Commit 6469c4c5 authored by Paff's avatar Paff
Browse files

analysis: trustlevel within encrypted path should be higher than the

trustlevel of the environment
parent e64e650d
/**
* Generated on Tue Oct 07 08:12:34 CEST 2014
* Generated on Tue Oct 07 10:34:17 CEST 2014
*/
config {
Require-Model:
......
/**
* Generated on Tue Oct 07 08:12:56 CEST 2014
* Generated on Tue Oct 07 10:34:35 CEST 2014
*/
config {
Require-Model:
......
......@@ -85,4 +85,9 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
*/
IdentityWithEncryption,
/**
* Trustlevel of encrypted path is higher than the environment
*/
TrustlevelPathHigherThanEnvironment
}
......@@ -29,6 +29,8 @@ import secarc.ets.graph.Vertex;
*
* - SSL/TLS Testing
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
......
......@@ -28,6 +28,8 @@ import mc.umlp.arcd.ets.entries.PortEntry;
*
* - SSL/TLS Testing
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
......
......@@ -17,6 +17,8 @@ import secarc.ets.entries.SecConnectorEntry;
/**
* Lists all encrypted data
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
......
package secarc.ets.analysis.connect;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.umlp.arcd._ast.ASTArcConnector;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecConnectorEntry;
/**
* Checks if the trustlevel of the encrypted path is higher than the environment
*
* - SSL/TLS Testing
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
*
* @author (last commit) $Author$
* @version $Date$<br>
* $Revision$
*
*/
public class TrustlevelPathHigherThanEnvironment extends Analysis implements
ISecAnalysisConnectorChecker {
public TrustlevelPathHigherThanEnvironment() {
super(MontiSecArcAnalysisConstants.TRUSTLEVEL_PATH_HIGHER_THAN_ENVIRONMENT);
}
/*
* (non-Javadoc)
* @see secarc.ets.analysis.checker.ISecAnalysisConnectorChecker#check(mc.umlp.arcd._ast.ASTArcConnector, secarc.ets.entries.SecConnectorEntry)
*/
@Override
public void check(ASTArcConnector node, SecConnectorEntry entry) throws AmbigousException {
String refTarget = entry.getTarget();
String refSource = entry.getSource();
SecComponentEntry componentSource = null;
SecComponentEntry componentTarget = null;
SecComponentEntry componentParent = null;
if(refSource.contains(".")) {
//Is in another namespace
componentSource = (SecComponentEntry) resolver.resolve(refSource.substring(0, refSource.indexOf(".")), ComponentEntry.KIND, getNameSpaceFor(node.getMainParent()));
} else {
//Is in the same namespace
componentSource = (SecComponentEntry) resolver.resolve(node.getMainParent().getName(), ComponentEntry.KIND, getNameSpaceFor(node));
}
if(refTarget.contains(".")) {
//Is in another namespace
refTarget = refTarget.substring(0, refTarget.indexOf("."));
refTarget = refTarget.replaceFirst(refTarget.substring(0, 1), refTarget.substring(0, 1).toUpperCase());
componentTarget = (SecComponentEntry) resolver.resolve(refTarget, ComponentEntry.KIND, getNameSpaceFor(node.getMainParent()));
} else {
//Is in the same namespace
componentTarget = (SecComponentEntry) resolver.resolve(node.getMainParent().getName(), ComponentEntry.KIND, getNameSpaceFor(node));
}
if((refTarget.contains(".") && refSource.contains(".")) || node.getMainParent().getMainParent() == null) {
//In the same namesparce
componentParent = (SecComponentEntry) resolver.resolve(node.getMainParent().getName(), ComponentEntry.KIND, getNameSpaceFor(node.getMainParent()));
} else {
//In a higher namespace
componentParent = (SecComponentEntry) resolver.resolve(node.getMainParent().getMainParent().getName(), ComponentEntry.KIND, getNameSpaceFor(node.getMainParent().getMainParent()));
}
//Is checked in another coco
if(componentSource == null || componentTarget == null || componentParent == null) {
return;
}
int trustlevelSource = -2;
int trustlevelTarget = -2;
int trustlevelParent = -2;
//Trustlevel source
if(componentSource.getTrustlevel().isPresent()) {
trustlevelSource = componentSource.getTrustlevel().get().getValue();
if(componentSource.getTrustlevel().get().isNegative()) {
trustlevelSource *= -1;
}
} else {
return;
}
//Trustlevel target
if(componentTarget.getTrustlevel().isPresent()) {
trustlevelTarget = componentTarget.getTrustlevel().get().getValue();
if(componentTarget.getTrustlevel().get().isNegative()) {
trustlevelTarget *= -1;
}
} else {
return;
}
//Trustlevel parent
if(componentParent.getTrustlevel().isPresent()) {
trustlevelParent = componentParent.getTrustlevel().get().getValue();
if(componentParent.getTrustlevel().get().isNegative()) {
trustlevelParent *= -1;
}
} else {
return;
}
//Compare Trustlevel
if(trustlevelSource < trustlevelParent && trustlevelTarget < trustlevelParent) {
addReport("The trustlevel of the source and target component is lower than the trustlevel of the environment.", node.get_SourcePositionStart());
} else if(trustlevelSource >= trustlevelParent && trustlevelTarget < trustlevelParent) {
addReport("The trustlevel of the target component is lower than the trustlevel of the environment.", node.get_SourcePositionStart());
} else if(trustlevelSource < trustlevelParent && trustlevelTarget >= trustlevelParent) {
addReport("The trustlevel of the source component is lower than the trustlevel of the environment.", node.get_SourcePositionStart());
}
}
/*
* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
*/
@Override
public IErrorCode getErrorCode() {
return MontiSecArcAnalysisErrorCodes.TrustlevelPathHigherThanEnvironment;
}
}
......@@ -17,6 +17,8 @@ import secarc.ets.entries.SecConnectorEntry;
*
* - SSL/TLS Testing
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
......
......@@ -30,6 +30,8 @@ public final class MontiSecArcAnalysisConstants {
public static final String UNENCRYPTED_CONNECTOR_THROUGH_LOW_TRUSTLEVEL = "Checks if an unencrypted connector is embedded in a component with a low trustlevel.";
public static final String TRUSTLEVEL_PATH_HIGHER_THAN_ENVIRONMENT = "Checks if the trustlevels of an encrypted path should be higher than the trustlevel of the environment.";
public static final String ALL_FILTER_ANALYSIS = "Checks all analysis related to filters.";
public static final String TAINT_TRACKING = "Checks if a input is filter before it is used.";
......
......@@ -10,6 +10,7 @@ import secarc.ets.analysis.configuration.ReviewedConfiguration;
import secarc.ets.analysis.connect.EncryptedPathEndInLowTrustlevel;
import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
import secarc.ets.analysis.connect.ListEncryptedData;
import secarc.ets.analysis.connect.TrustlevelPathHigherThanEnvironment;
import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
import secarc.ets.analysis.filter.ListFilters;
import secarc.ets.analysis.filter.TaintPropergation;
......@@ -112,6 +113,9 @@ public final class MontiSecArcAnalysisCreator {
//Finds connector through low trustlevel
connectorAnalysis.addChild(new UnencryptedConnectorThroughLowTurstlevel());
//Trustlevel of environment higher than encrypted path
connectorAnalysis.addChild(new TrustlevelPathHigherThanEnvironment());
//Analysis for filters
CompositeContextCondition filterAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_FILTER_ANALYSIS);
......
......@@ -50,8 +50,9 @@ public class MontiSecArcAnalysisTest extends TestWithSymtabAnalysis<MontiSecArcA
errorCodes.add(MontiSecArcAnalysisErrorCodes.UnencryptedConnectorThroughLowTrustlevel);
errorCodes.add(MontiSecArcAnalysisErrorCodes.ListIncomingtPorts);
errorCodes.add(MontiSecArcAnalysisErrorCodes.TaintPropergation);
errorCodes.add(MontiSecArcAnalysisErrorCodes.TrustlevelPathHigherThanEnvironment);
assertEquals(17, handler.getWarnings().size());
assertEquals(21, handler.getWarnings().size());
for(ProblemReport error : handler.getErrors()) {
assertTrue(errorCodes.contains(error.getErrorcode()));
}
......
package secarc.analysis.connector;
component EncryptedPathWithLowerTrustlevel {
accesscontrol off;
trustlevel +1;
port
in String input;
component Help help {
trustlevel +1;
}
component TargetHelp targetHelp {
trustlevel +0;
port in String inputTarget;
}
component SubEncryptedConnector subEncryptedConnector {
trustlevel +0;
port
in String inputSub2;
connect encrypted inputSub2 -> targetHelp.inputTarget;
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment