强化自定义规则以检查是否调用了单例类的方法。此规则引发了警告问题,例如,如果有任何
的调用com.abc.UserLookupHome.getInstance().findUserById(String id);
非常感谢您能以任何方式帮助我!
答案 0 :(得分:2)
这是一个符合您需求的语义规则:
<?xml version="1.0" encoding="UTF-8"?>
<RulePack xmlns="xmlns://www.fortifysoftware.com/schema/rules">
<RulePackID>D82118B1-BBAE-4047-9066-5FC821E16456</RulePackID>
<SKU>SKU-Singleton-Method</SKU>
<Name><![CDATA[SKU-Singleton-Method]]></Name>
<Version>1.0</Version>
<Description><![CDATA[SKU-Singleton-Method]]></Description>
<Rules version="3.14">
<RuleDefinitions>
<SemanticRule formatVersion="3.14" language="java">
<MetaInfo>
<Group name="Accuracy">5.0</Group>
<Group name="Impact">5.0</Group>
<Group name="RemediationEffort">1.0</Group>
<Group name="Probability">5.0</Group>
</MetaInfo>
<RuleID>CE6FE84B-25A2-4EAC-AFA7-F40C601EEACD</RuleID>
<VulnCategory>Singleton Method Call</VulnCategory>
<DefaultSeverity>4.0</DefaultSeverity>
<Description/>
<Type>default</Type>
<FunctionIdentifier>
<NamespaceName>
<Pattern>com.abc</Pattern>
</NamespaceName>
<ClassName>
<Pattern>UserLookupHome</Pattern>
</ClassName>
<FunctionName>
<Pattern>findUserById</Pattern>
</FunctionName>
<ApplyTo implements="true" overrides="true" extends="true"/>
</FunctionIdentifier>
</SemanticRule>
</RuleDefinitions>
</Rules>
</RulePack>