# SonarQube
sonar-scanner

# Checkmarx
# 使用Web界面

# Fortify
sourceanalyzer -b project build.sh
sourceanalyzer -b project -scan

# Semgrep
semgrep --config=auto .

# Python危险函数
eval()
exec()
pickle.loads()
os.system()
subprocess.call()

// Java危险函数
Runtime.exec()
ProcessBuilder()
Class.forName()

// PHP危险函数
eval()
exec()
system()
passthru()

String query = "SELECT * FROM users WHERE id = " + userId;
Statement stmt = connection.createStatement();
ResultSet rs = stmt.executeQuery(query);

String query = "SELECT * FROM users WHERE id = ?";
PreparedStatement stmt = connection.prepareStatement(query);
stmt.setInt(1, userId);
ResultSet rs = stmt.executeQuery();

document.innerHTML = userInput;
element.innerHTML = "<div>" + userInput + "</div>";

element.textContent = userInput;
element.setAttribute("data-value", userInput);
// 或使用编码库
element.innerHTML = escapeHtml(userInput);

import os
os.system("ping " + user_input)

import subprocess
subprocess.run(["ping", "-c", "1", validated_input])

String filePath = "/uploads/" + fileName;
File file = new File(filePath);

String basePath = "/uploads/";
String fileName = Paths.get(fileName).getFileName().toString();
String filePath = basePath + fileName;
File file = new File(filePath);
if (!file.getCanonicalPath().startsWith(basePath)) {
    throw new SecurityException("Invalid path");
}

String apiKey = "1234567890abcdef";
String password = "admin123";

String apiKey = System.getenv("API_KEY");
String password = keyStore.getPassword("db_password");

# 启动SonarQube
docker run -d -p 9000:9000 sonarqube

# 运行扫描
sonar-scanner \
  -Dsonar.projectKey=myproject \
  -Dsonar.sources=. \
  -Dsonar.host.url=http://localhost:9000

# 安装
pip install semgrep

# 运行扫描
semgrep --config=auto .

# 使用规则
semgrep --config=p/security-audit .

# 创建数据库
codeql database create database --language=java --source-root=.

# 运行查询
codeql database analyze database security-and-quality.qls --format=sarif-latest