Commit 0f9cfded authored by Paff's avatar Paff
Browse files

analysis fixes, improvement

parent 43ed6bc0
/**
* Generated on Mon Oct 27 13:06:46 CET 2014
* Generated on Mon Oct 27 15:12:16 CET 2014
*/
config {
Require-Model:
......
......@@ -108,7 +108,6 @@ public class MontiSecArcDefaultModule extends MontiArcDefaultModule {
bind(IRoleEntryFactory.class).to(RoleEntryFactory.class);
bind(IIdentityEntryFactory.class).to(IdentityEntryFactory.class);
bind(ITrustlevelRelationEntryFactory.class).to(TrustlevelRelationEntryFactory.class);
bindGenerator();
}
}
/**
* Generated on Sun Oct 26 15:19:08 CET 2014
* Generated on Mon Oct 27 15:12:42 CET 2014
*/
config {
Require-Model:
......
package secarc.ets.analysis.checker;
import interfaces2.namespaces.NameSpace;
import interfaces2.resolvers.AmbigousException;
import interfaces2.resolvers.Resolver;
import mc.umlp.arcd._ast.ASTArcPort;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import org.jgrapht.traverse.DepthFirstIterator;
import org.jgrapht.traverse.GraphIterator;
import interfaces2.STEntry;
import mc.umlp.arcd.ets.entries.ConnectorEntry;
import mc.umlp.arcd.ets.entries.SubComponentEntry;
import secarc.ets.entries.SecComponentEntry;
import mc.umlp.arcd.ets.entries.PortEntry;
import secarc.ets.graph.ArchitectureGraph;
import secarc.ets.graph.Edge;
import secarc.ets.graph.Vertex;
public final class AnalysisHelper {
......@@ -16,60 +17,31 @@ public final class AnalysisHelper {
}
/**
* Checks if the given port is the beginning of a path
* Checks if the port is the beginning of a path
*
* @param node
* @param resolver
* @param np
* @param npParent
* @param entry
* @param graph
* @return
* @throws AmbigousException
*/
public static ConnectorEntry isPortBenningOfPath(ASTArcPort node, Resolver resolver, NameSpace np, NameSpace npParent) throws AmbigousException {
//Checks if the port is the beginning of an connections
//Checks in current component
ConnectorEntry connectEntry = (ConnectorEntry) resolver.resolve(node.getName(), ConnectorEntry.KIND, np);
if(connectEntry != null) {
return connectEntry;
}
//Checks in parent component
String qualifiedNamePort = getQualifiedName(node);
if(node.getMainParent() != null) {
connectEntry = (ConnectorEntry) resolver.resolve(qualifiedNamePort, ConnectorEntry.KIND, np);
if(connectEntry != null) {
return connectEntry;
}
if(node.getMainParent().getMainParent() != null) {
//Checks in in all subcomponents of the parent component
SecComponentEntry componentParent = (SecComponentEntry)resolver.resolve(node.getMainParent().getMainParent().getName(), ComponentEntry.KIND, npParent);
if(componentParent != null) {
for(SubComponentEntry subcomponent : componentParent.getSubComponents()) {
for(ConnectorEntry connector : subcomponent.getComponentType().getConnectors()) {
if(connector.getName().equals(qualifiedNamePort)) {
return connector;
}
}
}
}
public static ConnectorEntry isPortBenningOfPath(PortEntry entry, ArchitectureGraph graph) {
Vertex<PortEntry> portVertex = Vertex.of(entry);
//Look for paths with port as beginning
GraphIterator<Vertex<? extends STEntry>, Edge> iterator = new DepthFirstIterator<Vertex<? extends STEntry>, Edge>(graph.getReversedRawGraph(), portVertex);
//First element is not needed
iterator.next();
STEntry element = null;
if(iterator.hasNext()) {
element = iterator.next().getArchitectureElement();
if(element instanceof ConnectorEntry) {
return (ConnectorEntry) element;
}
}
return null;
}
/**
* Builds QualifiedName for Connector
*/
private static String getQualifiedName(ASTArcPort node) {
String parentName = node.getMainParent().getName();
String portName = node.getName();
//first letter to lower case
parentName = parentName.replaceFirst(parentName.substring(0, 1), parentName.substring(0, 1).toLowerCase());
return parentName + "." + portName;
}
}
......@@ -2,6 +2,7 @@ package secarc.ets.analysis.component;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.helper.NameHelper;
import mc.umlp.arcd._ast.ASTArcComponent;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
......@@ -36,7 +37,7 @@ public class ListThirdPartyComponents extends Analysis implements
public void check(ASTArcComponent node, SecComponentEntry entry)
throws AmbigousException {
if(entry.getConfiguration() != null && entry.getVersion() != null) {
addReport("The third party component " + entry.getName() + " has the version " + entry.getVersion().getVersion() + " and configuration " + entry.getConfiguration().getName() + ".", node.get_SourcePositionStart());
addReport("The third party component " + NameHelper.getSimplenameFromComplexname(entry.getName()) + " has the version " + entry.getVersion().getVersion() + " and configuration " + entry.getConfiguration().getName() + ".", node.get_SourcePositionStart());
}
}
......
......@@ -32,7 +32,7 @@ public class EncryptedPathContinuesUnencrypted extends Analysis implements
ArchitectureGraph graph) throws AmbigousException {
//Checks if the port is a target of an encrypted connection
ConnectorEntry connectorEntry = AnalysisHelper.isPortBenningOfPath(node, resolver, getNameSpaceFor(node), getNameSpaceFor(node.getMainParent()));
ConnectorEntry connectorEntry = AnalysisHelper.isPortBenningOfPath(entry, graph);
//No encryption before
if(connectorEntry == null || ((SecConnectorEntry) connectorEntry).isUnencrypted()) {
return;
......@@ -58,7 +58,7 @@ public class EncryptedPathContinuesUnencrypted extends Analysis implements
//Build Message
StringBuilder sbuilder = new StringBuilder("The port " + entry.getName() + " is the end of an unencrypted path. The path continues unencrypted: ");
StringBuilder sbuilder = new StringBuilder("The port " + entry.getName() + " is the end of an encrypted path. The path continues unencrypted: ");
//Run over paths
while(iterator.hasNext()) {
......
......@@ -28,8 +28,6 @@ import mc.umlp.arcd.ets.entries.PortEntry;
*
* - SSL/TLS Testing
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
......@@ -53,7 +51,7 @@ public class EncryptedPathWithUnencryptedPart extends Analysis
public void check(ASTArcPort node, SecPortEntry entry, ArchitectureGraph graph) throws AmbigousException{
//Checks if the path starts with this port
if(AnalysisHelper.isPortBenningOfPath(node, resolver, getNameSpaceFor(node.getMainParent()), getNameSpaceFor(node.getMainParent().getMainParent())) != null) {
if(AnalysisHelper.isPortBenningOfPath(entry, graph) != null) {
return;
}
......
......@@ -21,7 +21,7 @@ public class AvoidInputString extends Analysis implements
@Override
public void check(ASTArcPort node, SecPortEntry entry,
ArchitectureGraph graph) throws AmbigousException {
if(AnalysisHelper.isPortBenningOfPath(node, resolver, getNameSpaceFor(node), getNameSpaceFor(node.getMainParent())) != null
if(AnalysisHelper.isPortBenningOfPath(entry, graph) != null
&& entry.getTypeReference().getExtendedName().equals("java.lang.String")) {
addReport("The input port " + entry.getName() + " has the type " + entry.getTypeReference() + ". This type is not specific enough.", node.get_SourcePositionStart());
}
......
......@@ -60,7 +60,7 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
public void check(ASTArcPort node, SecPortEntry entry,
ArchitectureGraph graph) throws AmbigousException {
if(AnalysisHelper.isPortBenningOfPath(node, resolver, getNameSpaceFor(node.getMainParent()), getNameSpaceFor(node.getMainParent().getMainParent())) != null) {
if(AnalysisHelper.isPortBenningOfPath(entry, graph) != null) {
return;
}
......
package secarc.ets.analysis.filter;
import java.util.ArrayList;
import java.util.List;
import org.jgrapht.traverse.DepthFirstIterator;
import org.jgrapht.traverse.GraphIterator;
import interfaces2.STEntry;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcPort;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import secarc._ast.ASTSecArcFilter;
import secarc._ast.ASTSecArcTrustLevel;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.ConfigurationEntry;
import secarc.ets.entries.FilterEntry;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.TrustlevelEntry;
import secarc.ets.graph.ArchitectureGraph;
import secarc.ets.graph.Edge;
import secarc.ets.graph.Vertex;
public class RepeatFilterinInHigherTrustlevel extends Analysis implements
ISecAnalysisFilterChecker {
public RepeatFilterinInHigherTrustlevel() {
super(MontiSecArcAnalysisConstants.REPEAT_FILTERING_IN_HIGHER_TRUSTLEVEL);
}
/*
* (non-Javadoc)
* @see secarc.ets.analysis.checker.ISecAnalysisFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry, secarc.ets.graph.ArchitectureGraph)
*/
@Override
public void check(ASTSecArcFilter node, FilterEntry entry,
ArchitectureGraph graph) throws AmbigousException {
//Search for trustlevel
ASTArcComponent componentNode = null;
if(node.getMainParent() instanceof ASTArcComponent) {
componentNode = (ASTArcComponent) node.getMainParent();
} else {
componentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
}
SecComponentEntry componentEntry = (SecComponentEntry) resolver.resolve(componentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(componentNode));
TrustlevelEntry trustlevelEntry = getTrustlevel(componentNode).getTrustlevel().get();
String trustlevel = "";
int trustlevelCompare = trustlevelAsInteger(trustlevelEntry);
if(trustlevelEntry == null) {
trustlevel = "-1";
trustlevelCompare = -1;
} else {
trustlevel += trustlevelEntry.getValue();
trustlevelCompare = trustlevelEntry.getValue();
if(trustlevelEntry.isNegative()) {
trustlevel = "-" + trustlevel;
trustlevelCompare *= -1;
} else {
trustlevel = "+" + trustlevel;
}
}
//Search for trustlevel after the filter
//Look for paths with port as beginning
Vertex<ComponentEntry> componentVertex = Vertex.of(componentEntry);
GraphIterator<Vertex<? extends STEntry>, Edge> iterator = new DepthFirstIterator<Vertex<? extends STEntry>, Edge>(graph.getReversedRawGraph(), componentVertex);
//If the trustlevel is higher than ther filter trustlevel, their must be another filter
Vertex<? extends STEntry> element = null;
TrustlevelEntry trustlevelPath = null;
SecComponentEntry componentEntryHigherTurstlevel = null;
int trustlevelPathCompare = -2;
boolean filterNeeded = false;
List<STEntry> path = new ArrayList<STEntry>();
//FirstElement is not needed
iterator.next();
while(iterator.hasNext()) {
element = iterator.next();
if(element.getArchitectureElement() instanceof ConfigurationEntry) {
path.add(element.getArchitectureElement());
}
//New path
//If no filter is found, warning
if(element.equals(componentVertex)) {
StringBuilder sBuilder = new StringBuilder("Data which are filtered with " + entry.getName() + " have to be filtered again in the componente " + componentEntryHigherTurstlevel + " because the component has a higer trustlevel. Path: ");
//Add paht to output
if(!path.isEmpty()) {
sBuilder.append(path.get(0));
path.remove(0);
}
for(STEntry entryPath : path) {
sBuilder.append(", ");
sBuilder.append(entryPath);
}
if(filterNeeded) {
addReport("", node.get_SourcePositionStart());
}
filterNeeded = false;
path.clear();
}
//Checks if the new trustlevel is higer
if(element.getArchitectureElement() instanceof TrustlevelEntry) {
trustlevelPath = (TrustlevelEntry) element.getArchitectureElement();
trustlevelPathCompare = trustlevelAsInteger(trustlevelPath);
//Trustlevel higher than before, the input must be filtered again
if(trustlevelPathCompare > trustlevelCompare) {
filterNeeded = true;
//Save component
if(((ASTSecArcTrustLevel) trustlevelPath.getNode()).getMainParent() instanceof ASTArcComponent) {
componentNode = (ASTArcComponent) node.getMainParent();
} else {
componentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
}
componentEntryHigherTurstlevel = (SecComponentEntry) resolver.resolve(componentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(componentNode));
}
}
//Filter was found. Therefore, the path is ok
if(filterNeeded && element.getArchitectureElement() instanceof FilterEntry) {
filterNeeded = false;
}
}
}
/**
*
* @param entry
* @return
*/
private int trustlevelAsInteger(TrustlevelEntry entry) {
if(entry == null) {
return -1;
} else {
int trustlevel = entry.getValue();
if(entry.isNegative()) {
trustlevel *= -1;
}
return trustlevel;
}
}
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = (ASTArcComponent) node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent;
} else {
return getTrustlevel(parent);
}
} else {
return null;
}
}
/*
* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
*/
@Override
public IErrorCode getErrorCode() {
return MontiSecArcAnalysisErrorCodes.RepeatFilteringInHigherTrustlevel;
}
}
......@@ -106,6 +106,13 @@ public class TaintTracking extends Analysis implements ISecAnalysisConnectorChec
addReport(sBuilder.toString(), node.get_SourcePositionStart());
}
/**
* Checks if the trustlevel becomes higher on the path
* @param nodeParent
* @param entry
* @return
* @throws AmbigousException
*/
private boolean checkForTrustlevelRelation(ASTArcComponent nodeParent, SecConnectorEntry entry) throws AmbigousException {
SecComponentEntry parentComp = (SecComponentEntry) resolver.resolve(nodeParent.getName(), ComponentEntry.KIND, getNameSpaceFor(nodeParent));
......
......@@ -10,6 +10,7 @@ import mc.umlp.common._ast.UMLPNode;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
import secarc.ets.check.CoCoHelper;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecConnectorEntry;
......@@ -102,7 +103,7 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
//Trustlevel source
if(componentSource.getTrustlevel().isPresent()) {
trustlevelSource = getTrustlevelAsInteger(componentSource);
trustlevelSource = CoCoHelper.getTrustlevelAsInteger(componentSource);
} else {
//Gets trustlevel of the super component (derived)
trustlevelSourceMissing = true;
......@@ -110,7 +111,7 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
//Trustlevel target
if(componentTarget.getTrustlevel().isPresent()) {
trustlevelTarget = getTrustlevelAsInteger(componentTarget);
trustlevelTarget = CoCoHelper.getTrustlevelAsInteger(componentTarget);
} else {
//Gets trustlevel of the super component (derived)
trustlevelTargetMissing = true;
......@@ -123,7 +124,7 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
//Trustlevel parent
if(componentParent.getTrustlevel().isPresent()) {
trustlevelParent = getTrustlevelAsInteger(componentParent);
trustlevelParent = CoCoHelper.getTrustlevelAsInteger(componentParent);
} else {
//Look for trustlevel in super components
//Trustlevel of supercomponent
......@@ -132,7 +133,7 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
if(componentParent.getTrustlevel().get() == null) {
trustlevelParent = -1;
} else {
trustlevelParent = getTrustlevelAsInteger(componentParent);
trustlevelParent = CoCoHelper.getTrustlevelAsInteger(componentParent);
}
}
......@@ -172,20 +173,6 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
}
}
/**
* Trustlevel object in Integer
*
* @param entry
* @return trustlevel
*/
private int getTrustlevelAsInteger(SecComponentEntry entry) {
int trustlevel = entry.getTrustlevel().get().getValue();
if(entry.getTrustlevel().get().isNegative()) {
trustlevel *= -1;
}
return trustlevel;
}
/*
* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
......
......@@ -6,54 +6,52 @@ import org.jgrapht.traverse.DepthFirstIterator;
import org.jgrapht.traverse.GraphIterator;
import interfaces2.STEntry;
import interfaces2.namespaces.NameSpace;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import mc.umlp.arcd.ets.entries.ConnectorEntry;
import mc.umlp.arcd.ets.entries.PortEntry;
import mc.umlp.arcd.ets.entries.SubComponentEntry;
import secarc._ast.ASTSecArcIdentity;
import secarc._ast.ASTSecArcTrustlevelRelation;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisIdentityChecker;
import secarc.ets.check.CoCoHelper;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.cocos.common.ComponentExistence;
import secarc.ets.entries.IdentityEntry;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecConnectorEntry;
import secarc.ets.entries.TrustlevelRelationEntry;
import secarc.ets.graph.ArchitectureGraph;
import secarc.ets.graph.Edge;
import secarc.ets.graph.Vertex;
public class IdentityWithEncryption extends Analysis implements
ISecAnalysisIdentityChecker {
public class IdentityWithEncryption extends ComponentExistence implements ISecAnalysisIdentityChecker {
public IdentityWithEncryption() {
super(MontiSecArcAnalysisConstants.IDENTITY_WITH_ENCRYPTION);
}
/*
* (non-Javadoc)
* @see secarc.ets.cocos.common.ComponentExistence#check(secarc._ast.ASTSecArcIdentity, secarc.ets.entries.IdentityEntry, secarc.ets.graph.ArchitectureGraph)
*/
@Override
public void check(ASTSecArcIdentity node, IdentityEntry entry, ArchitectureGraph graph)
throws AmbigousException {
ComponentEntry targetComponentEntry = null;
SubComponentEntry targetSubComponentEntry = innerCheck(node, node.getMainParent(), entry.getTarget());
NameSpace ns = getNameSpaceFor(node);
//Searching for right namespace of target
while(ns != null) {
targetComponentEntry = CoCoHelper.getSecComponentEntry(entry.getTarget(), node, ns, this);
if(targetComponentEntry != null) {
break;
}
ns = ns.getParent();
}
SecComponentEntry sourceComponentEntry = CoCoHelper.getSecComponentEntry(entry.getSource(), node, getNameSpaceFor(node), this);
SubComponentEntry sourceSubComponentEntry = innerCheck(node, node.getMainParent(), entry.getSource());
//Is check in a coco
if(targetComponentEntry == null || sourceComponentEntry == null) {
if(targetSubComponentEntry == null || sourceSubComponentEntry == null) {
return;
}
SecComponentEntry targetComponentEntry = (SecComponentEntry) targetSubComponentEntry.getComponentType().getBestKnownVersion();
SecComponentEntry sourceComponentEntry = (SecComponentEntry) sourceSubComponentEntry.getComponentType().getBestKnownVersion();
List<PortEntry> incomingPorts = targetComponentEntry.getIncomingPorts();
Vertex<PortEntry> portVertex = null;
......@@ -117,7 +115,21 @@ public class IdentityWithEncryption extends Analysis implements
}
}
/*
* (non-Javadoc)
* @see secarc.ets.cocos.common.ComponentExistence#check(secarc._ast.ASTSecArcTrustlevelRelation, secarc.ets.entries.TrustlevelRelationEntry)
*/
@Override
public void check(ASTSecArcTrustlevelRelation node,
TrustlevelRelationEntry entry) throws AmbigousException {
}
/*
* (non-Javadoc)
* @see secarc.ets.cocos.common.ComponentExistence#getErrorCode()
*/
@Override
public IErrorCode getErrorCode() {