Commit ac9d3beb authored by Paff's avatar Paff
Browse files

move analysis in from connect to filter (project structure)

bug fixes for cocos and tests
parent 5511f587
/**
* Generated on Tue Oct 14 17:05:34 CEST 2014
* Generated on Mon Oct 20 15:05:31 CEST 2014
*/
config {
Require-Model:
......
......@@ -104,17 +104,22 @@ public class EncryptedPathWithUnencryptedPart extends Analysis
if(!path.isEmpty()) {
//Check for mixed path
if(encrypted && unencryted) {
StringBuilder sBuilder = new StringBuilder("The following path consists of encrypted and unencrypted parts: " + path.get(0));
StringBuilder sBuilder = new StringBuilder("The following path consists of encrypted and unencrypted parts: ");
if(path.get(0).isUnencrypted()) {
sBuilder.append("'" + path.get(0) + "*");
} else {
sBuilder.append("'" + path.get(0) + "'");
}
path.remove(0);
for(SecConnectorEntry pathElement : path) {
sBuilder.append(" -> ");
if(pathElement.isEncrypted()) {
sBuilder.append(pathElement + "*");
if(pathElement.isUnencrypted()) {
sBuilder.append("'" + pathElement + "'*");
} else {
sBuilder.append(pathElement);
sBuilder.append("'" + pathElement + "'");
}
}
sBuilder.append(". The unecrypted parts are marked by *. It is likely that a encryption is missing.");
sBuilder.append(". The unecrypted parts are marked by *. It is likely that an encryption is missing.");
addReport(sBuilder.toString(), node.get_SourcePositionStart());
}
......
......@@ -6,13 +6,16 @@ import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcConnector;
import mc.umlp.arcd._ast.ASTArcSimpleConnector;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import mc.umlp.arcd.ets.entries.SubComponentEntry;
import interfaces2.resolvers.AmbigousException;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
import secarc.ets.check.CoCoHelper;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecConnectorEntry;
import secarc.ets.entries.SecSubComponentEntry;
/**
* Checks if an unencrypted connector is embedded in a component with a low trustlevel
......@@ -61,34 +64,105 @@ public class UnencryptedConnectorThroughLowTurstlevel extends Analysis
* @param entry
* @throws AmbigousException
*/
protected void innerCheck(ASTNode node, SecConnectorEntry entry, ASTArcComponent component) throws AmbigousException {
protected void innerCheck(ASTNode node, SecConnectorEntry entry, ASTArcComponent nodeParent) throws AmbigousException {
if(entry.isEncrypted()) {
return;
}
ASTArcComponent nodeParent = component;
SecComponentEntry parentComp = (SecComponentEntry) resolver.resolve(nodeParent.getName(), ComponentEntry.KIND, getNameSpaceFor(nodeParent));
//Component source
String sourceRef = entry.getSource();
SecSubComponentEntry sourceSubComp = null;
SecComponentEntry sourceComp = null;
//Find source component
if(sourceRef.contains(".")) {
String nameSourceComp = sourceRef.substring(0, sourceRef.indexOf("."));
sourceSubComp = (SecSubComponentEntry) resolver.resolve(nameSourceComp, SubComponentEntry.KIND, getNameSpaceFor(nodeParent.getMainParent()));
//Check in a coco
if(sourceSubComp != null) {
sourceComp = (SecComponentEntry) sourceSubComp.getComponentType().getBestKnownVersion();
}
} else {
sourceComp = parentComp;
}
//Component target
String targetRef = entry.getTarget();
SecSubComponentEntry targetSubComp = null;
SecComponentEntry targetComp = null;
//Find traget component
if(targetRef.contains(".")) {
String nameTargetComp = targetRef.substring(0, targetRef.indexOf("."));
targetSubComp = (SecSubComponentEntry) resolver.resolve(nameTargetComp, SubComponentEntry.KIND, getNameSpaceFor(nodeParent.getMainParent()));
//Check in a coco
if(targetSubComp != null) {
targetComp = (SecComponentEntry) targetSubComp.getComponentType().getBestKnownVersion();
}
} else {
targetComp = parentComp;
}
//Ports are always in different components
//if both ports have qualified name, in supercomponent
String source = entry.getSource();
String target = entry.getTarget();
if(!(source.contains(".") && target.contains(".")) && (parentComp != null && parentComp.isInnerComponent())) {
if(!(sourceRef.contains(".") && targetRef.contains(".")) && (parentComp != null && parentComp.isInnerComponent())) {
parentComp = (SecComponentEntry) resolver.resolve(nodeParent.getMainParent().getName(), ComponentEntry.KIND, getNameSpaceFor(nodeParent.getMainParent()));
}
String trustlevel = "-2";
//Check if Trustlevel exists
String parentTrustlevel = "-2";
int parentTrustlevelCompare = -1;
//Check if Trustlevel for parent exists
if(parentComp != null && parentComp.getTrustlevel().isPresent()) {
trustlevel = "" + parentComp.getTrustlevel().get().getValue();
if(parentComp.getTrustlevel().get().isNegative()) {
trustlevel = "-" + trustlevel;
parentTrustlevel = CoCoHelper.getTrustlevelAsString(parentComp);
parentTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(parentComp);
} else {
parentTrustlevel = CoCoHelper.getTrustlevelAsString(getTrustlevel(nodeParent));
parentTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(getTrustlevel(nodeParent));
}
int sourceTrustlevelCompare = -1;
//Check if Trustlevel for source exists
if(sourceSubComp != null && sourceComp.getTrustlevel().isPresent()) {
sourceTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(sourceComp);
} else {
//Do not have a own trustlevel, derive trustlevel
sourceTrustlevelCompare = parentTrustlevelCompare;
}
int targetTrustlevelCompare = -1;
//Check if Trustlevel for target exists
if(targetSubComp != null && targetComp.getTrustlevel().isPresent()) {
targetTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(targetComp);
} else {
//Do not have a own trustlevel, derive trustlevel
targetTrustlevelCompare = parentTrustlevelCompare;
}
//The trustlevel of the supercomponent is low if it is lower than the trustlevel of the source or target
if(parentTrustlevelCompare < sourceTrustlevelCompare || parentTrustlevelCompare < targetTrustlevelCompare) {
addReport("The unencrypted connector " + entry + " is embedded in a component with a low trustlevel: " + parentTrustlevel +
". A trustlevel is defined as low if the trustlevel of the super component is lower than the trustlevel of the source or target component.", node.get_SourcePositionStart());
}
}
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent;
} else {
trustlevel = "+" + trustlevel;
return getTrustlevel(parent);
}
} else {
return null;
}
addReport("The unencrypted connector " + entry + " is embedded in a component with a low trustlevel: " + trustlevel, node.get_SourcePositionStart());
}
/*
......
package secarc.ets.analysis.connect;
package secarc.ets.analysis.filter;
......@@ -20,6 +20,7 @@ import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.AnalysisHelper;
import secarc.ets.analysis.checker.ISecAnalysisPortChecker;
import secarc.ets.check.CoCoHelper;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecConnectorEntry;
......@@ -121,8 +122,8 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
//component has a trustlevel
if(lastComponent.getTrustlevel().isPresent()) {
trustlevel = getTrustlevelAsString(lastComponent);
trustlevelCompare = getTrustlevelAsInteger(lastComponent);
trustlevel = CoCoHelper.getTrustlevelAsString(lastComponent);
trustlevelCompare = CoCoHelper.getTrustlevelAsInteger(lastComponent);
//Trustlevel of supercomponent
superComponentEntry = getTrustlevel((ASTArcComponent) lastComponent.getBestKnownVersion().getNode());
......@@ -130,7 +131,7 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
if(superComponentEntry.getTrustlevel().get() == null) {
trustlevelSuperComponentCompare = -1;
} else {
trustlevelSuperComponentCompare = getTrustlevelAsInteger(superComponentEntry);
trustlevelSuperComponentCompare = CoCoHelper.getTrustlevelAsInteger(superComponentEntry);
}
} else {
......@@ -148,7 +149,7 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
if(superComponentEntry.getTrustlevel().get() == null) {
trustlevelSuperComponentCompare = -1;
} else {
trustlevelSuperComponentCompare = getTrustlevelAsInteger(superComponentEntry);
trustlevelSuperComponentCompare = CoCoHelper.getTrustlevelAsInteger(superComponentEntry);
}
}
......@@ -191,36 +192,6 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
}
}
/**
* Trustlevel object in String
*
* @param entry
* @return trustlevel
*/
private String getTrustlevelAsString(SecComponentEntry entry) {
String trustlevel = "" + entry.getTrustlevel().get().getValue();
if(entry.getTrustlevel().get().isNegative()) {
trustlevel = "-" + trustlevel;
} else {
trustlevel = "+" + trustlevel;
}
return trustlevel;
}
/**
* Trustlevel object in Integer
*
* @param entry
* @return trustlevel
*/
private int getTrustlevelAsInteger(SecComponentEntry entry) {
int trustlevel = entry.getTrustlevel().get().getValue();
if(entry.getTrustlevel().get().isNegative()) {
trustlevel *= -1;
}
return trustlevel;
}
private void printWarningMessage(List<SecConnectorEntry> path, String trustlevel, ASTNode node) {
StringBuilder builder = new StringBuilder("The following path ends in the low trustlevel " + trustlevel + ": " + path.get(0));
path.remove(0);
......
......@@ -7,9 +7,9 @@ import mc.umlp.arcd.ets.entries.ComponentEntry;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisComponentChecker;
import secarc.ets.check.CoCoHelper;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.TrustlevelEntry;
/**
* Derives trustlevel for components without trustlevel
......@@ -41,19 +41,8 @@ public class DerivedTrustlevel extends Analysis implements
return;
}
TrustlevelEntry trustlevelEntry = getTrustlevel(node).getTrustlevel().get();
String trustlevel = "";
if(trustlevelEntry == null) {
trustlevel = "-1";
} else {
trustlevel += trustlevelEntry.getValue();
if(trustlevelEntry.isNegative()) {
trustlevel = "-" + trustlevel;
} else {
trustlevel = "+" + trustlevel;
}
}
SecComponentEntry trustlevelEntry = getTrustlevel(node);
String trustlevel = CoCoHelper.getTrustlevelAsString(trustlevelEntry);
addReport("The component " + entry.getName() + " has the trustlevel " + trustlevel, node.get_SourcePositionStart());
......
......@@ -72,15 +72,15 @@ ISecAnalysisComponentChecker{
}
//If both are positive or negative
if((valueTrustlevel>0 && innerTrustlevel>0) || (valueTrustlevel<0 && innerTrustlevel<0)) {
if((valueTrustlevel>=0 && innerTrustlevel>=0) || (valueTrustlevel<0 && innerTrustlevel<0)) {
if(Math.abs(valueTrustlevel - innerTrustlevelEntry.get().getValue()) > 2 && innerTrustlevelEntry.get().getReason() == null) {
if(Math.abs(valueTrustlevel - innerTrustlevel) > 2 && innerTrustlevelEntry.get().getReason() == null) {
addReport(message, innerComponent.getNode().get_SourcePositionStart());
}
} else {
if((valueTrustlevel + innerTrustlevelEntry.get().getValue()) > 2 && innerTrustlevelEntry.get().getReason() == null) {
if((valueTrustlevel + innerTrustlevel) > 2 && innerTrustlevelEntry.get().getReason() == null) {
addReport(message, innerComponent.getNode().get_SourcePositionStart());
}
......
......@@ -7,15 +7,15 @@ import java.util.HashMap;
import java.util.Map;
import secarc.ets.analysis.configuration.ReviewedConfiguration;
import secarc.ets.analysis.connect.EncryptedPathEndInLowTrustlevel;
import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
import secarc.ets.analysis.connect.TrustlevelPathHigherThanEnvironment;
import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
import secarc.ets.analysis.filter.AvoidInputString;
import secarc.ets.analysis.filter.EncryptedPathEndInLowTrustlevel;
import secarc.ets.analysis.filter.ListFilters;
import secarc.ets.analysis.filter.RepeatFilterinInHigherTrustlevel;
import secarc.ets.analysis.filter.TaintPropergation;
import secarc.ets.analysis.filter.TaintTracking;
import secarc.ets.analysis.filter.TrustlevelPathHigherThanEnvironment;
import secarc.ets.analysis.identity.IdentityWithEncryption;
import secarc.ets.analysis.port.ListCriticalPorts;
import secarc.ets.analysis.port.ListSystemIncomingPorts;
......
......@@ -4,7 +4,7 @@ component UnencryptedPathThroughLowTrustlevel {
accesscontrol off;
trustlevel +1;
trustlevel +0;
component Help help {
......
......@@ -12,12 +12,12 @@ component IdentityWithEncryption {
}
identity weak targetHelp -> subEncryptedConnector;
component TargetHelp targetHelp {
port out int inputTarget;
identity weak targetHelp -> subEncryptedConnector;
trustlevel +1;
}
......
......@@ -12,12 +12,12 @@ component IdentityWithoutEncryption {
}
identity weak targetHelp -> subEncryptedConnector;
component TargetHelp targetHelp {
port in int inputTarget;
identity weak targetHelp -> subEncryptedConnector;
trustlevel +1;
}
......
......@@ -5,11 +5,11 @@ component DerivedThirdPartyRoles {
accesscontrol on;
trustlevel +1;
identity weak help -> targetHelp;
component Help help {
trustlevel +1;
identity weak help -> targetHelp;
}
component TargetHelp targetHelp {
......
......@@ -4,20 +4,20 @@ component ReasonForDifferingTrustlevel{
accesscontrol off;
trustlevel +2;
trustlevel +3;
component Help help {
trustlevel +1;
trustlevel +3;
}
component PositiveDifference {
trustlevel +5;
trustlevel +6;
}
component NegativeDifference {
trustlevel -1;
trustlevel +0;
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment