delete coco trustlevel relative to environment

new analysis filter with higher trustlevel

lang-example/mc.cfg

 /**
- * Generated on Tue Oct 21 13:59:39 CEST 2014
+ * Generated on Tue Oct 21 18:56:09 CEST 2014
  */
 config {
     Require-Model:

lang-example/src/main/java/secarc/error/MontiSecArcErrorCodes.java

@@ -20,11 +20,6 @@ public enum MontiSecArcErrorCodes implements IErrorCode {
 	 */
 	AccessControlOff,
 	
-	/**
-	 * A trustlevel relative to the environment should be greater then -1
-	 */
-	TrustlevelRelativeToEnvironment,
-	
 	/**
 	 * Ther version string consists of integers and points
 	 */

lang-example/src/main/java/secarc/ets/check/MontiSecArcContextConditionConstants.java

@@ -46,8 +46,6 @@ public final class MontiSecArcContextConditionConstants {
 	
 	public static final String TRUSTLEVEL_FOR_COMPONENTS = "Checks if every component has a trustlevel.";
 	
-	public static final String TRUSTLEVEL_REALTIVE_TO_ENVIRONMENT = "Checks if the trustlevels, which are relative to the envirment, are higher than -1.";
-	
 	public static final String TRUSTLEVEL_CRITICAL_PORT = "Checks if the trustlevel for component with critical port is higher then the trustlevel of the source.";
 	
 	public static final String CORRECT_VERSION_STRING = "Checks if the version string consists of integers and points.";

lang-example/src/main/java/secarc/ets/check/MontiSecArcContextConditionCreator.java

@@ -18,7 +18,6 @@ import secarc.ets.cocos.role.RoleWithIdentity;
 import secarc.ets.cocos.role.UniqueComponentRole;
 import secarc.ets.cocos.role.UniqueRoleDefinitionForComponent;
 import secarc.ets.cocos.role.UniqueRoleDefinitionForPort;
-import secarc.ets.cocos.trustlevel.TrustlevelRealtiveToEnvironment;
 import secarc.ets.cocos.trustlevel.UniqueTrustlevel;
 import secarc.ets.cocos.trustlevelrelation.CorrectRelationBetweenTrustlevel;
 import secarc.ets.cocos.version.UniqueVersion;
@@ -118,9 +117,6 @@ public final class MontiSecArcContextConditionCreator {
 			CompositeContextCondition trustlevelCoCos = new CompositeContextCondition(MontiSecArcContextConditionConstants.ALL_TRUSTLEVEL);
 			trustlevelCoCos.setLevel(Type.ERROR);
 			
-			//Checks if the trustlevel of the component which is relative to the enviroment is greater then -1
-			trustlevelCoCos.addChild(new TrustlevelRealtiveToEnvironment());
-			
 			CompositeContextCondition ciritcalPortCoCos = new CompositeContextCondition(MontiSecArcContextConditionConstants.ALL_CRITICALPORT);
 			ciritcalPortCoCos.setLevel(Type.ERROR);
 			

lang-example/src/test/java/secarc/MontiSecArcCoCoTest.java

@@ -65,10 +65,9 @@ public class MontiSecArcCoCoTest extends TestWithSymtab<MontiSecArcTestTool> {
 		assertTrue(tool.run());
 		
 		List<MontiSecArcErrorCodes> errorCodes = new ArrayList<MontiSecArcErrorCodes>();
-		errorCodes.add(MontiSecArcErrorCodes.TrustlevelRelativeToEnvironment);
 		errorCodes.add(MontiSecArcErrorCodes.UniqueTrustlevel);
 
-        assertEquals(2, handler.getErrors().size());
+        assertEquals(1, handler.getErrors().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }

montiSecArcAnalysis/mc.cfg

 /**
- * Generated on Tue Oct 21 13:59:58 CEST 2014
+ * Generated on Tue Oct 21 18:56:29 CEST 2014
  */
 config {
     Require-Model:

montiSecArcAnalysis/src/main/java/secarc/error/MontiSecArcAnalysisErrorCodes.java

@@ -134,6 +134,11 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
 	/**
 	 * The encrypted path continues unencrypted. Checks which component can read the data
 	 */
-	EncryptedPathContinuesUnencrypted
+	EncryptedPathContinuesUnencrypted,
+	
+	/**
+	 * Filters have a higher trust than other components
+	 */
+	FilterWithHigherTrust,
 	
 }

montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/FilterWithHigherTrustlevel.java

+package secarc.ets.analysis.filter;
+
+import com.google.common.base.Optional;
+
+import interfaces2.resolvers.AmbigousException;
+import mc.IErrorCode;
+import mc.umlp.arcd._ast.ASTArcComponent;
+import mc.umlp.arcd._ast.ASTArcPort;
+import mc.umlp.arcd.ets.entries.ComponentEntry;
+import secarc._ast.ASTSecArcFilter;
+import secarc._ast.ASTSecArcFilterComponent;
+import secarc.error.MontiSecArcAnalysisErrorCodes;
+import secarc.ets.analysis.checker.Analysis;
+import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
+import secarc.ets.check.CoCoHelper;
+import secarc.ets.check.MontiSecArcAnalysisConstants;
+import secarc.ets.entries.FilterEntry;
+import secarc.ets.entries.SecComponentEntry;
+import secarc.ets.entries.TrustlevelEntry;
+import secarc.ets.graph.ArchitectureGraph;
+
+public class FilterWithHigherTrustlevel extends Analysis implements
+		ISecAnalysisFilterChecker {
+
+	public FilterWithHigherTrustlevel() {
+		super(MontiSecArcAnalysisConstants.FILTER_WITH_HIGHER_TRUST);
+	}
+
+	
+	@Override
+	public void check(ASTSecArcFilter node, FilterEntry entry,
+			ArchitectureGraph graph) throws AmbigousException {
+		ASTArcComponent parentNode = null;
+		
+		if(node.getMainParent() instanceof ASTArcComponent) {
+			parentNode = (ASTArcComponent) node.getMainParent();
+		} else {
+			parentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
+		}
+		
+		SecComponentEntry componentEntry = (SecComponentEntry) resolver.resolve(parentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(parentNode));
+		SecComponentEntry parentComponentEntry = getTrustlevel(parentNode);
+		
+		Optional<TrustlevelEntry> trustlevelFilterEntry = componentEntry.getTrustlevel();
+		
+		if(!trustlevelFilterEntry.isPresent()) {
+			if(parentComponentEntry.getFilter() != null) {
+				//Check the same for the super filter component
+				return;
+			} else {
+				addReport("The component with the filter " + entry.getName() + " has the same trustlevel as the supercomponent. A filter should have a higher trustlevel than the surrounding component.", node.get_SourcePositionStart());
+			}
+		} else {
+			if(parentComponentEntry.getFilter() != null) {
+				//Check the same for the super filter component
+				return;
+			} else {
+				int filterTrustlevel = CoCoHelper.getTrustlevelAsInteger(componentEntry);
+				int parentTrustlevel = -1;
+				if(parentComponentEntry != null) {
+					parentTrustlevel = CoCoHelper.getTrustlevelAsInteger(parentComponentEntry);
+				}
+				
+				if(filterTrustlevel <= parentTrustlevel) {
+					addReport("The component with the filter " + entry.getName() + " has the same trustlevel which is the same or lower than the trustlevel of the super component. A filter should have a higher trustlevel than the surrounding component.", node.get_SourcePositionStart());
+				}
+				
+			}
+		}
+	}
+	
+	/**
+	 * Search for trustlevel in super components  
+	 * @param node
+	 * @return trustlevel
+	 * @throws AmbigousException
+	 */
+	private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
+		ASTArcComponent parent = (ASTArcComponent) node.getMainParent();
+		if(parent != null) {
+			SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
+			if(componentParent.getTrustlevel().isPresent()) {
+				return componentParent;
+			} else {
+				return getTrustlevel(parent);
+			}
+		} else {
+			return null;
+		}
+	}
+
+	@Override
+	public IErrorCode getErrorCode() {
+		return MontiSecArcAnalysisErrorCodes.FilterWithHigherTrust;
+	}
+
+}

montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/TaintPropergation.java

-package secarc.ets.analysis.filter;
-
-import mc.IErrorCode;
-import mc.umlp.arcd._ast.ASTArcPort;
-import interfaces2.coco.ContextCondition;
-import interfaces2.resolvers.AmbigousException;
-import secarc.error.MontiSecArcAnalysisErrorCodes;
-import secarc.ets.analysis.checker.AnalysisHelper;
-import secarc.ets.analysis.checker.ISecAnalysisPortChecker;
-import secarc.ets.check.MontiSecArcAnalysisConstants;
-import secarc.ets.entries.SecPortEntry;
-import secarc.ets.graph.ArchitectureGraph;
-
-/**
- * The type of the input port indicates the needed filters
- * 
- * <br>
- * <br>
- * Copyright (c) 2011 RWTH Aachen. All rights reserved
- * 
- * @author (last commit) $Author$
- * @version $Date$<br>
- * $Revision$
- * 
- */
-public class TaintPropergation extends ContextCondition implements
-		ISecAnalysisPortChecker {
-
-	public TaintPropergation() {
-		super(MontiSecArcAnalysisConstants.TAINT_PROPERGATION);
-	}
-
-	@Override
-	public void check(ASTArcPort node, SecPortEntry entry,
-			ArchitectureGraph graph) throws AmbigousException {
-		
-		if(AnalysisHelper.isPortBenningOfPath(node, resolver, getNameSpaceFor(node), getNameSpaceFor(node.getMainParent())) == null) {
-			addReport("The input port " + entry.getName() + " has the type " + entry.getTypeReference() + ".", node.get_SourcePositionStart());
-		}
-	}
-
-	@Override
-	public IErrorCode getErrorCode() {
-		return MontiSecArcAnalysisErrorCodes.TaintPropergation;
-	}
-
-}

montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisConstants.java

@@ -44,6 +44,8 @@ public final class MontiSecArcAnalysisConstants {
 	
 	public static final String LIST_FILTER = "Lists all filters.";
 	
+	public static final String FILTER_WITH_HIGHER_TRUST = "Checks if the filter has a higher trustlevel than the super component.";
+	
 	public static final String AVOID_INPUT_STRING = "Checks if a input port has the type String.";
 	
 	public static final String ALL_PORT_ANALYSIS = "Checks all analysis related to ports.";

montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java

@@ -13,9 +13,9 @@ import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
 import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
 import secarc.ets.analysis.filter.AvoidInputString;
 import secarc.ets.analysis.filter.EncryptedPathEndInLowTrustlevel;
+import secarc.ets.analysis.filter.FilterWithHigherTrustlevel;
 import secarc.ets.analysis.filter.ListFilters;
 import secarc.ets.analysis.filter.RepeatFilterinInHigherTrustlevel;
-import secarc.ets.analysis.filter.TaintPropergation;
 import secarc.ets.analysis.filter.TaintTracking;
 import secarc.ets.analysis.filter.TrustlevelPathHigherThanEnvironment;
 import secarc.ets.analysis.identity.IdentityWithEncryption;
@@ -132,8 +132,8 @@ public final class MontiSecArcAnalysisCreator {
 			//Taint tracking
 			filterAnalysis.addChild(new TaintTracking());
 			
-			//taint propergation
-			filterAnalysis.addChild(new TaintPropergation());
+			//Filter with higher trustlevel
+			filterAnalysis.addChild(new FilterWithHigherTrustlevel());
 			
 			//taint traicking after filter
 			filterAnalysis.addChild(new RepeatFilterinInHigherTrustlevel());

montiSecArcAnalysis/src/test/java/secarc/MontiSecArcAnalysisTest.java

@@ -46,10 +46,9 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		List<MontiSecArcAnalysisErrorCodes> errorCodes = new ArrayList<MontiSecArcAnalysisErrorCodes>();
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListIncomingtPorts);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.EncryptedPathEndInLowTrustlevel);
-		errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListThirdPartyComponents);
 
-        assertEquals(4, handler.getWarnings().size());
+        assertEquals(3, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -62,7 +61,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		tool.init();
 		assertTrue(tool.run());
 		
-		assertEquals(3, handler.getWarnings().size());
+		assertEquals(2, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -75,7 +74,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		tool.init();
 		assertTrue(tool.run());
 		
-		assertEquals(7, handler.getWarnings().size());
+		assertEquals(5, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -88,7 +87,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		tool.init();
 		assertTrue(tool.run());
 		
-		assertEquals(3, handler.getWarnings().size());
+		assertEquals(2, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -108,8 +107,8 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		
 		List<MontiSecArcAnalysisErrorCodes> errorCodes = new ArrayList<MontiSecArcAnalysisErrorCodes>();
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListFilters);
-		errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintTracking);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.UnencryptedConnectorThroughLowTrustlevel);
+		errorCodes.add(MontiSecArcAnalysisErrorCodes.FilterWithHigherTrust);
 
         assertEquals(3, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
@@ -124,7 +123,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 	    tool.init();
 	    assertTrue(tool.run());
 		
-		assertEquals(3, handler.getWarnings().size());
+		assertEquals(2, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -181,13 +180,12 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		List<MontiSecArcAnalysisErrorCodes> errorCodes = new ArrayList<MontiSecArcAnalysisErrorCodes>();
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesThirdParty);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesComponent);
-		errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.IdentityWithEncryption);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesPort);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.RoleAccess);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListThirdPartyComponents);
 
-        assertEquals(7, handler.getWarnings().size());
+        assertEquals(6, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -208,9 +206,8 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListIncomingtPorts);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListOutgoingPorts);
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.ListAllCriticalPorts);
-		errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
 
-        assertEquals(2, handler.getWarnings().size());
+        assertEquals(1, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -223,7 +220,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
         tool.init();
 		assertTrue(tool.run());
 
-        assertEquals(2, handler.getWarnings().size());
+        assertEquals(1, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -236,7 +233,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
         tool.init();
 		assertTrue(tool.run());
 
-        assertEquals(2, handler.getWarnings().size());
+        assertEquals(1, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -259,7 +256,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.DerivedRolesPort);		
 		errorCodes.add(MontiSecArcAnalysisErrorCodes.RoleAccess);
 
-        assertEquals(5, handler.getWarnings().size());
+        assertEquals(4, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }
@@ -272,7 +269,7 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
         tool.init();
 		assertTrue(tool.run());
 
-        assertEquals(7, handler.getWarnings().size());
+        assertEquals(5, handler.getWarnings().size());
         for(ProblemReport error : handler.getErrors()) {
         	assertTrue(errorCodes.contains(error.getErrorcode()));
         }

montiSecArcAnalysis/src/test/resources/secarc/analysis/filter/FilterPort.secarc

@@ -13,7 +13,7 @@ component FilterPort {
 	
 	component TargetHelp targetHelp {
 	
-		trustlevel +1;		
+		trustlevel +2;		
 	
 		port
 			(filter sql) in int input;