Back to Details

dsoftbus_safety_guard

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

软总线安全卫士 - 代码审查技能

Soft Bus Security Guard - Code Review Skill

触发条件

Trigger Conditions

⚠️ 此技能仅在用户输入包含"软总线安全卫士"时才会被调用
触发示例
  • 软总线安全卫士 请审查这个文件:D:\code\example.c
  • 请使用软总线安全卫士检查这个目录
  • 软总线安全卫士 检视lnn_lane_dfx.c文件
⚠️ This skill is only invoked when the user's input contains "软总线安全卫士" (Soft Bus Security Guard)
Trigger Examples:
  • 软总线安全卫士 请审查这个文件:D:\code\example.c
    (Soft Bus Security Guard, please review this file: D:\code\example.c)
  • 请使用软总线安全卫士检查这个目录
    (Please use Soft Bus Security Guard to check this directory)
  • 软总线安全卫士 检视lnn_lane_dfx.c文件
    (Soft Bus Security Guard, review the lnn_lane_dfx.c file)

技能概述

Skill Overview

本技能是 OpenHarmony distributed soft bus (dsoftbus) 通信组件的专用代码审查工具,涵盖:
  • 日志规范检查:1条核心规则
  • 安全编码检查:40+条规则,覆盖11大类别
  • 通用代码质量检查:代码复杂度、可读性、并发安全等
  • 跨文件调用分析:调用链追踪、资源传递、数据流分析
  • 控制流分析:路径敏感分析、不可达代码检测
⚠️ 核心原则:本技能为只读代码审查工具,仅分析代码并生成报告,不修改任何源文件
This skill is a dedicated code review tool for the OpenHarmony distributed soft bus (dsoftbus) communication component, covering:
  • Logging Specification Check: 1 core rule
  • Secure Coding Check: 40+ rules, covering 11 major categories
  • General Code Quality Check: Code complexity, readability, concurrency security, etc.
  • Cross-File Call Analysis: Call chain tracking, resource transfer, data flow analysis
  • Control Flow Analysis: Path-sensitive analysis, unreachable code detection
⚠️ Core Principle: This skill is a read-only code review tool that only analyzes code and generates reports, without modifying any source files.

适用场景

Applicable Scenarios

  • OpenHarmony dsoftbus 组件代码
  • C/C++ 系统级通信代码
  • 涉及 IPC、网络通信、多线程的代码
  • 需要严格日志规范和安全编码的代码
  • OpenHarmony dsoftbus component code
  • C/C++ system-level communication code
  • Code involving IPC, network communication, and multi-threading
  • Code requiring strict logging specifications and secure coding

快速参考:关键规则索引

Quick Reference: Key Rule Index

根据代码特征快速定位相关规则:
代码特征相关规则
函数返回 SOFTBUS_ERR日志规范-1
指针位运算 (
&
, 
|
, 
^
, 
~
, 
<<
, 
>>
)		指针安全-1, 整数运算-2
*ptr
ptr->
使用		指针安全-3, 临时变量-1
arr[index]
访问		数组下标-1,2
SoftBusMutexLock
/
SoftBusMutexUnlock
锁管理-1,2,3
SoftBusSocketCreate
/
SoftBusSocketClose
fd管理-1,2
malloc
/
free
, 
new
/
delete
内存管理-1~11
HILOG_INFO
打印敏感信息		敏感信息-1,2,3
-无符号数递减 (
i--
)
memcpy_s
, 
strcpy_s
安全函数-1,2
路径操作 (
.
, 
..
)		外部输入-1
IPC 接口新增权限校验-1
Locate relevant rules quickly based on code features:
Code FeatureRelevant Rules
Function returns SOFTBUS_ERRLogging Specification-1
Pointer bitwise operations (
&
, `
,
^
,
~
,
<<
,
>>`)
Use of 
*ptr
or 
ptr->
Pointer Safety-3, Temporary Variables-1
arr[index]
access		Array Subscript-1,2
SoftBusMutexLock
/
SoftBusMutexUnlock
Lock Management-1,2,3
SoftBusSocketCreate
/
SoftBusSocketClose
fd Management-1,2
malloc
/
free
, 
new
/
delete
Memory Management-1~11
Sensitive information printed via 
HILOG_INFO
Sensitive Information-1,2,3
Unsigned number decrement (
i--
)		Loop Variables-1
memcpy_s
, 
strcpy_s
, etc.		Secure Functions-1,2
Path operations (
.
, 
..
)		External Input-1
New IPC interface addedPermission Check-1

📚 详细规则说明

📚 Detailed Rule Explanations

每个规则的详细解释、代码示例和修复方案请查看
  • 规则详解与示例 - 40+条规则的完整文档
    • 每条规则的问题描述、风险等级、问题示例、修复方案、检查要点
    • 包含完整代码示例和最佳实践
    • 包含格式化打印类型匹配表和常用安全函数列表
For detailed explanations, code examples, and fix solutions for each rule, please refer to:
  • Rule Details and Examples - Complete documentation for 40+ rules
    • Problem description, risk level, problematic examples, fix solutions, and inspection points for each rule
    • Includes complete code examples and best practices
    • Includes formatted print type matching table and list of commonly used secure functions

🏷️ 规则分类(快速索引)

🏷️ Rule Categories (Quick Index)

💡 快速定位: 点击每个规则后的链接可查看详细说明和代码示例
💡 Quick Navigation: Click the link after each rule to view detailed explanations and code examples

1. 日志规范(1条)

1. Logging Specifications (1 rule)

  • 禁止返回 SOFTBUS_ERR → 详细说明
  • Prohibit returning SOFTBUS_ERR → Detailed Explanation

2. 指针安全(4条)

2. Pointer Safety (4 rules)

  • 禁止指针位运算 → 详细说明
  • 检查 sizeof 使用 → 详细说明
  • 空指针解引用检查 → 详细说明
  • IPC 结果判空 → 详细说明
  • Prohibit pointer bitwise operations → Detailed Explanation
  • Check sizeof usage → Detailed Explanation
  • Null pointer dereference check → Detailed Explanation
  • IPC result null check → Detailed Explanation

3. 临时变量(3条)

3. Temporary Variables (3 rules)

  • 指针变量初始化 → 详细说明
  • 资源描述符初始化 → 详细说明
  • bool 变量初始化 → 详细说明
  • Pointer variable initialization → Detailed Explanation
  • Resource descriptor initialization → Detailed Explanation
  • bool variable initialization → Detailed Explanation

4. 数组下标(2条)

4. Array Subscripts (2 rules)

  • 数组越界风险 → 详细说明
  • 外部输入下标校验 → 详细说明
  • Array out-of-bounds risk → Detailed Explanation
  • External input subscript validation → Detailed Explanation

5. 锁管理(3条)

5. Lock Management (3 rules)

  • Lock/Unlock 成对使用 → 详细说明
  • 锁变量一致性 → 详细说明
  • 所有返回路径释放锁 → 详细说明
  • Lock/Unlock paired use → Detailed Explanation
  • Lock variable consistency → Detailed Explanation
  • Release lock in all return paths → Detailed Explanation

6. fd 管理(2条)

6. fd Management (2 rules)

  • SocketCreate/Close 成对使用 → 详细说明
  • fd 正确关闭 → 详细说明
  • SocketCreate/Close paired use → Detailed Explanation
  • Correct fd closure → Detailed Explanation

7. 内存管理(11条)

7. Memory Management (11 rules)

  • 申请前大小合法性校验 → 详细说明
  • SoftBusMalloc/SoftBusCalloc 与 SoftBusFree 成对使用 → 详细说明
  • new 与 delete 成对使用 → 详细说明
  • 内存申请后判空 → 详细说明
  • 全局变量释放后置空 → 详细说明
  • 循环体释放后置空 → 详细说明
  • 特定资源管理(regcomp/regfree, cJSON_Parse/Delete等) → 详细说明
  • Size validity check before memory allocation → Detailed Explanation
  • SoftBusMalloc/SoftBusCalloc paired use with SoftBusFree → Detailed Explanation
  • new paired use with delete → Detailed Explanation
  • Null check after memory allocation → Detailed Explanation
  • Nullify global variables after release → Detailed Explanation
  • Nullify after release in loop bodies → Detailed Explanation
  • Specific resource management (regcomp/regfree, cJSON_Parse/Delete, etc.) → Detailed Explanation

8. 敏感信息(3条)

8. Sensitive Information (3 rules)

  • 禁止打印密钥、路径、地址等 → 详细说明
  • 堆栈密钥使用后清零 → 详细说明
  • 匿名化打印敏感标识符 → 详细说明
  • Prohibit printing of keys, paths, addresses, etc. → Detailed Explanation
  • Clear stack keys after use → Detailed Explanation
  • Anonymized printing of sensitive identifiers → Detailed Explanation

9. 整数运算(2条)

9. Integer Operations (2 rules)

  • 溢出、反转、除零风险 → 详细说明
  • 有符号整数位运算禁止 → 详细说明
  • Risk of overflow, underflow, division by zero → Detailed Explanation
  • Prohibit bitwise operations on signed integers → Detailed Explanation

10. 循环变量(2条)

10. Loop Variables (2 rules)

  • 无符号数死循环 → 详细说明
  • 外部数据控制循环校验 → 详细说明
  • Unsigned number infinite loop → Detailed Explanation
  • Validation of loops controlled by external data → Detailed Explanation

11. 安全函数(2条)

11. Secure Functions (2 rules)

  • 安全函数返回值检查 → 详细说明
  • 缓冲区大小一致性 → 详细说明
  • Return value check for secure functions → Detailed Explanation
  • Buffer size consistency → Detailed Explanation

12. 权限校验(1条)

12. Permission Validation (1 rule)

  • 新增 SDK IPC 接口权限校验 → 详细说明
  • Permission validation for new SDK IPC interfaces → Detailed Explanation

13. 外部输入校验(4条)

13. External Input Validation (4 rules)

  • 路径规范化 → 详见
  • TLV 解析长度合法性 → 详见
  • 源 buffer 实际大小检查 → 详见
  • 完整校验方案 → 详见
  • Path normalization → See Details
  • TLV parsing length validity → See Details
  • Source buffer actual size check → See Details
  • Complete validation scheme → See Details

14. 外部数据有效性(3条)

14. External Data Validity (3 rules)

  • 基于外部输入的加减法/内存申请校验 → 详见
  • 默认长度校验 → 详见
  • TLV 格式长度校验 → 详见
  • Validation of addition/subtraction/memory allocation based on external input → See Details
  • Default length validation → See Details
  • TLV format length validation → See Details

15. 常见问题(5条)

15. Common Issues (5 rules)

  • 异常分支资源释放 → 详见
  • 宏定义资源泄漏 → 详见
  • 函数返回值一致性 → 详见
  • 格式化打印类型匹配 → 详见
  • 结构体字节对齐 → 详见
  • Resource release in exception branches → See Details
  • Resource leaks in macro definitions → See Details
  • Function return value consistency → See Details
  • Formatted print type matching → See Details
  • Struct byte alignment → See Details

代码审查工作流

Code Review Workflow

第一步:交互式选择检视范围

Step 1: Interactive Selection of Review Scope

场景A:用户指定路径

Scenario A: User Specifies Path

  1. 检查该路径下是否有修改:
    git status --porcelain <path>
  2. 如果有修改,提供选项:
    • 全量检视该路径所有代码
    • 增量检视修改的代码(共N个文件)
  3. 如果无修改,直接执行全量检视
  1. Check for modifications under the path: 
    git status --porcelain <path>
  2. If there are modifications, provide options:
    • Full review of all code in the path
    • Incremental review of modified code (total N files)
  3. If no modifications, directly perform full review

场景B:用户未指定路径

Scenario B: User Does Not Specify Path

  1. 检查当前仓库是否有修改:
    git status --porcelain
  2. 提供选项:
    • 检视全仓代码
    • 指定检视路径
    • 检视本地修改的代码(共N个文件)
  3. 根据用户选择执行
  1. Check for modifications in the current repository: 
    git status --porcelain
  2. Provide options:
    • Review all repository code
    • Specify review path
    • Review locally modified code (total N files)
  3. Execute based on user selection

第二步:代码规范检查

Step 2: Code Specification Check

按照40+条规则逐项检查,参考:
  • 规则详解文档 - 每条规则的详细说明和代码示例
  • 使用 Grep 工具搜索违规模式
  • 结合上下文分析,避免误报
Check item by item according to the 40+ rules, referring to:
  • Rule Details Document - Detailed explanations and code examples for each rule
  • Use Grep tool to search for violation patterns
  • Combine contextual analysis to avoid false positives

第三步:跨文件调用分析

Step 3: Cross-File Call Analysis

核心能力:分析函数调用链,追踪跨文件的数据流和资源传递
  • 调用图构建
  • 跨文件资源追踪(malloc/free分离)
  • 跨文件数据流分析
  • 跨文件错误处理
  • 全局变量跨文件访问
Core Capabilities: Analyze function call chains, track cross-file data flow and resource transfer
  • Call graph construction
  • Cross-file resource tracking (separated malloc/free)
  • Cross-file data flow analysis
  • Cross-file error handling
  • Cross-file access to global variables

第四步:控制流分析

Step 4: Control Flow Analysis

核心能力:分析代码执行路径,识别不可达代码和路径敏感问题
  • 控制流图构建
  • 不可达代码检测
  • 路径敏感分析
  • 未初始化变量分析
  • 资源释放路径分析
Core Capabilities: Analyze code execution paths, identify unreachable code and path-sensitive issues
  • Control flow graph construction
  • Unreachable code detection
  • Path-sensitive analysis
  • Uninitialized variable analysis
  • Resource release path analysis

第五步:生成修复建议

Step 5: Generate Fix Recommendations

⚠️ 重要限制仅生成修复建议代码到报告中,严禁直接修改源文件
对每个问题提供:
  • 完整的函数或代码块修复示例
  • 修改原因注释
  • 多种修复方案(如有)
⚠️ Important Restriction: Only generate fix recommendation code in the report; strictly prohibit direct modification of source files
Provide for each issue:
  • Complete function or code block fix examples
  • Comments on modification reasons
  • Multiple fix solutions (if available)

第六步:生成检视报告

Step 6: Generate Review Report

创建报告目录:
d:/code-review-YYYYMMDD-HHMMSS/
报告文件
  • code_review_report.md
    - 完整审查报告
  • code_fixes.patch
    - 所有修复代码(Git patch格式)
  • statistics.json
    - 统计数据
Create report directory: 
d:/code-review-YYYYMMDD-HHMMSS/
Report Files:
  • code_review_report.md
    - Complete review report
  • code_fixes.patch
    - All fix code (in Git patch format)
  • statistics.json
    - Statistical data

常见错误速查表

Common Error Quick Reference

💡 详细检查方法: 每种错误模式的详细检查方法、代码示例和修复方案,请查看 检查清单
错误模式危险等级快速检测详见章节
空指针解引用🔴 严重
*ptr
ptr->
前无NULL检查		指针安全-3
锁未释放🔴 严重return前未调用Unlock锁管理-1
内存泄漏🔴 严重malloc未配对free内存管理-2
敏感信息泄露🔴 严重日志打印密钥/udid敏感信息-1
数组越界🔴 严重
arr[index]
未验证范围		数组下标-1
无符号死循环🔴 严重
uint32_t i--
循环变量-1
指针位运算🟡 警告
ptr & mask
指针安全-1
整数溢出🟡 警告size + offset 未检查整数运算-1
返回SOFTBUS_ERR🟡 警告return SOFTBUS_ERR日志规范-1
未初始化变量🟡 警告声明未赋初值临时变量-1
💡 Detailed Inspection Methods: For detailed inspection methods, code examples, and fix solutions for each error pattern, please refer to the Checklist
Error PatternRisk LevelQuick DetectionSee Section
Null pointer dereference🔴 CriticalNo NULL check before 
*ptr
or 
ptr->
Pointer Safety-3
Unreleased lock🔴 CriticalNo Unlock called before returnLock Management-1
Memory leak🔴 Criticalmalloc not paired with freeMemory Management-2
Sensitive information leakage🔴 CriticalLog printing of keys/udidSensitive Information-1
Array out-of-bounds🔴 CriticalNo range validation for 
arr[index]
Array Subscript-1
Unsigned infinite loop🔴 Critical
uint32_t i--
Loop Variables-1
Pointer bitwise operation🟡 Warning
ptr & mask
Pointer Safety-1
Integer overflow🟡 WarningNo check for size + offsetInteger Operations-1
Returning SOFTBUS_ERR🟡 Warningreturn SOFTBUS_ERRLogging Specification-1
Uninitialized variable🟡 WarningDeclared without initial valueTemporary Variables-1

检查原则

Inspection Principles

上下文分析

Contextual Analysis

  • 检查时要看上下文,确认是否已有防护措施
  • 避免误报(如:全局变量可能在别处初始化)
  • Check the context to confirm if protective measures are already in place
  • Avoid false positives (e.g., global variables may be initialized elsewhere)

灵活运用

Flexible Application

  • 除40+条明确定义规则外,还需进行通用代码质量检查
  • 代码复杂度、可读性、并发安全、性能问题等
  • In addition to the 40+ explicitly defined rules, perform general code quality checks
  • Code complexity, readability, concurrency security, performance issues, etc.

重点关注

Key Focus Areas

  • 处理外部输入的代码路径
  • 宏定义中的资源使用
  • 条件编译中的问题代码
  • 高风险安全问题(空指针、内存泄漏、敏感信息泄露)
  • Code paths handling external input
  • Resource usage in macro definitions
  • Problematic code in conditional compilation
  • High-risk security issues (null pointers, memory leaks, sensitive information leakage)

优先级排序

Priority Order

安全编码问题 > 日志规范问题
严重问题 > 警告问题 > 提示问题
Secure coding issues > Logging specification issues
Critical issues > Warning issues > Hint issues

核心限制

Core Restrictions

⚠️ 严禁修改源代码
  • 本技能只读取和分析代码
  • 生成修复建议仅用于报告
  • 绝不直接修改任何源文件
  • 只读操作:仅使用 Read、Grep、Glob 等只读工具
⚠️ Strictly Prohibit Modifying Source Code:
  • This skill only reads and analyzes code
  • Fix recommendations are only for inclusion in reports
  • Never directly modify any source files
  • Read-only operations: Only use read-only tools such as Read, Grep, Glob, etc.

📖 参考文档

📖 Reference Documents

详细规则说明

Detailed Rule Explanations

  • 规则详解与示例 - 40+条规则的详细解释和代码示例
    • 每条规则的问题描述、风险等级、问题示例、修复方案、检查要点
    • 包含完整代码示例和最佳实践
    • 包含格式化打印类型匹配表和常用安全函数列表
  • Rule Details and Examples - Detailed explanations and code examples for 40+ rules
    • Problem description, risk level, problematic examples, fix solutions, and inspection points for each rule
    • Includes complete code examples and best practices
    • Includes formatted print type matching table and list of commonly used secure functions

附加资源

Additional Resources

使用技巧

Usage Tips

  1. 快速定位问题:使用"快速参考"表格根据代码特征查找相关规则
  2. 深入学习规则:阅读 
    references/security_rules_explained.md
    了解每条规则的详细说明和代码示例
  3. 分类审查:根据"规则分类"按类别逐项检查,避免遗漏
  4. 优先处理严重问题:参考"常见错误速查表"优先修复高危问题
  5. 使用工作流程:按照"代码审查工作流"系统性进行审查
  1. Quickly Locate Issues: Use the "Quick Reference" table to find relevant rules based on code features
  2. Deeply Learn Rules: Read 
    references/security_rules_explained.md
    to understand detailed explanations and code examples for each rule
  3. Categorized Review: Check item by item according to "Rule Categories" to avoid omissions
  4. Prioritize Critical Issues: Refer to the "Common Error Quick Reference" to fix high-risk issues first
  5. Use Workflow: Conduct reviews systematically following the "Code Review Workflow"

报告要求

Report Requirements

  • 报告自动生成:审查完成后自动在 
    d:/code-review-时间戳/
    目录生成报告
  • 报告目录格式:使用 
    YYYYMMDD-HHMMSS
    格式的时间戳
  • 文件编码:报告文件使用 UTF-8 编码,确保中文正常显示
  • 修复代码仅供参考:所有修复代码只出现在报告文件的代码块中,不写入源代码目录
  • Automatic Report Generation: Reports are automatically generated in the 
    d:/code-review-timestamp/
    directory after review completion
  • Report Directory Format: Use timestamp in 
    YYYYMMDD-HHMMSS
    format
  • File Encoding: Report files use UTF-8 encoding to ensure proper display of Chinese characters
  • Fix Code for Reference Only: All fix code appears only in code blocks within report files and is not written to the source code directory