强化自定义规则以检查是否调用单例类的方法

时间:2012-11-30 03:46:49

标签: fortify

强化自定义规则以检查是否调用了单例类的方法。此规则引发了警告问题,例如,如果有任何

的调用
com.abc.UserLookupHome.getInstance().findUserById(String id); 

非常感谢您能以任何方式帮助我!

1 个答案:

答案 0 :(得分:2)

这是一个符合您需求的语义规则:

<?xml version="1.0" encoding="UTF-8"?>
<RulePack xmlns="xmlns://www.fortifysoftware.com/schema/rules">
  <RulePackID>D82118B1-BBAE-4047-9066-5FC821E16456</RulePackID>
  <SKU>SKU-Singleton-Method</SKU>
  <Name><![CDATA[SKU-Singleton-Method]]></Name>
  <Version>1.0</Version>
  <Description><![CDATA[SKU-Singleton-Method]]></Description>
  <Rules version="3.14">
    <RuleDefinitions>
      <SemanticRule formatVersion="3.14" language="java">
        <MetaInfo>
          <Group name="Accuracy">5.0</Group>
          <Group name="Impact">5.0</Group>
          <Group name="RemediationEffort">1.0</Group>
          <Group name="Probability">5.0</Group>
        </MetaInfo>
        <RuleID>CE6FE84B-25A2-4EAC-AFA7-F40C601EEACD</RuleID>
        <VulnCategory>Singleton Method Call</VulnCategory>
        <DefaultSeverity>4.0</DefaultSeverity>
        <Description/>
        <Type>default</Type>
        <FunctionIdentifier>
          <NamespaceName>
            <Pattern>com.abc</Pattern>
          </NamespaceName>
          <ClassName>
            <Pattern>UserLookupHome</Pattern>
          </ClassName>
          <FunctionName>
            <Pattern>findUserById</Pattern>
          </FunctionName>
          <ApplyTo implements="true" overrides="true" extends="true"/>
        </FunctionIdentifier>
      </SemanticRule>
    </RuleDefinitions>
  </Rules>
</RulePack>