Commit 3236b9b2 authored by Paff's avatar Paff
Browse files

delete coco trustlevel relative to environment

new analysis filter with higher trustlevel
parent 11953056
/**
* Generated on Tue Oct 21 13:59:39 CEST 2014
* Generated on Tue Oct 21 18:56:09 CEST 2014
*/
config {
Require-Model:
......
......@@ -20,11 +20,6 @@ public enum MontiSecArcErrorCodes implements IErrorCode {
*/
AccessControlOff,
/**
* A trustlevel relative to the environment should be greater then -1
*/
TrustlevelRelativeToEnvironment,
/**
* Ther version string consists of integers and points
*/
......
......@@ -46,8 +46,6 @@ public final class MontiSecArcContextConditionConstants {
public static final String TRUSTLEVEL_FOR_COMPONENTS = "Checks if every component has a trustlevel.";
public static final String TRUSTLEVEL_REALTIVE_TO_ENVIRONMENT = "Checks if the trustlevels, which are relative to the envirment, are higher than -1.";
public static final String TRUSTLEVEL_CRITICAL_PORT = "Checks if the trustlevel for component with critical port is higher then the trustlevel of the source.";
public static final String CORRECT_VERSION_STRING = "Checks if the version string consists of integers and points.";
......
......@@ -18,7 +18,6 @@ import secarc.ets.cocos.role.RoleWithIdentity;
import secarc.ets.cocos.role.UniqueComponentRole;
import secarc.ets.cocos.role.UniqueRoleDefinitionForComponent;
import secarc.ets.cocos.role.UniqueRoleDefinitionForPort;
import secarc.ets.cocos.trustlevel.TrustlevelRealtiveToEnvironment;
import secarc.ets.cocos.trustlevel.UniqueTrustlevel;
import secarc.ets.cocos.trustlevelrelation.CorrectRelationBetweenTrustlevel;
import secarc.ets.cocos.version.UniqueVersion;
......@@ -118,9 +117,6 @@ public final class MontiSecArcContextConditionCreator {
CompositeContextCondition trustlevelCoCos = new CompositeContextCondition(MontiSecArcContextConditionConstants.ALL_TRUSTLEVEL);
trustlevelCoCos.setLevel(Type.ERROR);
//Checks if the trustlevel of the component which is relative to the enviroment is greater then -1
trustlevelCoCos.addChild(new TrustlevelRealtiveToEnvironment());
CompositeContextCondition ciritcalPortCoCos = new CompositeContextCondition(MontiSecArcContextConditionConstants.ALL_CRITICALPORT);
ciritcalPortCoCos.setLevel(Type.ERROR);
......
......@@ -65,10 +65,9 @@ public class MontiSecArcCoCoTest extends TestWithSymtab<MontiSecArcTestTool> {
assertTrue(tool.run());
List<MontiSecArcErrorCodes> errorCodes = new ArrayList<MontiSecArcErrorCodes>();
errorCodes.add(MontiSecArcErrorCodes.TrustlevelRelativeToEnvironment);
errorCodes.add(MontiSecArcErrorCodes.UniqueTrustlevel);
assertEquals(2, handler.getErrors().size());
assertEquals(1, handler.getErrors().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......
/**
* Generated on Tue Oct 21 13:59:58 CEST 2014
* Generated on Tue Oct 21 18:56:29 CEST 2014
*/
config {
Require-Model:
......
......@@ -134,6 +134,11 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
/**
* The encrypted path continues unencrypted. Checks which component can read the data
*/
EncryptedPathContinuesUnencrypted
EncryptedPathContinuesUnencrypted,
/**
* Filters have a higher trust than other components
*/
FilterWithHigherTrust,
}
package secarc.ets.analysis.filter;
import com.google.common.base.Optional;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcPort;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import secarc._ast.ASTSecArcFilter;
import secarc._ast.ASTSecArcFilterComponent;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
import secarc.ets.check.CoCoHelper;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.FilterEntry;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.TrustlevelEntry;
import secarc.ets.graph.ArchitectureGraph;
public class FilterWithHigherTrustlevel extends Analysis implements
ISecAnalysisFilterChecker {
public FilterWithHigherTrustlevel() {
super(MontiSecArcAnalysisConstants.FILTER_WITH_HIGHER_TRUST);
}
@Override
public void check(ASTSecArcFilter node, FilterEntry entry,
ArchitectureGraph graph) throws AmbigousException {
ASTArcComponent parentNode = null;
if(node.getMainParent() instanceof ASTArcComponent) {
parentNode = (ASTArcComponent) node.getMainParent();
} else {
parentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
}
SecComponentEntry componentEntry = (SecComponentEntry) resolver.resolve(parentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(parentNode));
SecComponentEntry parentComponentEntry = getTrustlevel(parentNode);
Optional<TrustlevelEntry> trustlevelFilterEntry = componentEntry.getTrustlevel();
if(!trustlevelFilterEntry.isPresent()) {
if(parentComponentEntry.getFilter() != null) {
//Check the same for the super filter component
return;
} else {
addReport("The component with the filter " + entry.getName() + " has the same trustlevel as the supercomponent. A filter should have a higher trustlevel than the surrounding component.", node.get_SourcePositionStart());
}
} else {
if(parentComponentEntry.getFilter() != null) {
//Check the same for the super filter component
return;
} else {
int filterTrustlevel = CoCoHelper.getTrustlevelAsInteger(componentEntry);
int parentTrustlevel = -1;
if(parentComponentEntry != null) {
parentTrustlevel = CoCoHelper.getTrustlevelAsInteger(parentComponentEntry);
}
if(filterTrustlevel <= parentTrustlevel) {
addReport("The component with the filter " + entry.getName() + " has the same trustlevel which is the same or lower than the trustlevel of the super component. A filter should have a higher trustlevel than the surrounding component.", node.get_SourcePositionStart());
}
}
}
}
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = (ASTArcComponent) node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent;
} else {
return getTrustlevel(parent);
}
} else {
return null;
}
}
@Override
public IErrorCode getErrorCode() {
return MontiSecArcAnalysisErrorCodes.FilterWithHigherTrust;
}
}
package secarc.ets.analysis.filter;
import mc.IErrorCode;
import mc.umlp.arcd._ast.ASTArcPort;
import interfaces2.coco.ContextCondition;
import interfaces2.resolvers.AmbigousException;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.AnalysisHelper;
import secarc.ets.analysis.checker.ISecAnalysisPortChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecPortEntry;
import secarc.ets.graph.ArchitectureGraph;
/**
* The type of the input port indicates the needed filters
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
*
* @author (last commit) $Author$
* @version $Date$<br>
* $Revision$
*
*/
public class TaintPropergation extends ContextCondition implements
ISecAnalysisPortChecker {
public TaintPropergation() {
super(MontiSecArcAnalysisConstants.TAINT_PROPERGATION);
}
@Override
public void check(ASTArcPort node, SecPortEntry entry,
ArchitectureGraph graph) throws AmbigousException {
if(AnalysisHelper.isPortBenningOfPath(node, resolver, getNameSpaceFor(node), getNameSpaceFor(node.getMainParent())) == null) {
addReport("The input port " + entry.getName() + " has the type " + entry.getTypeReference() + ".", node.get_SourcePositionStart());
}
}
@Override
public IErrorCode getErrorCode() {
return MontiSecArcAnalysisErrorCodes.TaintPropergation;
}
}
......@@ -44,6 +44,8 @@ public final class MontiSecArcAnalysisConstants {
public static final String LIST_FILTER = "Lists all filters.";
public static final String FILTER_WITH_HIGHER_TRUST = "Checks if the filter has a higher trustlevel than the super component.";
public static final String AVOID_INPUT_STRING = "Checks if a input port has the type String.";
public static final String ALL_PORT_ANALYSIS = "Checks all analysis related to ports.";
......
......@@ -13,9 +13,9 @@ import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
import secarc.ets.analysis.filter.AvoidInputString;
import secarc.ets.analysis.filter.EncryptedPathEndInLowTrustlevel;
import secarc.ets.analysis.filter.FilterWithHigherTrustlevel;
import secarc.ets.analysis.filter.ListFilters;
import secarc.ets.analysis.filter.RepeatFilterinInHigherTrustlevel;
import secarc.ets.analysis.filter.TaintPropergation;
import secarc.ets.analysis.filter.TaintTracking;
import secarc.ets.analysis.filter.TrustlevelPathHigherThanEnvironment;
import secarc.ets.analysis.identity.IdentityWithEncryption;
......@@ -132,8 +132,8 @@ public final class MontiSecArcAnalysisCreator {
//Taint tracking
filterAnalysis.addChild(new TaintTracking());
//taint propergation
filterAnalysis.addChild(new TaintPropergation());
//Filter with higher trustlevel
filterAnalysis.addChild(new FilterWithHigherTrustlevel());
//taint traicking after filter
filterAnalysis.addChild(new RepeatFilterinInHigherTrustlevel());
......
......@@ -46,10 +46,9 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
List<MontiSecArcAnalysisErrorCodes> errorCodes = new ArrayList<MontiSecArcAnalysisErrorCodes>();
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListIncomingtPorts);
errorCodes.add(MontiSecArcAnalysisErrorCodes.EncryptedPathEndInLowTrustlevel);
errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListThirdPartyComponents);
assertEquals(4, handler.getWarnings().size());
assertEquals(3, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -62,7 +61,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(3, handler.getWarnings().size());
assertEquals(2, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -75,7 +74,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(7, handler.getWarnings().size());
assertEquals(5, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -88,7 +87,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(3, handler.getWarnings().size());
assertEquals(2, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -108,8 +107,8 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
List<MontiSecArcAnalysisErrorCodes> errorCodes = new ArrayList<MontiSecArcAnalysisErrorCodes>();
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListFilters);
errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintTracking);
errorCodes.add(MontiSecArcAnalysisErrorCodes.UnencryptedConnectorThroughLowTrustlevel);
errorCodes.add(MontiSecArcAnalysisErrorCodes.FilterWithHigherTrust);
assertEquals(3, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
......@@ -124,7 +123,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(3, handler.getWarnings().size());
assertEquals(2, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -181,13 +180,12 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
List<MontiSecArcAnalysisErrorCodes> errorCodes = new ArrayList<MontiSecArcAnalysisErrorCodes>();
errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesThirdParty);
errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesComponent);
errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
errorCodes.add(MontiSecArcAnalysisErrorCodes.IdentityWithEncryption);
errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesPort);
errorCodes.add(MontiSecArcAnalysisErrorCodes.RoleAccess);
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListThirdPartyComponents);
assertEquals(7, handler.getWarnings().size());
assertEquals(6, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -208,9 +206,8 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListIncomingtPorts);
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListOutgoingPorts);
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListAllCriticalPorts);
errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
assertEquals(2, handler.getWarnings().size());
assertEquals(1, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -223,7 +220,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(2, handler.getWarnings().size());
assertEquals(1, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -236,7 +233,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(2, handler.getWarnings().size());
assertEquals(1, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -259,7 +256,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesPort);
errorCodes.add(MontiSecArcAnalysisErrorCodes.RoleAccess);
assertEquals(5, handler.getWarnings().size());
assertEquals(4, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......@@ -272,7 +269,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
tool.init();
assertTrue(tool.run());
assertEquals(7, handler.getWarnings().size());
assertEquals(5, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......
......@@ -13,7 +13,7 @@ component FilterPort {
component TargetHelp targetHelp {
trustlevel +1;
trustlevel +2;
port
(filter sql) in int input;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment