Commit d4b09d96 authored by Paff's avatar Paff
Browse files

delete list encrypted data analysis -> not needed

- repeat filtering in higher trustlevel
parent 9d52abff
/**
* Generated on Mon Oct 13 17:11:05 CEST 2014
* Generated on Tue Oct 14 17:05:34 CEST 2014
*/
config {
Require-Model:
......
......@@ -24,7 +24,6 @@ import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.SecConnectorEntry;
import secarc.ets.entries.SecPortEntry;
import secarc.ets.entries.SecSubComponentEntry;
import secarc.ets.graph.ArchitectureGraph;
import secarc.ets.graph.Edge;
import secarc.ets.graph.Vertex;
......@@ -106,8 +105,8 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
}
//Save subcomponent for trustlevel
if(element instanceof SecSubComponentEntry) {
lastComponent = ((SecSubComponentEntry) element).getComponentType();
if(element instanceof SecComponentEntry) {
lastComponent = ((SecComponentEntry) element);
}
//New path starts
......
/**
*
*/
package secarc.ets.analysis.connect;
import mc.IErrorCode;
import mc.ast.ASTNode;
import mc.umlp.arcd._ast.ASTArcConnector;
import mc.umlp.arcd._ast.ASTArcSimpleConnector;
import interfaces2.resolvers.AmbigousException;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.SecConnectorEntry;
/**
* Lists all encrypted data
*
* TODO SimpleConnector
*
* <br>
* <br>
* Copyright (c) 2011 RWTH Aachen. All rights reserved
*
* @author (last commit) $Author$
* @version $Date$<br>
* $Revision$
*
*/
public class ListEncryptedData extends Analysis implements
ISecAnalysisConnectorChecker {
public ListEncryptedData() {
super(MontiSecArcAnalysisConstants.LIST_ENCRYPTED_CONNTECT);
}
/* (non-Javadoc)
* @see secarc.ets.cocos.checkers.ISecConnectorChecker#check(mc.umlp.arcd._ast.ASTArcConnector, secarc.ets.entries.SecConnectorEntry)
*/
public void check(ASTArcConnector node, SecConnectorEntry entry)
throws AmbigousException {
innerCheck(node, entry);
}
/* (non-Javadoc)
* @see secarc.ets.cocos.checkers.ISecConnectorChecker#check(mc.umlp.arcd._ast.ASTArcSimpleConnector, secarc.ets.entries.SecConnectorEntry)
*/
public void check(ASTArcSimpleConnector node, SecConnectorEntry entry)
throws AmbigousException {
innerCheck(node, entry);
}
private void innerCheck(ASTNode node, SecConnectorEntry entry) throws AmbigousException {
//Missing AutoConnect
if(entry.isEncrypted()) {
addReport(entry.getSource() + " -> " + entry.getTarget(), node.get_SourcePositionStart());
}
}
/* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
*/
@Override
public IErrorCode getErrorCode() {
return MontiSecArcAnalysisErrorCodes.ListEncryptedConnected;
}
}
package secarc.ets.analysis.filter;
import java.util.ArrayList;
import java.util.List;
import org.jgrapht.traverse.DepthFirstIterator;
import org.jgrapht.traverse.GraphIterator;
import interfaces2.STEntry;
import interfaces2.resolvers.AmbigousException;
import mc.IErrorCode;
import mc.umlp.arcd._ast.ASTArcComponent;
import mc.umlp.arcd._ast.ASTArcPort;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import secarc._ast.ASTSecArcFilter;
import secarc._ast.ASTSecArcTrustLevel;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
import secarc.ets.check.MontiSecArcAnalysisConstants;
import secarc.ets.entries.ConfigurationEntry;
import secarc.ets.entries.FilterEntry;
import secarc.ets.entries.SecComponentEntry;
import secarc.ets.entries.TrustlevelEntry;
import secarc.ets.graph.ArchitectureGraph;
import secarc.ets.graph.Edge;
import secarc.ets.graph.Vertex;
public class RepeatFilterinInHigherTrustlevel extends Analysis implements
ISecAnalysisFilterChecker {
public RepeatFilterinInHigherTrustlevel() {
super(MontiSecArcAnalysisConstants.REPEAT_FILTERING_IN_HIGHER_TRUSTLEVEL);
}
/*
* (non-Javadoc)
* @see secarc.ets.analysis.checker.ISecAnalysisFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry, secarc.ets.graph.ArchitectureGraph)
*/
@Override
public void check(ASTSecArcFilter node, FilterEntry entry,
ArchitectureGraph graph) throws AmbigousException {
//Search for trustlevel
ASTArcComponent componentNode = null;
if(node.getMainParent() instanceof ASTArcComponent) {
componentNode = (ASTArcComponent) node.getMainParent();
} else {
componentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
}
SecComponentEntry componentEntry = (SecComponentEntry) resolver.resolve(componentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(componentNode));
TrustlevelEntry trustlevelEntry = getTrustlevel(componentNode).getTrustlevel().get();
String trustlevel = "";
int trustlevelCompare = trustlevelAsInteger(trustlevelEntry);
if(trustlevelEntry == null) {
trustlevel = "-1";
trustlevelCompare = -1;
} else {
trustlevel += trustlevelEntry.getValue();
trustlevelCompare = trustlevelEntry.getValue();
if(trustlevelEntry.isNegative()) {
trustlevel = "-" + trustlevel;
trustlevelCompare *= -1;
} else {
trustlevel = "+" + trustlevel;
}
}
//Search for trustlevel after the filter
//Look for paths with port as beginning
Vertex<ComponentEntry> componentVertex = Vertex.of(componentEntry);
GraphIterator<Vertex<? extends STEntry>, Edge> iterator = new DepthFirstIterator<Vertex<? extends STEntry>, Edge>(graph.getReversedRawGraph(), componentVertex);
//If the trustlevel is higher than ther filter trustlevel, their must be another filter
Vertex<? extends STEntry> element = null;
TrustlevelEntry trustlevelPath = null;
SecComponentEntry componentEntryHigherTurstlevel = null;
int trustlevelPathCompare = -2;
boolean filterNeeded = false;
List<STEntry> path = new ArrayList<STEntry>();
//FirstElement is not needed
iterator.next();
while(iterator.hasNext()) {
element = iterator.next();
if(element.getArchitectureElement() instanceof ConfigurationEntry) {
path.add(element.getArchitectureElement());
}
//New path
//If no filter is found, warning
if(element.equals(componentVertex)) {
StringBuilder sBuilder = new StringBuilder("Data which are filtered with " + entry.getName() + " have to be filtered again in the componente " + componentEntryHigherTurstlevel + " because the component has a higer trustlevel. Path: ");
//Add paht to output
if(!path.isEmpty()) {
sBuilder.append(path.get(0));
path.remove(0);
}
for(STEntry entryPath : path) {
sBuilder.append(", ");
sBuilder.append(entryPath);
}
if(filterNeeded) {
addReport("", node.get_SourcePositionStart());
}
filterNeeded = false;
path.clear();
}
//Checks if the new trustlevel is higer
if(element.getArchitectureElement() instanceof TrustlevelEntry) {
trustlevelPath = (TrustlevelEntry) element.getArchitectureElement();
trustlevelPathCompare = trustlevelAsInteger(trustlevelPath);
//Trustlevel higher than before, the input must be filtered again
if(trustlevelPathCompare > trustlevelCompare) {
filterNeeded = true;
//Save component
if(((ASTSecArcTrustLevel) trustlevelPath.getNode()).getMainParent() instanceof ASTArcComponent) {
componentNode = (ASTArcComponent) node.getMainParent();
} else {
componentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
}
componentEntryHigherTurstlevel = (SecComponentEntry) resolver.resolve(componentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(componentNode));
}
}
//Filter was found. Therefore, the path is ok
if(filterNeeded && element.getArchitectureElement() instanceof FilterEntry) {
filterNeeded = false;
}
}
}
/**
*
* @param entry
* @return
*/
private int trustlevelAsInteger(TrustlevelEntry entry) {
if(entry == null) {
return -1;
} else {
int trustlevel = entry.getValue();
if(entry.isNegative()) {
trustlevel *= -1;
}
return trustlevel;
}
}
/**
* Search for trustlevel in super components
* @param node
* @return trustlevel
* @throws AmbigousException
*/
private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
ASTArcComponent parent = (ASTArcComponent) node.getMainParent();
if(parent != null) {
SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
if(componentParent.getTrustlevel().isPresent()) {
return componentParent;
} else {
return getTrustlevel(parent);
}
} else {
return null;
}
}
/*
* (non-Javadoc)
* @see interfaces2.coco.ContextCondition#getErrorCode()
*/
@Override
public IErrorCode getErrorCode() {
return MontiSecArcAnalysisErrorCodes.RepeatFilteringInHigherTrustlevel;
}
}
......@@ -12,7 +12,6 @@ import mc.IErrorCode;
import mc.umlp.arcd.ets.entries.ComponentEntry;
import mc.umlp.arcd.ets.entries.ConnectorEntry;
import mc.umlp.arcd.ets.entries.PortEntry;
import mc.umlp.arcd.ets.entries.SubComponentEntry;
import secarc._ast.ASTSecArcIdentity;
import secarc.error.MontiSecArcAnalysisErrorCodes;
import secarc.ets.analysis.checker.Analysis;
......@@ -83,9 +82,11 @@ public class IdentityWithEncryption extends Analysis implements
element = iterator.next().getArchitectureElement();
//Search for source component of the identity link
if(element instanceof SubComponentEntry &&
((SubComponentEntry) element).getComponentType().equals(sourceComponentEntry) &&
encrypted) {
if((element instanceof ComponentEntry &&
((ComponentEntry) element).equals(sourceComponentEntry) &&
encrypted) ||
(!iterator.hasNext() &&
encrypted)) {
pathfound = true;
//There is an encrypted path, break
break;
......
......@@ -13,6 +13,7 @@ import secarc.ets.analysis.connect.TrustlevelPathHigherThanEnvironment;
import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
import secarc.ets.analysis.filter.AvoidInputString;
import secarc.ets.analysis.filter.ListFilters;
import secarc.ets.analysis.filter.RepeatFilterinInHigherTrustlevel;
import secarc.ets.analysis.filter.TaintPropergation;
import secarc.ets.analysis.filter.TaintTracking;
import secarc.ets.analysis.identity.IdentityWithEncryption;
......@@ -132,6 +133,9 @@ public final class MontiSecArcAnalysisCreator {
//taint propergation
filterAnalysis.addChild(new TaintPropergation());
//taint traicking after filter
filterAnalysis.addChild(new RepeatFilterinInHigherTrustlevel());
//Analysis for ports
CompositeContextCondition portAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_PORT_ANALYSIS);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment