Commit 9d00e4c1 authored by Paff's avatar Paff

cocos in analysis

bug fixes
new test structure
parent fd419857
/**
* Generated on Wed Oct 08 20:24:58 CEST 2014
* Generated on Sat Oct 11 11:38:49 CEST 2014
*/
config {
Require-Model:
......
......@@ -110,4 +110,15 @@ public enum MontiSecArcAnalysisErrorCodes implements IErrorCode {
*/
DerivedTrustlevel,
/**
* A trustlevel of a server should be higher than
* the trustlevel of a client
*/
TrustlevelClientServerIdentity,
/**
* A input port should avoid the type String.
*/
AvoidInputString,
}
package secarc.ets.analysis.connect;
import java.util.ArrayList;
import java.util.List;
......@@ -7,7 +9,10 @@ import org.jgrapht.traverse.DepthFirstIterator;
import org.jgrapht.traverse.GraphIterator;
import mc.IErrorCode;
import mc.ast.ASTNode;
import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcPort;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import mc.umlp.arcd.ets.entries.PortEntry;
import interfaces2.STEntry;
import interfaces2.resolvers.AmbigousException;
......@@ -71,6 +76,14 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
//Boolean for unencrypted element
boolean unencryted = false;
//Trustlevel of the found componet
String trustlevel = "-2";
int trustlevelCompare = -1;
//Trustlevel of the super component
int trustlevelSuperComponentCompare = -1;
//Supercomponent entry
SecComponentEntry superComponentEntry = null;
STEntry element = null;
SecComponentEntry lastComponent = null;
......@@ -79,37 +92,6 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
if(element instanceof SecConnectorEntry) {
//New path starts
if(((SecConnectorEntry) element).getSource().equals(entry.getName())) {
//Check if info is needed
if(!path.isEmpty()) {
//Check just encrypted
if(encrypted && !unencryted) {
String trustlevel = "-2";
if(lastComponent.getTrustlevel().isPresent()) {
trustlevel = "" + lastComponent.getTrustlevel().get().getValue();
if(lastComponent.getTrustlevel().get().isNegative()) {
trustlevel = "-" + trustlevel;
} else {
trustlevel = "+" + trustlevel;
}
}
StringBuilder builder = new StringBuilder("The following path ends in the low trustlevel " + trustlevel + ": " + path.get(0));
path.remove(0);
for(SecConnectorEntry pathElement : path) {
builder.append(" -> ");
builder.append(pathElement);
}
addReport(builder.toString(), node.get_SourcePositionStart());
}
}
path.clear();
encrypted = false;
unencryted = false;
}
if(((SecConnectorEntry) element).isEncrypted()) {
encrypted = true;
}
......@@ -120,16 +102,136 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
//Save path
path.add((SecConnectorEntry) element);
}
//Save subcomponent for trustlevel
if(element instanceof SecSubComponentEntry) {
lastComponent = ((SecSubComponentEntry) element).getComponentType();
}
//New path starts
if((element instanceof PortEntry
&& ((PortEntry) element).getName().equals(entry.getName())) || !iterator.hasNext()) {
//Check if info is needed
if(!path.isEmpty()) {
//Check just encrypted
if(encrypted && !unencryted) {
trustlevel = "-2";
trustlevelCompare = -1;
//component has a trustlevel
if(lastComponent.getTrustlevel().isPresent()) {
trustlevel = getTrustlevelAsString(lastComponent);
trustlevelCompare = getTrustlevelAsInteger(lastComponent);
//Trustlevel of supercomponent
superComponentEntry = getTrustlevel((ASTArcComponent) lastComponent.getBestKnownVersion().getNode());
//If no trustlevel in supercomponent exists, take the default trustlevel of the environment
if(superComponentEntry.getTrustlevel().get() == null) {
trustlevelSuperComponentCompare = -1;
} else {
trustlevelSuperComponentCompare = getTrustlevelAsInteger(superComponentEntry);
}
} else {
//Search for trustlevel -> derived trustlevel
lastComponent = getTrustlevel((ASTArcComponent) lastComponent.getBestKnownVersion().getNode());
//No trustlevel in super components defined, take the default trustlevel of the environment
if(lastComponent.getTrustlevel().get() == null) {
trustlevelCompare = -1;
trustlevelSuperComponentCompare = -2;
} else {
//Trustlevel of supercomponent
superComponentEntry = getTrustlevel((ASTArcComponent) lastComponent.getBestKnownVersion().getNode());
//If no trustlevel in supercomponent exists, take the default trustlevel of the environment
if(superComponentEntry.getTrustlevel().get() == null) {
trustlevelSuperComponentCompare = -1;
} else {
trustlevelSuperComponentCompare = getTrustlevelAsInteger(superComponentEntry);
}
}
}
//If the trustlevel of the current component is lower than the trustlevel of the super component, warning
if(trustlevelCompare < trustlevelSuperComponentCompare) {
printWarningMessage(path, trustlevel, node);
}
}
}
path.clear();
encrypted = false;
unencryted = false;
}
}
}
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent;
} else {
return getTrustlevel(parent);
}
} else {
return null;
}
}
/**
* Trustlevel object in String
*
* @param entry
* @return trustlevel
*/
private String getTrustlevelAsString(SecComponentEntry entry) {
String trustlevel = "" + entry.getTrustlevel().get().getValue();
if(entry.getTrustlevel().get().isNegative()) {
trustlevel = "-" + trustlevel;
} else {
trustlevel = "+" + trustlevel;
}
return trustlevel;
}
/**
* Trustlevel object in Integer
*
* @param entry
* @return trustlevel
*/
private int getTrustlevelAsInteger(SecComponentEntry entry) {
int trustlevel = entry.getTrustlevel().get().getValue();
if(entry.getTrustlevel().get().isNegative()) {
trustlevel *= -1;
}
return trustlevel;
}
private void printWarningMessage(List<SecConnectorEntry> path, String trustlevel, ASTNode node) {
StringBuilder builder = new StringBuilder("The following path ends in the low trustlevel " + trustlevel + ": " + path.get(0));
path.remove(0);
for(SecConnectorEntry pathElement : path) {
builder.append(" -> ");
builder.append(pathElement);
}
addReport(builder.toString(), node.get_SourcePositionStart());
}
/*
* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
......
......@@ -70,32 +70,14 @@ public class EncryptedPathWithUnencryptedPart extends Analysis
STEntry element = null;
//First element is not needed
iterator.next();
while(iterator.hasNext()) {
element = iterator.next().getArchitectureElement();
if(element instanceof SecConnectorEntry) {
//New path starts
if(((SecConnectorEntry) element).getSource().equals(entry.getName())) {
//Check if info is needed
if(!path.isEmpty()) {
//Check for mixed path
if(encrypted && unencryted) {
StringBuilder builder = new StringBuilder("The following path consists of encrypted and unencrypted parts: " + path.get(0));
path.remove(0);
for(SecConnectorEntry pathElement : path) {
builder.append(" -> ");
builder.append(pathElement);
}
addReport(builder.toString(), node.get_SourcePositionStart());
}
}
path.clear();
encrypted = false;
unencryted = false;
}
if(((SecConnectorEntry) element).isEncrypted()) {
encrypted = true;
}
......@@ -106,6 +88,29 @@ public class EncryptedPathWithUnencryptedPart extends Analysis
//Save path
path.add((SecConnectorEntry) element);
}
//New path starts
if((element instanceof PortEntry
&& ((PortEntry) element).getName().equals(entry.getName())) || !iterator.hasNext()) {
//Check if info is needed
if(!path.isEmpty()) {
//Check for mixed path
if(encrypted && unencryted) {
StringBuilder builder = new StringBuilder("The following path consists of encrypted and unencrypted parts: " + path.get(0));
path.remove(0);
for(SecConnectorEntry pathElement : path) {
builder.append(" -> ");
builder.append(pathElement);
}
addReport(builder.toString(), node.get_SourcePositionStart());
}
}
path.clear();
encrypted = false;
unencryted = false;
}
}
}
......
......@@ -10,8 +10,8 @@ import mc.umlp.arcd._ast.ASTArcSimpleConnector;
import interfaces2.resolvers.AmbigousException;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.cocos.checkers.ISecConnectorChecker;
import secarc.ets.entries.SecConnectorEntry;
/**
......@@ -29,7 +29,7 @@ import secarc.ets.entries.SecConnectorEntry;
*
*/
public class ListEncryptedData extends Analysis implements
ISecConnectorChecker {
ISecAnalysisConnectorChecker {
public ListEncryptedData() {
super(MontiSecArcAnalysisConstants.LIST_ENCRYPTED_CONNTECT);
......
......@@ -3,6 +3,7 @@ package secarc.ets.analysis.connect;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.ast.ASTNode;
import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcConnector;
import mc.umlp.arcd._ast.ASTArcSimpleConnector;
import mc.umlp.arcd.ets.entries.ComponentEntry;
......@@ -94,37 +95,51 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
}
int trustlevelSource = -2;
boolean trustlevelSourceMissing = false;
int trustlevelTarget = -2;
boolean trustlevelTargetMissing = false;
int trustlevelParent = -2;
//Trustlevel source
if(componentSource.getTrustlevel().isPresent()) {
trustlevelSource = componentSource.getTrustlevel().get().getValue();
if(componentSource.getTrustlevel().get().isNegative()) {
trustlevelSource *= -1;
}
trustlevelSource = getTrustlevelAsInteger(componentSource);
} else {
return;
//Gets trustlevel of the super component (derived)
trustlevelSourceMissing = true;
}
//Trustlevel target
if(componentTarget.getTrustlevel().isPresent()) {
trustlevelTarget = componentTarget.getTrustlevel().get().getValue();
if(componentTarget.getTrustlevel().get().isNegative()) {
trustlevelTarget *= -1;
}
trustlevelTarget = getTrustlevelAsInteger(componentTarget);
} else {
//Gets trustlevel of the super component (derived)
trustlevelTargetMissing = true;
}
//Source and Target do not have a trustlevel and therefore they get the one from the parent
if(trustlevelSourceMissing && trustlevelTargetMissing) {
return;
}
//Trustlevel parent
if(componentParent.getTrustlevel().isPresent()) {
trustlevelParent = componentParent.getTrustlevel().get().getValue();
if(componentParent.getTrustlevel().get().isNegative()) {
trustlevelParent *= -1;
}
trustlevelParent = getTrustlevelAsInteger(componentParent);
} else {
return;
//Look for trustlevel in super components
//Trustlevel of supercomponent
componentParent = getTrustlevel((ASTArcComponent) componentParent.getBestKnownVersion().getNode());
//If no trustlevel in supercomponent exists, take the default trustlevel of the environment
if(componentParent.getTrustlevel().get() == null) {
trustlevelParent = -1;
} else {
trustlevelParent = getTrustlevelAsInteger(componentParent);
}
}
if(trustlevelSourceMissing) {
trustlevelSource = trustlevelParent;
} else if(trustlevelTargetMissing){
trustlevelTarget = trustlevelParent;
}
//Compare Trustlevel
......@@ -136,6 +151,40 @@ public class TrustlevelPathHigherThanEnvironment extends Analysis implements
addReport("The trustlevel of the source component is lower than the trustlevel of the environment.", node.get_SourcePositionStart());
}
}
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent;
} else {
return getTrustlevel(parent);
}
} else {
return null;
}
}
/**
* Trustlevel object in Integer
*
* @param entry
* @return trustlevel
*/
private int getTrustlevelAsInteger(SecComponentEntry entry) {
int trustlevel = entry.getTrustlevel().get().getValue();
if(entry.getTrustlevel().get().isNegative()) {
trustlevel *= -1;
}
return trustlevel;
}
/*
* (non-Javadoc)
......
......@@ -49,21 +49,12 @@ public class DerivedRolesThirdParty extends Analysis implements
List<RoleEntry> roles = new ArrayList<RoleEntry>();
// List<PortEntry> ports = entry.getAllPorts(loader, deserializers);
//Roles from component
//Roles from ports are automatically in the same namespache
if(entry.getRoles() != null) {
roles.addAll(entry.getRoles());
}
//roles from ports
// for(PortEntry port : ports) {
// if(((SecPortEntry) port).getRoles() != null) {
// roles.addAll(((SecPortEntry) port).getRoles());
// }
// }
StringBuilder sBuilder = new StringBuilder("The third party component " + NameHelper.getSimplenameFromComplexname(entry.getName()) + " has the following roles: ");
if(roles.size()>0) {
......
......@@ -41,7 +41,7 @@ public class DerivedTrustlevel extends Analysis implements
return;
}
TrustlevelEntry trustlevelEntry = getTrustlevel(node);
TrustlevelEntry trustlevelEntry = getTrustlevel(node).getTrustlevel().get();
String trustlevel = "";
if(trustlevelEntry == null) {
......@@ -59,12 +59,18 @@ public class DerivedTrustlevel extends Analysis implements
}
private TrustlevelEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent.getTrustlevel().get();
return componentParent;
} else {
return getTrustlevel(parent);
}
......
......@@ -60,7 +60,7 @@ ISecAnalysisComponentChecker{
Optional<TrustlevelEntry> innerTrustlevelEntry = ((SecComponentEntry) innerComponent).getTrustlevel();
String message = "Component " + NameHelper.getSimpleGenericNameFromComplexname(innerComponent.getName()) + ": If a trustlevel differs from the trustlevel of the supercomponent more then 2, a reason is expected.";
String message = "The trustlevel of the component " + NameHelper.getSimpleGenericNameFromComplexname(innerComponent.getName()) + " differs more than 2 from its super component and a reason is missing.";
//if no trustlevel, nothing to check
//Is checked in TrustlevelForComponents
......
......@@ -40,6 +40,8 @@ public final class MontiSecArcAnalysisConstants {
public static final String LIST_FILTER = "Lists all filters.";
public static final String AVOID_INPUT_STRING = "Checks if a input port has the type String.";
public static final String ALL_PORT_ANALYSIS = "Checks all analysis related to ports.";
public static final String LIST_INCOMING_PORTS = "Lists all incoming ports of the system.";
......@@ -64,6 +66,8 @@ public final class MontiSecArcAnalysisConstants {
public static final String ALL_IDENTITY = "Checks all analysis related to identity links.";
public static final String TRUSTLEVEL_CLIENT_SERVER_IDENTITY = "Checks if the trustlevel of a server is higher then the trustlevel of a client.";
public static final String IDENTITY_WITH_ENCRYPTION = "Checks if the communication between two components is encrypted when an identity link is used.";
public static final String ALL_TRUSTLEVEL = "Checks all analysis related to trustlevel.";
......
......@@ -12,6 +12,7 @@ import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
import secarc.ets.analysis.connect.ListEncryptedData;
import secarc.ets.analysis.connect.TrustlevelPathHigherThanEnvironment;
import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
import secarc.ets.analysis.filter.AvoidInputString;
import secarc.ets.analysis.filter.ListFilters;
import secarc.ets.analysis.filter.TaintPropergation;
import secarc.ets.analysis.filter.TaintTracking;
......@@ -106,7 +107,7 @@ public final class MontiSecArcAnalysisCreator {
CompositeContextCondition connectorAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_ENCRYPTED_CONNECT);
//List all encrypted connectors
connectorAnalysis.addChild(new ListEncryptedData());
// connectorAnalysis.addChild(new ListEncryptedData());
//Find all path from a port which has at least one encrypted connection
connectorAnalysis.addChild(new EncryptedPathWithUnencryptedPart());
......@@ -144,6 +145,9 @@ public final class MontiSecArcAnalysisCreator {
//List all ciritcal ports
portAnalysis.addChild(new ListCriticalPorts());
//Avoid input type String
portAnalysis.addChild(new AvoidInputString());
//Analysis for configurations
CompositeContextCondition configurationAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_CONFIGURATION_ANALYSIS);
......
......@@ -24,9 +24,6 @@ component ConfigurationNotReviewed {
trustlevel +1;
port
in String inputSub;
}
}
\ No newline at end of file
......@@ -15,8 +15,6 @@ component ConfigurationReviewed {
component TargetHelp targetHelp {
version "1.2";
port in String inputTarget;
configuration conf_reviewed;
trustlevel +1;
......@@ -26,11 +24,6 @@ component ConfigurationReviewed {
component SubEncryptedConnector subEncryptedConnector {
trustlevel +1;
port
in String inputSub,
in String inputSub2,
out String outputSub;
}
}
\ No newline at end of file
......@@ -4,10 +4,7 @@ component EncryptedPathEndInLowTrustlevel {
accesscontrol off;
trustlevel +1;
port
in String input;
trustlevel +2;
component Help help {
......@@ -17,7 +14,7 @@ component EncryptedPathEndInLowTrustlevel {
component TargetHelp targetHelp {
version "1.2";