delete list encrypted data analysis -> not needed

- repeat filtering in higher trustlevel

montiSecArcAnalysis/mc.cfg

 /**
- * Generated on Mon Oct 13 17:11:05 CEST 2014
+ * Generated on Tue Oct 14 17:05:34 CEST 2014
  */
 config {
     Require-Model:

montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/EncryptedPathEndInLowTrustlevel.java

@@ -24,7 +24,6 @@ import secarc.ets.check.MontiSecArcAnalysisConstants;
 import secarc.ets.entries.SecComponentEntry;
 import secarc.ets.entries.SecConnectorEntry;
 import secarc.ets.entries.SecPortEntry;
-import secarc.ets.entries.SecSubComponentEntry;
 import secarc.ets.graph.ArchitectureGraph;
 import secarc.ets.graph.Edge;
 import secarc.ets.graph.Vertex;
@@ -106,8 +105,8 @@ public class EncryptedPathEndInLowTrustlevel extends Analysis implements
 			}
 			
 			//Save subcomponent for trustlevel
-			if(element instanceof SecSubComponentEntry) {
-				lastComponent = ((SecSubComponentEntry) element).getComponentType();
+			if(element instanceof SecComponentEntry) {
+				lastComponent = ((SecComponentEntry) element);
 			}
 				
 			//New path starts

montiSecArcAnalysis/src/main/java/secarc/ets/analysis/connect/ListEncryptedData.java

-/**
- * 
- */
-package secarc.ets.analysis.connect;
-
-import mc.IErrorCode;
-import mc.ast.ASTNode;
-import mc.umlp.arcd._ast.ASTArcConnector;
-import mc.umlp.arcd._ast.ASTArcSimpleConnector;
-import interfaces2.resolvers.AmbigousException;
-import secarc.error.MontiSecArcAnalysisErrorCodes;
-import secarc.ets.analysis.checker.Analysis;
-import secarc.ets.analysis.checker.ISecAnalysisConnectorChecker;
-import secarc.ets.check.MontiSecArcAnalysisConstants;
-import secarc.ets.entries.SecConnectorEntry;
-
-/**
- * Lists all encrypted data
- * 
- * TODO SimpleConnector
- * 
- * <br>
- * <br>
- * Copyright (c) 2011 RWTH Aachen. All rights reserved
- * 
- * @author (last commit) $Author$
- * @version $Date$<br>
- * $Revision$
- * 
- */
-public class ListEncryptedData extends Analysis implements
-		ISecAnalysisConnectorChecker {
-
-	public ListEncryptedData() {
-		super(MontiSecArcAnalysisConstants.LIST_ENCRYPTED_CONNTECT);
-	}
-
-	/* (non-Javadoc)
-	 * @see secarc.ets.cocos.checkers.ISecConnectorChecker#check(mc.umlp.arcd._ast.ASTArcConnector, secarc.ets.entries.SecConnectorEntry)
-	 */
-	public void check(ASTArcConnector node, SecConnectorEntry entry)
-			throws AmbigousException {
-		innerCheck(node, entry);
-	}
-
-	/* (non-Javadoc)
-	 * @see secarc.ets.cocos.checkers.ISecConnectorChecker#check(mc.umlp.arcd._ast.ASTArcSimpleConnector, secarc.ets.entries.SecConnectorEntry)
-	 */
-	public void check(ASTArcSimpleConnector node, SecConnectorEntry entry)
-			throws AmbigousException {
-		innerCheck(node, entry);
-	}
-
-	private void innerCheck(ASTNode node, SecConnectorEntry entry) throws AmbigousException {
-		//Missing AutoConnect
-		if(entry.isEncrypted()) {
-			addReport(entry.getSource() + " -> " + entry.getTarget(), node.get_SourcePositionStart());
-		}
-	}
-
-	/* (non-Javadoc)
-	 * @see interfaces2.coco.ContextCondition#getErrorCode()
-	 */
-	@Override
-	public IErrorCode getErrorCode() {
-		return MontiSecArcAnalysisErrorCodes.ListEncryptedConnected;
-	}
-
-}

montiSecArcAnalysis/src/main/java/secarc/ets/analysis/filter/RepeatFilterinInHigherTrustlevel.java

+package secarc.ets.analysis.filter;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jgrapht.traverse.DepthFirstIterator;
+import org.jgrapht.traverse.GraphIterator;
+
+import interfaces2.STEntry;
+import interfaces2.resolvers.AmbigousException;
+import mc.IErrorCode;
+import mc.umlp.arcd._ast.ASTArcComponent;
+import mc.umlp.arcd._ast.ASTArcPort;
+import mc.umlp.arcd.ets.entries.ComponentEntry;
+import secarc._ast.ASTSecArcFilter;
+import secarc._ast.ASTSecArcTrustLevel;
+import secarc.error.MontiSecArcAnalysisErrorCodes;
+import secarc.ets.analysis.checker.Analysis;
+import secarc.ets.analysis.checker.ISecAnalysisFilterChecker;
+import secarc.ets.check.MontiSecArcAnalysisConstants;
+import secarc.ets.entries.ConfigurationEntry;
+import secarc.ets.entries.FilterEntry;
+import secarc.ets.entries.SecComponentEntry;
+import secarc.ets.entries.TrustlevelEntry;
+import secarc.ets.graph.ArchitectureGraph;
+import secarc.ets.graph.Edge;
+import secarc.ets.graph.Vertex;
+
+public class RepeatFilterinInHigherTrustlevel extends Analysis implements
+		ISecAnalysisFilterChecker {
+
+	public RepeatFilterinInHigherTrustlevel() {
+		super(MontiSecArcAnalysisConstants.REPEAT_FILTERING_IN_HIGHER_TRUSTLEVEL);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * @see secarc.ets.analysis.checker.ISecAnalysisFilterChecker#check(secarc._ast.ASTSecArcFilter, secarc.ets.entries.FilterEntry, secarc.ets.graph.ArchitectureGraph)
+	 */
+	@Override
+	public void check(ASTSecArcFilter node, FilterEntry entry,
+			ArchitectureGraph graph) throws AmbigousException {
+		
+		//Search for trustlevel
+		ASTArcComponent componentNode = null;
+		if(node.getMainParent() instanceof ASTArcComponent) {
+			componentNode = (ASTArcComponent) node.getMainParent();
+		} else {
+			componentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
+		}
+		SecComponentEntry componentEntry = (SecComponentEntry) resolver.resolve(componentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(componentNode));
+		TrustlevelEntry trustlevelEntry = getTrustlevel(componentNode).getTrustlevel().get();
+		String trustlevel = "";
+		int trustlevelCompare = trustlevelAsInteger(trustlevelEntry);
+		
+		if(trustlevelEntry == null) {
+			trustlevel = "-1";
+			trustlevelCompare = -1;
+		} else {
+			trustlevel += trustlevelEntry.getValue();
+			trustlevelCompare = trustlevelEntry.getValue();
+			if(trustlevelEntry.isNegative()) {
+				trustlevel = "-" + trustlevel;
+				trustlevelCompare *= -1;
+			} else  {
+				trustlevel = "+" + trustlevel;
+			}
+		} 
+		
+		//Search for trustlevel after the filter
+		
+		//Look for paths with port as beginning
+		Vertex<ComponentEntry> componentVertex = Vertex.of(componentEntry);
+		GraphIterator<Vertex<? extends STEntry>, Edge> iterator = new DepthFirstIterator<Vertex<? extends STEntry>, Edge>(graph.getReversedRawGraph(), componentVertex);
+		
+		//If the trustlevel is higher than ther filter trustlevel, their must be another filter
+		Vertex<? extends STEntry> element = null;
+		TrustlevelEntry trustlevelPath = null;
+		SecComponentEntry componentEntryHigherTurstlevel = null;
+		int trustlevelPathCompare = -2;
+		boolean filterNeeded = false;
+		List<STEntry> path = new ArrayList<STEntry>();
+		
+		//FirstElement is not needed
+		iterator.next();
+		
+		while(iterator.hasNext()) {
+			element = iterator.next();
+			
+			if(element.getArchitectureElement() instanceof ConfigurationEntry) {
+				path.add(element.getArchitectureElement());
+			}
+			
+			//New path
+			//If no filter is found, warning
+			if(element.equals(componentVertex)) {
+				StringBuilder sBuilder = new StringBuilder("Data which are filtered with " + entry.getName() + " have to be filtered again in the componente " + componentEntryHigherTurstlevel + " because the component has a higer trustlevel. Path: ");
+				
+				//Add paht to output
+				if(!path.isEmpty()) {
+					sBuilder.append(path.get(0));
+					path.remove(0);
+				}
+				
+				for(STEntry entryPath : path) {
+					sBuilder.append(", ");
+					sBuilder.append(entryPath);
+				}
+				
+				if(filterNeeded) {
+					addReport("", node.get_SourcePositionStart());
+				}
+				filterNeeded = false;
+				path.clear();
+			}
+			
+			//Checks if the new trustlevel is higer
+			if(element.getArchitectureElement() instanceof TrustlevelEntry) {
+				trustlevelPath = (TrustlevelEntry) element.getArchitectureElement();
+				trustlevelPathCompare = trustlevelAsInteger(trustlevelPath);
+				
+				//Trustlevel higher than before, the input must be filtered again
+				if(trustlevelPathCompare > trustlevelCompare) {
+					filterNeeded = true;
+					
+					//Save component
+					if(((ASTSecArcTrustLevel) trustlevelPath.getNode()).getMainParent() instanceof ASTArcComponent) {
+						componentNode = (ASTArcComponent) node.getMainParent();
+					} else {
+						componentNode = (ASTArcComponent) ((ASTArcPort) node.getMainParent()).getMainParent();
+					}
+					componentEntryHigherTurstlevel = (SecComponentEntry) resolver.resolve(componentNode.getName(), ComponentEntry.KIND, getNameSpaceFor(componentNode));
+				}
+				
+			}
+			
+			//Filter was found. Therefore, the path is ok
+			if(filterNeeded && element.getArchitectureElement() instanceof FilterEntry) {
+				filterNeeded = false;
+			}
+		}
+		
+	}
+	
+	/**
+	 * 
+	 * @param entry
+	 * @return
+	 */
+	private int trustlevelAsInteger(TrustlevelEntry entry) {
+		if(entry == null) {
+			return -1;
+		} else {
+			int trustlevel = entry.getValue();
+			if(entry.isNegative()) {
+				trustlevel *= -1;
+			} 
+			return trustlevel;
+		} 
+	}
+	
+	/**
+	 * Search for trustlevel in super components 
+	 * @param node
+	 * @return trustlevel
+	 * @throws AmbigousException
+	 */
+	private SecComponentEntry getTrustlevel(ASTArcComponent node) throws AmbigousException {
+		ASTArcComponent parent = (ASTArcComponent) node.getMainParent();
+		if(parent != null) {
+			SecComponentEntry componentParent = (SecComponentEntry) resolver.resolve(parent.getName(), ComponentEntry.KIND, getNameSpaceFor(parent));
+			if(componentParent.getTrustlevel().isPresent()) {
+				return componentParent;
+			} else {
+				return getTrustlevel(parent);
+			}
+		} else {
+			return null;
+		}
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * @see interfaces2.coco.ContextCondition#getErrorCode()
+	 */
+	@Override
+	public IErrorCode getErrorCode() {
+		return MontiSecArcAnalysisErrorCodes.RepeatFilteringInHigherTrustlevel;
+	}
+
+}

montiSecArcAnalysis/src/main/java/secarc/ets/analysis/identity/IdentityWithEncryption.java

@@ -12,7 +12,6 @@ import mc.IErrorCode;
 import mc.umlp.arcd.ets.entries.ComponentEntry;
 import mc.umlp.arcd.ets.entries.ConnectorEntry;
 import mc.umlp.arcd.ets.entries.PortEntry;
-import mc.umlp.arcd.ets.entries.SubComponentEntry;
 import secarc._ast.ASTSecArcIdentity;
 import secarc.error.MontiSecArcAnalysisErrorCodes;
 import secarc.ets.analysis.checker.Analysis;
@@ -83,9 +82,11 @@ public class IdentityWithEncryption extends Analysis implements
 				element = iterator.next().getArchitectureElement();
 				
 				//Search for source component of the identity link
-				if(element instanceof SubComponentEntry &&
-						((SubComponentEntry) element).getComponentType().equals(sourceComponentEntry) &&
-						encrypted) {
+				if((element instanceof ComponentEntry &&
+						((ComponentEntry) element).equals(sourceComponentEntry) &&
+						encrypted) ||
+						(!iterator.hasNext() &&
+								encrypted)) {
 					pathfound = true;
 					//There is an encrypted path, break
 					break;

montiSecArcAnalysis/src/main/java/secarc/ets/check/MontiSecArcAnalysisCreator.java

@@ -13,6 +13,7 @@ import secarc.ets.analysis.connect.TrustlevelPathHigherThanEnvironment;
 import secarc.ets.analysis.connect.UnencryptedConnectorThroughLowTurstlevel;
 import secarc.ets.analysis.filter.AvoidInputString;
 import secarc.ets.analysis.filter.ListFilters;
+import secarc.ets.analysis.filter.RepeatFilterinInHigherTrustlevel;
 import secarc.ets.analysis.filter.TaintPropergation;
 import secarc.ets.analysis.filter.TaintTracking;
 import secarc.ets.analysis.identity.IdentityWithEncryption;
@@ -132,6 +133,9 @@ public final class MontiSecArcAnalysisCreator {
 			//taint propergation
 			filterAnalysis.addChild(new TaintPropergation());
 			
+			//taint traicking after filter
+			filterAnalysis.addChild(new RepeatFilterinInHigherTrustlevel());
+			
 			//Analysis for ports
 			CompositeContextCondition portAnalysis = new CompositeContextCondition(MontiSecArcAnalysisConstants.ALL_PORT_ANALYSIS);