move analysis in from connect to filter (project structure)

bug fixes for cocos and tests

move analysis in from connect to filter (project structure)
bug fixes for cocos and tests
ac9d3beb · Paff · 5511f587 · ac9d3beb · ac9d3beb · ac9d3beb
Commit ac9d3beb authored Oct 20, 2014 by Paff
--- a/montiSecArcAnalysis/mc.cfg
+++ b/montiSecArcAnalysis/mc.cfg
 /**
- * Generated on Tue Oct 14 17:05:34 CEST 2014
+ * Generated on Mon Oct 20 15:05:31 CEST 2014
 */
 config {
    Require-Model:

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/EncryptedPathWithUnencryptedPart.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/EncryptedPathWithUnencryptedPart.java
@@ -104,17 +104,22 @@ public class EncryptedPathWithUnencryptedPart extends Analysis
 				if(!path.isEmpty()) {
 					//Check for mixed path
 					if(encrypted && unencryted) {
-						StringBuilder sBuilder = new StringBuilder("The following path consists of encrypted and unencrypted parts: " + path.get(0));
+						StringBuilder sBuilder = new StringBuilder("The following path consists of encrypted and unencrypted parts: ");
+						if(path.get(0).isUnencrypted()) {
+							sBuilder.append("'" + path.get(0) + "*");
+						} else {
+							sBuilder.append("'" + path.get(0) + "'");
+						}
 						path.remove(0);
 						for(SecConnectorEntry pathElement : path) {
 							sBuilder.append(" -> ");
-							if(pathElement.isEncrypted()) {
-								sBuilder.append(pathElement + "*");
+							if(pathElement.isUnencrypted()) {
+								sBuilder.append("'" + pathElement + "'*");
 							} else {
-								sBuilder.append(pathElement);
+								sBuilder.append("'" + pathElement + "'");
 							}
 						}
-						sBuilder.append(". The unecrypted parts are marked by *. It is likely that a encryption is missing.");
+						sBuilder.append(". The unecrypted parts are marked by *. It is likely that an encryption is missing.");
 						addReport(sBuilder.toString(), node.get_SourcePositionStart());
 						
 					}

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/UnencryptedConnectorThroughLowTurstlevel.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/UnencryptedConnectorThroughLowTurstlevel.java
@@ -6,13 +6,16 @@ import mc.umlp.arcd._ast.ASTArcComponent;
 import mc.umlp.arcd._ast.ASTArcConnector;
 import mc.umlp.arcd._ast.ASTArcSimpleConnector;
 import mc.umlp.arcd.ets.entries.ComponentEntry;
+import mc.umlp.arcd.ets.entries.SubComponentEntry;
 import interfaces2.resolvers.AmbigousException;
 import secarc.error.MontiSecArcAnalysisErrorCodes;
 import secarc.ets.analysis.checker.Analysis;
 import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
+import secarc.ets.check.CoCoHelper;
 import secarc.ets.check.MontiSecArcAnalysisConstants;
 import secarc.ets.entries.SecComponentEntry;
 import secarc.ets.entries.SecConnectorEntry;
+import secarc.ets.entries.SecSubComponentEntry;

 /**
 * Checks if an unencrypted connector is embedded in a component with a low trustlevel
@@ -61,34 +64,105 @@ public class UnencryptedConnectorThroughLowTurstlevel extends Analysis
 	 * @param entry
 	 * @throws AmbigousException
 	 */
-	protected void innerCheck(ASTNode node, SecConnectorEntry entry, ASTArcComponent component) throws AmbigousException {
+	protected void innerCheck(ASTNode node, SecConnectorEntry entry, ASTArcComponent nodeParent) throws AmbigousException {
 		if(entry.isEncrypted()) {
 			return;
 		}
 		
-		ASTArcComponent nodeParent = component;
 		SecComponentEntry parentComp = (SecComponentEntry) resolver.resolve(nodeParent.getName(), ComponentEntry.KIND, getNameSpaceFor(nodeParent));
+		//Component source
+		String sourceRef = entry.getSource();
+		SecSubComponentEntry sourceSubComp = null;
+		SecComponentEntry sourceComp = null;
+		//Find source component
+		if(sourceRef.contains(".")) {
+			String nameSourceComp = sourceRef.substring(0, sourceRef.indexOf(".")); 
+			sourceSubComp = (SecSubComponentEntry) resolver.resolve(nameSourceComp, SubComponentEntry.KIND, getNameSpaceFor(nodeParent.getMainParent()));
+			//Check in a coco
+			if(sourceSubComp != null) {
+				sourceComp = (SecComponentEntry) sourceSubComp.getComponentType().getBestKnownVersion();
+			}
+		} else {
+			sourceComp = parentComp;
+		}
+		
+		//Component target
+		String targetRef = entry.getTarget();
+		SecSubComponentEntry targetSubComp = null;
+		SecComponentEntry targetComp = null;
+		//Find traget component
+		if(targetRef.contains(".")) {
+			String nameTargetComp = targetRef.substring(0, targetRef.indexOf("."));
+			targetSubComp = (SecSubComponentEntry) resolver.resolve(nameTargetComp, SubComponentEntry.KIND, getNameSpaceFor(nodeParent.getMainParent()));
+			//Check in a coco
+			if(targetSubComp != null) {
+				targetComp = (SecComponentEntry) targetSubComp.getComponentType().getBestKnownVersion();
+			}
+		} else {
+			targetComp = parentComp;
+		}
 		
 		//Ports are always in different components
 		//if both ports have qualified name, in supercomponent
-		String source = entry.getSource();
-		String target = entry.getTarget();
-		if(!(source.contains(".") && target.contains(".")) && (parentComp != null && parentComp.isInnerComponent())) {
+		if(!(sourceRef.contains(".") && targetRef.contains(".")) && (parentComp != null && parentComp.isInnerComponent())) {
 			parentComp = (SecComponentEntry) resolver.resolve(nodeParent.getMainParent().getName(), ComponentEntry.KIND, getNameSpaceFor(nodeParent.getMainParent()));
 		}
 		
-		String trustlevel = "-2";
-		//Check if Trustlevel exists
+		String parentTrustlevel = "-2";
+		int parentTrustlevelCompare = -1;
+		//Check if Trustlevel for parent exists
 		if(parentComp != null && parentComp.getTrustlevel().isPresent()) {
-			trustlevel = "" + parentComp.getTrustlevel().get().getValue();
-			if(parentComp.getTrustlevel().get().isNegative()) {
-				trustlevel = "-" + trustlevel;
+			parentTrustlevel = CoCoHelper.getTrustlevelAsString(parentComp);
+			parentTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(parentComp);
+		} else {
+			parentTrustlevel = CoCoHelper.getTrustlevelAsString(getTrustlevel(nodeParent));
+			parentTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(getTrustlevel(nodeParent));
+		}
+		
+		int sourceTrustlevelCompare = -1;
+		//Check if Trustlevel for source exists
+		if(sourceSubComp != null && sourceComp.getTrustlevel().isPresent()) {
+			sourceTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(sourceComp);
+		} else {
+			//Do not have a own trustlevel, derive trustlevel
+			sourceTrustlevelCompare = parentTrustlevelCompare;
+		}
+		
+		int targetTrustlevelCompare = -1;
+		//Check if Trustlevel for target exists
+		if(targetSubComp != null && targetComp.getTrustlevel().isPresent()) {
+			targetTrustlevelCompare = CoCoHelper.getTrustlevelAsInteger(targetComp);
+		} else {
+			//Do not have a own trustlevel, derive trustlevel
+			targetTrustlevelCompare = parentTrustlevelCompare;
+		}
+		
+		//The trustlevel of the supercomponent is low if it is lower than the trustlevel of the source or target
+		if(parentTrustlevelCompare < sourceTrustlevelCompare || parentTrustlevelCompare < targetTrustlevelCompare) {
+			addReport("The unencrypted connector " + entry + " is embedded in a component with a low trustlevel: " + parentTrustlevel + 
+					". A trustlevel is defined as low if the trustlevel of the super component is lower than the trustlevel of the source or target component.", node.get_SourcePositionStart());
+		}
+		
+	}
+	
+	/**
+	 * Search for trustlevel in super components 
+	 * @param node
+	 * @return trustlevel
+	 * @throws AmbigousException
+	 */
+	private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
+		ASTArcComponent parent = node.getMainParent();
+		if(parent != null) {
+			SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
+			if(componentParent.getTrustlevel().isPresent()) {
+				return componentParent;
 			} else {
-				trustlevel = "+" + trustlevel;
+				return getTrustlevel(parent);
 			}
+		} else {
+			return null;
 		}
-		
-		addReport("The unencrypted connector " + entry + " is embedded in a component with a low trustlevel: " + trustlevel, node.get_SourcePositionStart());
 	}

 	/*

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/EncryptedPathEndInLowTrustlevel.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/EncryptedPathEndInLowTrustlevel.java
-package secarc.ets.analysis.connect;
+package secarc.ets.analysis.filter;



@@ -20,6 +20,7 @@ import secarc.error.MontiSecArcAnalysisErrorCodes;
 import secarc.ets.analysis.checker.Analysis;
 import secarc.ets.analysis.checker.AnalysisHelper;
 import secarc.ets.analysis.checker.ISecAnalysisPortChecker;
+import secarc.ets.check.CoCoHelper;
 import secarc.ets.check.MontiSecArcAnalysisConstants;
 import secarc.ets.entries.SecComponentEntry;
 import secarc.ets.entries.SecConnectorEntry;
@@ -121,8 +122,8 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
 						//component has a trustlevel
 						if(lastComponent.getTrustlevel().isPresent()) {
 							
-							trustlevel = getTrustlevelAsString(lastComponent);
-							trustlevelCompare = getTrustlevelAsInteger(lastComponent);
+							trustlevel = CoCoHelper.getTrustlevelAsString(lastComponent);
+							trustlevelCompare = CoCoHelper.getTrustlevelAsInteger(lastComponent);
 							
 							//Trustlevel of supercomponent
 							superComponentEntry = getTrustlevel((ASTArcComponent) lastComponent.getBestKnownVersion().getNode());
@@ -130,7 +131,7 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
 							if(superComponentEntry.getTrustlevel().get() == null) {
 								trustlevelSuperComponentCompare = -1;
 							} else {
-								trustlevelSuperComponentCompare = getTrustlevelAsInteger(superComponentEntry);
+								trustlevelSuperComponentCompare = CoCoHelper.getTrustlevelAsInteger(superComponentEntry);
 							}
 							
 						} else {
@@ -148,7 +149,7 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
 								if(superComponentEntry.getTrustlevel().get() == null) {
 									trustlevelSuperComponentCompare = -1;
 								} else {
-									trustlevelSuperComponentCompare = getTrustlevelAsInteger(superComponentEntry);
+									trustlevelSuperComponentCompare = CoCoHelper.getTrustlevelAsInteger(superComponentEntry);
 								}
 							}
 							
@@ -191,36 +192,6 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
 		}
 	}
 	
-	/**
-	 * Trustlevel object in String
-	 * 
-	 * @param entry
-	 * @return trustlevel
-	 */
-	private String getTrustlevelAsString(SecComponentEntry entry) {
-		String trustlevel = "" + entry.getTrustlevel().get().getValue();
-		if(entry.getTrustlevel().get().isNegative()) {
-			trustlevel = "-" + trustlevel;
-		} else {
-			trustlevel = "+" + trustlevel;
-		}
-		return trustlevel;
-	}
-	
-	/**
-	 * Trustlevel object in Integer
-	 * 
-	 * @param entry
-	 * @return trustlevel
-	 */
-	private int getTrustlevelAsInteger(SecComponentEntry entry) {
-		int trustlevel = entry.getTrustlevel().get().getValue();
-		if(entry.getTrustlevel().get().isNegative()) {
-			trustlevel *= -1;
-		} 
-		return trustlevel;
-	}
-	
 	private void printWarningMessage(List<SecConnectorEntry> path, String trustlevel, ASTNode node) {
 		StringBuilder builder = new StringBuilder("The following path ends in the low trustlevel " + trustlevel  + ": " + path.get(0));
 		path.remove(0);

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/TrustlevelPathHigherThanEnvironment.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/TrustlevelPathHigherThanEnvironment.java
-package secarc.ets.analysis.connect;
+package secarc.ets.analysis.filter;

 import interfaces2.resolvers.AmbigousException;
 import mc.IErrorCode;

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/trustlevel/DerivedTrustlevel.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/trustlevel/DerivedTrustlevel.java
@@ -7,9 +7,9 @@ import mc.umlp.arcd.ets.entries.ComponentEntry;
 import secarc.error.MontiSecArcAnalysisErrorCodes;
 import secarc.ets.analysis.checker.Analysis;
 import secarc.ets.analysis.checker.ISecAnalysisComponentChecker;
+import secarc.ets.check.CoCoHelper;
 import secarc.ets.check.MontiSecArcAnalysisConstants;
 import secarc.ets.entries.SecComponentEntry;
-import secarc.ets.entries.TrustlevelEntry;

 /**
 * Derives trustlevel for components without trustlevel
@@ -41,19 +41,8 @@ public class DerivedTrustlevel extends Analysis implements
 			return;
 		}
 		
-		TrustlevelEntry trustlevelEntry = getTrustlevel(node).getTrustlevel().get();
-		String trustlevel = "";
-		
-		if(trustlevelEntry == null) {
-			trustlevel = "-1";
-		} else {
-			trustlevel += trustlevelEntry.getValue();
-			if(trustlevelEntry.isNegative()) {
-				trustlevel = "-" + trustlevel;
-			} else  {
-				trustlevel = "+" + trustlevel;
-			}
-		}
+		SecComponentEntry trustlevelEntry = getTrustlevel(node);
+		String trustlevel = CoCoHelper.getTrustlevelAsString(trustlevelEntry);
 		
 		addReport("The component " + entry.getName() + " has the trustlevel " + trustlevel, node.get_SourcePositionStart());
 		

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/trustlevel/ReasonForDifferingTrustlevel.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/analysis/trustlevel/ReasonForDifferingTrustlevel.java
@@ -72,15 +72,15 @@ ISecAnalysisComponentChecker{
 					}
 					
 					//If both are positive or negative
-					if((valueTrustlevel>0 && innerTrustlevel>0) || (valueTrustlevel<0 && innerTrustlevel<0)) {
+					if((valueTrustlevel>=0 && innerTrustlevel>=0) || (valueTrustlevel<0 && innerTrustlevel<0)) {
 						
-						if(Math.abs(valueTrustlevel - innerTrustlevelEntry.get().getValue()) > 2 && innerTrustlevelEntry.get().getReason() == null) {
+						if(Math.abs(valueTrustlevel - innerTrustlevel) > 2 && innerTrustlevelEntry.get().getReason() == null) {
 							addReport(message, innerComponent.getNode().get_SourcePositionStart());
 						}
 						
 					} else {
 						
-						if((valueTrustlevel + innerTrustlevelEntry.get().getValue()) > 2 && innerTrustlevelEntry.get().getReason() == null) {
+						if((valueTrustlevel + innerTrustlevel) > 2 && innerTrustlevelEntry.get().getReason() == null) {
 							addReport(message, innerComponent.getNode().get_SourcePositionStart());
 						}
 						

--- a/montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java
+++ b/montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java
@@ -7,15 +7,15 @@ import java.util.HashMap;
 import java.util.Map;

 import secarc.ets.analysis.configuration.ReviewedConfiguration;
-import secarc.ets.analysis.connect.EncryptedPathEndInLowTrustlevel;
 import secarc.ets.analysis.connect.EncryptedPathWithUnencryptedPart;
-import secarc.ets.analysis.connect.TrustlevelPathHigherThanEnvironment;
 import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
 import secarc.ets.analysis.filter.AvoidInputString;
+import secarc.ets.analysis.filter.EncryptedPathEndInLowTrustlevel;
 import secarc.ets.analysis.filter.ListFilters;
 import secarc.ets.analysis.filter.RepeatFilterinInHigherTrustlevel;
 import secarc.ets.analysis.filter.TaintPropergation;
 import secarc.ets.analysis.filter.TaintTracking;
+import secarc.ets.analysis.filter.TrustlevelPathHigherThanEnvironment;
 import secarc.ets.analysis.identity.IdentityWithEncryption;
 import secarc.ets.analysis.port.ListCriticalPorts;
 import secarc.ets.analysis.port.ListSystemIncomingPorts;

--- a/montiSecArcAnalysis/src/test/resources/secarc/analysis/connector/UnencryptedPathThroughLowTrustlevel.secarc
+++ b/montiSecArcAnalysis/src/test/resources/secarc/analysis/connector/UnencryptedPathThroughLowTrustlevel.secarc
@@ -4,7 +4,7 @@ component UnencryptedPathThroughLowTrustlevel {
 	
 	accesscontrol off;
 	
-	trustlevel +1;
+	trustlevel +0;
 		
 	component Help help {
 	

--- a/montiSecArcAnalysis/src/test/resources/secarc/analysis/identity/IdentityWithEncryption.secarc
+++ b/montiSecArcAnalysis/src/test/resources/secarc/analysis/identity/IdentityWithEncryption.secarc
@@ -12,12 +12,12 @@ component IdentityWithEncryption {
 		
 	}
 	
+	identity weak targetHelp -> subEncryptedConnector;
+	
 	component TargetHelp targetHelp {
 		
 		port out int inputTarget;
 		
-		identity weak targetHelp -> subEncryptedConnector;
-		
 		trustlevel +1;
 	
 	}

--- a/montiSecArcAnalysis/src/test/resources/secarc/analysis/identity/IdentityWithoutEncryption.secarc
+++ b/montiSecArcAnalysis/src/test/resources/secarc/analysis/identity/IdentityWithoutEncryption.secarc
@@ -12,12 +12,12 @@ component IdentityWithoutEncryption {
 		
 	}
 	
+	identity weak targetHelp -> subEncryptedConnector;
+	
 	component TargetHelp targetHelp {
 		
 		port in int inputTarget;
 		
-		identity weak targetHelp -> subEncryptedConnector;
-		
 		trustlevel +1;
 	
 	}

--- a/montiSecArcAnalysis/src/test/resources/secarc/analysis/role/DerivedThirdPartyRoles.secarc
+++ b/montiSecArcAnalysis/src/test/resources/secarc/analysis/role/DerivedThirdPartyRoles.secarc
@@ -5,11 +5,11 @@ component DerivedThirdPartyRoles {
 	accesscontrol on;
 	
 	trustlevel +1;
+	
+	identity weak help -> targetHelp;
 		
 	component Help help {	
 		trustlevel +1;
-	
-		identity weak help -> targetHelp;
 	}
 	
 	component TargetHelp targetHelp {

--- a/montiSecArcAnalysis/src/test/resources/secarc/analysis/trustlevel/ReasonForDifferingTrustlevel.secarc
+++ b/montiSecArcAnalysis/src/test/resources/secarc/analysis/trustlevel/ReasonForDifferingTrustlevel.secarc
@@ -4,20 +4,20 @@ component ReasonForDifferingTrustlevel{

 	accesscontrol off;
 	
-	trustlevel +2;
+	trustlevel +3;
 	
 	component Help help {
 	
-		trustlevel +1;
+		trustlevel +3;
 	
 	}
 	
 	component PositiveDifference {
-		trustlevel +5;
+		trustlevel +6;
 	}
 	
 	component NegativeDifference {
-		trustlevel -1;
+		trustlevel +0;
 	}

 }
\ No newline at end of file