feat(cpp): implement CxxSecretKeyContextTranslator for KeySize and KeyAction mappings#428
Open
Divyateja2709 wants to merge 5 commits into
Open
feat(cpp): implement CxxSecretKeyContextTranslator for KeySize and KeyAction mappings#428Divyateja2709 wants to merge 5 commits into
Divyateja2709 wants to merge 5 commits into
Conversation
Adds a new `cpp` Maven module enabling SonarQube analysis of C/C++ source code via the sonar-cxx community plugin (v2.2.2). - engine: add CxxDetectionEngine, CxxLanguageSupport, CxxSemantic, CxxLanguageTranslation, and CxxScanContext for AST-based detection - cpp module: add CxxCheckRegistrar, CxxScannerRuleDefinition, CxxAggregator, CxxRuleList, and CxxInventoryRule for SonarQube integration - translation: add context translators for cipher, digest, key, MAC, KDF, signature, key agreement, PRNG, and protocol - detection base: add CxxBaseDetectionRule and CxxDetectionRules aggregator - test infra: add CxxVerifier and TestBase - build: register cpp module in root pom.xml, add sonar-cxx dependency, extend plugin with C/C++ file extensions (cxx, cpp, c, h, hpp) - ci: update workflow action versions and add C/C++ to README Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Adds full OpenSSL detection rules for the C/C++ module and new mapper models for post-quantum and hybrid key exchange algorithms introduced in OpenSSL 3.x. OpenSSL detection rules (cpp module): - EVP API: ciphers (EvpCipher, EvpCipherFetch), message digests, MACs, KDFs, key agreement, key generation, and signatures - Legacy API: RSA, DSA, EC, DH, cipher, digest, and MAC functions - SSL/TLS: version detection via OpenSSLLibssl and OpenSSLVersionValue - PRNG: RAND_bytes and related functions New mapper algorithm models: - SLH-DSA (FIPS 205): stateless hash-based digital signature algorithm - X25519MLKEM768, X448MLKEM1024: X25519/X448 + ML-KEM hybrid key exchange - SecP256r1MLKEM768, SecP384r1MLKEM1024: ECDH + ML-KEM hybrid key exchange Mapper fixes: - SSLVersionMapper: anchor TLS version regex with ^ to prevent DTLS strings from matching as TLS versions - BcMessageSignerMapper: replace legacy Dilithium/SPHINCSPlus references with standardized MLDSA/SLHDSA names Signed-off-by: Shubham Kumar <chmodshubham@gmail.com> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
Signed-off-by: Shubham Kumar <chmodshubham@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi @san-zrl @n1ckl0sk0rtge,
Following your feedback on my previous PRs, I've shifted direction completely.
My previous PRs (#398, #399, #402, #403, #404, #408, #409, #411) used an
ANTLR-based approach with custom grammars and AST types — which differs from
the maintainers' preferred direction in PR #377.
I've now worked directly on top of PR #377's branch (Sonar-native C/C++
approach) and made a small focused contribution:
This is built directly on top of PR #377's approach, not my previous ANTLR work.
Happy to add unit tests as a follow-up.
Thank you, looking forward to contributing more.