Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
monticore
MontiSecArc
Commits
20a5da59
Commit
20a5da59
authored
Nov 16, 2014
by
Paff
Browse files
visitor in workflow for analysis
config analysis via configuration file
parent
09b7d37a
Changes
12
Hide whitespace changes
Inline
Side-by-side
montiSecArcAnalysis/src/main/conf/Analysis_Conf.txt
View file @
20a5da59
...
...
@@ -10,8 +10,8 @@ D02-Derive-Role-Port 1
D03-Derive-Role-Third-Party-Component 1
D04-Derive-Trustlevel-Component 1
E01-Unencrypted-Connector-In-Path 1
E02-
E
ncrypted-
Path-Continues-Unencrypted
1
E03-Enrypted-Path-
c
ontinues-Unencrypted 1
E02-
Une
ncrypted-
Connector-Low-Trustlevel
1
E03-En
c
rypted-Path-
C
ontinues-Unencrypted 1
E04-Trustlevel-Unencrypted-Path-In-Low 1
E05-Unencrypted-Path-End-In-Low-Trustlevel 1
E06-Trustlevel-Connector-Higher 1
...
...
montiSecArcAnalysis/src/main/java/secarc/MontiSecArcAnalysis.java
View file @
20a5da59
...
...
@@ -18,7 +18,6 @@ import secarc._tool.MontiSecArcParsingWorkflow;
import
secarc._tool.MontiSecArcRoot
;
import
secarc._tool.MontiSecArcRootFactory
;
import
secarc.ets.check.MontiSecArcAnalysisCreator
;
import
secarc.ets.check.MontiSecArcAnalysisVisitor
;
import
secarc.ets.check.MontiSecArcAnalysisWorkflow
;
import
secarc.ets.transform.PreCoCoCheckMontiSecArcTransformationWorkflow
;
import
secarc.ets.transform.criticalport.AnalysisCriticalPortTransformationWorkflow
;
...
...
@@ -76,31 +75,32 @@ public final class MontiSecArcAnalysis extends MontiSecArc {
//Transformation-Workflow before coco checks (can be called by "preCheckTransformation" on the command line)
addExecutionUnit
(
"preCheckTransformation"
,
new
PreCoCoCheckMontiSecArcTransformationWorkflow
<
MontiSecArcRoot
>(
LANGUAGE_ROOT
));
//Workflow for Analysis
MontiSecArcAnalysisWorkflow
<
MontiSecArcRoot
>
analysisWorkflow
=
new
MontiSecArcAnalysisWorkflow
<
MontiSecArcRoot
>(
LANGUAGE_ROOT
);
//AnalysisCreator
analysisWorkflow
.
setAnalysis
(
MontiSecArcAnalysisCreator
.
createAnalysis
(
analysisConfPath
));
//AnalysisConfiguratin
analysisWorkflow
.
setAnalysisConfiguration
(
MontiSecArcAnalysisCreator
.
createConfig
());
//Visitor for Analysis
MontiSecArcAnalysisVisitor
analysisVisitor
=
new
MontiSecArcAnalysisVisitor
();
analysisVisitor
.
setAdvanced
(
false
);
analysisVisitor
.
setAnalysisParameter
(
analysisParameter
);
analysisWorkflow
.
setClient
(
analysisVisitor
);
//Add Workflow for Analysis for beginners
addExecutionUnit
(
MontiSecArcConstants
.
ANALYSIS_WORKFLOW_BEGINNERS
,
analysisWorkflow
);
//Add Workflow for Analysis for advanced users
analysisVisitor
.
setAdvanced
(
true
);
analysisWorkflow
.
setClient
(
analysisVisitor
);
addExecutionUnit
(
MontiSecArcConstants
.
ANALYSIS_WORKFLOW_ADVANCED
,
analysisWorkflow
);
this
.
addAnalysisWorkflow
(
analysisConfPath
,
analysisParameter
);
this
.
addTrustlevelWhatIfWorkflow
(
analysisParameter
,
analysisConfPath
);
this
.
addCriticalPortWhatIfWorkflow
(
analysisParameter
,
analysisConfPath
);
}
private
void
addAnalysisWorkflow
(
String
analysisConfPath
,
List
<
String
>
analysisParameter
)
{
//Workflow for Analysis
MontiSecArcAnalysisWorkflow
<
MontiSecArcRoot
>
analysisWorkflow
=
new
MontiSecArcAnalysisWorkflow
<
MontiSecArcRoot
>(
LANGUAGE_ROOT
);
//AnalysisCreator
analysisWorkflow
.
setAnalysis
(
MontiSecArcAnalysisCreator
.
createAnalysis
(
analysisConfPath
));
//AnalysisConfiguratin
analysisWorkflow
.
setAnalysisConfiguration
(
MontiSecArcAnalysisCreator
.
createConfig
(
analysisConfPath
));
//AnalysisParaemter
analysisWorkflow
.
setAnalysisParameter
(
analysisParameter
);
//Add Workflow for Analysis for advanced users
analysisWorkflow
.
setAdvanced
(
false
);
//Add Workflow for Analysis for beginners
addExecutionUnit
(
MontiSecArcConstants
.
ANALYSIS_WORKFLOW_BEGINNERS
,
analysisWorkflow
);
//Add Workflow for Analysis for advanced users
analysisWorkflow
.
setAdvanced
(
true
);
addExecutionUnit
(
MontiSecArcConstants
.
ANALYSIS_WORKFLOW_ADVANCED
,
analysisWorkflow
);
}
private
void
addCriticalPortWhatIfWorkflow
(
List
<
String
>
analysisParameter
,
String
analysisConfPath
)
{
AnalysisCriticalPortTransformationWorkflow
<
MontiSecArcRoot
>
criticalPortTransformationWorkflow
=
new
AnalysisCriticalPortTransformationWorkflow
<
MontiSecArcRoot
>(
MontiSecArcRoot
.
class
);
...
...
montiSecArcAnalysis/src/main/java/secarc/MontiSecArcAnalysisTool.java
View file @
20a5da59
...
...
@@ -155,7 +155,7 @@ public class MontiSecArcAnalysisTool extends ETSTool {
// set default CoCos
Map
<
String
,
Type
>
cocoConfig
=
MontiSecArcContextConditionCreator
.
createConfig
();
cocoConfig
.
putAll
(
MontiSecArcAnalysisCreator
.
createConfig
());
cocoConfig
.
putAll
(
MontiSecArcAnalysisCreator
.
createConfig
(
analysisConfPath
));
setCocoConfiguration
(
cocoConfig
);
}
...
...
montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisConstants.java
View file @
20a5da59
...
...
@@ -94,6 +94,62 @@ public final class MontiSecArcAnalysisConstants {
public
static
final
String
ALL_PARAMETER
=
"Checks all analysis related to analysis parameter."
;
public
static
final
String
REFERENCED_COMPONENT_WHATIF_DO_NOT_EXIST
=
"Checks if the referenced components exists for the wath if analysis."
;
public
static
final
String
REFERENCED_COMPONENT_WHATIF_DO_NOT_EXIST
=
"Checks if the referenced components exists for the wath if analysis."
;
public
static
final
String
L01
=
"L01-List-Filters"
;
public
static
final
String
L02
=
"L02-List-Critical-Ports"
;
public
static
final
String
L03
=
"L03-List-Incoming-Ports"
;
public
static
final
String
L04
=
"L04-List-Outgoing-Ports"
;
public
static
final
String
L05
=
"L05-List-Ports-String"
;
public
static
final
String
L06
=
"L06-List-Third-Party-Components"
;
public
static
final
String
L07
=
"L07-List-Not-Reviewed-Configuration"
;
public
static
final
String
D01
=
"D01-Derive-Role-Component"
;
public
static
final
String
D02
=
"D02-Derive-Role-Port"
;
public
static
final
String
D03
=
"D03-Derive-Role-Third-Party-Component"
;
public
static
final
String
D04
=
"D04-Derive-Trustlevel-Component"
;
public
static
final
String
E01
=
"E01-Unencrypted-Connector-In-Path"
;
public
static
final
String
E02
=
"E2-Unencrypted-Connector-Low-Trustlevel"
;
public
static
final
String
E03
=
"E03-Encrypted-Path-Continues-Unencrypted"
;
public
static
final
String
E04
=
"E04-Trustlevel-Unencrypted-Path-In-Low"
;
public
static
final
String
E05
=
"E05-Unencrypted-Path-End-In-Low-Trustlevel"
;
public
static
final
String
E06
=
"E06-Trustlevel-Connector-Higher"
;
public
static
final
String
I01
=
"I01-Encrypted-Connector"
;
public
static
final
String
I02
=
"I02-Trustlevel-Client-Server"
;
public
static
final
String
I03
=
"I03-Roles-Defined"
;
public
static
final
String
F01
=
"F01-Taint-Tracking"
;
public
static
final
String
F02
=
"F02-High-Trustlevel"
;
public
static
final
String
T01
=
"T01-Reason-Trustlevel"
;
public
static
final
String
T02
=
"T02-High-Trustlevel"
;
public
static
final
String
WI01
=
"WI01Access-Roles"
;
public
static
final
String
WI02
=
"WI02-Third-Party-Component-Security"
;
public
static
final
String
WI03
=
"WI03-Low-Trustlevel"
;
public
static
final
String
WI04
=
"WI04-Critical-Ports"
;
}
montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java
View file @
20a5da59
...
...
@@ -10,6 +10,7 @@ import java.io.IOException;
import
java.util.HashMap
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Map.Entry
;
import
secarc.ets.analysis.component.ListThirdPartyComponents
;
import
secarc.ets.analysis.configuration.ReviewedConfiguration
;
...
...
@@ -24,6 +25,7 @@ import secarc.ets.analysis.filter.TaintTracking;
import
secarc.ets.analysis.filter.TrustlevelConnectorHigherThanEnvironment
;
import
secarc.ets.analysis.identity.IdentityWithEncryption
;
import
secarc.ets.analysis.identity.IdentityWithoutRoles
;
import
secarc.ets.analysis.identity.TrustlevelClientServer
;
import
secarc.ets.analysis.parameter.ExistenceParameter
;
import
secarc.ets.analysis.port.ListCriticalPorts
;
import
secarc.ets.analysis.port.ListSystemIncomingPorts
;
...
...
@@ -100,8 +102,8 @@ public final class MontiSecArcAnalysisCreator {
*
* @return default MontiSecArcAnaylsis context condition configuration
*/
public
static
Map
<
String
,
ProblemReport
.
Type
>
createConfig
(
List
<
String
>
config
)
{
return
getInstance
().
doCreateConfiguration
(
config
);
public
static
Map
<
String
,
ProblemReport
.
Type
>
createConfig
(
String
pathConfiguration
)
{
return
getInstance
().
doCreateConfiguration
(
pathConfiguration
);
}
/**
...
...
@@ -117,7 +119,6 @@ public final class MontiSecArcAnalysisCreator {
* @return default MontiSecArcAnalsis context conditions
*/
private
AbstractContextCondition
doCreateAnalysis
(
String
pathConfiguration
)
{
BufferedReader
reader
=
getCofigFileFromString
(
pathConfiguration
);
if
(
analysis
==
null
)
{
analysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_ANALYSES
);
analysis
.
setLevel
(
Type
.
WARNING
);
...
...
@@ -126,97 +127,100 @@ public final class MontiSecArcAnalysisCreator {
CompositeContextCondition
connectorAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_ENCRYPTED_CONNECT
);
//Find all path from a port which has at least one encrypted connection
connectorAnalysis
.
addChild
(
new
EncryptedPathWithUnencryptedPart
(
getFactorFromCofigFile
(
reader
,
"E01-Unencrypted-Connector-In-Path"
)));
connectorAnalysis
.
addChild
(
new
EncryptedPathWithUnencryptedPart
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
E01
)));
//Find paths which end in low trustlevel
connectorAnalysis
.
addChild
(
new
EncryptedPathEndInLowTrustlevel
(
getFactorFromCofigFile
(
reader
,
"E05-Unencrypted-Path-End-In-Low-Trustlevel"
)));
connectorAnalysis
.
addChild
(
new
EncryptedPathEndInLowTrustlevel
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
E05
)));
//Finds connector through low trustlevel
connectorAnalysis
.
addChild
(
new
UnencryptedConnectorThroughLowTurstlevel
(
getFactorFromCofigFile
(
reader
,
"E04-Trustlevel-Unencrypted-Path-In-Low"
)));
connectorAnalysis
.
addChild
(
new
UnencryptedConnectorThroughLowTurstlevel
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
E04
)));
//Trustlevel of environment higher than encrypted path
connectorAnalysis
.
addChild
(
new
TrustlevelConnectorHigherThanEnvironment
(
getFactorFromCofigFile
(
reader
,
"E06-Trustlevel-Connector-Higher"
)));
connectorAnalysis
.
addChild
(
new
TrustlevelConnectorHigherThanEnvironment
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
E06
)));
//An encrypted path continues unencrypted
connectorAnalysis
.
addChild
(
new
EncryptedPathContinuesUnencrypted
(
getFactorFromCofigFile
(
reader
,
"E03-Enrypted-Path-continues-Unencrypted"
)));
connectorAnalysis
.
addChild
(
new
EncryptedPathContinuesUnencrypted
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
E03
)));
//Analysis for filters
CompositeContextCondition
filterAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_FILTER_ANALYSIS
);
//List all filters
filterAnalysis
.
addChild
(
new
ListFilters
(
getFactorFromCofigFile
(
reader
,
"L01-List-Filters"
)));
filterAnalysis
.
addChild
(
new
ListFilters
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L01
)));
//Taint tracking
filterAnalysis
.
addChild
(
new
TaintTracking
(
getFactorFromCofigFile
(
reader
,
"F01-Taint-Tracking"
)));
filterAnalysis
.
addChild
(
new
TaintTracking
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
F01
)));
//Filter with higher trustlevel
filterAnalysis
.
addChild
(
new
FilterWithHigherTrustlevel
(
getFactorFromCofigFile
(
reader
,
"F02-High-Trustlevel"
)));
filterAnalysis
.
addChild
(
new
FilterWithHigherTrustlevel
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
F02
)));
//Analysis for ports
CompositeContextCondition
portAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_PORT_ANALYSIS
);
//List all incoming ports of the system
portAnalysis
.
addChild
(
new
ListSystemIncomingPorts
(
getFactorFromCofigFile
(
reader
,
"L03-List-Incoming-Ports"
)));
portAnalysis
.
addChild
(
new
ListSystemIncomingPorts
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L03
)));
//List all outgoing ports
portAnalysis
.
addChild
(
new
ListSystemOutgoingPorts
(
getFactorFromCofigFile
(
reader
,
"L04-List-Outgoing-Ports"
)));
portAnalysis
.
addChild
(
new
ListSystemOutgoingPorts
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L04
)));
//List all ciritcal ports
portAnalysis
.
addChild
(
new
ListCriticalPorts
(
getFactorFromCofigFile
(
reader
,
"L02-List-Critical-Ports"
)));
portAnalysis
.
addChild
(
new
ListCriticalPorts
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L02
)));
//Avoid input type String
portAnalysis
.
addChild
(
new
AvoidInputString
(
getFactorFromCofigFile
(
reader
,
"L05-List-Ports-String"
)));
portAnalysis
.
addChild
(
new
AvoidInputString
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L05
)));
//Analysis for configurations
CompositeContextCondition
configurationAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_CONFIGURATION_ANALYSIS
);
//Checks if configurations are reviewed
configurationAnalysis
.
addChild
(
new
ReviewedConfiguration
(
getFactorFromCofigFile
(
reader
,
"L07-List-Not-Reviewed-Configuration"
)));
configurationAnalysis
.
addChild
(
new
ReviewedConfiguration
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L07
)));
//Analysis for roles
CompositeContextCondition
roleAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_ROLE_ANALYSIS
);
//Derives roles for thrid party components
roleAnalysis
.
addChild
(
new
DerivedRolesThirdParty
(
getFactorFromCofigFile
(
reader
,
"D03-Derive-Role-Third-Party-Component"
)));
roleAnalysis
.
addChild
(
new
DerivedRolesThirdParty
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
D03
)));
//Derives roles for "normal " components
roleAnalysis
.
addChild
(
new
DerivedRolesComponent
(
getFactorFromCofigFile
(
reader
,
"D01-Derive-Role-Component"
)));
roleAnalysis
.
addChild
(
new
DerivedRolesComponent
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
D01
)));
//Derives roles for ports
roleAnalysis
.
addChild
(
new
DerivedRolesPort
(
getFactorFromCofigFile
(
reader
,
"D02-Derive-Role-Port"
)));
roleAnalysis
.
addChild
(
new
DerivedRolesPort
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
D02
)));
//Access for roles
roleAnalysis
.
addChild
(
new
RoleAccess
(
getFactorFromCofigFile
(
reader
,
"WI01Access-Roles"
)));
roleAnalysis
.
addChild
(
new
RoleAccess
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
WI01
)));
//Analysis for identity
CompositeContextCondition
identityAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_IDENTITY
);
//identity link needs an encrypted connection
identityAnalysis
.
addChild
(
new
IdentityWithEncryption
(
getFactorFromCofigFile
(
reader
,
"I01-Encrypted-Connector"
)));
identityAnalysis
.
addChild
(
new
IdentityWithEncryption
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
I01
)));
//The trustlevel of client should be lower than the one of a server
identityAnalysis
.
addChild
(
new
TrustlevelClientServer
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
I02
)));
//if an identity link is used, roles should be defined in the target component
identityAnalysis
.
addChild
(
new
IdentityWithoutRoles
(
getFactorFromCofigFile
(
reader
,
"I03-Roles-Defined"
)));
identityAnalysis
.
addChild
(
new
IdentityWithoutRoles
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
I03
)));
//Analysis for trustlevel
CompositeContextCondition
trustlevelAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_TRUSTLEVEL
);
//Trustlevel differs more than 2 from relative trustevel
trustlevelAnalysis
.
addChild
(
new
ReasonForDifferingTrustlevel
(
getFactorFromCofigFile
(
reader
,
"T01-Reason-Trustlevel"
)));
trustlevelAnalysis
.
addChild
(
new
ReasonForDifferingTrustlevel
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
T01
)));
//Dervied trustlevel for components without trustlevel
trustlevelAnalysis
.
addChild
(
new
DerivedTrustlevel
(
getFactorFromCofigFile
(
reader
,
"D04-Derive-Trustlevel-Component"
)));
trustlevelAnalysis
.
addChild
(
new
DerivedTrustlevel
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
D04
)));
//Analysis for components
CompositeContextCondition
componentAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_COMPONENT
);
//Lists all third party componnts
componentAnalysis
.
addChild
(
new
ListThirdPartyComponents
(
getFactorFromCofigFile
(
reader
,
"L01-List-Filters"
)));
componentAnalysis
.
addChild
(
new
ListThirdPartyComponents
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
L06
)));
//Analysis for trustlevel relation
CompositeContextCondition
trustlevelRelationAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_TRUSTLEVEL_RELATION
);
//If a relation is defined, define trustlevel
trustlevelRelationAnalysis
.
addChild
(
new
TrustlevelForTrustlevelRelation
(
getFactorFromCofigFile
(
reader
,
"T02-High-Trustlevel"
)));
trustlevelRelationAnalysis
.
addChild
(
new
TrustlevelForTrustlevelRelation
(
getFactorFromCofigFile
(
pathConfiguration
,
MontiSecArcAnalysisConstants
.
T02
)));
//Analysis for analysis parameter
CompositeContextCondition
parameterAnalysis
=
new
CompositeContextCondition
(
MontiSecArcAnalysisConstants
.
ALL_PARAMETER
);
...
...
@@ -249,9 +253,10 @@ public final class MontiSecArcAnalysisCreator {
return
reader
;
}
private
int
getFactorFromCofigFile
(
BufferedReader
reader
,
String
name
)
{
private
int
getFactorFromCofigFile
(
String
analysisConfFile
,
String
name
)
{
String
zeile
=
""
;
int
value
=
1
;
BufferedReader
reader
=
getCofigFileFromString
(
analysisConfFile
);
if
(
reader
==
null
)
{
return
value
;
}
...
...
@@ -260,13 +265,37 @@ public final class MontiSecArcAnalysisCreator {
if
(
zeile
.
contains
(
name
))
{
if
(
zeile
.
contains
(
" "
))
{
String
svalue
=
zeile
.
split
(
" "
)[
1
];
value
=
Integer
.
parseInt
(
svalue
);
reader
.
close
();
return
Integer
.
parseInt
(
svalue
);
}
}
}
reader
.
close
();
}
catch
(
IOException
|
NumberFormatException
e
)
{
MCG
.
getLogger
().
info
(
e
.
getMessage
());
}
return
value
;
}
private
boolean
existsAnalysisInFile
(
String
analysisConfFile
,
String
name
)
{
String
zeile
=
""
;
boolean
value
=
false
;
BufferedReader
reader
=
getCofigFileFromString
(
analysisConfFile
);
if
(
reader
==
null
)
{
return
value
;
}
try
{
while
((
zeile
=
reader
.
readLine
())
!=
null
)
{
if
(
zeile
.
contains
(
name
))
{
reader
.
close
();
return
true
;
}
}
reader
.
close
();
}
catch
(
IOException
|
NumberFormatException
e
)
{
MCG
.
getLogger
().
info
(
e
.
getMessage
());
}
return
value
;
}
...
...
@@ -285,18 +314,60 @@ public final class MontiSecArcAnalysisCreator {
return
analysisConfiguration
;
}
private
Map
<
String
,
String
>
createMappingNameConstant
()
{
Map
<
String
,
String
>
mapping
=
new
HashMap
<
String
,
String
>();
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L01
,
MontiSecArcAnalysisConstants
.
LIST_FILTER
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L02
,
MontiSecArcAnalysisConstants
.
LIST_CRITICAL_PORTS
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L03
,
MontiSecArcAnalysisConstants
.
LIST_INCOMING_PORTS
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L04
,
MontiSecArcAnalysisConstants
.
LIST_OUTGOING_PORTS
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L05
,
MontiSecArcAnalysisConstants
.
AVOID_INPUT_STRING
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L06
,
MontiSecArcAnalysisConstants
.
LIST_THIRD_PARTY_COMPONENTS
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
L07
,
MontiSecArcAnalysisConstants
.
REVIEWED_CONFIGURATION
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
D01
,
MontiSecArcAnalysisConstants
.
DERIVED_ROLES_COMPONENT
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
D02
,
MontiSecArcAnalysisConstants
.
DERIVE_ROLES_PORT
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
D03
,
MontiSecArcAnalysisConstants
.
DERIVED_ROLES_THIRD_PARTY
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
D04
,
MontiSecArcAnalysisConstants
.
DERIVED_TRUSTLEVEL
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
E01
,
MontiSecArcAnalysisConstants
.
ENCRYPTED_PATH_WITH_UNENCRYPTED_PART
);
// mapping.put(MontiSecArcAnalysisConstants.E02, MontiSecArcAnalysisConstants.);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
E03
,
MontiSecArcAnalysisConstants
.
ENCRYPTED_PATH_CONTINUES_UNENCRYPTED
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
E05
,
MontiSecArcAnalysisConstants
.
ENRYPTED_PATH_END_IN_LOW_TRUSTLEVEL
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
E04
,
MontiSecArcAnalysisConstants
.
UNENCRYPTED_CONNECTOR_THROUGH_LOW_TRUSTLEVEL
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
E06
,
MontiSecArcAnalysisConstants
.
TRUSTLEVEL_PATH_HIGHER_THAN_ENVIRONMENT
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
I01
,
MontiSecArcAnalysisConstants
.
IDENTITY_WITH_ENCRYPTION
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
I02
,
MontiSecArcAnalysisConstants
.
TRUSTLEVEL_CLIENT_SERVER_IDENTITY
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
I03
,
MontiSecArcAnalysisConstants
.
IDNETITY_WITHOUT_ROLES
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
F01
,
MontiSecArcAnalysisConstants
.
TAINT_TRACKING
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
F02
,
MontiSecArcAnalysisConstants
.
FILTER_WITH_HIGHER_TRUST
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
T01
,
MontiSecArcAnalysisConstants
.
REASON_DIFFERING_TRUSTLEVEL
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
T02
,
MontiSecArcAnalysisConstants
.
TRUSTLEVEL_FOR_TRUSTLEVELRELATION
);
mapping
.
put
(
MontiSecArcAnalysisConstants
.
WI01
,
MontiSecArcAnalysisConstants
.
ROLE_ACCESS
);
return
mapping
;
}
/**
*
* @return default MontiSecArc context conditions configuration
*/
private
Map
<
String
,
ProblemReport
.
Type
>
doCreateConfiguration
(
List
<
String
>
config
)
{
private
Map
<
String
,
ProblemReport
.
Type
>
doCreateConfiguration
(
String
pathConfiguration
)
{
Map
<
String
,
String
>
mapping
=
createMappingNameConstant
();
if
(
analysisConfiguration
==
null
)
{
analysisConfiguration
=
new
HashMap
<
String
,
Type
>();
for
(
String
element
:
config
)
{
// if(MontiSecArcAnalysisConstants.)
analysisConfiguration
.
put
(
element
,
Type
.
WARNING
);
}
for
(
Entry
<
String
,
String
>
it
:
mapping
.
entrySet
())
{
if
(
existsAnalysisInFile
(
pathConfiguration
,
it
.
getKey
()))
{
analysisConfiguration
.
put
(
it
.
getValue
(),
Type
.
WARNING
);
}
}
analysisConfiguration
.
put
(
MontiSecArcAnalysisConstants
.
ALL_PARAMETER
,
Type
.
WARNING
);
}
return
analysisConfiguration
;
...
...
montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisWorkflow.java
View file @
20a5da59
...
...
@@ -12,6 +12,7 @@ import interfaces2.namespaces.NameSpace;
import
interfaces2.resolvers.Resolver
;
import
java.util.Collection
;
import
java.util.List
;
import
java.util.Map
;
import
mc.DSLRoot
;
...
...
@@ -42,21 +43,26 @@ public final class MontiSecArcAnalysisWorkflow<Root extends DSLRoot<?>> extends
super
(
responsibleClass
);
}
/**
* Visitor for AST
*/
protected
MontiSecArcAnalysisVisitor
client
;
/**
* Analysis are static analysis such as contextconditions
*/
protected
AbstractContextCondition
analysis
;
/**
* Parameter for analysis
*/
protected
List
<
String
>
analysisParameter
;
/**
* Configuration for analysis
*/
protected
Map
<
String
,
ProblemReport
.
Type
>
analysisConfiguration
;
/**
* Output for beginner or advanced users
*/
protected
boolean
advanced
=
false
;
/**
*
* @return analysis static analysis for AST/Graph
...
...
@@ -92,12 +98,20 @@ public final class MontiSecArcAnalysisWorkflow<Root extends DSLRoot<?>> extends
/**
*
* @param
client visito
r for analysis
* @param
analysisParameter Paramete
r for analysis
*/
public
void
set
Client
(
MontiSecArcAnalysisVisitor
client
)
{
this
.
client
=
client
;
public
void
set
AnalysisParameter
(
List
<
String
>
analysisParameter
)
{
this
.
analysisParameter
=
analysisParameter
;
}
/**
*
* @param advanced
*/
public
void
setAdvanced
(
boolean
advanced
)
{
this
.
advanced
=
advanced
;
}
/*
* (non-Javadoc)
* @see mc.DSLWorkflow#run(mc.DSLRoot)
...
...
@@ -135,13 +149,18 @@ public final class MontiSecArcAnalysisWorkflow<Root extends DSLRoot<?>> extends
IVisitor
v
=
new
MultiInheritanceVisitor
();
//initialize visitor
client
.
setDelegator
(
dslroot
.
getErrorDelegator
());
client
.
setDeserializers
(
set
);
client
.
setLoader
(
dslroot
.
getModelInfrastructureProvider
().
getModelloader
());
client
.
setNameSpacesToNodes
(
nameSpacesToNodes
);
client
.
setNodesToNameSpaces
(
nodesToNameSpaces
);
client
.
setResolver
(
resolver
);
client
.
setTopLevelNameSpace
(
topLevelNameSpace
);
//Visitor for Analysis
MontiSecArcAnalysisVisitor
analysisVisitor
=
new
MontiSecArcAnalysisVisitor
();
analysisVisitor
.
setAdvanced
(
advanced
);
analysisVisitor
.
setAnalysisParameter
(
analysisParameter
);
analysisVisitor
.
setDelegator
(
dslroot
.
getErrorDelegator
());
analysisVisitor
.
setDeserializers
(
set
);
analysisVisitor
.
setLoader
(
dslroot
.
getModelInfrastructureProvider
().
getModelloader
());
analysisVisitor
.
setNameSpacesToNodes
(
nameSpacesToNodes
);
analysisVisitor
.
setNodesToNameSpaces
(
nodesToNameSpaces
);
analysisVisitor
.
setResolver
(
resolver
);
analysisVisitor
.
setTopLevelNameSpace
(
topLevelNameSpace
);
if
(
getAnalysis
()
!=
null
)
{
getAnalysis
().
resetConfiguration
();
...
...
@@ -155,13 +174,13 @@ public final class MontiSecArcAnalysisWorkflow<Root extends DSLRoot<?>> extends
con
.
setResolver
(
resolver
);
con
.
setNodes2namesSpace
(
nodesToNameSpaces
);
}
if
(
client
.
getEnabledConditions
()
==
null
||
client
.
getEnabledConditions
().
isEmpty
())
{
client
.
setEnabledConditions
(
enabled
);
if
(
analysisVisitor
.
getEnabledConditions
()
==
null
||
analysisVisitor
.
getEnabledConditions
().
isEmpty
())
{
analysisVisitor
.
setEnabledConditions
(
enabled
);
}
}
v
.
addClient
(
client
);
v
.
addClient
(
analysisVisitor
);
v
.
startVisit
((
ASTNode
)
dslroot
.
getAst
());
...
...
montiSecArcAnalysis/src/main/java/secarc/ets/transform/criticalport/AnalysisCriticalPortTransformationWorkflow.java
View file @
20a5da59
...
...
@@ -89,11 +89,10 @@ public class AnalysisCriticalPortTransformationWorkflow<T extends MontiSecArcRoo
//AnalysisCreator
analysisTransformWorkflow
.
setAnalysis
(
MontiSecArcAnalysisCreator
.
createAnalysis
(
analysisConfPath
));
//AnalysisConfiguratin
analysisTransformWorkflow
.
setAnalysisConfiguration
(
MontiSecArcAnalysisCreator
.
createConfig
());
analysisTransformWorkflow
.
setAnalysisConfiguration
(
MontiSecArcAnalysisCreator
.
createConfig
(
analysisConfPath
));
//Visitor for Analysis
MontiSecArcAnalysisVisitor
analysisTransfromVisitor
=
new
MontiSecArcAnalysisVisitor
();
analysisTransfromVisitor
.
setAdvanced
(
advanced
);
analysisTransformWorkflow
.
setClient
(
analysisTransfromVisitor
);
analysisTransformWorkflow
.
run
(
dslroot
);
//Set original AST
...
...
montiSecArcAnalysis/src/main/java/secarc/ets/transform/trustlevel/AnalysisTrustlevelTransformationWorkflow.java
View file @
20a5da59
...
...
@@ -76,12 +76,11 @@ public class AnalysisTrustlevelTransformationWorkflow<T extends MontiSecArcRoot>
//AnalysisCreator
analysisTransformWorkflow
.
setAnalysis
(
MontiSecArcAnalysisCreator
.
createAnalysis
(
analysisConfPath
));
//AnalysisConfiguratin
analysisTransformWorkflow
.
setAnalysisConfiguration
(
MontiSecArcAnalysisCreator
.
createConfig
());
analysisTransformWorkflow
.
setAnalysisConfiguration
(
MontiSecArcAnalysisCreator
.
createConfig
(
analysisConfPath
));
//Visitor for Analysis
MontiSecArcAnalysisVisitor
analysisTransfromVisitor
=
new
MontiSecArcAnalysisVisitor
();
analysisTransfromVisitor
.
setAdvanced
(
advanced
);
analysisTransfromVisitor
.
setAnalysisParameter
(
analysisParameter
);
analysisTransformWorkflow
.
setClient
(
analysisTransfromVisitor
);
analysisTransformWorkflow
.
run
(
dslroot
);
//Reverse
...
...
montiSecArcAnalysis/src/test/java/secarc/MontiSecArcAnalysisTransformationTrustlevelTest.java
View file @
20a5da59
...
...
@@ -136,7 +136,7 @@ public class MontiSecArcAnalysisTransformationTrustlevelTest extends TestWithSym
}