Merge branch 'Tencent:main' into main

Author: bensonhome

README.md

@@ -10,6 +10,10 @@
 
 English | [简体中文](README_ZH.md)
 
+## TCA Official Website
+
+[https://cloud.tencent.com/product/tcap](https://cloud.tencent.com/product/tcap)
+
 ## TCA Github Pages
 
 [https://tencent.github.io/CodeAnalysis/](https://tencent.github.io/CodeAnalysis/)
@@ -45,12 +49,9 @@ Using TCA can help team find normative, structural, security vulnerabilities and
 
 ## Getting Started
 
-- [How to get start](https://tencent.github.io/CodeAnalysis/)
+- [How to deploy](https://tencent.github.io/CodeAnalysis/en/quickStarted/)
 - [How to use TCA Action](https://github.com/TCATools/TCA-action/blob/main/README.md)
-- [How to deploy server and web](https://tencent.github.io/CodeAnalysis/zh/quickStarted/deploySever.html#通过源代码)
-- [How to deploy server and web with docker-compose](https://tencent.github.io/CodeAnalysis/zh/quickStarted/deploySever.html#通过docker-compose)
-- [How to use client](https://tencent.github.io/CodeAnalysis/zh/quickStarted/deployClient.html)
-- [Deploy Q&A](https://tencent.github.io/CodeAnalysis/zh/quickStarted/FAQ.html)
+- [How to use client](https://tencent.github.io/CodeAnalysis/en/guide/客户端/本地分析.html)
 
 ## Community
 

README_ZH.md

@@ -8,13 +8,17 @@
 
 [![license](https://img.shields.io/badge/License-MIT-brightgreen.svg?style=flat)](LICENSE) [![docs](https://img.shields.io/badge/docs-read-brightgreen.svg?style=flat)](https://tencent.github.io/CodeAnalysis/)
 
-## TCA Github Pages
+## TCA-官方网址
+
+[https://cloud.tencent.com/product/tcap](https://cloud.tencent.com/product/tcap)
+
+## TCA-Github代码库
 
 [https://tencent.github.io/CodeAnalysis/](https://tencent.github.io/CodeAnalysis/)
 
 [https://github.com/TCATools](https://github.com/TCATools)
 
-## 工蜂代码库镜像
+## TCA-国内镜像工蜂代码库
 
 [https://git.code.tencent.com/Tencent_Open_Source/CodeAnalysis.git](https://git.code.tencent.com/Tencent_Open_Source/CodeAnalysis.git)
 
@@ -43,12 +47,9 @@
 
 ## 快速入门
 
-- [快速入门](https://tencent.github.io/CodeAnalysis/)
+- [快速部署](https://tencent.github.io/CodeAnalysis/zh/quickStarted/)
 - [如何使用TCA Action快速体验](https://github.com/TCATools/TCA-action/blob/main/README.md)
-- [如何在本地部署Server与Web](https://tencent.github.io/CodeAnalysis/zh/quickStarted/deploySever.html#通过源代码)
-- [如何通过Docker-Compose部署Server与Web](https://tencent.github.io/CodeAnalysis/zh/quickStarted/deploySever.html#通过docker-compose)
-- [如何使用客户端](https://tencent.github.io/CodeAnalysis/zh/quickStarted/deployClient.html)
-- [部署常见问题与解决方式](https://tencent.github.io/CodeAnalysis/zh/quickStarted/FAQ.html)
+- [如何使用客户端](https://tencent.github.io/CodeAnalysis/zh/guide/客户端/本地分析.html)
 
 ## 社区
 

client/Dockerfile

@@ -1,6 +1,6 @@
 FROM python:3.7.12-slim
 
-ARG EXTRA_TOOLS="curl wget python3-dev git git-lfs vim-tiny gcc locales subversion telnet procps"
+ARG EXTRA_TOOLS="curl wget python3-dev git git-lfs vim-tiny gcc locales subversion telnet procps openssh-client"
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends $EXTRA_TOOLS \

client/tool/amani.py

@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+# Copyright (c) 2021-2022 THL A29 Limited
+#
+# This source code file is made available under MIT License
+# See LICENSE for details
+# ==============================================================================
+
+
+import os
+import sys
+
+from tool.util.amani import Amani as Tool
+from task.codelintmodel import CodeLintModel
+from util.subprocc import SubProcController
+from node.app import settings
+
+
+class Amani(CodeLintModel):
+    def __init__(self, params):
+        CodeLintModel.__init__(self, params)
+        self.sensitive_word_maps = {"Amani": "Tool", "amani": "Tool"}
+
+    def analyze(self, params):
+        """
+        :param params: 
+        :return:
+        """
+        issues = list()
+        amani = Tool(params=params)
+        output = amani.check()
+        if output and os.path.exists(output):
+            # 处理结果
+            for issue in amani.get_issue(output):
+                issues.append(issue)
+
+        return issues
+
+    def check_tool_usable(self, tool_params):
+        cmds = Tool().get_cmd(["--version"])
+        if settings.PLATFORMS[sys.platform] == "mac":
+            return []
+        elif SubProcController(cmds).wait() != 0:
+            return []
+        return ["analyze"]
+
+
+tool = Amani
+
+if __name__ == "__main__":
+    pass

client/tool/regexscanner.py

@@ -0,0 +1,218 @@
+# -*- encoding: utf-8 -*-
+# Copyright (c) 2021-2022 THL A29 Limited
+#
+# This source code file is made available under MIT License
+# See LICENSE for details
+# ==============================================================================
+
+""" regexscanner 正则匹配分析工具
+"""
+
+import os
+import sys
+import yaml
+import shutil
+import json
+
+from node.app import settings
+from task.codelintmodel import CodeLintModel
+from task.scmmgr import SCMMgr
+from util.pathlib import PathMgr
+from util.textutil import CODE_EXT
+from task.basic.datahandler.filter import REVISION_FILTER, PATH_FILTER
+from util.configlib import ConfigReader
+from util.exceptions import AnalyzeTaskError
+from util.pathfilter import FilterPathUtil
+from util.subprocc import SubProcController
+from task.authcheck.check_license import __lu__
+from util.logutil import LogPrinter
+
+logger = LogPrinter
+
+
+class RegexScanner(CodeLintModel):
+    def __init__(self, params):
+        CodeLintModel.__init__(self, params)
+        self.tool_home = os.environ.get("REGEXSCANNER_HOME")
+        self.tool_name = self.__class__.__name__
+
+    def __add_rules(self, work_dir, rules):
+        """添加yaml规则文件
+        """
+        rules_path = os.path.join(self.tool_home, "rules")
+        relpos = len(rules_path) + 1
+        endsuff = [".yaml", ".yml"]
+        filelist = []
+        for dirpath, _, files in os.walk(rules_path):
+            for filename in files:
+                if filename.lower().endswith(tuple(endsuff)):
+                    filelist.append(os.path.join(dirpath, filename))
+        config_rules_path = os.path.join(work_dir, "config_rules")
+        if os.path.exists(config_rules_path):
+            shutil.rmtree(config_rules_path)
+        os.mkdir(config_rules_path)
+        for single_file in filelist:
+            rel_path = single_file[relpos:]
+            file_path = os.path.join(config_rules_path, rel_path)
+            with open(single_file,'r') as fp:
+                data = yaml.safe_load(fp)
+            if data:
+                if data.__contains__('rules'):
+                    for rule_data in data['rules']:
+                        if rule_data["name"] in rules:
+                            if not os.path.exists(os.path.dirname(file_path)):
+                                os.makedirs(os.path.dirname(file_path))
+                            shutil.copy(single_file, file_path)
+                            break
+        return config_rules_path
+
+    def __format_rules(self, work_dir, rule_list):
+        """格式化规则
+        """
+        rules = {"rules": []}
+        no_params_rules = []
+        for rule in rule_list:
+            rule_name = rule['name']
+            if not rule.get('params'):
+                logger.error(f"{rule_name}规则参数为空, 检查已存在的规则.")
+                no_params_rules.append(rule_name)
+                continue
+            if "[regexcheck]" in rule['params']:
+                rule_params = rule['params']
+            else:
+                rule_params = "[regexcheck]\r\n" + rule['params']
+            rule_params_dict = ConfigReader(cfg_string=rule_params).read('regexcheck')
+
+            reg_exp = rule_params_dict.get('regex', '')
+            if not reg_exp:
+                logger.error(f"{rule_name}规则参数有误,未填写正则表达式,跳过该规则.")
+                continue
+
+            # 规则的过滤路径（正则表达式）
+            exclude_paths = rule_params_dict.get('exclude', '')
+            exclude_paths = [p.strip() for p in exclude_paths.split(';') if p.strip()] if exclude_paths else []
+            include_paths = rule_params_dict.get('include', '')
+            include_paths = [p.strip() for p in include_paths.split(';') if p.strip()] if include_paths else []
+
+            # 大小写不敏感,可以支持True|true|False|false等
+            ignore_comment = True if rule_params_dict.get('ignore_comment', 'False').lower() == 'true' else False
+            file_scan = True if rule_params_dict.get('file_scan', 'False').lower() == 'true' else False
+            msg = rule_params_dict.get('msg', "发现不规范代码: %s")
+            rules["rules"].append({
+                "name": rule_name,
+                "regex": reg_exp,
+                "excludes": exclude_paths,
+                "includes": include_paths,
+                "message": msg,
+                "ignorecomment": ignore_comment,
+                "filescan": file_scan,
+                "severity": "error"
+            })
+        config_rules_path = self.__add_rules(work_dir, no_params_rules)
+        rules_path = os.path.join(config_rules_path, "regexscanner_rules.yaml")
+        with open(rules_path, "w", encoding="utf-8") as f:
+            yaml.dump(rules, f)
+        return config_rules_path
+
+    def analyze(self, params):
+        '''执行regexscanner分析任务
+        :param params: 需包含下面键值：
+           'rules'： lint分析的规则列表
+           'incr_scan' : 是否增量分析
+        :return: return a :py:class:`IssueResponse`
+        '''
+        source_dir = params['source_dir']
+        work_dir = params['work_dir']
+        incr_scan = params['incr_scan']
+        rules = params["rules"]
+
+        files_path = os.path.join(work_dir, "regexscanner_paths.txt")
+        output_path = os.path.join(work_dir, "regexscanner_result.json")
+
+        logger.info('获取需要分析的文件')
+        toscans = []
+        if incr_scan:
+            diffs = SCMMgr(params).get_scm_diff()
+            toscans = [os.path.join(source_dir, diff.path) for diff in diffs if
+                       diff.path.lower().endswith(CODE_EXT) and diff.state != 'del']
+        else:
+            toscans = PathMgr().get_dir_files(source_dir, CODE_EXT)
+
+        # filter include and exclude path
+        relpos = len(source_dir) + 1
+        toscans = FilterPathUtil(params).get_include_files(toscans, relpos)
+
+        if not toscans:
+            logger.debug("To-be-scanned files is empty ")
+            return []
+        logger.debug("files to scan: %d" % len(toscans))
+        with open(files_path, "w", encoding="UTF-8") as f:
+            f.write("\n".join(toscans))
+
+        # 写入规则
+        config_rules_path = self.__format_rules(work_dir, params['rule_list'])
+
+        # 执行分析工具
+        options = [
+            "--filelist=%s" % files_path,
+            "--project-root=%s" % source_dir,
+            "--ruleset=%s" % config_rules_path,
+            "--output-format=json",
+            "--output=%s" % output_path,
+        ]
+        scan_cmd = self.get_cmd(options)
+        logger.info(f"scan_cmd: {' '.join(scan_cmd)}")
+
+        subproc = SubProcController(
+            scan_cmd, stdout_line_callback=logger.info, stderr_line_callback=logger.info)
+        subproc.wait()
+
+        if not os.path.exists(output_path):
+            logger.info("没有生成结果文件")
+            raise AnalyzeTaskError("工具执行错误")
+
+        issues = []
+        with open(output_path, "r") as f:
+            outputs_data = json.load(f)
+            if not outputs_data:
+                return []
+        for item in outputs_data:
+            if item["rule"] not in rules:
+                continue
+            issue = dict()
+            issue["path"] = item["path"]
+            issue["line"] = item["line"]
+            issue["column"] = item["column"]
+            issue["msg"] = item["msg"]
+            issue["rule"] = item["rule"]
+            issue["refs"] = []
+            issues.append(issue)
+
+        logger.debug(issues)
+        return issues
+
+    def get_cmd(self, args):
+        tool_path = os.path.join(self.tool_home, "bin", settings.PLATFORMS[sys.platform], self.tool_name)
+        if settings.PLATFORMS[sys.platform] == "windows":
+            tool_path = f"{tool_path}.exe"
+        return __lu__().format_cmd(tool_path, args)
+
+    def set_filter_type_list(self):
+        '''
+        通过覆盖该函数来选择过滤类型
+        目前存在的过滤类型有：
+        1. NO_FILTER  不需要过滤
+        2. DIFF_FILTER 将非修改的代码文件进行过滤
+        3. REVISION_FILTER 通过起始版本号进行过滤
+        4. PATH_FILTER 通过用户设置的黑白名单进行过滤
+        过滤选项可以多选，但NO_FILTER为阻止使用过滤器
+        :return:
+        '''
+        # 已经过滤文件和diff增量,不需要重复过滤,只需要根据revision过滤
+        return [REVISION_FILTER, PATH_FILTER]
+
+
+tool = RegexScanner
+
+if __name__ == '__main__':
+    pass

client/tool/tca_ql_js.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+# Copyright (c) 2021-2022 THL A29 Limited
+#
+# This source code file is made available under MIT License
+# See LICENSE for details
+# ==============================================================================
+
+
+from util.logutil import LogPrinter
+from tool.util.tca_ql import TcaQl
+
+
+logger = LogPrinter()
+
+
+class TcaQlJs(TcaQl):
+    def __init__(self, params):
+        super().__init__(params)
+
+    def compile(self, params):
+        lang = "js"
+        super().compile(params, lang)
+
+    def analyze(self, params):
+        lang = "js"
+        issues = super().analyze(params, lang)
+        return issues
+
+tool = TcaQlJs
+
+if __name__ == "__main__":
+    pass