Commit a31158c2 authored by Paff's avatar Paff
Browse files

analysis: taint tracking for filters

extension for abstractgraph
parent ccb07980
/**
* Generated on Fri Oct 03 12:04:55 CEST 2014
* Generated on Fri Oct 03 19:31:30 CEST 2014
*/
config {
Require-Model:
......
......@@ -117,4 +117,11 @@ public class ArchitectureGraph {
return this.graph;
}
/**
* Returns the concrete reversed graph. Its interface is part of the JGraphT framework.
*/
public final DirectedGraph<Vertex<? extends STEntry>, Edge> getReversedRawGraph() {
return this.reversedGraph;
}
}
......@@ -14,7 +14,9 @@ import mc.umlp.arcd.ets.entries.SubComponentEntry;
import org.jgrapht.DirectedGraph;
import org.jgrapht.graph.DefaultDirectedGraph;
import secarc.ets.entries.FilterEntry;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecPortEntry;
import com.google.common.collect.Iterables;
......@@ -122,10 +124,11 @@ public class ArchitectureGraphBuilder {
Vertex<SubComponentEntry> componentVertex = Vertex.of(component);
this.graph.addVertex(componentVertex);
ComponentEntry componentType = component.getComponentType();
ComponentEntry componentType = component.getComponentType().getBestKnownVersion();
visitIncomingPorts(componentType, componentVertex);
visitOutgoingPorts(componentType, componentVertex);
visitFilter(componentType, componentVertex);
/* Recursively visit all subcomponents and add them as well as their ports
* to the graph before proceeding with connectors. */
......@@ -137,6 +140,32 @@ public class ArchitectureGraphBuilder {
}
/**
* Adds all filters of the given component type to the graph
* @param componentType
* @param componentVertex
*/
protected void visitFilter(ComponentEntry componentType, Vertex<SubComponentEntry> componentVertex) {
if(((SecComponentEntry) componentType).getFilter() != null) {
Vertex<FilterEntry> filterVertex = Vertex.of(((SecComponentEntry) componentType).getFilter());
this.graph.addVertex(filterVertex);
this.graph.addEdge(componentVertex, filterVertex);
}
}
/**
* Adds all fitlers of the given port to the graph
* @param componentType
* @param componentVertex
*/
protected void visitFilter(PortEntry port, Vertex<PortEntry> portVertex) {
if(((SecPortEntry) port).getFilter() != null) {
Vertex<FilterEntry> filterVertex = Vertex.of(((SecPortEntry) port).getFilter());
this.graph.addVertex(filterVertex);
this.graph.addEdge(portVertex, filterVertex);
}
}
/**
* Adds all connectors of the given component type to the graph
*/
......@@ -225,6 +254,7 @@ public class ArchitectureGraphBuilder {
Vertex<PortEntry> portVertex = Vertex.of(port);
this.graph.addVertex(portVertex);
this.graph.addEdge(portVertex, componentVertex);
visitFilter(port, portVertex);
}
}
......@@ -238,6 +268,7 @@ public class ArchitectureGraphBuilder {
Vertex<PortEntry> portVertex = Vertex.of(port);
this.graph.addVertex(portVertex);
this.graph.addEdge(componentVertex, portVertex);
visitFilter(port, portVertex);
}
}
......
package secarc.ets.graph;
import secarc.ets.entries.FilterEntry;
/**
* TODO: Write me!
*
* @author (last commit) $Author$
* @version $Revision$, $Date$
*
*/
final class FilterVertex extends Vertex<FilterEntry> {
/**
* Constructor for cc.clarc.lang.architecture.graph.FilterVertex
*
* @param architectureElementDescription
*/
protected FilterVertex(FilterEntry architectureElementDescription) {
super(architectureElementDescription);
}
}
......@@ -11,6 +11,8 @@ import mc.umlp.arcd.ets.entries.SubComponentEntry;
import org.jgrapht.DirectedGraph;
import secarc.ets.entries.FilterEntry;
import com.google.common.base.Objects;
/**
......@@ -77,6 +79,14 @@ public abstract class Vertex<E extends STEntry> {
return new ComponentVertex(subComponent);
}
/**
* Factory method creating a concrete {@link FilterVertex} filter of
* {@link Vertex}.
*/
public static final FilterVertex of(FilterEntry filter) {
return new FilterVertex(filter);
}
/**
* The reference to the represented {@link STEntry}
*/
......
/**
* Generated on Fri Oct 03 12:06:12 CEST 2014
* Generated on Fri Oct 03 19:31:51 CEST 2014
*/
config {
Require-Model:
......
......@@ -3,6 +3,7 @@ package secarc.ets.analysis.checker;
import interfaces2.resolvers.AmbigousException;
import secarc._ast.ASTSecArcFilter;
import secarc.ets.entries.FilterEntry;
import secarc.ets.graph.ArchitectureGraph;
/**
* Analysis checker interface for checking filter
......@@ -23,8 +24,9 @@ public interface ISecAnalysisFilterChecker {
*
* @param node
* @param entry
* @param graph
* @throws AmbigousException
*/
void check(ASTSecArcFilter node, FilterEntry entry) throws AmbigousException;;
void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph) throws AmbigousException;;
}
......@@ -10,6 +10,7 @@ import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.FilterEntry;
import secarc.ets.graph.ArchitectureGraph;
/**
* Lists all used filters
......@@ -33,7 +34,7 @@ public class ListFilters extends Analysis implements ISecAnalysisFilterChecker {
* (non-Javadoc)
* @see secarc.ets.analysis.checker.ISecFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry)
*/
public void check(ASTSecArcFilter node, FilterEntry entry)
public void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph)
throws AmbigousException {
if(node.get_Parent() instanceof ASTArcComponent) {
addReport("Component filter: " + entry.getName(), node.get_SourcePositionStart());
......
package secarc.ets.analysis.filter;
import java.util.List;
import org.jgrapht.traverse.DepthFirstIterator;
import org.jgrapht.traverse.GraphIterator;
import secarc._ast.ASTSecArcFilter;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.cocos.checkers.ISecPortChecker;
import secarc.ets.entries.IdentityEntry;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecPortEntry;
import secarc.ets.entries.FilterEntry;
import secarc.ets.graph.ArchitectureGraph;
import secarc.ets.graph.Edge;
import secarc.ets.graph.Vertex;
import interfaces2.STEntry;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcPort;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import mc.umlp.arcd.ets.entries.ConnectorEntry;
/**
* TODO
......@@ -27,7 +30,7 @@ import mc.umlp.arcd.ets.entries.ComponentEntry;
* $Revision$
*
*/
public class TaintTracking extends Analysis implements ISecPortChecker {
public class TaintTracking extends Analysis implements ISecAnalysisFilterChecker {
public TaintTracking() {
super(MontiSecArcAnalysisConstants.TAINT_TRACKING);
......@@ -35,23 +38,42 @@ public class TaintTracking extends Analysis implements ISecPortChecker {
/*
* (non-Javadoc)
* @see secarc.ets.cocos.checkers.ISecPortChecker#check(mc.umlp.arcd._ast.ASTArcPort, secarc.ets.entries.SecPortEntry)
* @see secarc.ets.analysis.checker.ISecAnalysisFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry)
*/
public void check(ASTArcPort node, SecPortEntry entry) throws AmbigousException {
ASTArcComponent parent = node.getMainParent();
@Override
public void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph)
throws AmbigousException {
Vertex<FilterEntry> filterVertex = Vertex.of(entry);
//Look for paths with port as beginning
GraphIterator<Vertex<? extends STEntry>, Edge> iterator = new DepthFirstIterator<Vertex<? extends STEntry>, Edge>(graph.getReversedRawGraph(), filterVertex);
STEntry element = null;
//Check if outer,lk incoming port
if(!parent.isInnerComponent() && entry.isIncoming()) {
SecComponentEntry parentEntry = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
List<IdentityEntry> identities = parentEntry.getIdentities();
for(IdentityEntry identity : identities) {
if(identity.getSource().equals(entry.getName())) {
}
StringBuilder sBuilder = new StringBuilder("Taint tracking: The filter " + entry.getName() + " has the following paths: " + iterator.next().getArchitectureElement().getName());
while(iterator.hasNext()) {
element = iterator.next().getArchitectureElement();
if(element.equals(entry)) {
sBuilder.append(", ");
} else {
sBuilder.append(" -> ");
}
if(element instanceof ConnectorEntry) {
sBuilder.append(element);
} else {
sBuilder.append(element.getName());
}
}
addReport(sBuilder.toString(), node.get_SourcePositionStart());
}
/*
* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
......
......@@ -12,6 +12,7 @@ import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
import secarc.ets.analysis.connect.ListEncryptedData;
import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
import secarc.ets.analysis.filter.ListFilters;
import secarc.ets.analysis.filter.TaintTracking;
import secarc.ets.analysis.port.ListSystemIncomingPorts;
import secarc.ets.analysis.port.ListSystemOutgoingPorts;
import secarc.ets.analysis.role.DerivedRolesThirdParty;
......@@ -113,6 +114,9 @@ public final class MontiSecArcAnalysisCreator {
//List all filters
filterAnalysis.addChild(new ListFilters());
//Tainttracking
filterAnalysis.addChild(new TaintTracking());
//Analysis for ports
CompositeContextCondition portAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_PORT_ANALYSIS);
......
......@@ -151,7 +151,7 @@ public class MontiSecArcAnalysisVisitor extends CheckWorkflowClient {
try {
FilterEntry entry = (FilterEntry) resolver.resolve(node.getName(), FilterEntry.KIND, getNameSpaceFor(node));
for (ISecAnalysisFilterChecker cc : analysisFilterChecker) {
cc.check(node, entry);
cc.check(node, entry, graph);
}
} catch (AmbigousException e) {
// not checked here
......
......@@ -15,11 +15,17 @@ component FilterComponent {
component TargetHelp targetHelp {
access user;
port out String output;
}
component (filter URL) FilterURL {
component (filter URL) FilterURL filterURL {
trustlevel -1;
port in String input;
connect targetHelp.output -> filterURL.input;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment