analysis: taint tracking for filters

extension for abstractgraph

analysis: taint tracking for filters
extension for abstractgraph
a31158c2 · Paff · ccb07980 · a31158c2 · a31158c2 · a31158c2
Commit a31158c2 authored Oct 03, 2014 by Paff
--- a/lang-example/mc.cfg
+++ b/lang-example/mc.cfg
 /**
- * Generated on Fri Oct 03 12:04:55 CEST 2014
+ * Generated on Fri Oct 03 19:31:30 CEST 2014
 */
 config {
    Require-Model:

--- a/lang-example/src/main/java/secarc/ets/graph/ArchitectureGraph.java
+++ b/lang-example/src/main/java/secarc/ets/graph/ArchitectureGraph.java
@@ -117,4 +117,11 @@ public class ArchitectureGraph {
    return this.graph;
  }
  
+  /**
+   * Returns the concrete reversed graph. Its interface is part of the JGraphT framework.
+   */
+  public final DirectedGraph<Vertex<? extends STEntry>, Edge> getReversedRawGraph() {
+    return this.reversedGraph;
+  }
+  
 }
--- a/lang-example/src/main/java/secarc/ets/graph/ArchitectureGraphBuilder.java
+++ b/lang-example/src/main/java/secarc/ets/graph/ArchitectureGraphBuilder.java
@@ -14,7 +14,9 @@ import mc.umlp.arcd.ets.entries.SubComponentEntry;
 import org.jgrapht.DirectedGraph;
 import org.jgrapht.graph.DefaultDirectedGraph;

+import secarc.ets.entries.FilterEntry;
 import secarc.ets.entries.SecComponentEntry;
+import secarc.ets.entries.SecPortEntry;

 import com.google.common.collect.Iterables;

@@ -122,10 +124,11 @@ public class ArchitectureGraphBuilder {
    Vertex<SubComponentEntry> componentVertex = Vertex.of(component);
    this.graph.addVertex(componentVertex);
    
-    ComponentEntry componentType = component.getComponentType();
+    ComponentEntry componentType = component.getComponentType().getBestKnownVersion();
    
    visitIncomingPorts(componentType, componentVertex);
    visitOutgoingPorts(componentType, componentVertex);
+    visitFilter(componentType, componentVertex);
    
    /* Recursively visit all subcomponents and add them as well as their ports
     * to the graph before proceeding with connectors. */
@@ -137,6 +140,32 @@ public class ArchitectureGraphBuilder {
    
  }
  
+  /**
+   * Adds all filters of the given component type to the graph
+   * @param componentType
+   * @param componentVertex
+   */
+  protected void visitFilter(ComponentEntry componentType, Vertex<SubComponentEntry> componentVertex) {
+	  if(((SecComponentEntry) componentType).getFilter() != null) {
+		  Vertex<FilterEntry> filterVertex = Vertex.of(((SecComponentEntry) componentType).getFilter());
+		  this.graph.addVertex(filterVertex);
+		  this.graph.addEdge(componentVertex, filterVertex);
+	  }
+  }
+  
+  /**
+   * Adds all fitlers of the given port to the graph
+   * @param componentType
+   * @param componentVertex
+   */
+  protected void visitFilter(PortEntry port, Vertex<PortEntry> portVertex) {
+	  if(((SecPortEntry) port).getFilter() != null) {
+		  Vertex<FilterEntry> filterVertex = Vertex.of(((SecPortEntry) port).getFilter());
+		  this.graph.addVertex(filterVertex);
+		  this.graph.addEdge(portVertex, filterVertex);
+	  }
+  }
+  
  /**
   * Adds all connectors of the given component type to the graph
   */
@@ -225,6 +254,7 @@ public class ArchitectureGraphBuilder {
      Vertex<PortEntry> portVertex = Vertex.of(port);
      this.graph.addVertex(portVertex);
      this.graph.addEdge(portVertex, componentVertex);
+      visitFilter(port, portVertex);
    }
  }
  
@@ -238,6 +268,7 @@ public class ArchitectureGraphBuilder {
      Vertex<PortEntry> portVertex = Vertex.of(port);
      this.graph.addVertex(portVertex);
      this.graph.addEdge(componentVertex, portVertex);
+      visitFilter(port, portVertex);
    }
  }
  

--- a/lang-example/src/main/java/secarc/ets/graph/FilterVertex.java
+++ b/lang-example/src/main/java/secarc/ets/graph/FilterVertex.java
+package secarc.ets.graph;
+
+import secarc.ets.entries.FilterEntry;
+
+/**
+ * TODO: Write me!
+ * 
+ * @author (last commit) $Author$
+ * @version $Revision$, $Date$
+ * 
+ */
+final class FilterVertex extends Vertex<FilterEntry> {
+
+	/**
+	   * Constructor for cc.clarc.lang.architecture.graph.FilterVertex
+	   * 
+	   * @param architectureElementDescription
+	   */
+	protected FilterVertex(FilterEntry architectureElementDescription) {
+		super(architectureElementDescription);
+	}
+
+}
--- a/lang-example/src/main/java/secarc/ets/graph/Vertex.java
+++ b/lang-example/src/main/java/secarc/ets/graph/Vertex.java
@@ -11,6 +11,8 @@ import mc.umlp.arcd.ets.entries.SubComponentEntry;

 import org.jgrapht.DirectedGraph;

+import secarc.ets.entries.FilterEntry;
+
 import com.google.common.base.Objects;

 /**
@@ -77,6 +79,14 @@ public abstract class Vertex<E extends STEntry> {
    return new ComponentVertex(subComponent);
  }
  
+  /**
+   * Factory method creating a concrete {@link FilterVertex} filter of
+   * {@link Vertex}.
+   */
+  public static final FilterVertex of(FilterEntry filter) {
+	  return new FilterVertex(filter);
+  }
+  
  /**
   * The reference to the represented {@link STEntry}
   */

--- a/montiSecArcAnalysis/mc.cfg
+++ b/montiSecArcAnalysis/mc.cfg
 /**
- * Generated on Fri Oct 03 12:06:12 CEST 2014
+ * Generated on Fri Oct 03 19:31:51 CEST 2014
 */
 config {
    Require-Model:

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/checker/ISecAnalysisFilterChecker.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/checker/ISecAnalysisFilterChecker.java
@@ -3,6 +3,7 @@ package secarc.ets.analysis.checker;
 import interfaces2.resolvers.AmbigousException;
 import secarc._ast.ASTSecArcFilter;
 import secarc.ets.entries.FilterEntry;
+import secarc.ets.graph.ArchitectureGraph;

 /**
 * Analysis checker interface for checking filter
@@ -23,8 +24,9 @@ public interface ISecAnalysisFilterChecker {
 	 * 
 	 * @param node
 	 * @param entry
+	 * @param graph
 	 * @throws AmbigousException
 	 */
-	void check(ASTSecArcFilter node, FilterEntry entry) throws AmbigousException;;
+	void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph) throws AmbigousException;;
 	
 }
--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/ListFilters.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/ListFilters.java
@@ -10,6 +10,7 @@ import secarc.ets.analysis.checker.Analysis;
 import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
 import secarc.ets.check.MontiSecArcAnalysisConstants;
 import secarc.ets.entries.FilterEntry;
+import secarc.ets.graph.ArchitectureGraph;

 /**
 * Lists all used filters
@@ -33,7 +34,7 @@ public class ListFilters extends Analysis implements ISecAnalysisFilterChecker {
 	 * (non-Javadoc)
 	 * @see secarc.ets.analysis.checker.ISecFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry)
 	 */
-	public void check(ASTSecArcFilter node, FilterEntry entry)
+	public void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph)
 			throws AmbigousException {
 		if(node.get_Parent() instanceof ASTArcComponent) {
 			addReport("Component filter: " + entry.getName(), node.get_SourcePositionStart());

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/TaintTracking.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/TaintTracking.java
 package secarc.ets.analysis.filter;

-import java.util.List;

+import org.jgrapht.traverse.DepthFirstIterator;
+import org.jgrapht.traverse.GraphIterator;
+
+import secarc._ast.ASTSecArcFilter;
 import secarc.error.MontiSecArcAnalysisErrorCodes;
 import secarc.ets.analysis.checker.Analysis;
+import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
 import secarc.ets.check.MontiSecArcAnalysisConstants;
-import secarc.ets.cocos.checkers.ISecPortChecker;
-import secarc.ets.entries.IdentityEntry;
-import secarc.ets.entries.SecComponentEntry;
-import secarc.ets.entries.SecPortEntry;
+import secarc.ets.entries.FilterEntry;
+import secarc.ets.graph.ArchitectureGraph;
+import secarc.ets.graph.Edge;
+import secarc.ets.graph.Vertex;
+import interfaces2.STEntry;
 import interfaces2.resolvers.AmbigousException;
 import mc.IErrorCode;
-import mc.umlp.arcd._ast.ASTArcComponent;
-import mc.umlp.arcd._ast.ASTArcPort;
-import mc.umlp.arcd.ets.entries.ComponentEntry;
+import mc.umlp.arcd.ets.entries.ConnectorEntry;

 /**
 * TODO
@@ -27,7 +30,7 @@ import mc.umlp.arcd.ets.entries.ComponentEntry;
 * $Revision$
 * 
 */
-public class TaintTracking extends Analysis implements ISecPortChecker {
+public class TaintTracking extends Analysis implements ISecAnalysisFilterChecker {

 	public TaintTracking() {
 		super(MontiSecArcAnalysisConstants.TAINT_TRACKING);
@@ -35,23 +38,42 @@ public class TaintTracking extends Analysis implements ISecPortChecker {

 	/*
 	 * (non-Javadoc)
-	 * @see secarc.ets.cocos.checkers.ISecPortChecker#check(mc.umlp.arcd._ast.ASTArcPort, secarc.ets.entries.SecPortEntry)
+	 * @see secarc.ets.analysis.checker.ISecAnalysisFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry)
 	 */
-	public void check(ASTArcPort node, SecPortEntry entry) throws AmbigousException {
-		ASTArcComponent parent = node.getMainParent();
+	@Override
+	public void check(ASTSecArcFilter node, FilterEntry entry, ArchitectureGraph graph)
+			throws AmbigousException {
+		
+		Vertex<FilterEntry> filterVertex = Vertex.of(entry);
+		
+		//Look for paths with port as beginning
+		GraphIterator<Vertex<? extends STEntry>, Edge> iterator = new DepthFirstIterator<Vertex<? extends STEntry>, Edge>(graph.getReversedRawGraph(), filterVertex);
+		
+		STEntry element = null;
 		
-		//Check if outer,lk incoming port
-		if(!parent.isInnerComponent() && entry.isIncoming()) {
-			SecComponentEntry parentEntry = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
-			List<IdentityEntry> identities = parentEntry.getIdentities();
-			for(IdentityEntry identity : identities) {
-				if(identity.getSource().equals(entry.getName())) {
-					
-				}
+		StringBuilder sBuilder = new StringBuilder("Taint tracking: The filter " + entry.getName() + " has the following paths: " + iterator.next().getArchitectureElement().getName());
+		
+		while(iterator.hasNext()) {
+			element = iterator.next().getArchitectureElement();
+			
+			if(element.equals(entry)) {
+				sBuilder.append(", ");
+			} else {
+				sBuilder.append(" -> ");
+			}
+			
+			if(element instanceof ConnectorEntry) {
+				sBuilder.append(element);
+			} else {
+				sBuilder.append(element.getName());
 			}
+			
 		}
+		
+		addReport(sBuilder.toString(), node.get_SourcePositionStart());
+		
 	}
-
+	
 	/*
 	 * (non-Javadoc)
 	 * @see interfaces2.coco.ContextCondition#getErrorCode()

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java
@@ -12,6 +12,7 @@ import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
 import secarc.ets.analysis.connect.ListEncryptedData;
 import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
 import secarc.ets.analysis.filter.ListFilters;
+import secarc.ets.analysis.filter.TaintTracking;
 import secarc.ets.analysis.port.ListSystemIncomingPorts;
 import secarc.ets.analysis.port.ListSystemOutgoingPorts;
 import secarc.ets.analysis.role.DerivedRolesThirdParty;
@@ -113,6 +114,9 @@ public final class MontiSecArcAnalysisCreator {
 			//List all filters
 			filterAnalysis.addChild(new ListFilters());
 			
+			//Tainttracking
+			filterAnalysis.addChild(new TaintTracking());
+			
 			//Analysis for ports
 			CompositeContextCondition portAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_PORT_ANALYSIS);
 			

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisVisitor.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisVisitor.java
@@ -151,7 +151,7 @@ public class MontiSecArcAnalysisVisitor extends CheckWorkflowClient {
 		try {
 			FilterEntry entry = (FilterEntry) resolver.resolve(node.getName(), FilterEntry.KIND, getNameSpaceFor(node));
 			for (ISecAnalysisFilterChecker cc : analysisFilterChecker) {
-				cc.check(node, entry);
+				cc.check(node, entry, graph);
 			}
 		} catch (AmbigousException e) {
 			// not checked here

--- a/montiSecArcAnalysis/src/test/resources/secarc/analysis/filter/FilterComponent.secarc
+++ b/montiSecArcAnalysis/src/test/resources/secarc/analysis/filter/FilterComponent.secarc
@@ -15,11 +15,17 @@ component FilterComponent {
 	
 	component TargetHelp targetHelp {
 		access user;
+		
+		port out String output;
 	}
 		
-	component (filter URL) FilterURL {
+	component (filter URL) FilterURL filterURL {
 	
 		trustlevel -1;
+		
+		port in String input;
+		
+		connect targetHelp.output -> filterURL.input;
 	
 	}