type>default</Type>
        <FunctionIdentifier>
          <NamespaceName>
            <Pattern>com.abc</Pattern>
          </NamespaceName>
          <ClassName>
            <Pattern>UserLookupHome</Pattern>
          </ClassName>
          <FunctionName>
            <Pattern>findUserById</Pattern>
          </FunctionName>
          <ApplyTo implements="true" overrides="true" extends="true"/>
        </FunctionIdentifier>
      </SemanticRule>
    </RuleDefinitions>
  </Rules>
</RulePack>
于 2012-11-30T16:57:12.590 回答