Commit 13f98d56 authored by Lars Hermerschmidt's avatar Lars Hermerschmidt
Browse files
parents b1391a86 9e30723e
L01-List-Filters 1
L02-List-Critical-Ports 1
L03-List-Incoming-Ports 1
L04-List-Outgoing-Ports 1
L05-List-Ports-String 1
L06-List-Third-Party-Components 1
L07-List-Not-Reviewed-Configuration 1
D01-Derive-Role-Component 1
D02-Derive-Role-Port 1
D03-Derive-Role-Third-Party-Component 1
D04-Derive-Trustlevel-Component 1
E01-Unencrypted-Connector-In-Path 1
E02-Unencrypted-Connector-Low-Trustlevel 1
E03-Encrypted-Path-Continues-Unencrypted 1
E04-Trustlevel-Unencrypted-Path-In-Low 1
E05-Unencrypted-Path-End-In-Low-Trustlevel 1
E06-Trustlevel-Connector-Higher 1
I01-Encrypted-Connector 1
I02-Trustlevel-Client-Server 1
I03-Roles-Defined 1
F01-Taint-Tracking 1
F02-High-Trustlevel 1
T01-Reason-Trustlevel 1
T02-High-Trustlevel 1
WI01Access-Roles 1
WI02-Third-Party-Component-Security 1
WI03-Low-Trustlevel 1
WI04-Critical-Ports 1
\ No newline at end of file
......@@ -3,6 +3,8 @@
* http://www.monticore.de/ - http://www.se-rwth.de/ */
package secarc;
import java.util.List;
import com.google.inject.Inject;
import interfaces2.language.ILanguage;
......@@ -16,9 +18,10 @@ import secarc._tool.MontiSecArcParsingWorkflow;
import secarc._tool.MontiSecArcRoot;
import secarc._tool.MontiSecArcRootFactory;
import secarc.ets.check.MontiSecArcAnalysisCreator;
import secarc.ets.check.MontiSecArcAnalysisVisitor;
import secarc.ets.check.MontiSecArcAnalysisWorkflow;
import secarc.ets.transform.PreCoCoCheckMontiSecArcTransformationWorkflow;
import secarc.ets.transform.criticalport.AnalysisCriticalPortTransformationWorkflow;
import secarc.ets.transform.trustlevel.AnalysisTrustlevelTransformationWorkflow;
/**
* As subclass of {@link ModelingLanguage}, this class configures the technical
......@@ -36,17 +39,17 @@ public final class MontiSecArcAnalysis extends MontiSecArc {
public static final Class<? extends MontiSecArcRoot> LANGUAGE_ROOT = MontiSecArcRoot.class;
/**
* Factory method for {@link MontiSecArcAnalysis}.
* Factory method for {@link MontiSecArcAnalysis}.l
*/
public static MontiSecArcAnalysis newLanguage(ILanguage component) {
return new MontiSecArcAnalysis(component);
public static MontiSecArcAnalysis newLanguage(ILanguage component, List<String> analysisParameter, String analysisConfPath) {
return new MontiSecArcAnalysis(component, analysisParameter, analysisConfPath);
}
/**
* Constructor for secarc.MontiSecArcAnalysis
*/
@Inject
public MontiSecArcAnalysis(final ILanguage component) {
public MontiSecArcAnalysis(final ILanguage component, List<String> analysisParameter, String analysisConfPath) {
super(component);
// PARSING-SETUP
......@@ -72,17 +75,72 @@ public final class MontiSecArcAnalysis extends MontiSecArc {
//Transformation-Workflow before coco checks (can be called by "preCheckTransformation" on the command line)
addExecutionUnit("preCheckTransformation", new PreCoCoCheckMontiSecArcTransformationWorkflow<MontiSecArcRoot>(LANGUAGE_ROOT));
//Workflow for Analysis
MontiSecArcAnalysisWorkflow<MontiSecArcRoot> analysisWorkflow = new MontiSecArcAnalysisWorkflow<MontiSecArcRoot>(LANGUAGE_ROOT);
//AnalysisCreator
analysisWorkflow.setAnalysis(MontiSecArcAnalysisCreator.createAnalysis());
//AnalysisConfiguratin
analysisWorkflow.setAnalysisConfiguration(MontiSecArcAnalysisCreator.createConfig());
//Visitor for Analysis
analysisWorkflow.setClient(new MontiSecArcAnalysisVisitor());
//Add Workflow for Analysis
addExecutionUnit("secAnalysis", analysisWorkflow);
//Workflow for analysis
this.addAnalysisWorkflow(analysisConfPath, analysisParameter);
//Workflow for analysis with trustlevel
this.addTrustlevelWhatIfWorkflow(analysisParameter, analysisConfPath);
//Workflow for analysis with critical ports
this.addCriticalPortWhatIfWorkflow(analysisConfPath);
}
/**
* Adds analysis workflow
*
* @param analysisConfPath Configuration file path
* @param analysisParameter Referenced components for what if analysis
*/
private void addAnalysisWorkflow(String analysisConfPath, List<String> analysisParameter) {
//Workflow for Analysis
MontiSecArcAnalysisWorkflow<MontiSecArcRoot> analysisWorkflow = new MontiSecArcAnalysisWorkflow<MontiSecArcRoot>(LANGUAGE_ROOT);
//AnalysisCreator
analysisWorkflow.setAnalysis(MontiSecArcAnalysisCreator.createAnalysis(analysisConfPath));
//AnalysisConfiguratin
analysisWorkflow.setAnalysisConfiguration(MontiSecArcAnalysisCreator.createConfig());
//AnalysisParaemter
analysisWorkflow.setAnalysisParameter(analysisParameter);
//Add Workflow for Analysis for advanced users
analysisWorkflow.setAdvanced(false);
//Add Workflow for Analysis for beginners
addExecutionUnit(MontiSecArcConstants.ANALYSIS_WORKFLOW_BEGINNERS, analysisWorkflow);
//Add Workflow for Analysis for advanced users
analysisWorkflow.setAdvanced(true);
addExecutionUnit(MontiSecArcConstants.ANALYSIS_WORKFLOW_ADVANCED, analysisWorkflow);
}
/**
* Adds what if workflow for critical ports
*
* @param analysisConfPath Configuration file path
*/
private void addCriticalPortWhatIfWorkflow(String analysisConfPath) {
AnalysisCriticalPortTransformationWorkflow<MontiSecArcRoot> criticalPortTransformationWorkflow = new AnalysisCriticalPortTransformationWorkflow<MontiSecArcRoot>(
MontiSecArcRoot.class);
criticalPortTransformationWorkflow.setAdvanced(false);
criticalPortTransformationWorkflow.setAnalysisConfPath(analysisConfPath);
addExecutionUnit(MontiSecArcConstants.ANALYSIS_WORKFLOW_BEGINNERS_WHAT_IF_CRITICAL_PORT, criticalPortTransformationWorkflow);
criticalPortTransformationWorkflow.setAdvanced(true);
addExecutionUnit(MontiSecArcConstants.ANALYSIS_WORKFLOW_BEGINNERS_WHAT_IF_CRITICAL_PORT, criticalPortTransformationWorkflow);
}
/**
* Adds what if workflow for trustlevel
*
* @param analysisParameter Referenced components for what if analysis
* @param analysisConfPath Configuration file path
*/
private void addTrustlevelWhatIfWorkflow(List<String> analysisParameter, String analysisConfPath) {
AnalysisTrustlevelTransformationWorkflow<MontiSecArcRoot> trustlevelTransformationWorkflow = new AnalysisTrustlevelTransformationWorkflow<MontiSecArcRoot>(MontiSecArcRoot.class);
trustlevelTransformationWorkflow.setAnalysisParameter(analysisParameter);
trustlevelTransformationWorkflow.setAdvanced(false);
trustlevelTransformationWorkflow.setAnalysisConfPath(analysisConfPath);
addExecutionUnit(MontiSecArcConstants.ANALYSIS_WORKFLOW_BEGINNERS_WHAT_IF_TRUSTLEVEL, trustlevelTransformationWorkflow);
trustlevelTransformationWorkflow.setAdvanced(true);
addExecutionUnit(MontiSecArcConstants.ANALYSIS_WORKFLOW_ADVANCED_WHAT_IF_TRUSTLEVEL, trustlevelTransformationWorkflow);
}
/**
......
package secarc;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import com.google.inject.Guice;
......@@ -30,27 +32,125 @@ public class MontiSecArcAnalysisTool extends ETSTool {
*/
public static void main(String[] arguments) {
MCG.initMonticoreGlobals();
MontiSecArcAnalysisTool tool = new MontiSecArcAnalysisTool(arguments);
List<String> analysisParameter = getAnalysisParameter(arguments);
String analysisConfPath = getAnalysisConfPath(arguments);
MontiSecArcAnalysisTool tool = new MontiSecArcAnalysisTool(cleanArgumentList(arguments), analysisParameter, analysisConfPath);
tool.init();
tool.run();
}
/**
* Path to config file
*
* @param arguments
* @return String path to config file
*/
protected static String getAnalysisConfPath(String[] arguments) {
boolean confpathExists = false;
for(String argument : arguments) {
if(argument.equals(MontiSecArcConstants.ARG_ANALYSISCONFPATH)) {
confpathExists = true;
continue;
}
if(confpathExists) {
return argument;
}
}
return "";
}
/**
* Searches for analysis parameters
*
* @param arguments
* @return List with parameters for analysis
*/
protected static List<String> getAnalysisParameter(String[] arguments) {
boolean isAnalysisParameter = false;
List<String> analysisParameter = new ArrayList<String>();
for(String argument : arguments) {
//Search for beginning of parameters
if(argument.equals(MontiSecArcConstants.ANALYSIS_WORKFLOW_BEGINNERS) || argument.equals(MontiSecArcConstants.ANALYSIS_WORKFLOW_ADVANCED)) {
isAnalysisParameter = true;
continue;
}
if(isAnalysisParameter) {
//New parameter
if(argument.contains("-") || argument.contains("/")) {
break;
}
analysisParameter.add(argument);
}
}
return analysisParameter;
}
/**
* Cleans argument list form analysis parameters
*
* @param arguments
* @return cleaned list
*/
protected static String[] cleanArgumentList(String[] arguments) {
List<String> cleanedArguments = new ArrayList<String>();
boolean isAnalysisParameter = false;
boolean isAnalysisConfPath = false;
for(String argument : arguments) {
if(argument.equals(MontiSecArcConstants.ANALYSIS_CIRITICAL_PORTS)) {
continue;
}
if(argument.equals(MontiSecArcConstants.ANALYSIS_WORKFLOW_BEGINNERS) || argument.equals(MontiSecArcConstants.ANALYSIS_WORKFLOW_ADVANCED)) {
isAnalysisParameter = true;
cleanedArguments.add(argument);
continue;
}
if(argument.equals(MontiSecArcConstants.ARG_ANALYSISCONFPATH)) {
isAnalysisConfPath = true;
continue;
}
if(isAnalysisConfPath) {
isAnalysisConfPath = false;
continue;
}
if(isAnalysisParameter) {
//New parameter
if(argument.contains("-") || argument.contains("/")) {
isAnalysisParameter = false;
cleanedArguments.add(argument);
}
continue;
}
cleanedArguments.add(argument);
}
return cleanedArguments.toArray(new String[cleanedArguments.size()]);
}
/**
* Constructor for secarc.MontiSecArcAnalysisTool
*
* @param arguments
*/
public MontiSecArcAnalysisTool(String[] arguments) {
public MontiSecArcAnalysisTool(String[] arguments, List<String> analysisParameter, String analysisConfPath) {
super(arguments);
Injector injector = Guice.createInjector(new MontiSecArcDefaultModule());
InjectorProvider.setInjector(injector);
LanguageFamily languageFamily = new LanguageFamily();
languageFamily.addLanguage(MontiSecArcAnalysis.newLanguage(injector.getInstance(MontiSecArcComponent.class)));
languageFamily.addLanguage(MontiSecArcAnalysis.newLanguage(injector.getInstance(MontiSecArcComponent.class), analysisParameter, analysisConfPath));
setLanguages(languageFamily);
// set default CoCos
......
......@@ -14,11 +14,6 @@ import mc.IErrorCode;
* $Revision$
*/
public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
/**
* Lists all encrypted connections
*/
ListEncryptedConnected,
/**
* Lists all filters
......@@ -75,11 +70,6 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
*/
DerivedRolesComponent,
/**
* Propergates the needed filter
*/
TaintPropergation,
/**
* Identity link is used with encryption
*/
......@@ -121,11 +111,6 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
*/
AvoidInputString,
/**
* The input must be filter again in a higher trustlevel
*/
RepeatFilteringInHigherTrustlevel,
/**
* Lists all third party components
*/
......@@ -145,4 +130,14 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
* For a trustlevel relation should exist trustlevels
*/
TrustlevelForTrustlevelrelation,
/**
* If an identity link is defined, the target should define roles
*/
IdentityWithoutRoles,
/**
* The referenced component for the what if analysis does not exist
*/
ReferencedComponentWhatIfDoNotExist,
}
......@@ -20,11 +20,14 @@ import interfaces2.resolvers.AmbigousException;
public interface ISecAnalysisComponentChecker {
/**
* Checks analysis for components
*
* @param node
* @param entry
* @param node ast node to check
* @param entry entry of ast node
* @param advanced detailness of output
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTArcComponent node, SecComponentEntry entry) throws AmbigousException;
int check(ASTArcComponent node, SecComponentEntry entry, boolean advanced) throws AmbigousException;
}
......@@ -19,10 +19,13 @@ import secarc.ets.entries.ConfigurationEntry;
public interface ISecAnalysisConfigurationChecker {
/**
* Checks analysis of configuration
*
* @param node
* @param entry
* @param node ast node to check
* @param entry entry of ast node
* @param advanced detailness of output
* @return factor of analysis
*/
void check(ASTSecArcConfiguration node, ConfigurationEntry entry);
int check(ASTSecArcConfiguration node, ConfigurationEntry entry, boolean advanced);
}
......@@ -22,19 +22,27 @@ import interfaces2.resolvers.AmbigousException;
public interface ISecAnalysisConnectorChecker {
/**
* Checks analysis of connector
*
* @param node
* @param entry
* @param node ast node to check
* @param entry entry of ast node
* @param advanced detailness of output
* @param graph architecture graph with connectors as edge
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTArcConnector node, SecConnectorEntry entry, ArchitectureGraph graph) throws AmbigousException;
int check(ASTArcConnector node, SecConnectorEntry entry, ArchitectureGraph graph, boolean advanced) throws AmbigousException;
/**
* Checks analysis of simple connector
*
* @param node ast node to be checked
* @param entry entry related connector entry to be checked
* @throws AmbigousException
* @param node ast node to check
* @param entry entry of ast node
* @param advanced detailness of output
* @param graph architecture graph with connectors as edge
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTArcSimpleConnector node, SecConnectorEntry entry, ArchitectureGraph graph) throws AmbigousException;
int check(ASTArcSimpleConnector node, SecConnectorEntry entry, ArchitectureGraph graph, boolean advanced) throws AmbigousException;
}
......@@ -21,12 +21,15 @@ import secarc.ets.graph.ArchitectureGraph;
public interface ISecAnalysisFilterChecker {
/**
* Checks analysis of filter
*
* @param node
* @param entry
* @param graph
* @param node ast node to check
* @param entry entry of ast node
* @param advanced detailness of output
* @param graph architecture graph with connectors as edge
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph) throws AmbigousException;;
int check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph, boolean advanced) throws AmbigousException;
}
......@@ -21,12 +21,16 @@ import secarc.ets.graph.ArchitectureGraph;
public interface ISecAnalysisIdentityChecker {
/**
* Checks analysis of identity links
*
* @param node
* @param entry
* @param graph
* @param node ast node to check
* @param entry entry of ast node
* @param graphConnectorEdges graph with connectors as edges
* @param graphIdentityEdges graph with identity links as edges
* @param advanced detailness of output
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTSecArcIdentity node, IdentityEntry entry, ArchitectureGraph graph) throws AmbigousException;
int check(ASTSecArcIdentity node, IdentityEntry entry, ArchitectureGraph graphConnectorEdges, ArchitectureGraph graphIdentityEdges, boolean advanced) throws AmbigousException;
}
package secarc.ets.cocos.checkers;
package secarc.ets.analysis.checker;
import interfaces2.resolvers.AmbigousException;
import secarc.ets.entries.SecSubComponentEntry;
import mc.umlp.arcd._ast.ASTArcSubComponent;
import mc.umlp.arcd._ast.ASTMCCompilationUnit;
/**
* Context condition checker interface for checking SecSubComponent
* related context conditions
* Analysis checker interface for checking parameter
* related analysis
*
* <br>
* <br>
......@@ -17,14 +16,15 @@ import mc.umlp.arcd._ast.ASTArcSubComponent;
* $Revision$
*
*/
public interface ISecSubComponentChecker {
public interface ISecAnalysisParameterChecker {
/**
* Checks analysis for parameter
*
* @param node ast node to be checked
* @param entry entry related subcomponent entry to be checked
* @param parameter Referenced component
* @param node ASTNode to check
* @throws AmbigousException
*/
void check(ASTArcSubComponent node, SecSubComponentEntry entry) throws AmbigousException;
void check(ASTMCCompilationUnit node, String parameter) throws AmbigousException;
}
......@@ -21,12 +21,15 @@ import mc.umlp.arcd._ast.ASTArcPort;
public interface ISecAnalysisPortChecker {
/**
* analysis of port
*
* @param node
* @param entry
* @param graph
* @param node ast node to check
* @param entry entry of ast node
* @param graph graph with connectors as edges
* @param advanced detailness of output
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTArcPort node, SecPortEntry entry, ArchitectureGraph graph) throws AmbigousException;
int check(ASTArcPort node, SecPortEntry entry, ArchitectureGraph graph, boolean advanced) throws AmbigousException;
}
......@@ -21,12 +21,13 @@ import secarc.ets.graph.ArchitectureGraph;
public interface ISecAnalysisRoleChecker {
/**
* Analysis of roles
*
* @param node
* @param entry
* @param graph
* @param node ast node to check
* @param entry entry of ast node
* @param graph graph with connectors as edges
* @throws AmbigousException
*/
void check(ASTSecArcRole node, RoleEntry entry, ArchitectureGraph graph) throws AmbigousException;
int check(ASTSecArcRole node, RoleEntry entry, ArchitectureGraph graph, boolean advanced) throws AmbigousException;
}
......@@ -20,12 +20,14 @@ import secarc.ets.entries.TrustlevelRelationEntry;
public interface ISecAnalysisTrustlevelRelationChecker {
/**
* Analysis of trustlevel
*
* @param node
* @param entry
* @param graph
* @param node ast node to check
* @param entry entry of ast node
* @param advanced detailness of output
* @return factor of analysis
* @throws AmbigousException
*/
void check(ASTSecArcTrustlevelRelation node, TrustlevelRelationEntry entry) throws AmbigousException;
int check(ASTSecArcTrustlevelRelation node, TrustlevelRelationEntry entry, boolean advanced) throws AmbigousException;
}
......@@ -11,7 +11,7 @@ import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
/**
* Lists all third party components with configuration and version
* L06: Lists all third party components with configuration and version
*
* <br>
* <br>
......@@ -24,9 +24,15 @@ import secarc.ets.entries.SecComponentEntry;
*/
public class ListThirdPartyComponents extends Analysis implements
ISecAnalysisComponentChecker {
/**
* Factor rating of analysis
*/
private int factor = 1;
public ListThirdPartyComponents() {
public ListThirdPartyComponents(int factor) {