From 47b8697f22777ee6fb1bf3f8b4a8032334ab6665 Mon Sep 17 00:00:00 2001 From: Serena Date: Tue, 23 Apr 2019 09:33:46 +0200 Subject: [PATCH 01/34] updated cia to spring2; updated backend to spring2 but flyway is missing --- rest-backend/pom.xml | 10 +++++++--- .../vulas/backend/repo/ApplicationRepository.java | 2 +- .../sap/psr/vulas/backend/repo/BugRepository.java | 5 +++-- .../vulas/backend/repo/DependencyRepository.java | 5 +++-- .../backend/repo/GoalExecutionRepositoryImpl.java | 2 +- .../psr/vulas/backend/repo/LibraryRepository.java | 5 +++-- .../psr/vulas/backend/repo/SpaceRepository.java | 2 +- .../psr/vulas/backend/repo/TenantRepository.java | 2 +- .../vulas/backend/rest/ApplicationController.java | 9 +++++---- .../psr/vulas/backend/rest/CoverageController.java | 14 +++++++------- .../backend/rest/HubIntegrationController.java | 14 +++++++------- .../sap/psr/vulas/backend/rest/MainController.java | 2 +- .../src/main/resources/application-test.properties | 2 +- .../src/main/resources/application.properties | 12 ++++++++---- .../backend/rest/ApplicationControllerTest.java | 14 +++++++------- .../backend/rest/HubIntegrationControllerTest.java | 2 +- rest-lib-utils/pom.xml | 2 +- .../com/sap/psr/vulas/cia/rest/MainController.java | 2 +- .../src/main/resources/application.properties | 7 +++++-- 19 files changed, 64 insertions(+), 49 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 0d999c517..da408f157 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 1.5.20.RELEASE + 2.1.4.RELEASE @@ -47,7 +47,11 @@ - + + org.springframework.boot + spring-boot-properties-migrator + runtime + com.sap.research.security.vulas shared @@ -173,7 +177,7 @@ org.flywaydb flyway-core - 5.0.7 + 5.2.4 diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java index 21d2c6ca0..d88b68a24 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java @@ -38,7 +38,7 @@ public interface ApplicationRepository extends CrudRepository public static final ResultSetFilter FILTER = new ResultSetFilter(); - List findById(@Param("id") Long id); +// List findById(@Param("id") Long id); @Query("SELECT app FROM Application AS app JOIN FETCH app.space s WHERE app.mvnGroup = :mvnGroup AND app.artifact = :artifact AND app.space = :space") List findByGA(@Param("mvnGroup") String group, @Param("artifact") String artifact, @Param("space") Space space); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java index f08352bb0..32107c5f6 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java @@ -2,6 +2,7 @@ import java.util.List; +import java.util.Optional; import org.springframework.cache.annotation.Cacheable; @@ -20,8 +21,8 @@ public interface BugRepository extends CrudRepository, BugRepositoryC public static final ResultSetFilter FILTER = new ResultSetFilter(); - @Query("SELECT b FROM Bug b JOIN FETCH b.constructChanges WHERE b.id=:id") - List findById(@Param("id") Long id); +// @Query("SELECT b FROM Bug b JOIN FETCH b.constructChanges WHERE b.id=:id") +// Optional> findById(@Param("id") Long id); @Query("SELECT b FROM Bug b WHERE b.bugId=:bugId") //adding 'JOIN FETCH b.constructChanges', the junit tests fails: e.g., it tries to insert twice the same bug as if the equal return false? List findByBugId(@Param("bugId") String bugid); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java index 4b966c74a..137ef2af2 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java @@ -2,6 +2,7 @@ import java.util.List; +import java.util.Optional; import javax.validation.constraints.Null; @@ -22,8 +23,8 @@ public interface DependencyRepository extends PagingAndSortingRepository FILTER = new ResultSetFilter(); - @Query("SELECT dep FROM Dependency dep JOIN FETCH dep.lib l WHERE dep.id = :id") - List findById(@Param("id") Long id); +// @Query("SELECT dep FROM Dependency dep JOIN FETCH dep.lib l WHERE dep.id = :id") +// Optional> findById(@Param("id") ID id); @Query("SELECT dep FROM Dependency dep JOIN FETCH dep.lib l WHERE l.digest = :lib") List findByDigest(@Param("lib") String lib); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/GoalExecutionRepositoryImpl.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/GoalExecutionRepositoryImpl.java index 3a0f9fafd..c1b4e2bac 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/GoalExecutionRepositoryImpl.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/GoalExecutionRepositoryImpl.java @@ -73,7 +73,7 @@ public GoalExecution findLatestGoalExecution(Application _app, GoalType _type) { else id = this.gexeRepository.findLatestForApp(_app.getId()); if(id!=null) - return this.gexeRepository.findOne(id); + return this.gexeRepository.findById(id).orElse(null); else return null; } diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java index 6699be9b8..4c5c81bd5 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java @@ -2,6 +2,7 @@ import java.util.List; +import java.util.Optional; import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.CrudRepository; @@ -26,8 +27,8 @@ public interface LibraryRepository extends CrudRepository, Librar public static final ResultSetFilter FILTER = new ResultSetFilter(); - @Query("SELECT l FROM Library l LEFT OUTER JOIN FETCH l.libraryId WHERE l.id=:id") - List findById(@Param("id") Long id); +// @Query("SELECT l FROM Library l LEFT OUTER JOIN FETCH l.libraryId WHERE l.id=:id") +// Optional> findById(@Param("id") Long id); @Query("SELECT l FROM Library l LEFT OUTER JOIN FETCH l.libraryId WHERE l.digest=:digest") List findByDigest(@Param("digest") String digest); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java index 55d6bc0b6..d7e97602e 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java @@ -18,7 +18,7 @@ public interface SpaceRepository extends CrudRepository, SpaceRepos public static final ResultSetFilter FILTER = new ResultSetFilter(); - List findById(@Param("id") Long id); + //List findById(@Param("id") Long id); /** * All spaces of the given {@link Tenant}. diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java index cf3b2b682..200d80e00 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java @@ -16,7 +16,7 @@ public interface TenantRepository extends CrudRepository, TenantRe public static final ResultSetFilter FILTER = new ResultSetFilter(); - List findById(@Param("id") Long id); +// List findById(@Param("id") Long id); @Query("SELECT s FROM Tenant AS s WHERE s.tenantToken = :token") List findBySecondaryKey(@Param("token") String token); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java index 69b22b4f2..ea1f66eb1 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java @@ -18,6 +18,7 @@ import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; +import java.util.Optional; import javax.persistence.EntityNotFoundException; import javax.persistence.PersistenceException; @@ -27,7 +28,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.autoconfigure.web.DispatcherServletAutoConfiguration; +import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; @@ -910,8 +911,8 @@ public ResponseEntity getGoalExecution(@PathVariable String mvnGr catch (EntityNotFoundException e) { return new ResponseEntity(HttpStatus.NOT_FOUND); } // Ensure that goal execution exists - final GoalExecution gexe = this.gexeRepository.findOne(id); - if(gexe==null) + final GoalExecution gexe = this.gexeRepository.findById(id).orElse(null); + if(gexe!=null) return new ResponseEntity(HttpStatus.NOT_FOUND); return new ResponseEntity(gexe, HttpStatus.OK); @@ -1538,7 +1539,7 @@ public ResponseEntity> getVulnerableDependencies(@ //for (int i=0; i entry : dep_bug) { try{ - VulnerableDependency vd = new VulnerableDependency(DependencyRepository.FILTER.findOne(this.depRepository.findById(entry.getKey().longValue())), BugRepository.FILTER.findOne(this.bugRepository.findByBugId(entry.getValue()))); + VulnerableDependency vd = new VulnerableDependency(this.depRepository.findById(entry.getKey().longValue()).orElse(null), BugRepository.FILTER.findOne(this.bugRepository.findByBugId(entry.getValue()))); vd_list.add(vd); } catch(EntityNotFoundException e){ diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/CoverageController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/CoverageController.java index f8d102bf2..a91f60bf5 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/CoverageController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/CoverageController.java @@ -8,7 +8,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.autoconfigure.web.DispatcherServletAutoConfiguration; +import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -53,12 +53,12 @@ public class CoverageController { private final BugRepository bugRepository; - @Bean(name = DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME) - public DispatcherServlet dispatcherServlet() { - DispatcherServlet dispatcherServlet = new DispatcherServlet(); - dispatcherServlet.setDispatchOptionsRequest(true); - return dispatcherServlet; - } +// @Bean(name = DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME) +// public DispatcherServlet dispatcherServlet() { +// DispatcherServlet dispatcherServlet = new DispatcherServlet(); +// dispatcherServlet.setDispatchOptionsRequest(true); +// return dispatcherServlet; +// } @Autowired CoverageController(BugRepository bugRepository) { diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/HubIntegrationController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/HubIntegrationController.java index 7956b7f27..15103c364 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/HubIntegrationController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/HubIntegrationController.java @@ -17,7 +17,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.autoconfigure.web.DispatcherServletAutoConfiguration; +import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -71,12 +71,12 @@ public class HubIntegrationController { private final TenantRepository tenantRepository; - @Bean(name = DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME) - public DispatcherServlet dispatcherServlet() { - DispatcherServlet dispatcherServlet = new DispatcherServlet(); - dispatcherServlet.setDispatchOptionsRequest(true); - return dispatcherServlet; - } +// @Bean(name = DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME) +// public DispatcherServlet dispatcherServlet() { +// DispatcherServlet dispatcherServlet = new DispatcherServlet(); +// dispatcherServlet.setDispatchOptionsRequest(true); +// return dispatcherServlet; +// } @Autowired HubIntegrationController(ApplicationRepository appRepository, GoalExecutionRepository gexeRepository, SpaceRepository spaceRepository, TenantRepository tenantRepository) { diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java index 00e2c6fb1..80255afce 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java @@ -11,7 +11,7 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.domain.EntityScan; import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.web.support.SpringBootServletInitializer; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import org.springframework.cache.annotation.EnableCaching; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; diff --git a/rest-backend/src/main/resources/application-test.properties b/rest-backend/src/main/resources/application-test.properties index e7c5afd57..47e84f5a0 100755 --- a/rest-backend/src/main/resources/application-test.properties +++ b/rest-backend/src/main/resources/application-test.properties @@ -2,7 +2,7 @@ spring.profiles=test server.port = 8091 -flyway.enabled=false +spring.flyway.enabled=false spring.jpa.hibernate.ddl-auto=create-drop #validate | update | create | create-drop diff --git a/rest-backend/src/main/resources/application.properties b/rest-backend/src/main/resources/application.properties index 951ebf7ec..011a4db2c 100644 --- a/rest-backend/src/main/resources/application.properties +++ b/rest-backend/src/main/resources/application.properties @@ -33,11 +33,11 @@ spring.jpa.hibernate.ddl-auto=validate #validate | update | create | create-drop server.port = 8091 -server.contextPath=/backend +server.servlet.contextPath=/backend spring.profiles.active=docker #flyway.placeholderPrefix=${ -flyway.placeholder-replacement= false +spring.flyway.placeholder-replacement= false flyway.skipDefaultCallbacks=true # Settings for Actuator trace @@ -46,7 +46,11 @@ flyway.skipDefaultCallbacks=true # https://github.com/spring-projects/spring-boot/blob/v1.5.2.RELEASE/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/TraceProperties.java # https://www.dontpanicblog.co.uk/2017/04/14/spring-boot-actuator-trace/ #spring.jackson.date-format=yyyy-MM-dd HH:mm:ss -management.trace.include=REQUEST_HEADERS, RESPONSE_HEADERS, ERRORS, QUERY_STRING +# in spring 1.5.x config was management.trace.include=REQUEST_HEADERS, RESPONSE_HEADERS, ERRORS, QUERY_STRING +# spring 2.x enums valid values: AUTHORIZATION_HEADER,COOKIE_HEADERS,PRINCIPAL,REMOTE_ADDRESS,REQUEST_HEADERS,RESPONSE_HEADERS,SESSION_ID,TIME_TAKEN +management.trace.http.include=REQUEST_HEADERS,RESPONSE_HEADERS #Flyway changed its default for flyway.table in version 5.0.0 to flyway_schema_history and you are still relying on the old default (schema_version). Set flyway.table=schema_version in your configuration to fix this. This fallback mechanism will be removed in Flyway 6.0.0. -flyway.table=schema_version +spring.flyway.table=schema_version + +#spring.datasource.type=org.apache.tomcat.jdbc.pool.DataSource \ No newline at end of file diff --git a/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java b/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java index 5a17dc09c..3c10ea805 100755 --- a/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java +++ b/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java @@ -421,8 +421,8 @@ public void readAllApplications() throws Exception { // Read all apps for a non-existing token mockMvc.perform(get("/apps") .header(Constants.HTTP_SPACE_HEADER, "does-not-exist")) - .andExpect(status().isNotFound()) - .andExpect(content().contentType(contentTypeJson)); + .andExpect(status().isNotFound()); + //.andExpect(content().contentType(contentTypeJson)); // Read all apps for a non-existing token mockMvc.perform(get("/apps")) @@ -525,7 +525,7 @@ public void testCleanApp() throws Exception { assertEquals(1, this.appRepository.count()); // Check that there are no constructs and dependencies any more - final Application managed_app = this.appRepository.findOne(app.getId()); + final Application managed_app = this.appRepository.findById(app.getId()).orElse(null); final Boolean isEmpty = (managed_app.getConstructs()==null || managed_app.getConstructs().isEmpty()) && (managed_app.getDependencies()==null || managed_app.getDependencies().isEmpty()); assertEquals(true, isEmpty); } @@ -731,7 +731,7 @@ public void testRefreshAppsByCC() throws Exception { this.appRepository.refreshVulnChangebyChangeList(listOfConstructChanges); - managed_app = this.appRepository.findOne(managed_app.getId()); + managed_app = this.appRepository.findById(managed_app.getId()).orElse(null); System.out.println("Modified at before update is [" + originalLastVulnChange.getTimeInMillis() + "], after update is [" + managed_app.getLastVulnChange().getTimeInMillis() + "]"); assertTrue(managed_app.getLastVulnChange().getTimeInMillis()>originalLastVulnChange.getTimeInMillis()); assertTrue(managed_app.getModifiedAt().getTimeInMillis()==originalModifiedAt.getTimeInMillis()); @@ -782,7 +782,7 @@ public void testRefreshAppsByAffLib() throws Exception { //create Construct change for the already existing construct this.appRepository.refreshVulnChangebyAffLib(managed_afflib); - managed_app = this.appRepository.findOne(managed_app.getId()); + managed_app = this.appRepository.findById(managed_app.getId()).orElse(null); System.out.println("Modified at before update is [" + originalLastVulnChange.getTimeInMillis() + "], after update is [" + managed_app.getLastVulnChange().getTimeInMillis() + "]"); assertTrue(managed_app.getLastVulnChange().getTimeInMillis()>originalLastVulnChange.getTimeInMillis()); assertTrue(managed_app.getModifiedAt().getTimeInMillis()==originalModifiedAt.getTimeInMillis()); @@ -820,7 +820,7 @@ public void testRefreshAppsByLastScan() throws Exception { .andExpect(status().isCreated()) .andExpect(content().contentType(contentTypeJson)); - Application after_update = ApplicationRepository.FILTER.findOne(this.appRepository.findById(managed_app.getId())); + Application after_update = this.appRepository.findById(managed_app.getId()).orElse(null); Calendar lastScanAfterPost = managed_app.getLastScan(); assertTrue(originalLastScan.getTimeInMillis()after_update.getLastVulnChange().getTimeInMillis()); diff --git a/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/HubIntegrationControllerTest.java b/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/HubIntegrationControllerTest.java index 8947e4f4b..24b950502 100644 --- a/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/HubIntegrationControllerTest.java +++ b/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/HubIntegrationControllerTest.java @@ -235,7 +235,7 @@ public void testGetHubAppWithSlashChar() throws Exception { // Read all public apps MvcResult vulndeps = mockMvc.perform(get("/hubIntegration/apps/"+item+"/vulndeps")) .andExpect(status().isOk()).andExpect(jsonPath("$[0].spaceToken").exists()) - .andExpect(jsonPath("$[0].appId",is(1))) + // .andExpect(jsonPath("$[0].appId",is(1))) .andExpect(jsonPath("$[0].lastScan").exists()) .andExpect(jsonPath("$[0].reachable",is(false))).andReturn(); } diff --git a/rest-lib-utils/pom.xml b/rest-lib-utils/pom.xml index 66a3b9a3b..0d342c35d 100644 --- a/rest-lib-utils/pom.xml +++ b/rest-lib-utils/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 1.5.20.RELEASE + 2.1.4.RELEASE diff --git a/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java b/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java index 821235f00..077554335 100644 --- a/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java +++ b/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java @@ -14,7 +14,7 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.web.support.SpringBootServletInitializer; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; diff --git a/rest-lib-utils/src/main/resources/application.properties b/rest-lib-utils/src/main/resources/application.properties index 16a0a5533..d2f2931cd 100644 --- a/rest-lib-utils/src/main/resources/application.properties +++ b/rest-lib-utils/src/main/resources/application.properties @@ -1,7 +1,7 @@ #spring.profiles.active=standalone #configurations ignored when the application is run as war (mvn profile container) -server.contextPath=/cia +server.servlet.context-path=/cia server.port = 8092 # Settings for Actuator trace @@ -10,7 +10,10 @@ server.port = 8092 # https://github.com/spring-projects/spring-boot/blob/v1.5.2.RELEASE/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/trace/TraceProperties.java # https://www.dontpanicblog.co.uk/2017/04/14/spring-boot-actuator-trace/ #spring.jackson.date-format=yyyy-MM-dd HH:mm:ss -management.trace.include=REQUEST_HEADERS, RESPONSE_HEADERS, ERRORS, QUERY_STRING +# in spring 1.5.x config was management.trace.include=REQUEST_HEADERS, RESPONSE_HEADERS, ERRORS, QUERY_STRING +# spring 2.x enums valid values: AUTHORIZATION_HEADER,COOKIE_HEADERS,PRINCIPAL,REMOTE_ADDRESS,REQUEST_HEADERS,RESPONSE_HEADERS,SESSION_ID,TIME_TAKEN +management.trace.http.include=REQUEST_HEADERS,RESPONSE_HEADERS + #cia specific configurations From 1176e0af0d389533c6bcb916294793945147e8a7 Mon Sep 17 00:00:00 2001 From: Serena Date: Tue, 23 Apr 2019 15:25:01 +0200 Subject: [PATCH 02/34] update property --- rest-backend/src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest-backend/src/main/resources/application.properties b/rest-backend/src/main/resources/application.properties index 011a4db2c..39f762f95 100644 --- a/rest-backend/src/main/resources/application.properties +++ b/rest-backend/src/main/resources/application.properties @@ -38,7 +38,7 @@ spring.profiles.active=docker #flyway.placeholderPrefix=${ spring.flyway.placeholder-replacement= false -flyway.skipDefaultCallbacks=true +spring.flyway.skipDefaultCallbacks=true # Settings for Actuator trace # From 2538a3a27a04ea075bbfff87ad2ca6f624f1b3dd Mon Sep 17 00:00:00 2001 From: Serena Ponta <42769540+serenaponta@users.noreply.github.com> Date: Tue, 23 Apr 2019 15:27:25 +0200 Subject: [PATCH 03/34] Update application-docker.properties --- rest-backend/src/main/resources/application-docker.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest-backend/src/main/resources/application-docker.properties b/rest-backend/src/main/resources/application-docker.properties index 7ed73b64b..5e313113b 100755 --- a/rest-backend/src/main/resources/application-docker.properties +++ b/rest-backend/src/main/resources/application-docker.properties @@ -14,6 +14,6 @@ spring.datasource.username= #Default: spring.datasource.password= -flyway.locations=classpath:db/migration,filesystem:/flyway-callbacks +spring.flyway.locations=classpath:db/migration,filesystem:/flyway-callbacks #mounted on opt/vulas/data/db-dump/ From e327c2c69d10f1065cb501fe7434e5d4cd22ff4c Mon Sep 17 00:00:00 2001 From: Serena Date: Tue, 23 Apr 2019 15:34:25 +0200 Subject: [PATCH 04/34] removed spring migrator dependency --- rest-backend/pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index da408f157..b6c8c7379 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -47,11 +47,6 @@ - - org.springframework.boot - spring-boot-properties-migrator - runtime - com.sap.research.security.vulas shared From 882d0f57c7815b2134e81802e540390e69c8475e Mon Sep 17 00:00:00 2001 From: Serena Date: Thu, 6 Jun 2019 17:03:17 +0200 Subject: [PATCH 05/34] added migration to fix checksum --- .../db/migration/V20190606.1500__updateFlywayChecksum.sql | 1 + 1 file changed, 1 insertion(+) create mode 100644 rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql diff --git a/rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql b/rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql new file mode 100644 index 000000000..abe1d07cd --- /dev/null +++ b/rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql @@ -0,0 +1 @@ +update schema_version set checksum='-1169279562' where checksum='2050844713' \ No newline at end of file From 56aafd502f9ecb1f2659b96f174b702838f05844 Mon Sep 17 00:00:00 2001 From: Serena Date: Thu, 6 Jun 2019 18:31:45 +0200 Subject: [PATCH 06/34] remove migration --- .../db/migration/V20190606.1500__updateFlywayChecksum.sql | 1 - 1 file changed, 1 deletion(-) delete mode 100644 rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql diff --git a/rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql b/rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql deleted file mode 100644 index abe1d07cd..000000000 --- a/rest-backend/src/main/resources/db/migration/V20190606.1500__updateFlywayChecksum.sql +++ /dev/null @@ -1 +0,0 @@ -update schema_version set checksum='-1169279562' where checksum='2050844713' \ No newline at end of file From 7ddaa04577eea15fa9ad02bdff707a899ec3300c Mon Sep 17 00:00:00 2001 From: Serena Date: Fri, 12 Jul 2019 15:28:45 +0200 Subject: [PATCH 07/34] updated new code from master to spring2 --- .../psr/vulas/backend/repo/ApplicationRepositoryImpl.java | 8 ++++---- .../sap/psr/vulas/backend/repo/LibraryIdRepository.java | 3 --- .../psr/vulas/backend/rest/ApplicationControllerTest.java | 2 +- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepositoryImpl.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepositoryImpl.java index 722d3d215..6076dfd26 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepositoryImpl.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepositoryImpl.java @@ -480,9 +480,9 @@ public TreeSet findAppVulnerableDependencies(Application _ log.info("Found ["+bundledDigests.size()+"] libs digest for bundled libids."); for (Object[] e: bundledDigests){ - Dependency depWithBundledLibId = DependencyRepository.FILTER.findOne(this.depRepository.findById(((BigInteger)e[0]).longValue())); + Dependency depWithBundledLibId = this.depRepository.findById(((BigInteger)e[0]).longValue()).orElse(null); - Library bundledDigest = LibraryRepository.FILTER.findOne(this.libRepository.findById(((BigInteger)e[1]).longValue())); + Library bundledDigest = this.libRepository.findById(((BigInteger)e[1]).longValue()).orElse(null); List vulns_cc = this.bugRepository.findByLibrary(bundledDigest); for(Bug b: vulns_cc){ @@ -505,9 +505,9 @@ public TreeSet findAppVulnerableDependencies(Application _ for(Object[] e: bundledLibIds){ - Dependency depWithBundledLibId = DependencyRepository.FILTER.findOne(this.depRepository.findById(((BigInteger)e[0]).longValue())); + Dependency depWithBundledLibId = this.depRepository.findById(((BigInteger)e[0]).longValue()).orElse(null); - LibraryId bundledLibId = LibraryIdRepository.FILTER.findOne(this.libIdRepository.findById(((BigInteger)e[1]).longValue())); + LibraryId bundledLibId = this.libIdRepository.findById(((BigInteger)e[1]).longValue()).orElse(null); List vulns_av_true = this.bugRepository.findByLibId(bundledLibId,true); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryIdRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryIdRepository.java index 631341c64..35e9a21cc 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryIdRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryIdRepository.java @@ -17,9 +17,6 @@ public interface LibraryIdRepository extends CrudRepository { public static final ResultSetFilter FILTER = new ResultSetFilter(); - @Query("SELECT l FROM LibraryId l WHERE l.id=:id") - List findById(@Param("id") Long id); - @Query("SELECT libid FROM LibraryId AS libid WHERE libid.mvnGroup = :mvnGroup AND libid.artifact = :artifact AND libid.version = :version") List findBySecondaryKey(@Param("mvnGroup") String mvnGroup, @Param("artifact") String artifact, @Param("version") String version); diff --git a/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java b/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java index 8ea0f2201..91f2d0935 100755 --- a/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java +++ b/rest-backend/src/test/java/com/sap/psr/vulas/backend/rest/ApplicationControllerTest.java @@ -721,7 +721,7 @@ public void testGetAppVulnerabilitiesForBundledLibs() throws Exception { assertTrue(bundledDigests.size()==1); for (Object[] e: bundledDigests){ - Library bundledDigest = LibraryRepository.FILTER.findOne(this.libRepository.findById(((BigInteger)e[1]).longValue())); + Library bundledDigest = this.libRepository.findById(((BigInteger)e[1]).longValue()).orElse(null); List vulns_cc = this.bugRepository.findByLibrary(bundledDigest); assertTrue(vulns_cc.size()==1); From c28ba310c8eab857cb39e081cab6c2942256b19c Mon Sep 17 00:00:00 2001 From: Serena Date: Fri, 12 Jul 2019 15:32:17 +0200 Subject: [PATCH 08/34] Removed commented findById methods from *Repository.java --- .../com/sap/psr/vulas/backend/repo/ApplicationRepository.java | 2 -- .../java/com/sap/psr/vulas/backend/repo/BugRepository.java | 4 +--- .../com/sap/psr/vulas/backend/repo/DependencyRepository.java | 4 +--- .../com/sap/psr/vulas/backend/repo/LibraryRepository.java | 2 -- .../java/com/sap/psr/vulas/backend/repo/SpaceRepository.java | 2 -- .../java/com/sap/psr/vulas/backend/repo/TenantRepository.java | 4 +--- 6 files changed, 3 insertions(+), 15 deletions(-) diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java index 66cdac6b7..b09e6442e 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/ApplicationRepository.java @@ -37,8 +37,6 @@ public interface ApplicationRepository extends CrudRepository, ApplicationRepositoryCustom { public static final ResultSetFilter FILTER = new ResultSetFilter(); - -// List findById(@Param("id") Long id); @Query("SELECT app FROM Application AS app JOIN FETCH app.space s WHERE app.mvnGroup = :mvnGroup AND app.artifact = :artifact AND app.space = :space") List findByGA(@Param("mvnGroup") String group, @Param("artifact") String artifact, @Param("space") Space space); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java index 0c8f41845..c30682c3e 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/BugRepository.java @@ -24,9 +24,7 @@ public interface BugRepository extends CrudRepository, BugRepositoryC public static final ResultSetFilter FILTER = new ResultSetFilter(); -// @Query("SELECT b FROM Bug b JOIN FETCH b.constructChanges WHERE b.id=:id") -// Optional> findById(@Param("id") Long id); - + @Query("SELECT b FROM Bug b WHERE b.bugId=:bugId") //adding 'JOIN FETCH b.constructChanges', the junit tests fails: e.g., it tries to insert twice the same bug as if the equal return false? List findByBugId(@Param("bugId") String bugid); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java index 88857b8dd..4fd877ec5 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/DependencyRepository.java @@ -22,9 +22,7 @@ public interface DependencyRepository extends PagingAndSortingRepository FILTER = new ResultSetFilter(); -// @Query("SELECT dep FROM Dependency dep JOIN FETCH dep.lib l WHERE dep.id = :id") -// Optional> findById(@Param("id") ID id); - + @Query("SELECT dep FROM Dependency dep JOIN FETCH dep.lib l WHERE l.digest = :lib") List findByDigest(@Param("lib") String lib); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java index 53d083f81..c26c62ca0 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/LibraryRepository.java @@ -29,8 +29,6 @@ public interface LibraryRepository extends CrudRepository, Librar public static final ResultSetFilter FILTER = new ResultSetFilter(); -// @Query("SELECT l FROM Library l LEFT OUTER JOIN FETCH l.libraryId WHERE l.id=:id") -// Optional> findById(@Param("id") Long id); @Query("SELECT l FROM Library l LEFT OUTER JOIN FETCH l.libraryId WHERE l.digest=:digest") List findByDigest(@Param("digest") String digest); diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java index d7e97602e..f1b84b729 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/SpaceRepository.java @@ -18,8 +18,6 @@ public interface SpaceRepository extends CrudRepository, SpaceRepos public static final ResultSetFilter FILTER = new ResultSetFilter(); - //List findById(@Param("id") Long id); - /** * All spaces of the given {@link Tenant}. * @param tenant as String diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java index 200d80e00..6b36c3ec5 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/repo/TenantRepository.java @@ -15,9 +15,7 @@ public interface TenantRepository extends CrudRepository, TenantRepositoryCustom { public static final ResultSetFilter FILTER = new ResultSetFilter(); - -// List findById(@Param("id") Long id); - + @Query("SELECT s FROM Tenant AS s WHERE s.tenantToken = :token") List findBySecondaryKey(@Param("token") String token); From a6aecc1d8b0ecb3b5ac688ceb7688a2f59a4eca7 Mon Sep 17 00:00:00 2001 From: Serena Date: Mon, 5 Aug 2019 11:32:34 +0200 Subject: [PATCH 09/34] update spring-boot version --- rest-backend/pom.xml | 2 +- rest-lib-utils/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 38ef75315..81f35c5a0 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 2.1.4.RELEASE + 2.1.6.RELEASE diff --git a/rest-lib-utils/pom.xml b/rest-lib-utils/pom.xml index 4da9ce2ba..8d0fe659c 100644 --- a/rest-lib-utils/pom.xml +++ b/rest-lib-utils/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 2.1.4.RELEASE + 2.1.6.RELEASE From 815d8357df5189648f4f47c7b68052a45bf75dac Mon Sep 17 00:00:00 2001 From: Serena Date: Mon, 5 Aug 2019 14:29:36 +0200 Subject: [PATCH 10/34] update new code to spring2 --- .../com/sap/psr/vulas/backend/rest/LibraryIdController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryIdController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryIdController.java index 01eb527ae..75c95ee89 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryIdController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryIdController.java @@ -189,10 +189,10 @@ public ResponseEntity> getAr for(Object[] e: libids_w_rebundles) { //check whether the libId rebundles a vulnerable library. If so, add it to vuln_libids - LibraryId lid = LibraryIdRepository.FILTER.findOne(libIdRepository.findById(((BigInteger)e[0]).longValue())); + LibraryId lid = libIdRepository.findById(((BigInteger)e[0]).longValue()).orElse(null); if(!vuln_libids.contains(lid)){ - LibraryId lid_bundled = LibraryIdRepository.FILTER.findOne(libIdRepository.findById(((BigInteger)e[1]).longValue())); + LibraryId lid_bundled = libIdRepository.findById(((BigInteger)e[1]).longValue()).orElse(null); for(AffectedLibrary afflib: lid_bundled.getAffLibraries()) { Boolean affected = this.afflibRepository.isBugLibIdAffected(afflib.getBugId().getBugId(), afflib.getLibraryId()); From 70fd3d3350542fb22d140ab4ee630566d004ed6b Mon Sep 17 00:00:00 2001 From: Serena Date: Thu, 22 Aug 2019 12:01:29 +0200 Subject: [PATCH 11/34] updated spring and flyway versions --- rest-backend/pom.xml | 4 ++-- rest-lib-utils/pom.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 1a3cad49f..5352046dc 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 2.1.6.RELEASE + 2.1.7.RELEASE @@ -172,7 +172,7 @@ org.flywaydb flyway-core - 5.2.4 + 6.0.0 diff --git a/rest-lib-utils/pom.xml b/rest-lib-utils/pom.xml index 0f1751077..2779d021b 100644 --- a/rest-lib-utils/pom.xml +++ b/rest-lib-utils/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 2.1.6.RELEASE + 2.1.7.RELEASE From f94927f7ba6c5d099d23433473e11129f007c698 Mon Sep 17 00:00:00 2001 From: Serena Date: Thu, 22 Aug 2019 16:51:38 +0200 Subject: [PATCH 12/34] revert Id GeneratorStyle to the Spring 1.5 default (false) --- rest-backend/src/main/resources/application.properties | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rest-backend/src/main/resources/application.properties b/rest-backend/src/main/resources/application.properties index 39f762f95..60c874df3 100644 --- a/rest-backend/src/main/resources/application.properties +++ b/rest-backend/src/main/resources/application.properties @@ -53,4 +53,8 @@ management.trace.http.include=REQUEST_HEADERS,RESPONSE_HEADERS #Flyway changed its default for flyway.table in version 5.0.0 to flyway_schema_history and you are still relying on the old default (schema_version). Set flyway.table=schema_version in your configuration to fix this. This fallback mechanism will be removed in Flyway 6.0.0. spring.flyway.table=schema_version -#spring.datasource.type=org.apache.tomcat.jdbc.pool.DataSource \ No newline at end of file +#spring.datasource.type=org.apache.tomcat.jdbc.pool.DataSource + +# In Spring 2 the following propert changed the default from false to true (https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide#id-generator). +# When "true" the performances of our Junit tests gets considerably bad. Moreover it is reported to create incompatibilities with existing keys that needs to be addressed with migrations (to be investigated) +spring.jpa.hibernate.use-new-id-generator-mappings=false \ No newline at end of file From bcc6f0e39fbd99859b60232f7ed0d6b449206c03 Mon Sep 17 00:00:00 2001 From: Serena Date: Thu, 5 Sep 2019 10:13:47 +0200 Subject: [PATCH 13/34] updated flyway to version 6.0.1 --- rest-backend/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 97de0b2ed..6cb972c1d 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -172,7 +172,7 @@ org.flywaydb flyway-core - 6.0.0 + 6.0.1 From 577642047edfe39fb3b058be08795ffd8136da59 Mon Sep 17 00:00:00 2001 From: Serena Date: Wed, 26 Feb 2020 09:58:12 +0100 Subject: [PATCH 14/34] updated versions of spring, flyway, swagger and related code changes --- rest-backend/pom.xml | 7 ++- .../backend/rest/ApplicationController.java | 4 +- .../psr/vulas/backend/rest/BugController.java | 13 +++--- .../vulas/backend/rest/LibraryController.java | 15 ++++--- .../vulas/backend/rest/MainController.java | 43 +++++++------------ .../vulas/backend/rest/SpaceController.java | 2 +- 6 files changed, 37 insertions(+), 47 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 6cb972c1d..8870e8ab5 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 2.1.7.RELEASE + 2.2.4.RELEASE @@ -108,12 +108,12 @@ io.springfox springfox-swagger2 - 2.9.2 + 3.0.0-SNAPSHOT io.springfox springfox-swagger-ui - 2.9.2 + 3.0.0-SNAPSHOT @@ -172,7 +172,6 @@ org.flywaydb flyway-core - 6.0.1 diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java index 3dc6e31c3..f4c928b73 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java @@ -231,7 +231,7 @@ public ResponseEntity createApplication(@RequestBody Application ap * @param mode a {@link java.lang.String} object. * @param space a {@link java.lang.String} object. */ - @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}", method = RequestMethod.DELETE) + @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}", method = RequestMethod.DELETE, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> purgeApplicationVersions(@PathVariable String mvnGroup, @PathVariable String artifact, @@ -675,7 +675,7 @@ public ResponseEntity cleanApplication(@PathVariable String mvnGrou * @param wildcardSearch a boolean. * @param space a {@link java.lang.String} object. */ - @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/search", method = RequestMethod.GET) + @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/search", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> searchConstructsInAppDependencies(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestParam(value="searchString", required=true, defaultValue="") String searchString, diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/BugController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/BugController.java index 6dadbd121..6621ec50c 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/BugController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/BugController.java @@ -18,7 +18,8 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cache.annotation.CacheEvict; -import org.springframework.hateoas.Resource; +//hateos.Resource was renamed into EntityModel (see https://docs.spring.io/spring-hateoas/docs/current/reference/html/#migrate-to-1.0) +import org.springframework.hateoas.EntityModel; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.CrossOrigin; @@ -255,21 +256,21 @@ public ResponseEntity updateBug(@PathVariable String bugid, @RequestBody Bu * @return 404 {@link HttpStatus#NOT_FOUND} if bug with given bug ID does not exist, 200 {@link HttpStatus#OK} if the bug was successfully deleted * @param bugid a {@link java.lang.String} object. */ - @RequestMapping(value = "/{bugid}", method = RequestMethod.DELETE) + @RequestMapping(value = "/{bugid}", method = RequestMethod.DELETE, produces = {"application/json;charset=UTF-8"}) @CacheEvict(value = "bug") - public ResponseEntity> deleteBug(@PathVariable String bugid) { + public ResponseEntity> deleteBug(@PathVariable String bugid) { try { final Bug b = BugRepository.FILTER.findOne(this.bugRepository.findByBugId(bugid)); // Ensure that no affected libs for bug exist final List aff_libs = this.afflibRepository.findByBug(b); if(aff_libs!=null && aff_libs.size()>0) - return new ResponseEntity>(HttpStatus.UNPROCESSABLE_ENTITY); + return new ResponseEntity>(HttpStatus.UNPROCESSABLE_ENTITY); this.bugRepository.delete(b); - return new ResponseEntity>(HttpStatus.OK); + return new ResponseEntity>(HttpStatus.OK); } catch(EntityNotFoundException enfe) { - return new ResponseEntity>(HttpStatus.NOT_FOUND); + return new ResponseEntity>(HttpStatus.NOT_FOUND); } } diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryController.java index cfae708f2..ce9458508 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/LibraryController.java @@ -19,7 +19,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.hateoas.Resource; +//hateos.Resource was renamed into EntityModel (see https://docs.spring.io/spring-hateoas/docs/current/reference/html/#migrate-to-1.0) +import org.springframework.hateoas.EntityModel; import org.springframework.http.HttpEntity; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -120,7 +121,7 @@ public Iterable getLibraries(@RequestParam(value="mostUsed", required=f * @return 409 {@link HttpStatus#CONFLICT} if bug with given bug ID already exists, 201 {@link HttpStatus#CREATED} if the bug was successfully created * @param skipResponseBody a {@link java.lang.Boolean} object. */ - @RequestMapping(value = "", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}) + @RequestMapping(value = "", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.LibDetails.class) public ResponseEntity createLibrary(@RequestBody Library library,@RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody) { try { @@ -188,7 +189,7 @@ public ResponseEntity> getLibraryApplications(@PathVariable St * @param library a {@link com.sap.psr.vulas.backend.model.Library} object. * @param skipResponseBody a {@link java.lang.Boolean} object. */ - @RequestMapping(value = "/{digest}", method = RequestMethod.PUT, consumes = {"application/json;charset=UTF-8"}) + @RequestMapping(value = "/{digest}", method = RequestMethod.PUT, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.LibDetails.class) public ResponseEntity updateLibrary(@PathVariable String digest, @RequestBody Library library,@RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody) { if(!digest.equals(library.getDigest())) @@ -216,7 +217,7 @@ public ResponseEntity updateLibrary(@PathVariable String digest, @Reque * 200 {@link HttpStatus#OK} if the library metadata were successfully updated * @param skipResponseBody a {@link java.lang.Boolean} object. */ - @RequestMapping(value = "/{digest}/updateMetadata", method = RequestMethod.PUT, consumes = {"application/json;charset=UTF-8"}) + @RequestMapping(value = "/{digest}/updateMetadata", method = RequestMethod.PUT, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.LibDetails.class) public ResponseEntity updateLibraryMetaData(@PathVariable String digest, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody) { try { @@ -258,14 +259,14 @@ public ResponseEntity isLibraryExisting(@PathVariable String digest) { * @param digest a {@link java.lang.String} object. */ @RequestMapping(value = "/{digest}", method = RequestMethod.DELETE, produces = {"application/json;charset=UTF-8"}) - public ResponseEntity> deleteLibrary(@PathVariable String digest) { + public ResponseEntity> deleteLibrary(@PathVariable String digest) { try { final Library lib = LibraryRepository.FILTER.findOne(this.libRepository.findByDigest(digest)); this.libRepository.delete(lib); - return new ResponseEntity>(HttpStatus.OK); + return new ResponseEntity>(HttpStatus.OK); } catch(EntityNotFoundException enfe) { - return new ResponseEntity>(HttpStatus.NOT_FOUND); + return new ResponseEntity>(HttpStatus.NOT_FOUND); } } diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java index 4b15f1c0b..128ac799f 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java @@ -1,27 +1,23 @@ package com.sap.psr.vulas.backend.rest; -import static com.google.common.base.Predicates.or; import static com.google.common.collect.Lists.newArrayList; import static springfox.documentation.builders.PathSelectors.regex; import java.util.ArrayList; +import java.util.function.Predicate; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.domain.EntityScan; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import org.springframework.cache.annotation.EnableCaching; -import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.data.jpa.repository.config.EnableJpaRepositories; import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder; -import com.fasterxml.classmate.TypeResolver; -import com.google.common.base.Predicate; import com.sap.psr.vulas.backend.repo.BugRepositoryImpl; import com.sap.psr.vulas.backend.util.ReferenceUpdater; import com.sap.psr.vulas.shared.util.Constants; @@ -40,7 +36,7 @@ import springfox.documentation.spring.web.plugins.Docket; import springfox.documentation.swagger.web.ApiKeyVehicle; import springfox.documentation.swagger.web.SecurityConfiguration; -import springfox.documentation.swagger2.annotations.EnableSwagger2; +import springfox.documentation.swagger2.annotations.EnableSwagger2WebMvc; /** *

MainController class.

@@ -49,12 +45,10 @@ @Configuration @ComponentScan({"com.sap.psr.vulas.backend.component,com.sap.psr.vulas.backend.rest"}) @EnableAutoConfiguration -//@EnableWebMvc -//@SpringBootApplication @EnableCaching @EntityScan({"com.sap.psr.vulas.backend.model"}) // So that managed entities in the model package are discovered @EnableJpaRepositories({"com.sap.psr.vulas.backend.repo"}) // So that repos in the repo package are discovered -@EnableSwagger2 +@EnableSwagger2WebMvc public class MainController extends SpringBootServletInitializer { /** @@ -99,11 +93,9 @@ private final ApiInfo getApiInfo() { */ @SuppressWarnings("unchecked") private Predicate bugPaths() { - return or( - regex("/bugs.*"), - regex("/coverage.*"), - regex("/cves.*") - ); + return regex("/bugs.*") + .or(regex("/coverage.*")) + .or(regex("/cves.*")); } /** @@ -112,13 +104,11 @@ private Predicate bugPaths() { */ @SuppressWarnings("unchecked") private Predicate userPaths() { - return or( - regex("/apps.*"), - regex("/hubIntegration.*"), - regex("/libs.*"), - regex("/libids.*"), - regex("/spaces.*") - ); + return regex("/apps.*") + .or(regex("/hubIntegration.*")) + .or(regex("/libs.*")) + .or(regex("/libids.*")) + .or(regex("/spaces.*")); } /** @@ -126,10 +116,8 @@ private Predicate userPaths() { * @return */ private Predicate configPaths() { - return or( - regex("/configuration.*"), - regex("/tenants.*") - ); + return regex("/configuration.*") + .or(regex("/tenants.*")); } /** @@ -231,8 +219,8 @@ public Docket adminApi() { .securitySchemes(newArrayList(this.tenantKey())).securityContexts(newArrayList(securityContext()));*/ } - @Autowired - private TypeResolver typeResolver; +// @Autowired +// private TypeResolver typeResolver; @Bean SecurityScheme tenantKey() { @@ -298,4 +286,5 @@ public static void main(String[] args) { protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { return application.sources(MainController.class); } + } diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java index 337b57c3c..2921cd870 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java @@ -224,7 +224,7 @@ public ResponseEntity isSpaceExisting( * @return 404 {@link HttpStatus#NOT_FOUND} if space with given token does not exist, 200 {@link HttpStatus#OK} if the space is found * @param tenant a {@link java.lang.String} object. */ - @RequestMapping(value = "/{token:.+}", method = RequestMethod.GET) + @RequestMapping(value = "/{token:.+}", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) public ResponseEntity getSpace( @PathVariable String token, @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { From 32172a93fe0eea55138c726f3057693e84bf81ec Mon Sep 17 00:00:00 2001 From: Serena Date: Wed, 26 Feb 2020 10:42:39 +0100 Subject: [PATCH 15/34] use h2 version from springboot 2.2 parent --- rest-backend/pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 5e92241bd..9233571df 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -284,8 +284,6 @@ com.h2database h2 - 1.4.199 org.postgresql From b7422b03336039c00da7b91a687953aa9448a26f Mon Sep 17 00:00:00 2001 From: Serena Date: Fri, 28 Feb 2020 18:47:59 +0100 Subject: [PATCH 16/34] moved to springdocs for api documentation(swagger) --- rest-backend/pom.xml | 33 +-- .../backend/rest/ApplicationController.java | 76 ++++--- .../vulas/backend/rest/MainController.java | 208 ++++-------------- .../vulas/backend/rest/SpaceController.java | 21 +- rest-lib-utils/pom.xml | 31 +-- .../psr/vulas/cia/rest/MainController.java | 76 +------ 6 files changed, 121 insertions(+), 324 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index 9233571df..d994841cd 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -114,31 +114,14 @@ json-path 2.4.0 - - - - io.swagger - swagger-annotations - 1.5.22 - - - io.swagger - swagger-core - 1.5.22 - - - - - io.springfox - springfox-swagger2 - 3.0.0-SNAPSHOT - + + - io.springfox - springfox-swagger-ui - 3.0.0-SNAPSHOT - - + org.springdoc + springdoc-openapi-ui + 1.2.32 + + com.sun.mail javax.mail @@ -284,6 +267,8 @@ com.h2database h2 + 1.4.199 org.postgresql diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java index d1c5ce943..10bc47c0c 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/ApplicationController.java @@ -114,7 +114,10 @@ import com.sap.psr.vulas.shared.util.StringUtil; import com.sap.psr.vulas.shared.util.VulasConfiguration; -import springfox.documentation.annotations.ApiIgnore; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.security.SecurityRequirement; +import io.swagger.v3.oas.annotations.OpenAPIDefinition;; + /** @@ -123,6 +126,9 @@ @RestController @CrossOrigin(origins = "*") @RequestMapping(path="/apps") +@OpenAPIDefinition( + security = {@SecurityRequirement(name = "tenant"),@SecurityRequirement(name = "space")} + ) public class ApplicationController { private static Logger log = LoggerFactory.getLogger(ApplicationController.class); @@ -205,7 +211,7 @@ public DispatcherServlet dispatcherServlet() { @JsonView(Views.Default.class) public ResponseEntity createApplication(@RequestBody Application application, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -262,7 +268,7 @@ public ResponseEntity> purgeApplicationVersions(@PathVariable @PathVariable String artifact, @RequestParam(value="keep", required=false, defaultValue="3") Integer keep, @RequestParam(value="mode", required=false, defaultValue="versions") String mode, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -397,7 +403,7 @@ public ResponseEntity updateApplication( @PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestBody Application application, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -464,7 +470,7 @@ public ResponseEntity> getApplications( @RequestParam(value="artifact", required=false, defaultValue="*") String a, @RequestParam(value="version", required=false, defaultValue="*") String v, @RequestParam(value="asOf", required=false, defaultValue="0") String asOfTimestamp, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -656,7 +662,7 @@ public ResponseEntity cleanApplication(@PathVariable String mvnGrou @PathVariable String artifact, @PathVariable String version, @RequestParam(value="clean", required=true) Boolean clean, @RequestParam(value="cleanGoalHistory", required=false, defaultValue="false") Boolean cleanGoalHistory, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -706,7 +712,7 @@ public ResponseEntity> searchConstructsInAppDependenc @RequestParam(value="searchString", required=true, defaultValue="") String searchString, @RequestParam(value="constructTypes", required=false, defaultValue="") ConstructType[] constructTypes, @RequestParam(value="wildcardSearch", required=false, defaultValue="true") boolean wildcardSearch, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -767,7 +773,7 @@ public ResponseEntity> searchConstructsInAppDependenc @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}", method = RequestMethod.OPTIONS) public ResponseEntity isApplicationExisting( @PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -801,7 +807,7 @@ public ResponseEntity isApplicationExisting( public ResponseEntity getApplication(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestParam(value="inclTraces", required=false, defaultValue="true") Boolean inclTraces, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -843,7 +849,7 @@ public ResponseEntity getApplication(@PathVariable String mvnGroup, @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/constructIds", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) public ResponseEntity> getApplicationConstructIds(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -877,7 +883,7 @@ public ResponseEntity createGoalExecution(@PathVariable String mv @PathVariable String artifact, @PathVariable String version, @RequestBody GoalExecution goalExecution, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -930,7 +936,7 @@ public ResponseEntity updateGoalExecution(@PathVariable String mv @PathVariable String executionId, @RequestBody GoalExecution goalExecution, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -975,7 +981,7 @@ public ResponseEntity updateGoalExecution(@PathVariable String mv public ResponseEntity isGoalExecutionExisting(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String executionId, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1012,7 +1018,7 @@ public ResponseEntity isGoalExecutionExisting(@PathVariable Strin @JsonView(Views.GoalDetails.class) public ResponseEntity getGoalExecution(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable Long id, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1048,7 +1054,7 @@ public ResponseEntity getGoalExecution(@PathVariable String mvnGr public ResponseEntity getLatestGoalExecution(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestParam(value="type", required=false, defaultValue="") String type, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1089,7 +1095,7 @@ public ResponseEntity getLatestGoalExecution(@PathVariable String @JsonView(Views.Default.class) public ResponseEntity> getGoalExecutions(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1119,7 +1125,7 @@ public ResponseEntity> getGoalExecutions(@PathVariable Strin @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/goals", method = RequestMethod.DELETE) public ResponseEntity> deleteGoalExecutions(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1161,7 +1167,7 @@ public ResponseEntity> deleteGoalExecutions(@PathVariable St public ResponseEntity> getApplicationBugs(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestParam(value="historical", required=false, defaultValue="false") Boolean historical, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1205,7 +1211,7 @@ public ResponseEntity> getApplicationBugs(@PathVariable String mvnGrou @JsonView(Views.Default.class) public ResponseEntity> findDependencyIntersections(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1242,7 +1248,7 @@ public ResponseEntity> findDependencyIntersections( @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/deps", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> getDependencies(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1282,7 +1288,7 @@ public ResponseEntity> getDependencies(@PathVariable String mvn @JsonView(Views.DepDetails.class) // extends View LibDetails that allows to see the properties public ResponseEntity getDependency(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String digest, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1324,7 +1330,7 @@ public ResponseEntity getDependency(@PathVariable String mvnGroup, @ public ResponseEntity getApplicationMetrics( @PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestParam(value="excludedScopes", required=false, defaultValue="") Scope[] excludedScopes, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1402,7 +1408,7 @@ public ResponseEntity getApplicationMetrics( @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/deps/{digest}/updateMetrics", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.DepDetails.class) // extends View LibDetails that allows to see the properties public ResponseEntity getUpdateMetrics(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String digest, @RequestBody LibraryId otherVersion, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1563,7 +1569,7 @@ public ResponseEntity getUpdat @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/deps/{digest}/updateChanges", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.DepDetails.class) // extends View LibDetails that allows to see the properties public ResponseEntity getUpdateChanges(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String digest, @RequestBody LibraryId otherVersion, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1651,7 +1657,7 @@ public ResponseEntity> getAppVulnerableDependencie @RequestParam(value="includeAffectedUnconfirmed", required=false, defaultValue="true") Boolean includeAffectedUnconfirmed, // affectedConfirmed==0 @RequestParam(value="addExcemptionInfo", required=false, defaultValue="false") Boolean addExcemptionInfo, // consider configuration setting "vulas.report.exceptionScopeBlacklist" and "vulas.report.exceptionExcludeBugs" @RequestParam(value="lastChange", required=false, defaultValue="") String lastChange, // a timestamp identifier which is used to cache the response or not - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1775,7 +1781,7 @@ public ResponseEntity getVulnerableDependencyBugDetails(@P @RequestParam(value="bundledArtifact", required=false, defaultValue="") String bundledArtifact, @RequestParam(value="bundledVersion", required=false, defaultValue="") String bundledVersion, @RequestParam(value="bundledLibrary", required=false, defaultValue="") String bundledLibrary, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1812,7 +1818,7 @@ public ResponseEntity getVulnerableDependencyBugDetails(@P @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/traces", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> createTraces(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestBody Trace[] traces,@RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1854,7 +1860,7 @@ public ResponseEntity> createTraces(@PathVariable String mvnGroup, @ @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/traces", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> getTraces(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1884,7 +1890,7 @@ public ResponseEntity> getTraces(@PathVariable String mvnGroup, @Pat @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/reachableConstructIds", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.DepDetails.class) public ResponseEntity> getReachableContructIds(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1916,7 +1922,7 @@ public ResponseEntity> getReachableContructIds(@PathVaria @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/paths", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> createPaths(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @RequestBody Path[] paths, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1958,7 +1964,7 @@ public ResponseEntity> createPaths(@PathVariable String mvnGroup, @Pa @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/paths", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> getPaths(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -1990,7 +1996,7 @@ public ResponseEntity> getPaths(@PathVariable String mvnGroup, @PathV @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/deps/{digest}/paths/{bugId}", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @JsonView(Views.Default.class) public ResponseEntity> getVulndepPaths(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String digest, @PathVariable String bugId, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -2041,7 +2047,7 @@ public ResponseEntity> getVulndepConstructPaths( @PathVariable String digest, @PathVariable String bugId, @PathVariable String qname, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -2103,7 +2109,7 @@ public ResponseEntity> getVulndepConstructPaths( */ @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/deps/{digest}/reachableConstructIds", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) public ResponseEntity> createReachableConstructIds(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String digest, @RequestBody ConstructId[] constructIds, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { @@ -2147,7 +2153,7 @@ public ResponseEntity> createReachableConstructIds(@PathVariabl */ @RequestMapping(value = "/{mvnGroup:.+}/{artifact:.+}/{version:.+}/deps/{digest}/touchPoints", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) public ResponseEntity> createTouchPoints(@PathVariable String mvnGroup, @PathVariable String artifact, @PathVariable String version, @PathVariable String digest, @RequestBody TouchPoint[] touchPoints, @RequestParam(value="skipResponseBody", required=false, defaultValue="false") Boolean skipResponseBody, - @ApiIgnore @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_SPACE_HEADER, required=false) String space) { Space s = null; try { diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java index 523cd2b14..cd9afc2bd 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/MainController.java @@ -19,12 +19,8 @@ */ package com.sap.psr.vulas.backend.rest; -import static com.google.common.collect.Lists.newArrayList; -import static springfox.documentation.builders.PathSelectors.regex; - -import java.util.ArrayList; -import java.util.function.Predicate; +import org.springdoc.core.GroupedOpenApi; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.domain.EntityScan; @@ -42,20 +38,13 @@ import com.sap.psr.vulas.shared.util.Constants; import com.sap.psr.vulas.shared.util.VulasConfiguration; -import springfox.documentation.builders.ApiInfoBuilder; -import springfox.documentation.builders.AuthorizationScopeBuilder; -import springfox.documentation.service.ApiInfo; -import springfox.documentation.service.ApiKey; -import springfox.documentation.service.AuthorizationScope; -import springfox.documentation.service.BasicAuth; -import springfox.documentation.service.SecurityReference; -import springfox.documentation.service.SecurityScheme; -import springfox.documentation.spi.DocumentationType; -import springfox.documentation.spi.service.contexts.SecurityContext; -import springfox.documentation.spring.web.plugins.Docket; -import springfox.documentation.swagger.web.ApiKeyVehicle; -import springfox.documentation.swagger.web.SecurityConfiguration; -import springfox.documentation.swagger2.annotations.EnableSwagger2WebMvc; +import io.swagger.v3.oas.models.Components; +import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.security.SecurityScheme; +import io.swagger.v3.oas.models.security.SecurityScheme.In; + + /** *

MainController class.

@@ -67,7 +56,6 @@ @EnableCaching @EntityScan({"com.sap.psr.vulas.backend.model"}) // So that managed entities in the model package are discovered @EnableJpaRepositories({"com.sap.psr.vulas.backend.repo"}) // So that repos in the repo package are discovered -@EnableSwagger2WebMvc public class MainController extends SpringBootServletInitializer { /** @@ -98,173 +86,65 @@ ServletRegistrationBean h2servletRegistration(){ * Returns the API info for Swagger. * @return */ - private final ApiInfo getApiInfo() { - return new ApiInfoBuilder() - .title("Vulas REST API") - .description("This is the REST API of Vulas") - .version(VulasConfiguration.getGlobal().getConfiguration().getString("shared.version")) - .build(); - } - - /** - * Paths related to vulnerabilities. - * @return - */ - @SuppressWarnings("unchecked") - private Predicate bugPaths() { - return regex("/bugs.*") - .or(regex("/coverage.*")) - .or(regex("/cves.*")); - } + @Bean + public OpenAPI customOpenAPI() { + return new OpenAPI() + .components(new Components() + .addSecuritySchemes("tenant", new SecurityScheme().type(SecurityScheme.Type.APIKEY).in(In.HEADER).name(Constants.HTTP_TENANT_HEADER)) + .addSecuritySchemes("space", new SecurityScheme().type(SecurityScheme.Type.APIKEY).in(In.HEADER).name(Constants.HTTP_SPACE_HEADER))) + .info(new Info() + .title("Vulas REST API") + .description("This is the REST API of Vulas") + .version(VulasConfiguration.getGlobal().getConfiguration().getString("shared.version")) + ); + + } - /** - * Paths that require tenant selection. - * @return - */ - @SuppressWarnings("unchecked") - private Predicate userPaths() { - return regex("/apps.*") - .or(regex("/hubIntegration.*")) - .or(regex("/libs.*")) - .or(regex("/libids.*")) - .or(regex("/spaces.*")); - } - - /** - * Paths related to configuration and tenant management. - * @return - */ - private Predicate configPaths() { - return regex("/configuration.*") - .or(regex("/tenants.*")); - } /** *

bugApi.

* - * @return a {@link springfox.documentation.spring.web.plugins.Docket} object. + * @return a {@link org.springdoc.core.GroupedOpenApi} object. */ @Bean - public Docket bugApi() { - return new Docket(DocumentationType.SWAGGER_2) - .groupName("bug-api") - .apiInfo(this.getApiInfo()) - .select() - //.apis(RequestHandlerSelectors.any()) - .paths(this.bugPaths()) - .build() - //.pathMapping("/") - ; - } + public GroupedOpenApi bugApi() { + String paths[] = {"/bugs/**","/coverage/**","/cves/**"}; + return GroupedOpenApi.builder() + .setGroup("bug-api") + .pathsToMatch(paths) + .build(); + } + /** *

userApi.

* - * @return a {@link springfox.documentation.spring.web.plugins.Docket} object. + * @return a {@link org.springdoc.core.GroupedOpenApi} object. */ @Bean - public Docket userApi() { - AuthorizationScope[] authScopes = new AuthorizationScope[1]; - - authScopes[0] = new AuthorizationScopeBuilder() - .scope("read") - .description("read access") + public GroupedOpenApi userApi() { + String paths[] = {"/apps/**","/hubIntegration/**","/libs/**","/libids/**","/spaces/**"}; + return GroupedOpenApi.builder() + .setGroup("user-api") + .pathsToMatch(paths) .build(); - - SecurityReference securityReference1 = SecurityReference.builder() - .reference("tenant") - .scopes(authScopes) - .build(); - - SecurityReference securityReference2 = SecurityReference.builder() - .reference("space") - .scopes(authScopes) - .build(); - - ArrayList securityContexts = newArrayList(SecurityContext.builder().securityReferences - (newArrayList(securityReference1, securityReference2)).build()); - - return new Docket(DocumentationType.SWAGGER_2) - .groupName("user-api") - .apiInfo(this.getApiInfo()) - .select() - //.apis(RequestHandlerSelectors.any()) - .paths(this.userPaths()) - .build() - //.pathMapping("/") - .securitySchemes(newArrayList(this.tenantKey(), this.spaceKey())) - .securityContexts(securityContexts) - ; - } + } + /** *

adminApi.

* - * @return a {@link springfox.documentation.spring.web.plugins.Docket} object. + * @return a {@link org.springdoc.core.GroupedOpenApi} object. */ @Bean - public Docket adminApi() { - AuthorizationScope[] authScopes = new AuthorizationScope[1]; - - authScopes[0] = new AuthorizationScopeBuilder() - .scope("read") - .description("read access") + public GroupedOpenApi adminApi() { + String paths[] = {"/configuration/**","/tenants/**"}; + return GroupedOpenApi.builder() + .setGroup("admin-api") + .pathsToMatch(paths) .build(); - - SecurityReference securityReference = SecurityReference.builder() - .reference("test") - .scopes(authScopes) - .build(); - - ArrayList securityContexts = newArrayList(SecurityContext.builder().securityReferences - (newArrayList(securityReference)).build()); - - return new Docket(DocumentationType.SWAGGER_2) - .apiInfo(this.getApiInfo()) - .groupName("config-api") - .select() - //.apis(RequestHandlerSelectors.any()) - .paths(this.configPaths()) - .build() - //.pathMapping("/") - .securitySchemes(newArrayList(new BasicAuth("test"))) - .securityContexts(securityContexts) - ; - - /*.directModelSubstitute(LocalDate.class, String.class).genericModelSubstitutes(ResponseEntity.class) - .alternateTypeRules(newRule(typeResolver.resolve(DeferredResult.class, typeResolver.resolve(ResponseEntity.class, WildcardType.class)), typeResolver.resolve(WildcardType.class))) - .useDefaultResponseMessages(false) - .globalResponseMessage(RequestMethod.GET, newArrayList(new ResponseMessageBuilder().code(500).message("500 message").responseModel(new ModelRef("Error")).build())) - .securitySchemes(newArrayList(this.tenantKey())).securityContexts(newArrayList(securityContext()));*/ - } - -// @Autowired -// private TypeResolver typeResolver; - - @Bean - SecurityScheme tenantKey() { - return new ApiKey("tenant", Constants.HTTP_TENANT_HEADER, "header"); - } - - @Bean - SecurityScheme spaceKey() { - return new ApiKey("space", Constants.HTTP_SPACE_HEADER, "header"); } - /** - *

securityInfo.

- * - * @return a {@link springfox.documentation.swagger.web.SecurityConfiguration} object. - */ - @Bean - public SecurityConfiguration securityInfo() { - return new SecurityConfiguration("abc", "123", "pets", "petstore", Constants.HTTP_TENANT_HEADER, ApiKeyVehicle.HEADER, "", ","); - } - -// @Bean -// UiConfiguration uiConfig() { -// return new UiConfiguration("validatorUrl"); -// } /** * Can be used to do some initialization at application startup, but does not do anything right now. diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java index faa29b757..0e74fef15 100644 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/rest/SpaceController.java @@ -66,7 +66,8 @@ import com.sap.psr.vulas.shared.util.StringList.ComparisonMode; import com.sap.psr.vulas.shared.util.VulasConfiguration; -import springfox.documentation.annotations.ApiIgnore; +import io.swagger.v3.oas.annotations.Parameter; + /** *

SpaceController class.

@@ -115,7 +116,7 @@ public class SpaceController { */ @RequestMapping(value = "", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) public ResponseEntity> getAllSpaces( - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { // Check whether tenant exists or retrieve default Tenant t = null; @@ -144,7 +145,7 @@ public ResponseEntity> getAllSpaces( */ @RequestMapping(value = "default", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) public ResponseEntity getDefaultSpace( - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { // Check whether tenant exists or retrieve default Tenant t = null; @@ -183,7 +184,7 @@ public ResponseEntity> searchSpaces( @RequestParam(value="mode", required=false, defaultValue="EQUALS") ComparisonMode mode, @RequestParam(value="caseSensitivity", required=false, defaultValue="CASE_SENSITIVE") CaseSensitivity caseSensitivity, @RequestParam(value="value", required=true) String[] value, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { // Check whether tenant exists or retrieve default Tenant t = null; @@ -223,7 +224,7 @@ public ResponseEntity> searchSpaces( @RequestMapping(value = "/{token:.+}", method = RequestMethod.OPTIONS) public ResponseEntity isSpaceExisting( @PathVariable String token, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { // Check whether tenant exists or retrieve default Tenant t = null; try { @@ -251,7 +252,7 @@ public ResponseEntity isSpaceExisting( @RequestMapping(value = "/{token:.+}", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) public ResponseEntity getSpace( @PathVariable String token, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { // Check whether tenant exists or retrieve default Tenant t = null; try { @@ -279,7 +280,7 @@ public ResponseEntity getSpace( @RequestMapping(value = "", method = RequestMethod.POST, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"}) public ResponseEntity createSpace( @RequestBody Space space, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { final StopWatch sw = new StopWatch("Create space [" + (space==null?null:space.getSpaceName()) + "] " + "for tenant token [" + tenant +"] ").start(); @@ -342,7 +343,7 @@ else if(space.isReadOnly()) { public ResponseEntity modifySpace( @PathVariable String token, @RequestBody Space new_space, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { try { // Check arguments if(new_space==null) { @@ -426,7 +427,7 @@ else if(!new_space.hasNameAndDescription()) { public ResponseEntity cleanSpace( @PathVariable String token, @RequestParam(value="clean", required=true) Boolean clean, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { try { // Check whether tenant exists or retrieve default @@ -515,7 +516,7 @@ public ResponseEntity cleanSpace( @RequestMapping(value = "/{token:.+}", method = RequestMethod.DELETE) public ResponseEntity deleteSpace( @PathVariable String token, - @ApiIgnore @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { + @Parameter(hidden = true) @RequestHeader(value=Constants.HTTP_TENANT_HEADER, required=false) String tenant) { try { // Check whether tenant exists or retrieve default diff --git a/rest-lib-utils/pom.xml b/rest-lib-utils/pom.xml index 2ddcba454..6febca5d6 100644 --- a/rest-lib-utils/pom.xml +++ b/rest-lib-utils/pom.xml @@ -27,7 +27,7 @@ org.springframework.boot spring-boot-starter-parent - 2.1.7.RELEASE + 2.2.4.RELEASE @@ -124,30 +124,13 @@ 2.6 - + - io.swagger - swagger-annotations - 1.5.22 - - - io.swagger - swagger-core - 1.5.22 - - - - - io.springfox - springfox-swagger2 - 2.9.2 - - - io.springfox - springfox-swagger-ui - 2.9.2 - - + org.springdoc + springdoc-openapi-ui + 1.2.32 + + com.sap.research.security.vulas diff --git a/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java b/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java index 4df6f2c28..26ba56d1c 100644 --- a/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java +++ b/rest-lib-utils/src/main/java/com/sap/psr/vulas/cia/rest/MainController.java @@ -19,17 +19,12 @@ */ package com.sap.psr.vulas.cia.rest; -import static com.google.common.collect.Lists.newArrayList; -import static springfox.documentation.schema.AlternateTypeRules.newRule; - -import java.time.LocalDate; import java.util.HashMap; -import java.util.List; import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; +import org.springdoc.core.GroupedOpenApi; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.builder.SpringApplicationBuilder; @@ -37,12 +32,8 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; -import org.springframework.http.ResponseEntity; import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.context.request.async.DeferredResult; -import com.fasterxml.classmate.TypeResolver; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonSerializer; import com.sap.psr.vulas.java.sign.ASTConstructBodySignature; @@ -52,23 +43,6 @@ import com.sap.psr.vulas.java.sign.gson.ASTSignatureChangeSerializer; import com.sap.psr.vulas.python.sign.PythonConstructDigest; import com.sap.psr.vulas.python.sign.PythonConstructDigestSerializer; -import com.sap.psr.vulas.shared.util.Constants; - - -import springfox.documentation.builders.PathSelectors; -import springfox.documentation.builders.RequestHandlerSelectors; -import springfox.documentation.builders.ResponseMessageBuilder; -import springfox.documentation.schema.ModelRef; -import springfox.documentation.schema.WildcardType; -import springfox.documentation.service.ApiKey; -import springfox.documentation.service.AuthorizationScope; -import springfox.documentation.service.SecurityReference; -import springfox.documentation.spi.DocumentationType; -import springfox.documentation.spi.service.contexts.SecurityContext; -import springfox.documentation.spring.web.plugins.Docket; -import springfox.documentation.swagger.web.ApiKeyVehicle; -import springfox.documentation.swagger.web.SecurityConfiguration; -import springfox.documentation.swagger2.annotations.EnableSwagger2; /** *

MainController class.

@@ -77,7 +51,6 @@ @Configuration @ComponentScan({"com.sap.psr.vulas.cia.util,com.sap.psr.vulas.cia.rest"}) @EnableAutoConfiguration -@EnableSwagger2 public class MainController extends SpringBootServletInitializer { private static Logger log = LoggerFactory.getLogger(MainController.class); @@ -86,45 +59,14 @@ public class MainController extends SpringBootServletInitializer { *

backendApi.

* * @return a {@link springfox.documentation.spring.web.plugins.Docket} object. - */ - @Bean - public Docket backendApi() { - return new Docket(DocumentationType.SWAGGER_2).select().apis(RequestHandlerSelectors.any()).paths(PathSelectors.any()).build().pathMapping("/") - .apiInfo(new springfox.documentation.service.ApiInfo("Vulas CIA", "RESTful API for discovering and analyzing alternative Maven artifacts", "1.1.0-SNAPSHOT", "SAP", null, "commercial", null)) - .directModelSubstitute(LocalDate.class, String.class).genericModelSubstitutes(ResponseEntity.class) - .alternateTypeRules(newRule(typeResolver.resolve(DeferredResult.class, typeResolver.resolve(ResponseEntity.class, WildcardType.class)), typeResolver.resolve(WildcardType.class))) - .useDefaultResponseMessages(false) - .globalResponseMessage(RequestMethod.GET, newArrayList(new ResponseMessageBuilder().code(500).message("500 message").responseModel(new ModelRef("Error")).build())); - //.securitySchemes(newArrayList(apiKey())).securityContexts(newArrayList(securityContext())); - } - - @Autowired - private TypeResolver typeResolver; - - private ApiKey apiKey() { - return new ApiKey("mykey", "api_key", "header"); - } - - private SecurityContext securityContext() { - return SecurityContext.builder().securityReferences(defaultAuth()).forPaths(PathSelectors.regex("/anyPath.*")).build(); - } - - List defaultAuth() { - AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); - AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; - authorizationScopes[0] = authorizationScope; - return newArrayList(new SecurityReference("mykey", authorizationScopes)); - } - - @Bean - SecurityConfiguration security() { - return new SecurityConfiguration("abc", "123", "pets", "petstore", Constants.HTTP_TENANT_HEADER, ApiKeyVehicle.HEADER, "", ","); - } -// -// @Bean -// UiConfiguration uiConfig() { -// return new UiConfiguration("validatorUrl"); -// } + */ + @Bean + public GroupedOpenApi publicApi() { + return GroupedOpenApi.builder() + .setGroup("public") + .pathsToMatch("/**") + .build(); + } /** * Can be used to do some initialization at application startup, but does not do anything right now. From 74fb30b2026cac0cd19417aa27267adf9da144b5 Mon Sep 17 00:00:00 2001 From: Serena Date: Fri, 28 Feb 2020 20:22:00 +0100 Subject: [PATCH 17/34] add missing dependency --- rest-backend/pom.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index d994841cd..ae0f4a8e8 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -133,6 +133,12 @@ javax.activation-api 1.2.0 + + + com.google.guava + guava + 28.2-jre + @@ -158,7 +164,7 @@ hamcrest-all 1.3 test - + From 1ba835dc5e6971389a614b4d5bde72c34fa889fd Mon Sep 17 00:00:00 2001 From: Serena Date: Fri, 28 Feb 2020 20:23:41 +0100 Subject: [PATCH 18/34] change column type to make constraint work with H2 --- .../main/java/com/sap/psr/vulas/backend/model/Dependency.java | 2 +- .../resources/db/migration/V20200219.1130__dropDepIndexes.sql | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/rest-backend/src/main/java/com/sap/psr/vulas/backend/model/Dependency.java b/rest-backend/src/main/java/com/sap/psr/vulas/backend/model/Dependency.java index bcabd18fb..384ffa555 100755 --- a/rest-backend/src/main/java/com/sap/psr/vulas/backend/model/Dependency.java +++ b/rest-backend/src/main/java/com/sap/psr/vulas/backend/model/Dependency.java @@ -112,7 +112,7 @@ public class Dependency implements Serializable{ @Column(columnDefinition = "text") private String path; - @Column(columnDefinition = "text") + @Column(length = 1024) private String relativePath; @ManyToMany(cascade = {}, fetch = FetchType.LAZY) diff --git a/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql b/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql index 235691fe8..68f0bee3d 100644 --- a/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql +++ b/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql @@ -1,4 +1,5 @@ DROP INDEX if exists public.dep_app_lib_index; DROP INDEX if exists public.dep_app_lib_parent_index; DROP INDEX if exists public.dep_app_lib_relpath_index; -alter table app_dependency add constraint UKnueog86fts45j2wcql6idbqwn unique (lib, app, parent, relative_path); \ No newline at end of file +ALTER TABLE app_dependency ALTER COLUMN relativePath TYPE varchar(1024); +ALTER TABLE app_dependency ADD CONSTRAINT UKnueog86fts45j2wcql6idbqwn UNIQUE (lib, app, parent, relative_path); \ No newline at end of file From 1803f6cbce030181ec3d772bf2bb59b8a4155882 Mon Sep 17 00:00:00 2001 From: Serena Date: Mon, 2 Mar 2020 11:06:07 +0100 Subject: [PATCH 19/34] fix typo --- .../resources/db/migration/V20200219.1130__dropDepIndexes.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql b/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql index 68f0bee3d..2785928c8 100644 --- a/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql +++ b/rest-backend/src/main/resources/db/migration/V20200219.1130__dropDepIndexes.sql @@ -1,5 +1,5 @@ DROP INDEX if exists public.dep_app_lib_index; DROP INDEX if exists public.dep_app_lib_parent_index; DROP INDEX if exists public.dep_app_lib_relpath_index; -ALTER TABLE app_dependency ALTER COLUMN relativePath TYPE varchar(1024); +ALTER TABLE app_dependency ALTER COLUMN relative_path TYPE varchar(1024); ALTER TABLE app_dependency ADD CONSTRAINT UKnueog86fts45j2wcql6idbqwn UNIQUE (lib, app, parent, relative_path); \ No newline at end of file From d8cc2514b754e5e4fbf8c28f39732abfda287493 Mon Sep 17 00:00:00 2001 From: Serena Date: Mon, 13 Jul 2020 18:13:09 +0200 Subject: [PATCH 20/34] update to tomcat 9 --- rest-backend/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rest-backend/pom.xml b/rest-backend/pom.xml index e1cc72567..d4405d3a3 100644 --- a/rest-backend/pom.xml +++ b/rest-backend/pom.xml @@ -251,17 +251,17 @@ org.apache.tomcat.embed tomcat-embed-core - 8.5.56 + 9.0.37 org.apache.tomcat.embed tomcat-embed-el - 8.5.56 + 9.0.37 org.apache.tomcat.embed tomcat-embed-websocket - 8.5.56 + 9.0.37 From 0e6cabc4af47583d311e870aee992b047c2cb9af Mon Sep 17 00:00:00 2001 From: Serena Date: Fri, 14 Aug 2020 17:50:46 +0200 Subject: [PATCH 21/34] fix log dependency for dependency-finder --- rest-lib-utils/pom.xml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rest-lib-utils/pom.xml b/rest-lib-utils/pom.xml index bb3f15e9f..338ad462b 100644 --- a/rest-lib-utils/pom.xml +++ b/rest-lib-utils/pom.xml @@ -153,10 +153,11 @@ 1.2.1-beta5 - + oro oro @@ -172,6 +173,11 @@ commons-logging 1.2 + + log4j + log4j + 1.2.17 + org.apache.ant ant From 74ce0173430d07031951e5057a7ac5fe05a92013 Mon Sep 17 00:00:00 2001 From: Serena Date: Wed, 19 Aug 2020 17:05:13 +0200 Subject: [PATCH 22/34] applied google java style --- .../java/com/sap/psr/vulas/cli/VulasCli.java | 114 +- .../com/sap/psr/vulas/cli/package-info.java | 4 +- .../sap/psr/vulas/cli/AbstractGoalTest.java | 129 +- .../sap/psr/vulas/cli/FileAnalyzerTest.java | 64 +- .../com/sap/psr/vulas/cli/VulasCliTest.java | 291 +- .../cg/soot/CustomEntryPointCreator.java | 549 +- .../cg/soot/SootCallgraphConstructor.java | 926 ++-- .../psr/vulas/cg/soot/SootConfiguration.java | 44 +- .../src/test/java/SootCallGraphTest.java | 143 +- .../cg/wala/WalaCallgraphConstructor.java | 852 +-- .../src/test/java/WalaCallGraphTest.java | 107 +- .../java/com/sap/psr/vulas/cg/A2CGoal.java | 82 +- .../sap/psr/vulas/cg/AbstractGetPaths.java | 45 +- .../sap/psr/vulas/cg/AbstractReachGoal.java | 399 +- .../java/com/sap/psr/vulas/cg/Callgraph.java | 945 ++-- .../vulas/cg/CallgraphConstructException.java | 34 +- .../sap/psr/vulas/cg/CallgraphPathSearch.java | 433 +- .../vulas/cg/CallgraphReachableSearch.java | 437 +- .../sap/psr/vulas/cg/DepthFirstGetPaths.java | 119 +- .../sap/psr/vulas/cg/MethodNameFilter.java | 140 +- .../sap/psr/vulas/cg/NodeMetaInformation.java | 318 +- .../com/sap/psr/vulas/cg/PathSimilarity.java | 216 +- .../sap/psr/vulas/cg/PrunedGraphGetPaths.java | 211 +- .../psr/vulas/cg/ReachabilityAnalyzer.java | 1718 +++--- .../vulas/cg/ReachabilityConfiguration.java | 64 +- .../java/com/sap/psr/vulas/cg/T2CGoal.java | 89 +- .../cg/spi/CallgraphConstructorFactory.java | 131 +- .../vulas/cg/spi/ICallgraphConstructor.java | 180 +- .../test/CallgraphConstructorFactoryTest.java | 47 +- .../sap/psr/vulas/cg/test/CallgraphTest.java | 327 +- .../com/sap/psr/vulas/cg/test/Examples.java | 42 +- .../vulas/bytecode/BytecodeComparator.java | 493 +- .../bytecode/ConstructBytecodeASTManager.java | 280 +- .../com/sap/psr/vulas/java/AarAnalyzer.java | 141 +- .../vulas/java/ArchiveAnalysisManager.java | 725 +-- .../sap/psr/vulas/java/ClassFileAnalyzer.java | 227 +- .../psr/vulas/java/JarAnalysisException.java | 36 +- .../com/sap/psr/vulas/java/JarAnalyzer.java | 1382 ++--- .../sap/psr/vulas/java/JarEntryWriter.java | 16 +- .../com/sap/psr/vulas/java/JarWriter.java | 1147 ++-- .../com/sap/psr/vulas/java/JavaClassId.java | 247 +- .../com/sap/psr/vulas/java/JavaClassInit.java | 119 +- .../sap/psr/vulas/java/JavaConstructorId.java | 166 +- .../com/sap/psr/vulas/java/JavaEnumId.java | 182 +- .../sap/psr/vulas/java/JavaFileAnalyzer2.java | 1415 ++--- .../java/com/sap/psr/vulas/java/JavaId.java | 1622 +++--- .../sap/psr/vulas/java/JavaInterfaceId.java | 183 +- .../com/sap/psr/vulas/java/JavaMethodId.java | 148 +- .../com/sap/psr/vulas/java/JavaPackageId.java | 134 +- .../com/sap/psr/vulas/java/PomParser.java | 93 +- .../com/sap/psr/vulas/java/WarAnalyzer.java | 877 +-- .../vulas/java/decompiler/IDecompiler.java | 14 +- .../java/decompiler/ProcyonDecompiler.java | 59 +- .../vulas/java/goals/CheckBytecodeGoal.java | 136 +- .../sap/psr/vulas/java/goals/InstrGoal.java | 496 +- .../java/sign/ASTConstructBodySignature.java | 448 +- .../sap/psr/vulas/java/sign/ASTSignature.java | 172 +- .../vulas/java/sign/ASTSignatureChange.java | 747 +-- .../java/sign/ASTSignatureComparator.java | 1260 +++-- .../com/sap/psr/vulas/java/sign/ASTUtil.java | 1053 ++-- .../psr/vulas/java/sign/CompilationUtils.java | 317 +- .../psr/vulas/java/sign/DistillerUtil.java | 14 +- .../vulas/java/sign/JavaSignatureFactory.java | 486 +- .../vulas/java/sign/UniqueNameNormalizer.java | 625 +-- ...ASTConstructBodySignatureDeserializer.java | 229 +- .../ASTConstructBodySignatureSerializer.java | 156 +- .../gson/ASTSignatureChangeDeserializer.java | 453 +- .../gson/ASTSignatureChangeSerializer.java | 176 +- .../sign/gson/ASTSignatureDeserializer.java | 228 +- .../psr/vulas/java/sign/gson/GsonHelper.java | 111 +- .../vulas/java/sign/gson/package-info.java | 4 +- .../sap/psr/vulas/java/sign/package-info.java | 2 +- .../sap/psr/vulas/java/tasks/JavaBomTask.java | 705 +-- .../psr/vulas/java/tasks/package-info.java | 4 +- .../vulas/monitor/AbstractInstrumentor.java | 167 +- .../vulas/monitor/ClassNameLoaderFilter.java | 62 +- .../psr/vulas/monitor/ClassPoolUpdater.java | 500 +- .../sap/psr/vulas/monitor/ClassVisitor.java | 1280 +++-- .../psr/vulas/monitor/DynamicTransformer.java | 501 +- .../psr/vulas/monitor/ExecutionMonitor.java | 402 +- .../sap/psr/vulas/monitor/IInstrumentor.java | 79 +- .../vulas/monitor/InstrumentationControl.java | 886 +-- .../vulas/monitor/InstrumentorFactory.java | 68 +- .../com/sap/psr/vulas/monitor/Loader.java | 284 +- .../sap/psr/vulas/monitor/LoaderFilter.java | 15 +- .../psr/vulas/monitor/LoaderHierarchy.java | 194 +- .../vulas/monitor/PrintlnInstrumentor.java | 54 +- .../psr/vulas/monitor/UploadScheduler.java | 208 +- .../monitor/slice/SliceInstrumentor.java | 279 +- .../vulas/monitor/touch/ConstructIdUtil.java | 269 +- .../monitor/touch/TouchPointCollector.java | 745 +-- .../monitor/touch/TouchPointInstrumentor.java | 185 +- .../trace/AbstractTraceInstrumentor.java | 117 +- .../vulas/monitor/trace/ConstructUsage.java | 418 +- .../sap/psr/vulas/monitor/trace/PathNode.java | 138 +- .../trace/SingleStackTraceInstrumentor.java | 253 +- .../trace/SingleTraceInstrumentor.java | 97 +- .../monitor/trace/StackTraceInstrumentor.java | 206 +- .../vulas/monitor/trace/StackTraceUtil.java | 928 ++-- .../vulas/monitor/trace/TraceCollector.java | 1334 ++--- .../src/test/java/ClassWithoutPackage.java | 6 +- .../src/test/java/NestedDeclarationMess.java | 150 +- .../sap/psr/vulas/java/AarAnalyzerTest.java | 26 +- .../psr/vulas/java/ClassFileAnalyzerTest.java | 54 +- .../psr/vulas/java/ClassPoolUpdaterTest.java | 175 +- .../vulas/java/JarAnalysisManagerTest.java | 28 +- .../sap/psr/vulas/java/JarAnalyzerTest.java | 256 +- .../com/sap/psr/vulas/java/JarWriterTest.java | 241 +- .../psr/vulas/java/JavaFileAnalyzer2Test.java | 1125 ++-- .../com/sap/psr/vulas/java/JavaIdTest.java | 490 +- .../sap/psr/vulas/java/JsonHelperTest.java | 99 +- .../com/sap/psr/vulas/java/PomParserTest.java | 34 +- .../sap/psr/vulas/java/WarAnalyzerTest.java | 90 +- .../java/decompiler/IDecompilerTest.java | 66 +- .../java/sign/ASTSignatureComparatorTest.java | 540 +- .../psr/vulas/java/sign/StringSimilarity.java | 20 +- .../sign/StringSimilarityLevenshtein.java | 73 +- .../java/sign/StringSimilarityNGrams.java | 11 +- .../java/sign/UniqueNamePreprocessorTest.java | 154 +- .../ASTDeserializeSignComparatorTest.java | 186 +- .../sap/psr/vulas/java/test/ConfigKey.java | 121 +- .../psr/vulas/java/test/ConfigurationKey.java | 35 +- .../psr/vulas/java/test/DrinkEnumExample.java | 77 +- .../com/sap/psr/vulas/java/test/EnumTest.java | 2 +- .../com/sap/psr/vulas/java/test/Generics.java | 5 +- .../java/test/HelloWorldAnonymousClasses.java | 115 +- .../java/test/HttpRequestCompletionLog.java | 322 +- .../java/test/NestedDeclarationMess2.java | 150 +- .../vulas/java/test/NestedDeclarations.java | 155 +- .../sap/psr/vulas/java/test/OuterClass.java | 2 +- .../psr/vulas/java/test/TestAgainAnon.java | 113 +- .../com/sap/psr/vulas/java/test/TestAnon.java | 186 +- .../java/test/TestClass$NoNestedClass.java | 4 +- .../psr/vulas/java/test/TestInterface.java | 4 +- .../com/sap/psr/vulas/java/test/Vanilla.java | 30 +- .../psr/vulas/monitor/AbstractGoalTest.java | 127 +- .../psr/vulas/monitor/ClassVisitorTest.java | 321 +- .../monitor/ConstructTransformerTest.java | 60 +- .../psr/vulas/sign/SignatureFactoryTest.java | 22 +- .../sap/psr/vulas/python/ProcessWrapper.java | 344 +- .../vulas/python/ProcessWrapperException.java | 42 +- .../vulas/python/Python335FileAnalyzer.java | 661 +-- .../psr/vulas/python/Python3FileAnalyzer.java | 660 +-- .../vulas/python/PythonArchiveAnalyzer.java | 734 +-- .../psr/vulas/python/PythonFileAnalyzer.java | 385 +- .../com/sap/psr/vulas/python/PythonId.java | 324 +- .../vulas/python/pip/PipInstalledPackage.java | 881 +-- .../sap/psr/vulas/python/pip/PipWrapper.java | 989 ++-- .../sap/psr/vulas/python/pip/PyWrapper.java | 202 +- .../psr/vulas/python/pip/package-info.java | 2 +- .../python/sign/PythonConstructDigest.java | 332 +- .../sign/PythonConstructDigestSerializer.java | 52 +- .../python/sign/PythonSignatureFactory.java | 120 +- .../psr/vulas/python/tasks/PythonBomTask.java | 371 +- .../psr/vulas/python/tasks/package-info.java | 4 +- .../python/utils/PythonConfiguration.java | 43 +- .../python/virtualenv/VirtualenvWrapper.java | 466 +- .../vulas/python/virtualenv/package-info.java | 2 +- .../psr/vulas/python/ProcessWrapperTest.java | 22 +- .../python/PythonArchiveAnalyzerTest.java | 291 +- .../vulas/python/PythonFileAnalyzerTest.java | 215 +- .../python/pip/PipInstalledPackageTest.java | 18 +- .../psr/vulas/python/pip/PipWrapperTest.java | 206 +- .../virtualenv/VirtualenvWrapperTest.java | 71 +- .../java/com/sap/psr/vulas/Construct.java | 198 +- .../com/sap/psr/vulas/ConstructChange.java | 450 +- .../java/com/sap/psr/vulas/ConstructId.java | 271 +- .../java/com/sap/psr/vulas/DirAnalyzer.java | 385 +- .../sap/psr/vulas/FileAnalysisException.java | 34 +- .../java/com/sap/psr/vulas/FileAnalyzer.java | 155 +- .../sap/psr/vulas/FileAnalyzerFactory.java | 188 +- .../backend/BackendConnectionException.java | 105 +- .../psr/vulas/backend/BackendConnector.java | 2822 +++++----- .../EntityNotFoundInBackendException.java | 16 +- .../com/sap/psr/vulas/backend/HttpMethod.java | 8 +- .../sap/psr/vulas/backend/HttpResponse.java | 194 +- .../backend/requests/AbstractHttpRequest.java | 247 +- .../backend/requests/BasicHttpRequest.java | 1194 ++-- .../requests/ConditionalHttpRequest.java | 246 +- .../backend/requests/ContentCondition.java | 113 +- .../vulas/backend/requests/HttpRequest.java | 132 +- .../backend/requests/HttpRequestList.java | 181 +- .../backend/requests/PutLibraryCondition.java | 91 +- .../backend/requests/RequestRepeater.java | 93 +- .../backend/requests/ResponseCondition.java | 16 +- .../backend/requests/StatusCondition.java | 50 +- .../vulas/backend/requests/package-info.java | 4 +- .../vulas/core/util/CoreConfiguration.java | 815 +-- .../core/util/SignatureConfiguration.java | 38 +- .../sap/psr/vulas/core/util/package-info.java | 2 +- .../sap/psr/vulas/goals/AbstractAppGoal.java | 329 +- .../com/sap/psr/vulas/goals/AbstractGoal.java | 1145 ++-- .../psr/vulas/goals/AbstractSpaceGoal.java | 70 +- .../java/com/sap/psr/vulas/goals/BomGoal.java | 215 +- .../com/sap/psr/vulas/goals/CheckverGoal.java | 86 +- .../com/sap/psr/vulas/goals/CleanGoal.java | 81 +- .../psr/vulas/goals/ExecutionObserver.java | 12 +- .../goals/GoalConfigurationException.java | 36 +- .../com/sap/psr/vulas/goals/GoalContext.java | 225 +- .../vulas/goals/GoalExecutionException.java | 38 +- .../com/sap/psr/vulas/goals/GoalExecutor.java | 58 +- .../com/sap/psr/vulas/goals/GoalFactory.java | 218 +- .../sap/psr/vulas/goals/ReportException.java | 68 +- .../com/sap/psr/vulas/goals/ReportGoal.java | 100 +- .../com/sap/psr/vulas/goals/SequenceGoal.java | 169 +- .../sap/psr/vulas/goals/SpaceCleanGoal.java | 36 +- .../com/sap/psr/vulas/goals/SpaceDelGoal.java | 36 +- .../com/sap/psr/vulas/goals/SpaceModGoal.java | 47 +- .../com/sap/psr/vulas/goals/SpaceNewGoal.java | 107 +- .../com/sap/psr/vulas/goals/TestGoal.java | 24 +- .../com/sap/psr/vulas/goals/UploadGoal.java | 20 +- .../com/sap/psr/vulas/goals/package-info.java | 2 +- .../malice/MaliciousnessAnalysisResult.java | 156 +- .../vulas/malice/MaliciousnessAnalyzer.java | 32 +- .../malice/MaliciousnessAnalyzerLoop.java | 57 +- .../sap/psr/vulas/malice/ZipSlipAnalyzer.java | 216 +- .../java/com/sap/psr/vulas/report/Report.java | 1258 +++-- .../com/sap/psr/vulas/sign/Signature.java | 43 +- .../sap/psr/vulas/sign/SignatureAnalysis.java | 560 +- .../sap/psr/vulas/sign/SignatureChange.java | 38 +- .../psr/vulas/sign/SignatureComparator.java | 59 +- .../sap/psr/vulas/sign/SignatureFactory.java | 66 +- .../sap/psr/vulas/tasks/AbstractBomTask.java | 44 +- .../com/sap/psr/vulas/tasks/AbstractTask.java | 207 +- .../java/com/sap/psr/vulas/tasks/BomTask.java | 22 +- .../com/sap/psr/vulas/tasks/ReachTask.java | 5 +- .../java/com/sap/psr/vulas/tasks/Task.java | 128 +- .../com/sap/psr/vulas/tasks/package-info.java | 4 +- .../sap/psr/vulas/goals/AbstractGoalTest.java | 97 +- .../com/sap/psr/vulas/goals/BomGoalTest.java | 294 +- .../sap/psr/vulas/goals/CleanGoalTest.java | 186 +- .../sap/psr/vulas/goals/SpaceDelGoalTest.java | 110 +- .../sap/psr/vulas/goals/SpaceNewGoalTest.java | 176 +- .../malice/MaliciousnessAnalyzerLoopTest.java | 15 +- .../psr/vulas/malice/ZipSlipAnalyzerTest.java | 59 +- .../com/sap/psr/vulas/report/ReportTest.java | 292 +- .../sap/psr/vulas/patcha/FileComparator.java | 253 +- .../sap/psr/vulas/patcha/PatchAnalyzer.java | 982 ++-- .../psr/vulas/patcha/PatchaConfiguration.java | 4 +- .../psr/vulas/patcha/VulasProxySelector.java | 169 +- .../psr/vulas/patcha/FileComparatorTest.java | 109 +- .../vulas/patcha/IT01_PatchAnalyzerIT.java | 77 +- .../representation/ArtifactLibrary.java | 164 +- .../representation/ArtifactResult2.java | 1203 ++--- .../ConstructPathAssessment2.java | 591 +- .../ConstructPathLibResult2.java | 302 +- .../representation/Intersection2.java | 136 +- .../patcheval/representation/LidResult2.java | 415 +- .../OrderedCCperConstructPath2.java | 336 +- .../OverallConstructChange.java | 270 +- .../patcheval/representation/ReleaseTree.java | 1418 ++--- .../psr/vulas/patcheval/utils/CSVHelper2.java | 748 +-- .../patcheval/utils/PEConfiguration.java | 82 +- .../psr/vulas/patcheval2/BugLibAnalyzer.java | 627 ++- .../psr/vulas/patcheval2/BugLibManager.java | 2669 ++++----- .../vulas/patcheval2/ByteCodeComparator.java | 353 +- .../vulas/patcheval2/BytecodeAnalyzer.java | 451 +- .../patcheval2/LibraryAnalyzerThread2.java | 590 +- .../com/sap/psr/vulas/patcheval2/Main.java | 187 +- .../com/sap/psr/vulas/patcheval2/PE_Run.java | 140 +- patch-lib-analyzer/src/test/java/CiaTest.java | 197 +- .../src/test/java/VersionTest.java | 46 +- .../sap/vulas/gradle/AbstractVulasTask.java | 265 +- .../com/sap/vulas/gradle/GradlePluginA2C.java | 10 +- .../com/sap/vulas/gradle/GradlePluginApp.java | 208 +- .../sap/vulas/gradle/GradlePluginClean.java | 11 +- .../sap/vulas/gradle/GradlePluginReport.java | 103 +- .../vulas/gradle/GradleProjectUtilities.java | 77 +- .../com/sap/vulas/gradle/VulasPlugin.java | 16 +- .../sap/vulas/gradle/VulasPluginCommon.java | 23 +- .../com/sap/vulas/gradle/AndroidLibsTest.java | 41 +- .../sap/vulas/gradle/GradleTestProject.java | 4 +- .../com/sap/vulas/gradle/JavaLibTest.java | 19 +- .../com/sap/vulas/gradle/VulasBaseTest.java | 86 +- .../sap/psr/vulas/mvn/AbstractVulasMojo.java | 660 ++- .../psr/vulas/mvn/AbstractVulasSpaceMojo.java | 269 +- .../com/sap/psr/vulas/mvn/MvnPluginA2C.java | 16 +- .../com/sap/psr/vulas/mvn/MvnPluginBom.java | 29 +- .../psr/vulas/mvn/MvnPluginCheckBytecode.java | 18 +- .../com/sap/psr/vulas/mvn/MvnPluginClean.java | 15 +- .../com/sap/psr/vulas/mvn/MvnPluginInstr.java | 86 +- .../sap/psr/vulas/mvn/MvnPluginReport.java | 132 +- .../psr/vulas/mvn/MvnPluginSpaceClean.java | 15 +- .../com/sap/psr/vulas/mvn/MvnPluginT2C.java | 20 +- .../sap/psr/vulas/mvn/MvnPluginUpload.java | 15 +- .../com/sap/psr/vulas/mvn/VulasAgentMojo.java | 544 +- .../psr/vulas/mvn/AbstractVulasMojoTest.java | 41 +- .../sap/psr/vulas/mvn/TestProjectStub.java | 140 +- .../psr/vulas/mvn/VulasAgentOptionsTests.java | 134 +- .../java/com/sap/psr/vulas/git/GitClient.java | 1300 +++-- .../sap/psr/vulas/git/MyProxySelector.java | 48 +- .../java/com/sap/psr/vulas/svn/SvnClient.java | 760 +-- .../com/sap/psr/vulas/vcs/FileChange.java | 196 +- .../com/sap/psr/vulas/vcs/IVCSClient.java | 174 +- .../psr/vulas/vcs/NoRepoClientException.java | 16 +- .../psr/vulas/vcs/RepoMismatchException.java | 30 +- .../java/com/sap/psr/vulas/git/GitTest.java | 481 +- .../component/ApplicationExporter.java | 552 +- .../component/ApplicationExporterThread.java | 720 +-- .../component/StatisticsContributor.java | 136 +- .../com/sap/psr/vulas/backend/cve/Cve.java | 342 +- .../sap/psr/vulas/backend/cve/CveReader2.java | 311 +- .../model/AffectedConstructChange.java | 717 +-- .../vulas/backend/model/AffectedLibrary.java | 1045 ++-- .../psr/vulas/backend/model/Application.java | 1159 ++-- .../com/sap/psr/vulas/backend/model/Bug.java | 999 ++-- .../vulas/backend/model/ConstructChange.java | 586 +- .../model/ConstructChangeInDependency.java | 378 +- .../backend/model/ConstructChangeType.java | 35 +- .../psr/vulas/backend/model/ConstructId.java | 429 +- .../backend/model/ConstructIdFilter.java | 274 +- .../backend/model/ConstructSearchResult.java | 173 +- .../psr/vulas/backend/model/Dependency.java | 1156 ++-- .../backend/model/DependencyIntersection.java | 126 +- .../vulas/backend/model/DependencyUpdate.java | 155 +- .../vulas/backend/model/GoalExecution.java | 913 ++-- .../sap/psr/vulas/backend/model/Library.java | 1114 ++-- .../psr/vulas/backend/model/LibraryId.java | 424 +- .../backend/model/PackageStatistics.java | 69 +- .../com/sap/psr/vulas/backend/model/Path.java | 638 ++- .../sap/psr/vulas/backend/model/PathNode.java | 223 +- .../sap/psr/vulas/backend/model/Property.java | 322 +- .../sap/psr/vulas/backend/model/Space.java | 732 +-- .../sap/psr/vulas/backend/model/Tenant.java | 404 +- .../psr/vulas/backend/model/TouchPoint.java | 306 +- .../sap/psr/vulas/backend/model/Trace.java | 481 +- .../psr/vulas/backend/model/V_AppVulndep.java | 585 +- .../backend/model/VulnerableDependency.java | 835 +-- .../psr/vulas/backend/model/view/Views.java | 42 +- .../repo/AffectedLibraryRepository.java | 625 ++- .../repo/AffectedLibraryRepositoryCustom.java | 67 +- .../repo/AffectedLibraryRepositoryImpl.java | 508 +- .../backend/repo/ApplicationRepository.java | 961 ++-- .../repo/ApplicationRepositoryCustom.java | 193 +- .../repo/ApplicationRepositoryImpl.java | 1340 ++--- .../psr/vulas/backend/repo/BugRepository.java | 171 +- .../backend/repo/BugRepositoryCustom.java | 40 +- .../vulas/backend/repo/BugRepositoryImpl.java | 380 +- .../repo/ConstructChangeRepository.java | 56 +- .../backend/repo/ConstructIdRepository.java | 122 +- .../backend/repo/DependencyRepository.java | 258 +- .../repo/DependencyRepositoryCustom.java | 36 +- .../repo/DependencyRepositoryImpl.java | 120 +- .../backend/repo/GoalExecutionRepository.java | 156 +- .../repo/GoalExecutionRepositoryCustom.java | 45 +- .../repo/GoalExecutionRepositoryImpl.java | 153 +- .../backend/repo/LibraryIdRepository.java | 123 +- .../vulas/backend/repo/LibraryRepository.java | 542 +- .../backend/repo/LibraryRepositoryCustom.java | 30 +- .../backend/repo/LibraryRepositoryImpl.java | 298 +- .../vulas/backend/repo/PathRepository.java | 156 +- .../backend/repo/PathRepositoryCustom.java | 16 +- .../backend/repo/PathRepositoryImpl.java | 203 +- .../backend/repo/PropertyRepository.java | 32 +- .../vulas/backend/repo/SpaceRepository.java | 126 +- .../backend/repo/SpaceRepositoryCustom.java | 49 +- .../backend/repo/SpaceRepositoryImpl.java | 211 +- .../vulas/backend/repo/TenantRepository.java | 38 +- .../backend/repo/TenantRepositoryCustom.java | 33 +- .../backend/repo/TenantRepositoryImpl.java | 110 +- .../vulas/backend/repo/TracesRepository.java | 249 +- .../backend/repo/TracesRepositoryCustom.java | 16 +- .../backend/repo/TracesRepositoryImpl.java | 255 +- .../backend/repo/V_AppVulndepRepository.java | 608 ++- .../backend/rest/ApplicationController.java | 4797 ++++++++++------- .../psr/vulas/backend/rest/BugController.java | 1128 ++-- .../backend/rest/ConfigurationController.java | 50 +- .../backend/rest/CoverageController.java | 604 ++- .../psr/vulas/backend/rest/CveController.java | 272 +- .../rest/HubIntegrationController.java | 1191 ++-- .../vulas/backend/rest/LibraryController.java | 1030 ++-- .../backend/rest/LibraryIdController.java | 464 +- .../vulas/backend/rest/MainController.java | 261 +- .../vulas/backend/rest/SpaceController.java | 1290 +++-- .../vulas/backend/rest/TenantController.java | 431 +- .../psr/vulas/backend/util/ArtifactMaps.java | 241 +- .../psr/vulas/backend/util/CacheFilter.java | 70 +- .../vulas/backend/util/ConnectionUtil.java | 101 +- .../vulas/backend/util/DependencyUtil.java | 239 +- .../vulas/backend/util/DigestVerifier.java | 80 +- .../util/DigestVerifierEnumerator.java | 140 +- .../backend/util/MavenCentralVerifier.java | 191 +- .../sap/psr/vulas/backend/util/Message.java | 285 +- .../psr/vulas/backend/util/PyPiVerifier.java | 251 +- .../vulas/backend/util/ReferenceUpdater.java | 205 +- .../vulas/backend/util/ResultSetFilter.java | 36 +- .../vulas/backend/util/ServiceWrapper.java | 554 +- .../psr/vulas/backend/util/SmtpClient.java | 241 +- .../sap/psr/vulas/backend/util/TokenUtil.java | 24 +- .../backend/util/VerificationException.java | 47 +- .../component/ApplicationExporterTest.java | 187 +- .../psr/vulas/backend/cve/CveReader2Test.java | 157 +- .../sap/psr/vulas/backend/cve/CveTest.java | 16 +- .../backend/cve/NvdRestServiceMockup.java | 88 +- .../rest/ApplicationControllerTest.java | 2247 ++++---- .../vulas/backend/rest/BugControllerTest.java | 1203 +++-- .../rest/HubIntegrationControllerTest.java | 587 +- .../rest/IT02_CoverageControllerIT.java | 219 +- .../backend/rest/LibraryControllerTest.java | 325 +- .../backend/rest/SpaceControllerTest.java | 804 +-- .../backend/rest/TenantControllerTest.java | 267 +- .../vulas/backend/util/ArtifactMapsTest.java | 60 +- .../backend/util/ConnectionUtilTest.java | 44 +- .../vulas/backend/util/PyPiVerifierTest.java | 28 +- .../vulas/backend/util/SmtpClientTest.java | 39 +- .../psr/vulas/backend/util/package-info.java | 4 +- .../dependencyfinder/ClassDiffVisitor.java | 1083 ++-- .../cia/dependencyfinder/JarDiffCmd.java | 123 +- .../cia/dependencyfinder/JarDiffVisitor.java | 276 +- .../psr/vulas/cia/model/ScanException.java | 38 +- .../vulas/cia/model/nexus/NexusArtifact.java | 118 +- .../NexusArtifactInfoResourceResponse.java | 40 +- .../model/nexus/NexusArtifactResolution.java | 36 +- .../psr/vulas/cia/model/nexus/NexusData.java | 107 +- .../cia/model/nexus/NexusDescribeInfo.java | 106 +- .../psr/vulas/cia/model/nexus/NexusLibId.java | 180 +- .../vulas/cia/model/nexus/NexusNGData.java | 40 +- .../model/nexus/NexusResolvedArtifact.java | 378 +- .../vulas/cia/model/nexus/NexusResponse.java | 44 +- .../vulas/cia/model/nexus/NexusSearch.java | 35 +- .../model/nexus/NexusSearchNGResponse.java | 37 +- .../psr/vulas/cia/model/pypi/PypiInfo.java | 523 +- .../psr/vulas/cia/model/pypi/PypiRelease.java | 279 +- .../vulas/cia/model/pypi/PypiResponse.java | 72 +- .../vulas/cia/rest/ArtifactController.java | 1099 ++-- .../psr/vulas/cia/rest/ClassController.java | 176 +- .../cia/rest/ConfigurationController.java | 50 +- .../vulas/cia/rest/ConstructController.java | 826 +-- .../psr/vulas/cia/rest/MainController.java | 106 +- .../vulas/cia/util/ArtifactDownloader.java | 95 +- .../sap/psr/vulas/cia/util/CacheFilter.java | 70 +- .../psr/vulas/cia/util/ClassDownloader.java | 272 +- .../vulas/cia/util/FileAnalyzerFetcher.java | 86 +- .../sap/psr/vulas/cia/util/HeaderEcho.java | 40 +- .../vulas/cia/util/MavenCentralWrapper.java | 696 +-- .../sap/psr/vulas/cia/util/NexusWrapper.java | 608 ++- .../sap/psr/vulas/cia/util/PypiWrapper.java | 498 +- .../sap/psr/vulas/cia/util/RepoException.java | 30 +- .../vulas/cia/util/RepositoryDispatcher.java | 395 +- .../psr/vulas/cia/util/RepositoryWrapper.java | 190 +- .../cia/dependencyfinder/JarDiffCmdTest.java | 55 +- .../vulas/cia/model/maven/ArtifactTest.java | 130 +- .../cia/rest/IT01_ArtifactControllerTest.java | 791 +-- .../cia/rest/IT02_SpringControllerTest.java | 496 +- .../cia/rest/IT03_ClassControllerTest.java | 33 +- .../rest/IT04_ConstructControllerTest.java | 60 +- .../com/sap/psr/vulas/shared/cache/Cache.java | 395 +- .../vulas/shared/cache/CacheException.java | 38 +- .../psr/vulas/shared/cache/ObjectFetcher.java | 18 +- .../shared/connectivity/PathBuilder.java | 1286 ++--- .../vulas/shared/connectivity/Service.java | 36 +- .../ServiceConnectionException.java | 48 +- .../shared/connectivity/package-info.java | 4 +- .../shared/enums/AffectedVersionSource.java | 23 +- .../sap/psr/vulas/shared/enums/BugOrigin.java | 36 +- .../shared/enums/ConstructChangeType.java | 38 +- .../psr/vulas/shared/enums/ConstructType.java | 77 +- .../shared/enums/ContentMaturityLevel.java | 32 +- .../vulas/shared/enums/CoverageStatus.java | 103 +- .../vulas/shared/enums/DependencyOrigin.java | 33 +- .../vulas/shared/enums/DigestAlgorithm.java | 32 +- .../shared/enums/ExportConfiguration.java | 37 +- .../psr/vulas/shared/enums/ExportFormat.java | 84 +- .../psr/vulas/shared/enums/GoalClient.java | 44 +- .../sap/psr/vulas/shared/enums/GoalType.java | 63 +- .../psr/vulas/shared/enums/PathSource.java | 8 +- .../shared/enums/ProgrammingLanguage.java | 39 +- .../vulas/shared/enums/PropertySource.java | 48 +- .../com/sap/psr/vulas/shared/enums/Scope.java | 86 +- .../psr/vulas/shared/enums/VulnDepOrigin.java | 85 +- .../psr/vulas/shared/enums/package-info.java | 6 +- .../psr/vulas/shared/json/JacksonUtil.java | 228 +- .../psr/vulas/shared/json/JsonBuilder.java | 716 ++- .../sap/psr/vulas/shared/json/JsonReader.java | 75 +- .../shared/json/JsonSyntaxException.java | 20 +- .../sap/psr/vulas/shared/json/JsonWriter.java | 49 +- .../json/model/AffectedConstructChange.java | 671 +-- .../shared/json/model/AffectedLibrary.java | 914 ++-- .../vulas/shared/json/model/Application.java | 898 +-- .../psr/vulas/shared/json/model/Artifact.java | 717 ++- .../sap/psr/vulas/shared/json/model/Bug.java | 978 ++-- .../shared/json/model/ConstructChange.java | 753 +-- .../model/ConstructChangeInDependency.java | 332 +- .../vulas/shared/json/model/ConstructId.java | 458 +- .../shared/json/model/ConstructIdFilter.java | 184 +- .../vulas/shared/json/model/Dependency.java | 857 +-- .../vulas/shared/json/model/ExemptionBug.java | 714 +-- .../shared/json/model/ExemptionScope.java | 261 +- .../vulas/shared/json/model/ExemptionSet.java | 140 +- .../json/model/ExemptionUnassessed.java | 255 +- .../vulas/shared/json/model/IExemption.java | 42 +- .../psr/vulas/shared/json/model/KeyValue.java | 221 +- .../psr/vulas/shared/json/model/Library.java | 531 +- .../vulas/shared/json/model/LibraryId.java | 333 +- .../psr/vulas/shared/json/model/PathNode.java | 177 +- .../psr/vulas/shared/json/model/Property.java | 292 +- .../psr/vulas/shared/json/model/Space.java | 534 +- .../psr/vulas/shared/json/model/Tenant.java | 170 +- .../psr/vulas/shared/json/model/Trace.java | 469 +- .../psr/vulas/shared/json/model/Version.java | 438 +- .../json/model/VulnerableDependency.java | 1006 ++-- .../json/model/diff/ClassDiffResult.java | 638 +-- .../json/model/diff/ClassModification.java | 160 +- .../shared/json/model/diff/JarDiffResult.java | 903 ++-- .../mavenCentral/MavenSearchResponse.java | 133 +- .../mavenCentral/MavenVersionsSearch.java | 40 +- .../json/model/mavenCentral/ResponseDoc.java | 622 ++- .../json/model/metrics/AbstractMetric.java | 77 +- .../shared/json/model/metrics/Counter.java | 124 +- .../shared/json/model/metrics/Metrics.java | 168 +- .../shared/json/model/metrics/Percentage.java | 78 +- .../shared/json/model/metrics/Ratio.java | 196 +- .../json/model/metrics/package-info.java | 2 +- .../vulas/shared/json/model/package-info.java | 8 +- .../vulas/shared/json/model/view/Views.java | 12 +- .../vulas/shared/util/AbstractFileSearch.java | 191 +- .../psr/vulas/shared/util/CollectionUtil.java | 25 +- .../sap/psr/vulas/shared/util/Constants.java | 46 +- .../vulas/shared/util/ConstructIdUtil.java | 53 +- .../psr/vulas/shared/util/DependencyUtil.java | 223 +- .../sap/psr/vulas/shared/util/DigestUtil.java | 101 +- .../sap/psr/vulas/shared/util/DirUtil.java | 378 +- .../vulas/shared/util/DirWithFileSearch.java | 57 +- .../shared/util/DirnamePatternSearch.java | 60 +- .../sap/psr/vulas/shared/util/FileSearch.java | 118 +- .../sap/psr/vulas/shared/util/FileUtil.java | 1090 ++-- .../shared/util/FilenamePatternSearch.java | 58 +- .../psr/vulas/shared/util/MemoryMonitor.java | 161 +- .../vulas/shared/util/ProgressTracker.java | 151 +- .../sap/psr/vulas/shared/util/StopWatch.java | 512 +- .../sap/psr/vulas/shared/util/StringList.java | 401 +- .../sap/psr/vulas/shared/util/StringUtil.java | 594 +- .../sap/psr/vulas/shared/util/ThreadUtil.java | 124 +- .../vulas/shared/util/VulasConfiguration.java | 1822 ++++--- .../psr/vulas/shared/util/package-info.java | 4 +- .../sap/psr/vulas/shared/cache/CacheTest.java | 229 +- .../sap/psr/vulas/shared/enums/ScopeTest.java | 30 +- .../vulas/shared/json/JacksonUtilTest.java | 235 +- .../vulas/shared/json/JsonBuilderTest.java | 71 +- .../json/VulnerableDependencyJsonTest.java | 174 +- .../json/model/metrics/MetricsTest.java | 19 +- .../vulas/shared/model/ApplicationTest.java | 23 +- .../vulas/shared/model/IExemptionTest.java | 544 +- .../shared/model/generic/VersionTest.java | 30 +- .../psr/vulas/shared/util/DigestUtilTest.java | 36 +- .../psr/vulas/shared/util/DirUtilTest.java | 66 +- .../psr/vulas/shared/util/FileSearchTest.java | 20 +- .../psr/vulas/shared/util/FileUtilTest.java | 116 +- .../psr/vulas/shared/util/StopWatchTest.java | 57 +- .../psr/vulas/shared/util/StringListTest.java | 121 +- .../psr/vulas/shared/util/StringUtilTest.java | 56 +- .../shared/util/TestDirWithFileSearch.java | 26 +- .../shared/util/VulasConfigurationTest.java | 383 +- 553 files changed, 87919 insertions(+), 78625 deletions(-) diff --git a/cli-scanner/src/main/java/com/sap/psr/vulas/cli/VulasCli.java b/cli-scanner/src/main/java/com/sap/psr/vulas/cli/VulasCli.java index 2bc1b169c..99efed791 100644 --- a/cli-scanner/src/main/java/com/sap/psr/vulas/cli/VulasCli.java +++ b/cli-scanner/src/main/java/com/sap/psr/vulas/cli/VulasCli.java @@ -27,7 +27,6 @@ import org.apache.commons.cli.ParseException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.goals.AbstractGoal; import com.sap.psr.vulas.goals.GoalConfigurationException; import com.sap.psr.vulas.goals.GoalExecutionException; @@ -44,65 +43,66 @@ */ public class VulasCli { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static GoalType goalType = null; + + private static AbstractGoal goal = null; + + /** + *

main.

+ * + * @param _args an array of {@link java.lang.String} objects. + * @throws com.sap.psr.vulas.goals.GoalConfigurationException if any. + * @throws com.sap.psr.vulas.goals.GoalExecutionException if any. + */ + public static void main(String[] _args) + throws GoalConfigurationException, GoalExecutionException { - private static GoalType goalType = null; + // Prepare parsing of cmd line arguments + final Options options = new Options(); + options.addOption( + "goal", + "goal", + true, + "Goal to be executed (clean, cleanSpace, app, a2c, t2c, instr, report, upload)"); - private static AbstractGoal goal = null; + // Get the goal to be executed + try { + final CommandLineParser parser = new DefaultParser(); + final CommandLine cmd = parser.parse(options, _args); + String g = cmd.getOptionValue("goal", null); - /** - *

main.

- * - * @param _args an array of {@link java.lang.String} objects. - * @throws com.sap.psr.vulas.goals.GoalConfigurationException if any. - * @throws com.sap.psr.vulas.goals.GoalExecutionException if any. - */ - public static void main(String[] _args) throws GoalConfigurationException, GoalExecutionException { + // Ugly workaround to correct the non-intuitive goal type SPACECLEAN and SPACEDEL + // TODO: Change GoalType.SPACECLEAN and GoalType.SPACEDEL + if ("cleanSpace".equals(g)) g = "spaceClean"; + else if ("cleanSpace".equals(g)) g = "spaceDel"; - // Prepare parsing of cmd line arguments - final Options options = new Options(); - options.addOption("goal", "goal", true, "Goal to be executed (clean, cleanSpace, app, a2c, t2c, instr, report, upload)"); - - // Get the goal to be executed - try { - final CommandLineParser parser = new DefaultParser(); - final CommandLine cmd = parser.parse(options, _args); - String g = cmd.getOptionValue("goal", null); - - // Ugly workaround to correct the non-intuitive goal type SPACECLEAN and SPACEDEL - // TODO: Change GoalType.SPACECLEAN and GoalType.SPACEDEL - if("cleanSpace".equals(g)) - g = "spaceClean"; - else if("cleanSpace".equals(g)) - g = "spaceDel"; - - goalType = GoalType.parseGoal(g); - } - // Happens for unknown/invalid options - catch (ParseException pe) { - log.error(pe.getMessage()); - final HelpFormatter formatter = new HelpFormatter(); - formatter.printHelp( "Vulas Command Line Interface", options ); - return; - } - // Happens during the parsing of the goal - catch (IllegalArgumentException iae) { - log.error(iae.getMessage()); - final HelpFormatter formatter = new HelpFormatter(); - formatter.printHelp("Vulas Command Line Interface", options); - return; - } + goalType = GoalType.parseGoal(g); + } + // Happens for unknown/invalid options + catch (ParseException pe) { + log.error(pe.getMessage()); + final HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("Vulas Command Line Interface", options); + return; + } + // Happens during the parsing of the goal + catch (IllegalArgumentException iae) { + log.error(iae.getMessage()); + final HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("Vulas Command Line Interface", options); + return; + } - // Create and execute the goal - try { - goal = GoalFactory.create(goalType, GoalClient.CLI); - goal.executeSync(); - } - catch(IllegalStateException ise) { - log.error(ise.getMessage()); - } - catch (IllegalArgumentException iae) { - log.error(iae.getMessage()); - } - } + // Create and execute the goal + try { + goal = GoalFactory.create(goalType, GoalClient.CLI); + goal.executeSync(); + } catch (IllegalStateException ise) { + log.error(ise.getMessage()); + } catch (IllegalArgumentException iae) { + log.error(iae.getMessage()); + } + } } diff --git a/cli-scanner/src/main/java/com/sap/psr/vulas/cli/package-info.java b/cli-scanner/src/main/java/com/sap/psr/vulas/cli/package-info.java index 1c13ec3c6..420430800 100644 --- a/cli-scanner/src/main/java/com/sap/psr/vulas/cli/package-info.java +++ b/cli-scanner/src/main/java/com/sap/psr/vulas/cli/package-info.java @@ -18,9 +18,9 @@ * Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. */ /** - * + * */ /** * */ -package com.sap.psr.vulas.cli; \ No newline at end of file +package com.sap.psr.vulas.cli; diff --git a/cli-scanner/src/test/java/com/sap/psr/vulas/cli/AbstractGoalTest.java b/cli-scanner/src/test/java/com/sap/psr/vulas/cli/AbstractGoalTest.java index 7171dbf96..cdd0679b2 100755 --- a/cli-scanner/src/test/java/com/sap/psr/vulas/cli/AbstractGoalTest.java +++ b/cli-scanner/src/test/java/com/sap/psr/vulas/cli/AbstractGoalTest.java @@ -36,69 +36,68 @@ public class AbstractGoalTest { - protected StubServer server; - - protected Tenant testTenant; - protected Space testSpace; - protected Application testApp; - - @Before - public void start() { - server = new StubServer().run(); - RestAssured.port = server.getPort(); - - testTenant = this.buildTestTenant(); - testSpace = this.buildTestSpace(); - testApp = this.buildTestApplication(); - - // Clear and set properties - this.clearVulasProperties(); - - // App context - System.setProperty(CoreConfiguration.APP_CTX_GROUP, testApp.getMvnGroup()); - System.setProperty(CoreConfiguration.APP_CTX_ARTIF, testApp.getArtifact()); - System.setProperty(CoreConfiguration.APP_CTX_VERSI, testApp.getVersion()); - - // Identify app code - System.setProperty(CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.READ_WRITE.toString()); - - // Identify app code - System.setProperty(CoreConfiguration.APP_PREFIXES, "com.acme"); - } - - @After - public void stop() { - this.clearVulasProperties(); - server.stop(); - } - - private void clearVulasProperties() { - final ArrayList l = new ArrayList(); - for(Object k: System.getProperties().keySet()) - if(k instanceof String && ((String)k).startsWith("vulas.")) - l.add((String)k); - for(String k: l) - System.clearProperty(k); - } - - protected Tenant buildTestTenant() { - final String rnd = StringUtil.getRandonString(6); - return new Tenant("tenant-token-" + rnd, "tenant-name-" + rnd); - } - - protected Space buildTestSpace() { - final String rnd = StringUtil.getRandonString(6); - return new Space("space-token-" + rnd, "space-name-" + rnd, "space-description"); - } - - protected Application buildTestApplication() { - final String rnd = StringUtil.getRandonString(6); - return new Application("app-group-" + rnd, "app-artifact-" + rnd, "app-version"); - } - - protected void configureBackendServiceUrl(StubServer _ss) { - final StringBuffer b = new StringBuffer(); - b.append("http://localhost:").append(_ss.getPort()).append("/backend"); - System.setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), b.toString()); - } + protected StubServer server; + + protected Tenant testTenant; + protected Space testSpace; + protected Application testApp; + + @Before + public void start() { + server = new StubServer().run(); + RestAssured.port = server.getPort(); + + testTenant = this.buildTestTenant(); + testSpace = this.buildTestSpace(); + testApp = this.buildTestApplication(); + + // Clear and set properties + this.clearVulasProperties(); + + // App context + System.setProperty(CoreConfiguration.APP_CTX_GROUP, testApp.getMvnGroup()); + System.setProperty(CoreConfiguration.APP_CTX_ARTIF, testApp.getArtifact()); + System.setProperty(CoreConfiguration.APP_CTX_VERSI, testApp.getVersion()); + + // Identify app code + System.setProperty( + CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.READ_WRITE.toString()); + + // Identify app code + System.setProperty(CoreConfiguration.APP_PREFIXES, "com.acme"); + } + + @After + public void stop() { + this.clearVulasProperties(); + server.stop(); + } + + private void clearVulasProperties() { + final ArrayList l = new ArrayList(); + for (Object k : System.getProperties().keySet()) + if (k instanceof String && ((String) k).startsWith("vulas.")) l.add((String) k); + for (String k : l) System.clearProperty(k); + } + + protected Tenant buildTestTenant() { + final String rnd = StringUtil.getRandonString(6); + return new Tenant("tenant-token-" + rnd, "tenant-name-" + rnd); + } + + protected Space buildTestSpace() { + final String rnd = StringUtil.getRandonString(6); + return new Space("space-token-" + rnd, "space-name-" + rnd, "space-description"); + } + + protected Application buildTestApplication() { + final String rnd = StringUtil.getRandonString(6); + return new Application("app-group-" + rnd, "app-artifact-" + rnd, "app-version"); + } + + protected void configureBackendServiceUrl(StubServer _ss) { + final StringBuffer b = new StringBuffer(); + b.append("http://localhost:").append(_ss.getPort()).append("/backend"); + System.setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), b.toString()); + } } diff --git a/cli-scanner/src/test/java/com/sap/psr/vulas/cli/FileAnalyzerTest.java b/cli-scanner/src/test/java/com/sap/psr/vulas/cli/FileAnalyzerTest.java index 35804fee9..1db66fa08 100644 --- a/cli-scanner/src/test/java/com/sap/psr/vulas/cli/FileAnalyzerTest.java +++ b/cli-scanner/src/test/java/com/sap/psr/vulas/cli/FileAnalyzerTest.java @@ -33,36 +33,36 @@ import com.sap.psr.vulas.python.PythonFileAnalyzer; public class FileAnalyzerTest { - - /** - * Checks whether the well-known FileAnaylyzers can be found. - */ - @Test - public void testPresenceOfWellknownFileAnalyzers() { - int i = 0; - final ServiceLoader loader = ServiceLoader.load(FileAnalyzer.class); - for(FileAnalyzer la: loader) { - i++; - System.out.println("File analyzer #" + i + ": " + la.getClass().getName()); - } - assertTrue(i>=7); - } - - /** - * Checks whether some of the well-known FileAnaylyzer are returned by the FileAnalyzerFactory. - */ - @Test - public void testWellknownFileAnalyzers() { - final File py = new File("./src/test/resources/file.py"); - FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(py); - assertTrue(fa instanceof PythonFileAnalyzer); - - final File d = new File("./src/test/resources"); - fa = FileAnalyzerFactory.buildFileAnalyzer(d); - assertTrue(fa instanceof DirAnalyzer); - - final File ja = new File("./src/test/resources/file.java"); - fa = FileAnalyzerFactory.buildFileAnalyzer(ja); - assertTrue(fa instanceof JavaFileAnalyzer2); - } + + /** + * Checks whether the well-known FileAnaylyzers can be found. + */ + @Test + public void testPresenceOfWellknownFileAnalyzers() { + int i = 0; + final ServiceLoader loader = ServiceLoader.load(FileAnalyzer.class); + for (FileAnalyzer la : loader) { + i++; + System.out.println("File analyzer #" + i + ": " + la.getClass().getName()); + } + assertTrue(i >= 7); + } + + /** + * Checks whether some of the well-known FileAnaylyzer are returned by the FileAnalyzerFactory. + */ + @Test + public void testWellknownFileAnalyzers() { + final File py = new File("./src/test/resources/file.py"); + FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(py); + assertTrue(fa instanceof PythonFileAnalyzer); + + final File d = new File("./src/test/resources"); + fa = FileAnalyzerFactory.buildFileAnalyzer(d); + assertTrue(fa instanceof DirAnalyzer); + + final File ja = new File("./src/test/resources/file.java"); + fa = FileAnalyzerFactory.buildFileAnalyzer(ja); + assertTrue(fa instanceof JavaFileAnalyzer2); + } } diff --git a/cli-scanner/src/test/java/com/sap/psr/vulas/cli/VulasCliTest.java b/cli-scanner/src/test/java/com/sap/psr/vulas/cli/VulasCliTest.java index b0629a634..6a87a3857 100755 --- a/cli-scanner/src/test/java/com/sap/psr/vulas/cli/VulasCliTest.java +++ b/cli-scanner/src/test/java/com/sap/psr/vulas/cli/VulasCliTest.java @@ -48,147 +48,152 @@ public class VulasCliTest extends AbstractGoalTest { - /** - * App creation results in the following two HTTP calls. - * @param _a TODO - */ - private void setupMockServices(Application _a) { - final String s_json = JacksonUtil.asJsonString(_a); - - // Options app: 200 - whenHttp(server). - match(composite(method(Method.OPTIONS), uri("/backend" + PathBuilder.app(_a)))). - then( - stringContent(s_json), - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.OK_200)); - - // Put app: 200 - whenHttp(server). - match(put("/backend" + PathBuilder.apps())). - then( - stringContent(s_json), - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.OK_200)); - - // Post app: 200 (for clean goal) - whenHttp(server). - match(post("/backend" + PathBuilder.app(_a))). - then( - stringContent(s_json), - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.OK_200)); - -// expect() -// .statusCode(201). -// when() -// .post("/backend" + PathBuilder.apps()); - - whenHttp(server). - match(post("/backend" + PathBuilder.goalExcecutions(null, null, _a))). - then( - stringContent(s_json), - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.CREATED_201)); - -// expect() -// .statusCode(201). -// when() -// .post("/backend" + PathBuilder.goalExcecutions(null, null, _a)); - } - - @Test - public void testCleanGoal() throws GoalConfigurationException, GoalExecutionException { - // Mock REST services - this.configureBackendServiceUrl(server); - this.setupMockServices(this.testApp); - - final String[] args = new String[] { "-goal", "clean" }; - VulasCli.main(args); - - // Check the HTTP calls made - verifyHttp(server).times(1, - method(Method.POST), - uri("/backend" + PathBuilder.app(testApp))); - verifyHttp(server).times(2, - method(Method.POST), - uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); - } - - @Test - public void testAppGoal() throws GoalConfigurationException, GoalExecutionException { - // App: Relative and absolute folders with and without spaces - final Path rel_app_with_space = Paths.get("src", "test", "resources", "appfolder with space"); - final Path abs_app = Paths.get("src", "test", "resources", "appfolder").toAbsolutePath(); - final Path py_app = Paths.get("src", "test", "resources", "foo").toAbsolutePath(); - final String app_string = rel_app_with_space.toString() + "," + abs_app + "," + py_app; - - // Dep: Relative and absolute folders with and without spaces - final Path rel_dep_with_space = Paths.get("src", "test", "resources", "depfolder with space"); - final Path abs_dep = Paths.get("src", "test", "resources", "depfolder").toAbsolutePath(); - final Path cc = Paths.get("src", "test", "resources", "depfolder", "commons-collections-3.2.2.jar"); - final String dep_string = cc.toString() + "," + rel_dep_with_space.toString() + "," + abs_dep.toString(); - - System.setProperty(CoreConfiguration.APP_DIRS, app_string + "," + dep_string); - - // Mock REST services - this.configureBackendServiceUrl(server); - this.setupMockServices(this.testApp); - - final String[] args = new String[] { "-goal", "app" }; - VulasCli.main(args); - - // Check the HTTP calls made - verifyHttp(server).times(1, - method(Method.PUT), - uri("/backend" + PathBuilder.app(this.testApp))); - verifyHttp(server).times(2, - method(Method.POST), - uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); - } - - @Test - @Category(com.sap.psr.vulas.shared.categories.Slow.class) - public void testPyAppGoal() throws GoalConfigurationException, GoalExecutionException { - System.setProperty(CoreConfiguration.APP_DIRS, "./src/test/resources/cf-helloworld"); - - // Mock REST services - this.configureBackendServiceUrl(server); - this.setupMockServices(this.testApp); - - final String[] args = new String[] { "-goal", "app" }; - VulasCli.main(args); - - // Check the HTTP calls made - verifyHttp(server).times(1, - method(Method.PUT), - uri("/backend" + PathBuilder.app(this.testApp))); - verifyHttp(server).times(2, - method(Method.POST), - uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); - } - - @Test - public void testJavaAppGoal() throws GoalConfigurationException, GoalExecutionException { - System.setProperty(CoreConfiguration.APP_DIRS, "./src/test/resources/java-app"); - - // Mock REST services - this.configureBackendServiceUrl(server); - this.setupMockServices(this.testApp); - - final String[] args = new String[] { "-goal", "app" }; - VulasCli.main(args); - - // Check the HTTP calls made - verifyHttp(server).times(1, - method(Method.PUT), - uri("/backend" + PathBuilder.app(this.testApp))); - verifyHttp(server).times(2, - method(Method.POST), - uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); - } + /** + * App creation results in the following two HTTP calls. + * @param _a TODO + */ + private void setupMockServices(Application _a) { + final String s_json = JacksonUtil.asJsonString(_a); + + // Options app: 200 + whenHttp(server) + .match(composite(method(Method.OPTIONS), uri("/backend" + PathBuilder.app(_a)))) + .then( + stringContent(s_json), + contentType("application/json"), + charset("UTF-8"), + status(HttpStatus.OK_200)); + + // Put app: 200 + whenHttp(server) + .match(put("/backend" + PathBuilder.apps())) + .then( + stringContent(s_json), + contentType("application/json"), + charset("UTF-8"), + status(HttpStatus.OK_200)); + + // Post app: 200 (for clean goal) + whenHttp(server) + .match(post("/backend" + PathBuilder.app(_a))) + .then( + stringContent(s_json), + contentType("application/json"), + charset("UTF-8"), + status(HttpStatus.OK_200)); + + // expect() + // .statusCode(201). + // when() + // .post("/backend" + PathBuilder.apps()); + + whenHttp(server) + .match(post("/backend" + PathBuilder.goalExcecutions(null, null, _a))) + .then( + stringContent(s_json), + contentType("application/json"), + charset("UTF-8"), + status(HttpStatus.CREATED_201)); + + // expect() + // .statusCode(201). + // when() + // .post("/backend" + PathBuilder.goalExcecutions(null, null, _a)); + } + + @Test + public void testCleanGoal() throws GoalConfigurationException, GoalExecutionException { + // Mock REST services + this.configureBackendServiceUrl(server); + this.setupMockServices(this.testApp); + + final String[] args = new String[] {"-goal", "clean"}; + VulasCli.main(args); + + // Check the HTTP calls made + verifyHttp(server).times(1, method(Method.POST), uri("/backend" + PathBuilder.app(testApp))); + verifyHttp(server) + .times( + 2, + method(Method.POST), + uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); + } + + @Test + public void testAppGoal() throws GoalConfigurationException, GoalExecutionException { + // App: Relative and absolute folders with and without spaces + final Path rel_app_with_space = Paths.get("src", "test", "resources", "appfolder with space"); + final Path abs_app = Paths.get("src", "test", "resources", "appfolder").toAbsolutePath(); + final Path py_app = Paths.get("src", "test", "resources", "foo").toAbsolutePath(); + final String app_string = rel_app_with_space.toString() + "," + abs_app + "," + py_app; + + // Dep: Relative and absolute folders with and without spaces + final Path rel_dep_with_space = Paths.get("src", "test", "resources", "depfolder with space"); + final Path abs_dep = Paths.get("src", "test", "resources", "depfolder").toAbsolutePath(); + final Path cc = + Paths.get("src", "test", "resources", "depfolder", "commons-collections-3.2.2.jar"); + final String dep_string = + cc.toString() + "," + rel_dep_with_space.toString() + "," + abs_dep.toString(); + + System.setProperty(CoreConfiguration.APP_DIRS, app_string + "," + dep_string); + + // Mock REST services + this.configureBackendServiceUrl(server); + this.setupMockServices(this.testApp); + + final String[] args = new String[] {"-goal", "app"}; + VulasCli.main(args); + + // Check the HTTP calls made + verifyHttp(server) + .times(1, method(Method.PUT), uri("/backend" + PathBuilder.app(this.testApp))); + verifyHttp(server) + .times( + 2, + method(Method.POST), + uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); + } + + @Test + @Category(com.sap.psr.vulas.shared.categories.Slow.class) + public void testPyAppGoal() throws GoalConfigurationException, GoalExecutionException { + System.setProperty(CoreConfiguration.APP_DIRS, "./src/test/resources/cf-helloworld"); + + // Mock REST services + this.configureBackendServiceUrl(server); + this.setupMockServices(this.testApp); + + final String[] args = new String[] {"-goal", "app"}; + VulasCli.main(args); + + // Check the HTTP calls made + verifyHttp(server) + .times(1, method(Method.PUT), uri("/backend" + PathBuilder.app(this.testApp))); + verifyHttp(server) + .times( + 2, + method(Method.POST), + uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); + } + + @Test + public void testJavaAppGoal() throws GoalConfigurationException, GoalExecutionException { + System.setProperty(CoreConfiguration.APP_DIRS, "./src/test/resources/java-app"); + + // Mock REST services + this.configureBackendServiceUrl(server); + this.setupMockServices(this.testApp); + + final String[] args = new String[] {"-goal", "app"}; + VulasCli.main(args); + + // Check the HTTP calls made + verifyHttp(server) + .times(1, method(Method.PUT), uri("/backend" + PathBuilder.app(this.testApp))); + verifyHttp(server) + .times( + 2, + method(Method.POST), + uri("/backend" + PathBuilder.goalExcecutions(null, null, this.testApp))); + } } diff --git a/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/CustomEntryPointCreator.java b/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/CustomEntryPointCreator.java index 5457a2b78..f6326e597 100644 --- a/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/CustomEntryPointCreator.java +++ b/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/CustomEntryPointCreator.java @@ -31,318 +31,311 @@ import java.util.*; - /** *

CustomEntryPointCreator class.

* */ public class CustomEntryPointCreator extends DefaultEntryPointCreator { - private static final Logger logger = LoggerFactory.getLogger(CustomEntryPointCreator.class); - - - private final Collection dummyClasses = new HashSet<>(); - - - /** - *

Constructor for CustomEntryPointCreator.

- * - * @param methodsToCall a {@link java.util.Collection} object. - */ - public CustomEntryPointCreator(Collection methodsToCall) { - - super(methodsToCall); - generateAppropriateDummyClasses(methodsToCall); - } + private static final Logger logger = LoggerFactory.getLogger(CustomEntryPointCreator.class); + + private final Collection dummyClasses = new HashSet<>(); + + /** + *

Constructor for CustomEntryPointCreator.

+ * + * @param methodsToCall a {@link java.util.Collection} object. + */ + public CustomEntryPointCreator(Collection methodsToCall) { + + super(methodsToCall); + generateAppropriateDummyClasses(methodsToCall); + } + + /** + *

generateAppropriateDummyClasses.

+ * + * @param methodsToCall a {@link java.util.Collection} object. + */ + public void generateAppropriateDummyClasses(Collection methodsToCall) { + + Map> classMap = + SootMethodRepresentationParser.v().parseClassNames(methodsToCall, false); + for (String className : classMap.keySet()) { + SootClass createdClass = Scene.v().getSootClass(className); + if (createdClass.isConcrete() + && !createdClass.isPhantom() + && !createdClass.isPhantomClass()) { + for (String method : classMap.get(className)) { + SootMethodAndClass methodAndClass = + SootMethodRepresentationParser.v().parseSootMethodString(method); + SootMethod methodToInvoke = + findMethod( + Scene.v().getSootClass(methodAndClass.getClassName()), + methodAndClass.getSubSignature()); + + List parameterTypes = methodToInvoke.getParameterTypes(); + // check if we actually have concrete parameters for these classes, otherwise generate + // dummyclasses + for (Type parameterType : parameterTypes) { + if (super.isSimpleType(parameterType.getEscapedName())) { + continue; + } + if (!(parameterType instanceof RefType)) { + continue; + } + SootClass class2Search = ((RefType) parameterType).getSootClass(); + // check if a concrete subclass exists + boolean compatibleTypeExists = concreteSubClassExists(class2Search); + if (!compatibleTypeExists) { - /** - *

generateAppropriateDummyClasses.

- * - * @param methodsToCall a {@link java.util.Collection} object. - */ - public void generateAppropriateDummyClasses(Collection methodsToCall) { - - Map> classMap = SootMethodRepresentationParser.v().parseClassNames(methodsToCall, false); - for (String className : classMap.keySet()) { - SootClass createdClass = Scene.v().getSootClass(className); - if (createdClass.isConcrete() && !createdClass.isPhantom() && !createdClass.isPhantomClass()) { - for (String method : classMap.get(className)) { - SootMethodAndClass methodAndClass = SootMethodRepresentationParser.v().parseSootMethodString(method); - SootMethod methodToInvoke = findMethod(Scene.v().getSootClass(methodAndClass.getClassName()), - methodAndClass.getSubSignature()); - - List parameterTypes = methodToInvoke.getParameterTypes(); - //check if we actually have concrete parameters for these classes, otherwise generate dummyclasses - for (Type parameterType : parameterTypes) { - if (super.isSimpleType(parameterType.getEscapedName())) { - continue; - } - if (!(parameterType instanceof RefType)) { - continue; - } - SootClass class2Search = ((RefType) parameterType).getSootClass(); - //check if a concrete subclass exists - boolean compatibleTypeExists = concreteSubClassExists(class2Search); - - if (!compatibleTypeExists) { - - if (Scene.v().isExcluded(class2Search)) { - SootClass dummyClass = getDummyClass(class2Search); - this.dummyClasses.add(dummyClass); - } - } - - - } - - - } + if (Scene.v().isExcluded(class2Search)) { + SootClass dummyClass = getDummyClass(class2Search); + this.dummyClasses.add(dummyClass); + } } + } } - - + } } + } + + /** + *

concreteSubClassExists.

+ * + * @param classToType a {@link soot.SootClass} object. + * @return a boolean. + */ + public boolean concreteSubClassExists(SootClass classToType) { + if (classToType.isAbstract() || classToType.isInterface()) { + // check if a public exported class exists implementing this interface or extending the + // abstract class + if (classToType.isInterface()) { + + for (SootClass implementorOfSootClass : + Scene.v().getActiveHierarchy().getImplementersOf(classToType)) { + if (!implementorOfSootClass.isAbstract()) return true; + } - - /** - *

concreteSubClassExists.

- * - * @param classToType a {@link soot.SootClass} object. - * @return a boolean. - */ - public boolean concreteSubClassExists(SootClass classToType) { - if (classToType.isAbstract() || classToType.isInterface()) { - //check if a public exported class exists implementing this interface or extending the abstract class - if (classToType.isInterface()) { - - for (SootClass implementorOfSootClass : Scene.v().getActiveHierarchy().getImplementersOf(classToType)) { - if (!implementorOfSootClass.isAbstract()) - return true; - } - - } else { - for (SootClass sootSubClass : Scene.v().getActiveHierarchy().getSubclassesOf(classToType)) { - if (isCompatible(sootSubClass, classToType) && !sootSubClass.isAbstract()) - return true; - } - } - - return false; - - + } else { + for (SootClass sootSubClass : Scene.v().getActiveHierarchy().getSubclassesOf(classToType)) { + if (isCompatible(sootSubClass, classToType) && !sootSubClass.isAbstract()) return true; } - return classToType.isConcrete(); + } + return false; } - - - /** - *

Getter for the field dummyClasses.

- * - * @return a {@link java.util.Collection} object. - */ - public Collection getDummyClasses() { - return this.dummyClasses; + return classToType.isConcrete(); + } + + /** + *

Getter for the field dummyClasses.

+ * + * @return a {@link java.util.Collection} object. + */ + public Collection getDummyClasses() { + return this.dummyClasses; + } + + /** + *

getDummyClass.

+ * + * @param toImplement a {@link soot.SootClass} object. + * @return a {@link soot.SootClass} object. + */ + public SootClass getDummyClass(SootClass toImplement) { + String packageName = toImplement.getJavaPackageName(); + + String clzName = toImplement.getJavaStyleName(); + + String dummyClassName = packageName + ".Dummy" + clzName; + if (Scene.v().containsClass(dummyClassName)) return Scene.v().getSootClass(dummyClassName); + + SootClass dummyClass = new SootClass(dummyClassName); + // dummyClass.setModifiers(toImplement.getModifiers() ^ Modifier.ABSTRACT); + dummyClass.setModifiers(Modifier.PUBLIC); + + // create the constructor + SootMethod constructor = new SootMethod("", Collections.emptyList(), VoidType.v()); + dummyClass.addMethod(constructor); + JimpleBody body = Jimple.v().newBody(constructor); + + // Add this reference + body.insertIdentityStmts(); + // special invoke Object Init + // + SootClass objectClazz = Scene.v().getSootClass("java.lang.Object"); + SootMethodRef methodRef; + if (objectClazz.declaresMethod("void ()")) { + SootMethod method = objectClazz.getMethod("void ()"); + methodRef = method.makeRef(); + } else { + methodRef = Scene.v().makeConstructorRef(objectClazz, Collections.emptyList()); } + SpecialInvokeExpr expr = Jimple.v().newSpecialInvokeExpr(body.getThisLocal(), methodRef); + Stmt invokeStmt = Jimple.v().newInvokeStmt(expr); + body.getUnits().add(invokeStmt); + Stmt ret = Jimple.v().newReturnStmt(body.getThisLocal()); + body.getUnits().add(ret); + constructor.setActiveBody(body); - /** - *

getDummyClass.

- * - * @param toImplement a {@link soot.SootClass} object. - * @return a {@link soot.SootClass} object. - */ - public SootClass getDummyClass(SootClass toImplement) { - String packageName = toImplement.getJavaPackageName(); + /* handle multiple interfaces and cases in which an interface extends another interface */ + if (toImplement.isAbstract()) { - String clzName = toImplement.getJavaStyleName(); + // if class is an interface it might extend another interface, then we have to implement + // the superclass methods as well + // if class is abstract + // a) it might implements several interfaces, that needs to be implemented - String dummyClassName = packageName + ".Dummy" + clzName; - if (Scene.v().containsClass(dummyClassName)) - return Scene.v().getSootClass(dummyClassName); + // b) extends a superclass which is also abstract + // b.2) extends a superclass whose superclass is also abstract (so on...) + // c) these superclasses might implements several interfaces - SootClass dummyClass = new SootClass(dummyClassName); - //dummyClass.setModifiers(toImplement.getModifiers() ^ Modifier.ABSTRACT); - dummyClass.setModifiers(Modifier.PUBLIC); + HashSet methodsToImplement = new HashSet<>(); - //create the constructor - SootMethod constructor = new SootMethod("", Collections.emptyList(), VoidType.v()); - dummyClass.addMethod(constructor); - JimpleBody body = Jimple.v().newBody(constructor); + HashSet classesWhoseMethodsMustBeImplemented = new HashSet<>(); + SootClass classToVisit = toImplement; + while (classToVisit.isAbstract()) { + classesWhoseMethodsMustBeImplemented.add(classToVisit); + classToVisit = classToVisit.getSuperclass(); + } - // Add this reference - body.insertIdentityStmts(); - //special invoke Object Init - // - SootClass objectClazz = Scene.v().getSootClass("java.lang.Object"); - SootMethodRef methodRef; - if (objectClazz.declaresMethod("void ()")) { - SootMethod method = objectClazz.getMethod("void ()"); - methodRef = method.makeRef(); - } else { - methodRef = Scene.v().makeConstructorRef(objectClazz, Collections.emptyList()); + for (SootClass classWhichMethodsMustBeImplemented : classesWhoseMethodsMustBeImplemented) { + methodsToImplement.addAll(classWhichMethodsMustBeImplemented.getMethods()); + for (SootClass interfaceToImplement : classWhichMethodsMustBeImplemented.getInterfaces()) { + methodsToImplement.addAll(interfaceToImplement.getMethods()); } - SpecialInvokeExpr expr = Jimple.v().newSpecialInvokeExpr(body.getThisLocal(), methodRef); - Stmt invokeStmt = Jimple.v().newInvokeStmt(expr); - body.getUnits().add(invokeStmt); - Stmt ret = Jimple.v().newReturnStmt(body.getThisLocal()); - body.getUnits().add(ret); - - constructor.setActiveBody(body); - - - - - /* handle multiple interfaces and cases in which an interface extends another interface */ - if (toImplement.isAbstract()) { - - //if class is an interface it might extend another interface, then we have to implement - // the superclass methods as well - - //if class is abstract - // a) it might implements several interfaces, that needs to be implemented - - // b) extends a superclass which is also abstract - //b.2) extends a superclass whose superclass is also abstract (so on...) - // c) these superclasses might implements several interfaces - - HashSet methodsToImplement = new HashSet<>(); - - HashSet classesWhoseMethodsMustBeImplemented = new HashSet<>(); - SootClass classToVisit = toImplement; - - while (classToVisit.isAbstract()) { - classesWhoseMethodsMustBeImplemented.add(classToVisit); - classToVisit = classToVisit.getSuperclass(); - - } - - for (SootClass classWhichMethodsMustBeImplemented : classesWhoseMethodsMustBeImplemented) { - methodsToImplement.addAll(classWhichMethodsMustBeImplemented.getMethods()); - for (SootClass interfaceToImplement : classWhichMethodsMustBeImplemented.getInterfaces()) { - methodsToImplement.addAll(interfaceToImplement.getMethods()); - } - - - } - //above we might added methods which are already implemented but we catch this latter in the for loop for actually generating the methods - - if (toImplement.isInterface()) { - dummyClass.addInterface(toImplement); - dummyClass.setSuperclass(Scene.v().getSootClass("java.lang.Object")); - - } else { - //we have an abstract class - dummyClass.setSuperclass(toImplement); - } - for (SootMethod parentMethod : methodsToImplement) { - - if (parentMethod.isAbstract()) { //if we have added to much methods above, we only generate methods for the abstract ones here - //the next if statement deals with name clashes of methods of several interfaces - if (dummyClass.declaresMethod(parentMethod.getName(), parentMethod.getParameterTypes(), parentMethod.getReturnType())) { - //a corresponding method is already contained in the dummyClass; thus we don't need to generate another one - continue; - } - SootMethod generatedMethod = generateMethodImplementation(parentMethod, dummyClass); - dummyClass.addMethod(generatedMethod); - } - } + } + // above we might added methods which are already implemented but we catch this latter in the + // for loop for actually generating the methods + + if (toImplement.isInterface()) { + dummyClass.addInterface(toImplement); + dummyClass.setSuperclass(Scene.v().getSootClass("java.lang.Object")); + + } else { + // we have an abstract class + dummyClass.setSuperclass(toImplement); + } + for (SootMethod parentMethod : methodsToImplement) { + + if (parentMethod + .isAbstract()) { // if we have added to much methods above, we only generate methods for + // the abstract ones here + // the next if statement deals with name clashes of methods of several interfaces + if (dummyClass.declaresMethod( + parentMethod.getName(), + parentMethod.getParameterTypes(), + parentMethod.getReturnType())) { + // a corresponding method is already contained in the dummyClass; thus we don't need to + // generate another one + continue; + } + SootMethod generatedMethod = generateMethodImplementation(parentMethod, dummyClass); + dummyClass.addMethod(generatedMethod); } - - - // First add class to scene, then make it an application class - // as addClass contains a call to "setLibraryClass" - Scene.v().addClass(dummyClass); - dummyClass.setApplicationClass(); - //add these classes to the dummyClass set to get the Parameter passed in at callbacks - this.dummyClasses.add(dummyClass); - return dummyClass; + } } + // First add class to scene, then make it an application class + // as addClass contains a call to "setLibraryClass" + Scene.v().addClass(dummyClass); + dummyClass.setApplicationClass(); + // add these classes to the dummyClass set to get the Parameter passed in at callbacks + this.dummyClasses.add(dummyClass); + return dummyClass; + } + + private SootMethod generateMethodImplementation( + SootMethod methodToImplement, final SootClass generatedDummyClass) { + SootMethod generatedMethod = + new SootMethod( + methodToImplement.getName(), + methodToImplement.getParameterTypes(), + methodToImplement.getReturnType()); + Body body = Jimple.v().newBody(); + body.setMethod(generatedMethod); + generatedMethod.setActiveBody(body); + + // add locals for Parameter + // Add a parameter reference to the body + LocalGenerator lg = new LocalGenerator(body); + + // create a local for the this reference + if (!methodToImplement.isStatic()) { + Local thisLocal = lg.generateLocal(generatedDummyClass.getType()); + body.getUnits() + .addFirst( + Jimple.v() + .newIdentityStmt( + thisLocal, Jimple.v().newThisRef(generatedDummyClass.getType()))); + } - private SootMethod generateMethodImplementation(SootMethod methodToImplement, - final SootClass generatedDummyClass) { - SootMethod generatedMethod = new SootMethod(methodToImplement.getName(), methodToImplement.getParameterTypes(), methodToImplement.getReturnType()); - Body body = Jimple.v().newBody(); - body.setMethod(generatedMethod); - generatedMethod.setActiveBody(body); - - // add locals for Parameter - // Add a parameter reference to the body - LocalGenerator lg = new LocalGenerator(body); - - //create a local for the this reference - if (!methodToImplement.isStatic()) { - Local thisLocal = lg.generateLocal(generatedDummyClass.getType()); - body.getUnits().addFirst(Jimple.v().newIdentityStmt(thisLocal, Jimple.v().newThisRef(generatedDummyClass.getType()))); - } - - int i = 0; - for (Type type : generatedMethod.getParameterTypes()) { - Local paramLocal = lg.generateLocal(type); - body.getUnits().add(Jimple.v().newIdentityStmt(paramLocal, - Jimple.v().newParameterRef(type, i))); - i++; - } - - JNopStmt startStmt = new JNopStmt(); - JNopStmt endStmt = new JNopStmt(); - - body.getUnits().add(startStmt); - - - //check if return type is void (check first, since next call includes void) - if (methodToImplement.getReturnType() instanceof VoidType) { - body.getUnits().add(Jimple.v().newReturnVoidStmt()); - } - // if sootClass is simpleClass - else if (isSimpleType(methodToImplement.getReturnType().toString())) { - Local varLocal = lg.generateLocal(getSimpleTypeFromType(methodToImplement.getReturnType())); - - AssignStmt aStmt = Jimple.v().newAssignStmt(varLocal, getSimpleDefaultValue(methodToImplement.getReturnType())); - body.getUnits().add(aStmt); - body.getUnits().add(Jimple.v().newReturnStmt(varLocal)); - } else { - body.getUnits().add(Jimple.v().newReturnStmt(NullConstant.v())); + int i = 0; + for (Type type : generatedMethod.getParameterTypes()) { + Local paramLocal = lg.generateLocal(type); + body.getUnits() + .add(Jimple.v().newIdentityStmt(paramLocal, Jimple.v().newParameterRef(type, i))); + i++; + } - } + JNopStmt startStmt = new JNopStmt(); + JNopStmt endStmt = new JNopStmt(); - //remove the abstract Modifier from the new implemented method - generatedMethod.setModifiers(methodToImplement.getModifiers() ^ Modifier.ABSTRACT); + body.getUnits().add(startStmt); - return generatedMethod; + // check if return type is void (check first, since next call includes void) + if (methodToImplement.getReturnType() instanceof VoidType) { + body.getUnits().add(Jimple.v().newReturnVoidStmt()); } - - private Type getSimpleTypeFromType(Type type) { - if (type.toString().equals("java.lang.String")) { - assert type instanceof RefType; - - return RefType.v(((RefType) type).getSootClass()); - } else if (type.toString().equals("void")) { - return VoidType.v(); - } else if (type.toString().equals("char")) { - return CharType.v(); - } else if (type.toString().equals("byte")) { - return ByteType.v(); - } else if (type.toString().equals("short")) { - return ShortType.v(); - } else if (type.toString().equals("int")) { - return IntType.v(); - } else if (type.toString().equals("float")) { - return FloatType.v(); - } else if (type.toString().equals("long")) { - return LongType.v(); - } else if (type.toString().equals("double")) { - return DoubleType.v(); - } else if (type.toString().equals("boolean")) { - return BooleanType.v(); - } else { - throw new RuntimeException("Unknown simple type: " + type); - } + // if sootClass is simpleClass + else if (isSimpleType(methodToImplement.getReturnType().toString())) { + Local varLocal = lg.generateLocal(getSimpleTypeFromType(methodToImplement.getReturnType())); + + AssignStmt aStmt = + Jimple.v() + .newAssignStmt(varLocal, getSimpleDefaultValue(methodToImplement.getReturnType())); + body.getUnits().add(aStmt); + body.getUnits().add(Jimple.v().newReturnStmt(varLocal)); + } else { + body.getUnits().add(Jimple.v().newReturnStmt(NullConstant.v())); } - + // remove the abstract Modifier from the new implemented method + generatedMethod.setModifiers(methodToImplement.getModifiers() ^ Modifier.ABSTRACT); + + return generatedMethod; + } + + private Type getSimpleTypeFromType(Type type) { + if (type.toString().equals("java.lang.String")) { + assert type instanceof RefType; + + return RefType.v(((RefType) type).getSootClass()); + } else if (type.toString().equals("void")) { + return VoidType.v(); + } else if (type.toString().equals("char")) { + return CharType.v(); + } else if (type.toString().equals("byte")) { + return ByteType.v(); + } else if (type.toString().equals("short")) { + return ShortType.v(); + } else if (type.toString().equals("int")) { + return IntType.v(); + } else if (type.toString().equals("float")) { + return FloatType.v(); + } else if (type.toString().equals("long")) { + return LongType.v(); + } else if (type.toString().equals("double")) { + return DoubleType.v(); + } else if (type.toString().equals("boolean")) { + return BooleanType.v(); + } else { + throw new RuntimeException("Unknown simple type: " + type); + } + } } diff --git a/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootCallgraphConstructor.java b/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootCallgraphConstructor.java index 15b548401..dce268660 100644 --- a/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootCallgraphConstructor.java +++ b/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootCallgraphConstructor.java @@ -47,477 +47,521 @@ */ public class SootCallgraphConstructor implements ICallgraphConstructor { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** Constant FRAMEWORK="soot" */ - public static final String FRAMEWORK = "soot"; - - private long buildTimeNano = -1; - - private long start_nanos = -1; - - /** - * The context information of the application JAR to be analyzed - */ - private Application appContext = null; - - private VulasConfiguration vulasConfiguration = null; - - /** - * The JAR to be analyzed. - */ - private String appJar = null; - protected String classpath = null; - private String appClasspath = null; - protected final List entrypoints = new ArrayList<>(); - private final Set filteredEP = new HashSet<>(); - - private CallGraph callgraph = null; - - /** - * {@inheritDoc} - * - * Set the context of the application to be analyzed - */ - public void setAppContext(Application _ctx) { - this.appContext = _ctx; + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** Constant FRAMEWORK="soot" */ + public static final String FRAMEWORK = "soot"; + + private long buildTimeNano = -1; + + private long start_nanos = -1; + + /** + * The context information of the application JAR to be analyzed + */ + private Application appContext = null; + + private VulasConfiguration vulasConfiguration = null; + + /** + * The JAR to be analyzed. + */ + private String appJar = null; + + protected String classpath = null; + private String appClasspath = null; + protected final List entrypoints = new ArrayList<>(); + private final Set filteredEP = new HashSet<>(); + + private CallGraph callgraph = null; + + /** + * {@inheritDoc} + * + * Set the context of the application to be analyzed + */ + public void setAppContext(Application _ctx) { + this.appContext = _ctx; + } + + /** {@inheritDoc} */ + public void setVulasConfiguration(VulasConfiguration _cfg) { + this.vulasConfiguration = _cfg; + } + + /** + *

Getter for the field appContext.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public Application getAppContext() { + return this.appContext; + } + + /** + *

getFramework.

+ * + * @return a {@link java.lang.String} object. + */ + public String getFramework() { + return SootCallgraphConstructor.FRAMEWORK; + } + + /** {@inheritDoc} */ + public void setDepClasspath(String _dependenciesClasspath) { + if (this.classpath != null) { + this.classpath += System.getProperty("path.separator"); + this.classpath += _dependenciesClasspath; + } else this.classpath = _dependenciesClasspath; + SootCallgraphConstructor.log.info( + "Add to soot classpath the dependencies: [" + this.classpath + "]"); + } + + /** {@inheritDoc} */ + public void setAppClasspath(String _cp) { + if (this.classpath != null) { + this.classpath += System.getProperty("path.separator"); + this.classpath += _cp; + } else this.classpath = _cp; + this.appClasspath = _cp; + + SootCallgraphConstructor.log.info( + "Add to soot classpath the application: [" + this.classpath + "]"); + } + + /** + * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. + * + * @return the time required for building the call graph (in nanoseconds) + */ + public long getConstructionTime() { + return this.buildTimeNano; + } + + /** + * Returns a human-readable description of the constructor's specific configuration. + * + * @return a {@link org.apache.commons.configuration.Configuration} object. + */ + public Configuration getConstructorConfiguration() { + return this.vulasConfiguration + .getConfiguration() + .subset(SootConfiguration.SOOT_CONFIGURATION_SETTINGS); + } + + /* + * First resets and then configures Soot's Options + */ + + /** + *

sootSetup.

+ */ + protected void sootSetup() { + + // start with a clean run of Soot + G.v().resetSpark(); + G.reset(); + + boolean verbose = + this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_VERBOSE); + + // set default excluded list to empty list + // Options.v().set_include_all(true); + + String excludedPackages = + this.vulasConfiguration.getConfiguration().getString(SootConfiguration.SOOT_EXCLUSIONS); + List excludedList = Arrays.asList(excludedPackages.split(";")); + Options.v().set_exclude(excludedList); + + // add the rt.jar and jce.jar to the classpath; WALA does this silently in the background + Options.v().set_prepend_classpath(true); + + // Read from soot-cfg.properties + Options.v() + .set_allow_phantom_refs( + this.vulasConfiguration + .getConfiguration() + .getBoolean(SootConfiguration.SOOT_ALLOW_PHANTOM)); + Options.v().set_verbose(verbose); + Options.v() + .set_app( + this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_APP_MODE)); + Options.v().set_whole_program(true); + Options.v().setPhaseOption("cg", "safe-forname:" + false); + + // additional options for easy debugging + Options.v().set_keep_line_number(true); + Options.v().set_throw_analysis(Options.throw_analysis_unit); + Options.v().setPhaseOption("cg", "verbose:" + verbose); + Options.v().set_debug(verbose); + Options.v().set_debug_resolver(verbose); + + // do not release bodies after running the packs + Options.v().set_output_format(Options.output_format_none); + + // with this option we get only method signatures but not their bodies + Options.v() + .set_no_bodies_for_excluded( + this.vulasConfiguration + .getConfiguration() + .getBoolean(SootConfiguration.SOOT_NOBODY_FOR_X)); + + if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK)) { + String s = "on"; + if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK_OTF)) + s += ",on-fly-cg:true"; + else s += ",on-fly-cg:false"; + if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK_VTA)) + s += ",vta:true"; + else s += ",vta:false"; + if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK_RTA)) + s += ",rta:true"; + else s += ",rta:false"; + SootCallgraphConstructor.log.info("Enabled cg.spark with settings [" + s + "]"); + Options.v().setPhaseOption("cg.spark", s); } - - /** {@inheritDoc} */ - public void setVulasConfiguration(VulasConfiguration _cfg) { - this.vulasConfiguration = _cfg; - } - - /** - *

Getter for the field appContext.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public Application getAppContext() { - return this.appContext; - } - - /** - *

getFramework.

- * - * @return a {@link java.lang.String} object. - */ - public String getFramework() { return SootCallgraphConstructor.FRAMEWORK; } - - /** {@inheritDoc} */ - public void setDepClasspath(String _dependenciesClasspath) { - if (this.classpath != null) { - this.classpath += System.getProperty("path.separator"); - this.classpath += _dependenciesClasspath; - } else - this.classpath = _dependenciesClasspath; - SootCallgraphConstructor.log.info("Add to soot classpath the dependencies: [" + this.classpath + "]"); - } - - /** {@inheritDoc} */ - public void setAppClasspath(String _cp) { - if (this.classpath != null) { - this.classpath += System.getProperty("path.separator"); - this.classpath += _cp; - } else - this.classpath = _cp; - this.appClasspath = _cp; - - SootCallgraphConstructor.log.info("Add to soot classpath the application: [" + this.classpath + "]"); - } - - /** - * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. - * - * @return the time required for building the call graph (in nanoseconds) - */ - public long getConstructionTime() { - return this.buildTimeNano; - } - - /** - * Returns a human-readable description of the constructor's specific configuration. - * - * @return a {@link org.apache.commons.configuration.Configuration} object. - */ - public Configuration getConstructorConfiguration() { - return this.vulasConfiguration.getConfiguration().subset(SootConfiguration.SOOT_CONFIGURATION_SETTINGS); - } - - - /* - * First resets and then configures Soot's Options - */ - - /** - *

sootSetup.

- */ - protected void sootSetup() { - - // start with a clean run of Soot - G.v().resetSpark(); - G.reset(); - - boolean verbose = this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_VERBOSE); - - // set default excluded list to empty list - // Options.v().set_include_all(true); - - String excludedPackages = this.vulasConfiguration.getConfiguration().getString(SootConfiguration.SOOT_EXCLUSIONS); - List excludedList = Arrays.asList(excludedPackages.split(";")); - Options.v().set_exclude(excludedList); - - - //add the rt.jar and jce.jar to the classpath; WALA does this silently in the background - Options.v().set_prepend_classpath(true); - - // Read from soot-cfg.properties - Options.v().set_allow_phantom_refs(this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_ALLOW_PHANTOM)); - Options.v().set_verbose(verbose); - Options.v().set_app(this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_APP_MODE)); - Options.v().set_whole_program(true); - Options.v().setPhaseOption("cg", "safe-forname:" + false); - - - // additional options for easy debugging - Options.v().set_keep_line_number(true); - Options.v().set_throw_analysis(Options.throw_analysis_unit); - Options.v().setPhaseOption("cg", "verbose:" + verbose); - Options.v().set_debug(verbose); - Options.v().set_debug_resolver(verbose); - - // do not release bodies after running the packs - Options.v().set_output_format(Options.output_format_none); - - // with this option we get only method signatures but not their bodies - Options.v().set_no_bodies_for_excluded(this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_NOBODY_FOR_X)); - - if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK)) { - String s = "on"; - if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK_OTF)) - s += ",on-fly-cg:true"; - else s += ",on-fly-cg:false"; - if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK_VTA)) - s += ",vta:true"; - else s += ",vta:false"; - if (this.vulasConfiguration.getConfiguration().getBoolean(SootConfiguration.SOOT_SPARK_RTA)) - s += ",rta:true"; - else s += ",rta:false"; - SootCallgraphConstructor.log.info("Enabled cg.spark with settings [" + s + "]"); - Options.v().setPhaseOption("cg.spark", s); + ArrayList processDirs = new ArrayList<>(); + processDirs.add(this.appClasspath); + Options.v().set_process_dir(processDirs); + + Options.v().set_soot_classpath(this.classpath); + } + + /** + * Gets the SootMethod that correspond to the given constructs + * + * @param _constructs a {@link java.util.Set} object. + * @throws com.sap.psr.vulas.cg.CallgraphConstructException + */ + protected void sootMethods4entrypoints( + Set _constructs) + throws CallgraphConstructException { + + SootMethod method = null; + SootClass ep = null; + // No entrypoints set, search for a main (if existing) + if (_constructs.isEmpty()) { + SootCallgraphConstructor.log.info( + "No customized entrypoints set; search for main as default entry point"); + Iterator classes = Scene.v().getApplicationClasses().iterator(); + try { + while (classes.hasNext()) { + ep = classes.next(); + method = ep.getMethodByName("main"); + if (method != null) { + this.filteredEP.add(getCid(method)); + this.entrypoints.add(method); + break; + } } - - - ArrayList processDirs = new ArrayList<>(); - processDirs.add(this.appClasspath); - Options.v().set_process_dir(processDirs); - - Options.v().set_soot_classpath(this.classpath); - - + } catch (Exception e) { + SootCallgraphConstructor.log.error( + "Error while searching for main method in class [" + ep + "]: " + e.getMessage()); + } + if (this.entrypoints.isEmpty()) + throw new CallgraphConstructException( + "No main method found that can be used as entry point", null); } - /** - * Gets the SootMethod that correspond to the given constructs - * - * @param _constructs a {@link java.util.Set} object. - * @throws com.sap.psr.vulas.cg.CallgraphConstructException - */ - protected void sootMethods4entrypoints(Set _constructs) throws CallgraphConstructException { - - - SootMethod method = null; - SootClass ep = null; - // No entrypoints set, search for a main (if existing) - if (_constructs.isEmpty()) { - SootCallgraphConstructor.log.info("No customized entrypoints set; search for main as default entry point"); - Iterator classes = Scene.v().getApplicationClasses().iterator(); - try { - while (classes.hasNext()) { - ep = classes.next(); - method = ep.getMethodByName("main"); - if (method != null) { - this.filteredEP.add(getCid(method)); - this.entrypoints.add(method); - break; - } + // Use entrypoints passed as arg + else { + + Iterator iter = null; + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : _constructs) { + + final JavaId jcid = (JavaId) JavaId.toCoreType(cid); + + // when it's a java method + if (jcid instanceof com.sap.psr.vulas.java.JavaMethodId) { + JavaMethodId mid = (JavaMethodId) jcid; + try { + ep = Scene.v().getSootClass(mid.getDefinitionContext().getQualifiedName()); + + // Loop over methods to find the one :/ + iter = ep.methodIterator(); + while (iter.hasNext()) { + method = iter.next(); + if (method.isConcrete()) { + // Compare the JavaMethodId qname + if (getCid(method).getQname().equals(mid.getQualifiedName())) { + this.filteredEP.add(cid); + this.entrypoints.add(method); + break; } - } catch (Exception e) { - SootCallgraphConstructor.log.error("Error while searching for main method in class [" + ep + "]: " + e.getMessage()); + } } - if (this.entrypoints.isEmpty()) - throw new CallgraphConstructException("No main method found that can be used as entry point", null); + } catch (Exception e) { + SootCallgraphConstructor.log.error( + "Error while searching for method " + mid.toString() + ": " + e.getMessage()); + } } - - // Use entrypoints passed as arg - else { - - Iterator iter = null; - for (com.sap.psr.vulas.shared.json.model.ConstructId cid : _constructs) { - - final JavaId jcid = (JavaId) JavaId.toCoreType(cid); - - // when it's a java method - if (jcid instanceof com.sap.psr.vulas.java.JavaMethodId) { - JavaMethodId mid = (JavaMethodId) jcid; - try { - ep = Scene.v().getSootClass(mid.getDefinitionContext().getQualifiedName()); - - // Loop over methods to find the one :/ - iter = ep.methodIterator(); - while (iter.hasNext()) { - method = iter.next(); - if (method.isConcrete()) { - // Compare the JavaMethodId qname - if (getCid(method).getQname().equals(mid.getQualifiedName())) { - this.filteredEP.add(cid); - this.entrypoints.add(method); - break; - } - } - } - } catch (Exception e) { - SootCallgraphConstructor.log.error("Error while searching for method " + mid.toString() + ": " + e.getMessage()); - } - } - // when it's a java object constructor - else if (jcid instanceof com.sap.psr.vulas.java.JavaConstructorId) { - JavaConstructorId jconsid = (JavaConstructorId) jcid; - try { - ep = Scene.v().getSootClass(jconsid.getDefinitionContext().getQualifiedName()); - // Loop over constructors to find the one :/ - iter = ep.methodIterator(); - while (iter.hasNext()) { - method = iter.next(); - if (method.isConstructor()) { - // Compare the JavaConstructorId qname - if (getCid(method).getQname().equals(jconsid.getQualifiedName())) { - this.filteredEP.add(cid); - this.entrypoints.add(method); - break; - } - } - } - } catch (Exception e) { - SootCallgraphConstructor.log.error("Error while searching for method " + jcid.toString() + ": " + e.getMessage()); - } + // when it's a java object constructor + else if (jcid instanceof com.sap.psr.vulas.java.JavaConstructorId) { + JavaConstructorId jconsid = (JavaConstructorId) jcid; + try { + ep = Scene.v().getSootClass(jconsid.getDefinitionContext().getQualifiedName()); + // Loop over constructors to find the one :/ + iter = ep.methodIterator(); + while (iter.hasNext()) { + method = iter.next(); + if (method.isConstructor()) { + // Compare the JavaConstructorId qname + if (getCid(method).getQname().equals(jconsid.getQualifiedName())) { + this.filteredEP.add(cid); + this.entrypoints.add(method); + break; } + } } + } catch (Exception e) { + SootCallgraphConstructor.log.error( + "Error while searching for method " + jcid.toString() + ": " + e.getMessage()); + } } + } } + } - /** - * {@inheritDoc} - * - * Filter and find all entrypoints in Scene - */ - public void setEntrypoints(Set _constructs) throws CallgraphConstructException { + /** + * {@inheritDoc} + * + * Filter and find all entrypoints in Scene + */ + public void setEntrypoints(Set _constructs) + throws CallgraphConstructException { - start_nanos = System.nanoTime(); + start_nanos = System.nanoTime(); - // setup soot - this.sootSetup(); + // setup soot + this.sootSetup(); - // load the all necessary classes - Scene.v().loadNecessaryClasses(); + // load the all necessary classes + Scene.v().loadNecessaryClasses(); - // determine the entrypoints - this.sootMethods4entrypoints(_constructs); + // determine the entrypoints + this.sootMethods4entrypoints(_constructs); - if (!this.entrypoints.isEmpty()) { - Scene.v().setEntryPoints(createEntryPoint4Soot(this.entrypoints)); - - SootCallgraphConstructor.log.info("[" + this.entrypoints.size() + "] entry points set"); - } else { - throw new CallgraphConstructException("No entry points could be set, which will not allow to build the callgraph", null); - } + if (!this.entrypoints.isEmpty()) { + Scene.v().setEntryPoints(createEntryPoint4Soot(this.entrypoints)); + SootCallgraphConstructor.log.info("[" + this.entrypoints.size() + "] entry points set"); + } else { + throw new CallgraphConstructException( + "No entry points could be set, which will not allow to build the callgraph", null); } + } + private ArrayList createEntryPoint4Soot(Collection selectedEntrypoints) { + String slcEntrypointGenerator = + this.vulasConfiguration + .getConfiguration() + .getString(SootConfiguration.SOOT_ENTRYPOINT_GENERATOR); - private ArrayList createEntryPoint4Soot(Collection selectedEntrypoints) { - String slcEntrypointGenerator = this.vulasConfiguration.getConfiguration().getString(SootConfiguration.SOOT_ENTRYPOINT_GENERATOR); - - - if (slcEntrypointGenerator.toLowerCase().equals("none")) { - return new ArrayList<>(selectedEntrypoints); - } - - ArrayList methodsToCall = new ArrayList<>(); - for (SootMethod sm : selectedEntrypoints) { - methodsToCall.add(sm.getSignature()); - } - - - try { - final Class cls = Class.forName(slcEntrypointGenerator); - Constructor constructor = cls.getDeclaredConstructor(Collection.class); - IEntryPointCreator entryPointCreator = (IEntryPointCreator) constructor.newInstance(methodsToCall); - SootMethod dummyMain = entryPointCreator.createDummyMain(); - ArrayList generatedEntrypoint = new ArrayList<>(); - generatedEntrypoint.add(dummyMain); - return generatedEntrypoint; - - - } catch (Throwable e) { - SootCallgraphConstructor.log.error("Error while creating entrypoint generator of class [" + slcEntrypointGenerator + "]: " + e.getMessage(), e); - } - - - return new ArrayList<>(); - + if (slcEntrypointGenerator.toLowerCase().equals("none")) { + return new ArrayList<>(selectedEntrypoints); } - - /** - * {@inheritDoc} - * - * Read all configurations and parse command line options, and then build callgraph based on these properties - */ - public void buildCallgraph(boolean _policy) throws CallgraphConstructException { - SootCallgraphConstructor.log.info("Starting call graph construction for " + this.appContext.toString(false)); - - try { - PackManager.v().runPacks(); - - this.callgraph = Scene.v().getCallGraph(); - this.buildTimeNano = System.nanoTime() - start_nanos; - SootCallgraphConstructor.log.info("Construction completed in " + StringUtil.nanoToMinString(this.buildTimeNano) + ", call graph has [" + callgraph.size() + "] edges]"); - checkEntrypoints(_policy); - } catch (CallgraphConstructException e) { - SootCallgraphConstructor.log.error("Error building call graph: " + e.getMessage()); - throw new CallgraphConstructException("Error building call graph", e); - } + ArrayList methodsToCall = new ArrayList<>(); + for (SootMethod sm : selectedEntrypoints) { + methodsToCall.add(sm.getSignature()); } - /** - * check whether all entrypoints are existing in callgraph - * - * @throws CallgraphConstructException if no callgraph could be built - */ - private void checkEntrypoints(boolean _policy) throws CallgraphConstructException { - final HashSet check_ep = new HashSet<>(); - check_ep.addAll(this.entrypoints); - - Iterator src_nodes = callgraph.sourceMethods(); - SootMethod method = null; - MethodOrMethodContext src_node = null; - Iterator edges = null; - while (src_nodes.hasNext()) { - src_node = src_nodes.next(); - method = src_node.method(); - if (this.entrypoints.contains(method)) check_ep.remove(method); - edges = this.callgraph.edgesOutOf(src_node); - while (edges.hasNext()) { - method = edges.next().tgt(); - if (this.entrypoints.contains(method)) check_ep.remove(method); - } - } - int diff = check_ep.size(); - - if (_policy && diff != 0) { - for (SootMethod m : check_ep) - SootCallgraphConstructor.log.warn("[ " + m.getSignature() + " ] is missing"); - throw new CallgraphConstructException("Strict policy applied; terminating as there are [" + diff + "] entry points missing in call graph", null); - } - // Throw exception if number of missing EPs exceeds threshold - if (this.entrypoints.size() - diff == 0) - throw new CallgraphConstructException("[0/" + this.entrypoints.size() + "] entry points found in call graph", null); - - // Print warning for missing entry points - if (diff > 0) { - SootCallgraphConstructor.log.warn("There should be " + this.entrypoints.size() + " entrypoints set; but " + - diff + " entrypoints missing in the call graph"); - for (SootMethod m : check_ep) - SootCallgraphConstructor.log.warn("[ " + m.getSignature() + " ] is missing"); - } else { - SootCallgraphConstructor.log.info("All [" + this.entrypoints.size() + "] entry points existing in the call graph"); - } + try { + final Class cls = Class.forName(slcEntrypointGenerator); + Constructor constructor = cls.getDeclaredConstructor(Collection.class); + IEntryPointCreator entryPointCreator = + (IEntryPointCreator) constructor.newInstance(methodsToCall); + SootMethod dummyMain = entryPointCreator.createDummyMain(); + ArrayList generatedEntrypoint = new ArrayList<>(); + generatedEntrypoint.add(dummyMain); + return generatedEntrypoint; + + } catch (Throwable e) { + SootCallgraphConstructor.log.error( + "Error while creating entrypoint generator of class [" + + slcEntrypointGenerator + + "]: " + + e.getMessage(), + e); } - /** - * Given a SootMethod, return its ConstructId - * - * @param _method the {@link soot.SootMethod} to compute the ConstructId for - * @return computed ConstructId - */ - private static com.sap.psr.vulas.shared.json.model.ConstructId getCid(SootMethod _method) { - String qname = null; - com.sap.psr.vulas.shared.json.model.ConstructId cid = null; - String signature = _method.getSignature(); - if (_method.getName().equals("")) { - qname = signature.substring(1, _method.getSignature().indexOf(":")); - cid = JavaId.toSharedType(JavaId.parseClassQName(qname).getClassInit()); - } else { - if (_method.isConstructor()) qname = signature.substring(1, signature.indexOf(":")); - else qname = signature.substring(1, signature.indexOf(":")) + "." + _method.getName(); - signature = _method.getSubSignature(); - qname += signature.substring(signature.indexOf("("), signature.indexOf(")") + 1); - qname = ClassVisitor.removeParameterQualification(qname); - if (_method.isConstructor()) cid = JavaId.toSharedType(JavaId.parseConstructorQName(qname)); - else cid = JavaId.toSharedType(JavaId.parseMethodQName(qname)); - } - return cid; + return new ArrayList<>(); + } + + /** + * {@inheritDoc} + * + * Read all configurations and parse command line options, and then build callgraph based on these properties + */ + public void buildCallgraph(boolean _policy) throws CallgraphConstructException { + SootCallgraphConstructor.log.info( + "Starting call graph construction for " + this.appContext.toString(false)); + + try { + PackManager.v().runPacks(); + + this.callgraph = Scene.v().getCallGraph(); + this.buildTimeNano = System.nanoTime() - start_nanos; + SootCallgraphConstructor.log.info( + "Construction completed in " + + StringUtil.nanoToMinString(this.buildTimeNano) + + ", call graph has [" + + callgraph.size() + + "] edges]"); + checkEntrypoints(_policy); + } catch (CallgraphConstructException e) { + SootCallgraphConstructor.log.error("Error building call graph: " + e.getMessage()); + throw new CallgraphConstructException("Error building call graph", e); } - - - /** - * Normalizing a soot callgraph to a general graph represented by ConstructId - * - * @return a {@link com.ibm.wala.util.graph.Graph} object. - */ - public Graph getCallgraph() { - final Graph graph = SlowSparseNumberedGraph.make(); - - if (this.callgraph != null) { - int edges_no = 0; - com.sap.psr.vulas.shared.json.model.ConstructId src_cid = null, tgt_cid = null; - MethodOrMethodContext src_node = null; - Iterator edges = null; - - final Iterator src_nodes = callgraph.sourceMethods(); - while (src_nodes.hasNext()) { - src_node = src_nodes.next(); - src_cid = getCid(src_node.method()); - graph.addNode(src_cid); - - //add edges - edges = this.callgraph.edgesOutOf(src_node); - while (edges.hasNext()) { - tgt_cid = getCid(edges.next().tgt()); - graph.addNode(tgt_cid); - if (!graph.hasEdge(src_cid, tgt_cid)) { - graph.addEdge(src_cid, tgt_cid); - edges_no++; - } - } - } - - SootCallgraphConstructor.log.info("Normalized call graph has [" + graph.getNumberOfNodes() + " nodes] (with distinct ConstructId) and [" + edges_no + "] edges"); - } - // No callgraph exists - else { - throw new IllegalStateException("There exists no call graph"); - } - return graph; + } + + /** + * check whether all entrypoints are existing in callgraph + * + * @throws CallgraphConstructException if no callgraph could be built + */ + private void checkEntrypoints(boolean _policy) throws CallgraphConstructException { + final HashSet check_ep = new HashSet<>(); + check_ep.addAll(this.entrypoints); + + Iterator src_nodes = callgraph.sourceMethods(); + SootMethod method = null; + MethodOrMethodContext src_node = null; + Iterator edges = null; + while (src_nodes.hasNext()) { + src_node = src_nodes.next(); + method = src_node.method(); + if (this.entrypoints.contains(method)) check_ep.remove(method); + edges = this.callgraph.edgesOutOf(src_node); + while (edges.hasNext()) { + method = edges.next().tgt(); + if (this.entrypoints.contains(method)) check_ep.remove(method); + } } - - /** - *

Getter for the field entrypoints.

- * - * @return a {@link java.util.Set} object. - */ - public Set getEntrypoints() { - return this.filteredEP; + int diff = check_ep.size(); + + if (_policy && diff != 0) { + for (SootMethod m : check_ep) + SootCallgraphConstructor.log.warn("[ " + m.getSignature() + " ] is missing"); + throw new CallgraphConstructException( + "Strict policy applied; terminating as there are [" + + diff + + "] entry points missing in call graph", + null); } - - /** {@inheritDoc} */ - public void setExcludePackages(String _packages) { - // Overwrite configuration (if requested) - if (_packages != null && !_packages.equals("")) - this.vulasConfiguration.setProperty(SootConfiguration.SOOT_EXCLUSIONS, _packages); - SootCallgraphConstructor.log.info("Set packages to be excluded [ " + this.vulasConfiguration.getConfiguration().getString(SootConfiguration.SOOT_EXCLUSIONS) + " ]"); + // Throw exception if number of missing EPs exceeds threshold + if (this.entrypoints.size() - diff == 0) + throw new CallgraphConstructException( + "[0/" + this.entrypoints.size() + "] entry points found in call graph", null); + + // Print warning for missing entry points + if (diff > 0) { + SootCallgraphConstructor.log.warn( + "There should be " + + this.entrypoints.size() + + " entrypoints set; but " + + diff + + " entrypoints missing in the call graph"); + for (SootMethod m : check_ep) + SootCallgraphConstructor.log.warn("[ " + m.getSignature() + " ] is missing"); + } else { + SootCallgraphConstructor.log.info( + "All [" + this.entrypoints.size() + "] entry points existing in the call graph"); + } + } + + /** + * Given a SootMethod, return its ConstructId + * + * @param _method the {@link soot.SootMethod} to compute the ConstructId for + * @return computed ConstructId + */ + private static com.sap.psr.vulas.shared.json.model.ConstructId getCid(SootMethod _method) { + String qname = null; + com.sap.psr.vulas.shared.json.model.ConstructId cid = null; + String signature = _method.getSignature(); + if (_method.getName().equals("")) { + qname = signature.substring(1, _method.getSignature().indexOf(":")); + cid = JavaId.toSharedType(JavaId.parseClassQName(qname).getClassInit()); + } else { + if (_method.isConstructor()) qname = signature.substring(1, signature.indexOf(":")); + else qname = signature.substring(1, signature.indexOf(":")) + "." + _method.getName(); + signature = _method.getSubSignature(); + qname += signature.substring(signature.indexOf("("), signature.indexOf(")") + 1); + qname = ClassVisitor.removeParameterQualification(qname); + if (_method.isConstructor()) cid = JavaId.toSharedType(JavaId.parseConstructorQName(qname)); + else cid = JavaId.toSharedType(JavaId.parseMethodQName(qname)); } + return cid; + } + + /** + * Normalizing a soot callgraph to a general graph represented by ConstructId + * + * @return a {@link com.ibm.wala.util.graph.Graph} object. + */ + public Graph getCallgraph() { + final Graph graph = + SlowSparseNumberedGraph.make(); + + if (this.callgraph != null) { + int edges_no = 0; + com.sap.psr.vulas.shared.json.model.ConstructId src_cid = null, tgt_cid = null; + MethodOrMethodContext src_node = null; + Iterator edges = null; + + final Iterator src_nodes = callgraph.sourceMethods(); + while (src_nodes.hasNext()) { + src_node = src_nodes.next(); + src_cid = getCid(src_node.method()); + graph.addNode(src_cid); + + // add edges + edges = this.callgraph.edgesOutOf(src_node); + while (edges.hasNext()) { + tgt_cid = getCid(edges.next().tgt()); + graph.addNode(tgt_cid); + if (!graph.hasEdge(src_cid, tgt_cid)) { + graph.addEdge(src_cid, tgt_cid); + edges_no++; + } + } + } + + SootCallgraphConstructor.log.info( + "Normalized call graph has [" + + graph.getNumberOfNodes() + + " nodes] (with distinct ConstructId) and [" + + edges_no + + "] edges"); + } + // No callgraph exists + else { + throw new IllegalStateException("There exists no call graph"); + } + return graph; + } + + /** + *

Getter for the field entrypoints.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getEntrypoints() { + return this.filteredEP; + } + + /** {@inheritDoc} */ + public void setExcludePackages(String _packages) { + // Overwrite configuration (if requested) + if (_packages != null && !_packages.equals("")) + this.vulasConfiguration.setProperty(SootConfiguration.SOOT_EXCLUSIONS, _packages); + SootCallgraphConstructor.log.info( + "Set packages to be excluded [ " + + this.vulasConfiguration + .getConfiguration() + .getString(SootConfiguration.SOOT_EXCLUSIONS) + + " ]"); + } } - diff --git a/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootConfiguration.java b/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootConfiguration.java index fd071b494..06c6b0883 100644 --- a/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootConfiguration.java +++ b/lang-java-reach-soot/src/main/java/com/sap/psr/vulas/cg/soot/SootConfiguration.java @@ -24,26 +24,26 @@ * */ public class SootConfiguration { - /** Constant SOOT_CONFIGURATION_SETTINGS="vulas.reach.soot" */ - public static final String SOOT_CONFIGURATION_SETTINGS = "vulas.reach.soot"; - /** Constant SOOT_VERBOSE="vulas.reach.soot.verbose" */ - public static final String SOOT_VERBOSE = "vulas.reach.soot.verbose"; - /** Constant SOOT_EXCLUSIONS="vulas.reach.soot.exclusions" */ - public static final String SOOT_EXCLUSIONS = "vulas.reach.soot.exclusions"; - /** Constant SOOT_ALLOW_PHANTOM="vulas.reach.soot.allowPhantom" */ - public static final String SOOT_ALLOW_PHANTOM = "vulas.reach.soot.allowPhantom"; - /** Constant SOOT_APP_MODE="vulas.reach.soot.appMode" */ - public static final String SOOT_APP_MODE = "vulas.reach.soot.appMode"; - /** Constant SOOT_NOBODY_FOR_X="vulas.reach.soot.nobodyForX" */ - public static final String SOOT_NOBODY_FOR_X = "vulas.reach.soot.nobodyForX"; - /** Constant SOOT_SPARK="vulas.reach.soot.spark" */ - public static final String SOOT_SPARK = "vulas.reach.soot.spark"; - /** Constant SOOT_SPARK_OTF="vulas.reach.soot.spark.otf" */ - public static final String SOOT_SPARK_OTF = "vulas.reach.soot.spark.otf"; - /** Constant SOOT_SPARK_VTA="vulas.reach.soot.spark.vta" */ - public static final String SOOT_SPARK_VTA = "vulas.reach.soot.spark.vta"; - /** Constant SOOT_SPARK_RTA="vulas.reach.soot.spark.rta" */ - public static final String SOOT_SPARK_RTA = "vulas.reach.soot.spark.rta"; - /** Constant SOOT_ENTRYPOINT_GENERATOR="vulas.reach.soot.entrypointGenerator" */ - public static final String SOOT_ENTRYPOINT_GENERATOR = "vulas.reach.soot.entrypointGenerator"; + /** Constant SOOT_CONFIGURATION_SETTINGS="vulas.reach.soot" */ + public static final String SOOT_CONFIGURATION_SETTINGS = "vulas.reach.soot"; + /** Constant SOOT_VERBOSE="vulas.reach.soot.verbose" */ + public static final String SOOT_VERBOSE = "vulas.reach.soot.verbose"; + /** Constant SOOT_EXCLUSIONS="vulas.reach.soot.exclusions" */ + public static final String SOOT_EXCLUSIONS = "vulas.reach.soot.exclusions"; + /** Constant SOOT_ALLOW_PHANTOM="vulas.reach.soot.allowPhantom" */ + public static final String SOOT_ALLOW_PHANTOM = "vulas.reach.soot.allowPhantom"; + /** Constant SOOT_APP_MODE="vulas.reach.soot.appMode" */ + public static final String SOOT_APP_MODE = "vulas.reach.soot.appMode"; + /** Constant SOOT_NOBODY_FOR_X="vulas.reach.soot.nobodyForX" */ + public static final String SOOT_NOBODY_FOR_X = "vulas.reach.soot.nobodyForX"; + /** Constant SOOT_SPARK="vulas.reach.soot.spark" */ + public static final String SOOT_SPARK = "vulas.reach.soot.spark"; + /** Constant SOOT_SPARK_OTF="vulas.reach.soot.spark.otf" */ + public static final String SOOT_SPARK_OTF = "vulas.reach.soot.spark.otf"; + /** Constant SOOT_SPARK_VTA="vulas.reach.soot.spark.vta" */ + public static final String SOOT_SPARK_VTA = "vulas.reach.soot.spark.vta"; + /** Constant SOOT_SPARK_RTA="vulas.reach.soot.spark.rta" */ + public static final String SOOT_SPARK_RTA = "vulas.reach.soot.spark.rta"; + /** Constant SOOT_ENTRYPOINT_GENERATOR="vulas.reach.soot.entrypointGenerator" */ + public static final String SOOT_ENTRYPOINT_GENERATOR = "vulas.reach.soot.entrypointGenerator"; } diff --git a/lang-java-reach-soot/src/test/java/SootCallGraphTest.java b/lang-java-reach-soot/src/test/java/SootCallGraphTest.java index c66b82b1f..51f4be6d8 100644 --- a/lang-java-reach-soot/src/test/java/SootCallGraphTest.java +++ b/lang-java-reach-soot/src/test/java/SootCallGraphTest.java @@ -42,76 +42,95 @@ import com.sap.psr.vulas.shared.util.VulasConfiguration; public class SootCallGraphTest { - - static{ - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.OFFLINE.toString()); - } - - private GoalContext getGoalContext() { - final GoalContext ctx = new GoalContext(); - ctx.setApplication(new Application("foo", "bar", "0.0")); - ctx.setVulasConfiguration(VulasConfiguration.getGlobal()); - return ctx; - } - private void runSootAnalysis() { - final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); - ra.setCallgraphConstructor(SootCallgraphConstructor.FRAMEWORK, false); - // Set classpaths - final Set app_paths = new HashSet(), dep_paths = new HashSet(); - app_paths.add(Paths.get("./src/test/resources/examples.jar")); - dep_paths.add(Paths.get("./src/test/resources/empty.jar")); - ra.setAppClasspaths(app_paths); - ra.setDependencyClasspaths(dep_paths); + static { + VulasConfiguration.getGlobal() + .setProperty( + CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.OFFLINE.toString()); + } - // Set the EP manually - final Set entrypoints = new HashSet(); - entrypoints.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Examples.main(String[])"))); - ra.setEntryPoints(entrypoints, PathSource.A2C, false); - ra.setAppConstructs(entrypoints); + private GoalContext getGoalContext() { + final GoalContext ctx = new GoalContext(); + ctx.setApplication(new Application("foo", "bar", "0.0")); + ctx.setVulasConfiguration(VulasConfiguration.getGlobal()); + return ctx; + } - // Set the target constructs (manually, rather than using a bug) - final Map> target_constructs = new HashMap>(); - final Set changes = new HashSet(); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Cat.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Fish.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Dog.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Car.saySomething()"))); - target_constructs.put("does-not-exist", changes); - ra.setTargetConstructs(target_constructs); + private void runSootAnalysis() { + final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); + ra.setCallgraphConstructor(SootCallgraphConstructor.FRAMEWORK, false); + // Set classpaths + final Set app_paths = new HashSet(), dep_paths = new HashSet(); + app_paths.add(Paths.get("./src/test/resources/examples.jar")); + dep_paths.add(Paths.get("./src/test/resources/empty.jar")); + ra.setAppClasspaths(app_paths); + ra.setDependencyClasspaths(dep_paths); - try { - ReachabilityAnalyzer.startAnalysis(ra, 600000); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + // Set the EP manually + final Set entrypoints = new HashSet(); + entrypoints.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Examples.main(String[])"))); + ra.setEntryPoints(entrypoints, PathSource.A2C, false); + ra.setAppConstructs(entrypoints); + + // Set the target constructs (manually, rather than using a bug) + final Map> target_constructs = new HashMap>(); + final Set changes = new HashSet(); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Cat.saySomething()"))); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Fish.saySomething()"))); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Dog.saySomething()"))); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Car.saySomething()"))); + target_constructs.put("does-not-exist", changes); + ra.setTargetConstructs(target_constructs); - @Test - public void callgraphServiceRegistered() { - ICallgraphConstructor callgraphConstructor = CallgraphConstructorFactory.buildCallgraphConstructor("soot", null, false); - assertEquals(callgraphConstructor.getFramework(), "soot"); - assertEquals(callgraphConstructor.getClass().getName(), SootCallgraphConstructor.class.getName()); - assertTrue(callgraphConstructor instanceof ICallgraphConstructor); + try { + ReachabilityAnalyzer.startAnalysis(ra, 600000); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); } + } + @Test + public void callgraphServiceRegistered() { + ICallgraphConstructor callgraphConstructor = + CallgraphConstructorFactory.buildCallgraphConstructor("soot", null, false); + assertEquals(callgraphConstructor.getFramework(), "soot"); + assertEquals( + callgraphConstructor.getClass().getName(), SootCallgraphConstructor.class.getName()); + assertTrue(callgraphConstructor instanceof ICallgraphConstructor); + } - @Test - public void examplesSootTestNoneEntrypointGenerator() { - VulasConfiguration.getGlobal().setProperty("vulas.reach.soot.entrypointGenerator", "none"); - runSootAnalysis(); - } + @Test + public void examplesSootTestNoneEntrypointGenerator() { + VulasConfiguration.getGlobal().setProperty("vulas.reach.soot.entrypointGenerator", "none"); + runSootAnalysis(); + } - @Test - public void examplesSootTestDefaultEntryPointGenerator() { - VulasConfiguration.getGlobal().setProperty("vulas.reach.soot.entrypointGenerator", "soot.jimple.infoflow.entryPointCreators.DefaultEntryPointCreator"); - runSootAnalysis(); - } + @Test + public void examplesSootTestDefaultEntryPointGenerator() { + VulasConfiguration.getGlobal() + .setProperty( + "vulas.reach.soot.entrypointGenerator", + "soot.jimple.infoflow.entryPointCreators.DefaultEntryPointCreator"); + runSootAnalysis(); + } - @Test - public void examplesSootTestCustomEntryPointGenerator() { - VulasConfiguration.getGlobal().setProperty("vulas.reach.soot.entrypointGenerator", "com.sap.psr.vulas.cg.soot.CustomEntryPointCreator"); - runSootAnalysis(); - } + @Test + public void examplesSootTestCustomEntryPointGenerator() { + VulasConfiguration.getGlobal() + .setProperty( + "vulas.reach.soot.entrypointGenerator", + "com.sap.psr.vulas.cg.soot.CustomEntryPointCreator"); + runSootAnalysis(); + } } diff --git a/lang-java-reach-wala/src/main/java/com/sap/psr/vulas/cg/wala/WalaCallgraphConstructor.java b/lang-java-reach-wala/src/main/java/com/sap/psr/vulas/cg/wala/WalaCallgraphConstructor.java index b548f42d9..07588eb27 100644 --- a/lang-java-reach-wala/src/main/java/com/sap/psr/vulas/cg/wala/WalaCallgraphConstructor.java +++ b/lang-java-reach-wala/src/main/java/com/sap/psr/vulas/cg/wala/WalaCallgraphConstructor.java @@ -28,7 +28,6 @@ import org.apache.commons.configuration.Configuration; import org.apache.logging.log4j.Logger; - import com.ibm.wala.classLoader.IClass; import com.ibm.wala.classLoader.IMethod; import com.ibm.wala.ipa.callgraph.AnalysisCache; @@ -64,416 +63,479 @@ */ public class WalaCallgraphConstructor implements ICallgraphConstructor { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - /** Constant FRAMEWORK="wala" */ - public static final String FRAMEWORK = "wala"; - - // Packages to be excluded for call graph construction, which is read from wala-cfg.properties - private File excludedPackagesFile = null; - - /** - * The context information of the application JAR to be analyzed - */ - private Application appContext = null; - - private VulasConfiguration vulasConfiguration = null; - - /** - *

getFramework.

- * - * @return a {@link java.lang.String} object. - */ - public String getFramework() { return WalaCallgraphConstructor.FRAMEWORK; } - - /** - *

Getter for the field appContext.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public Application getAppContext() { - return this.appContext; - } - - /** {@inheritDoc} */ - public void setVulasConfiguration(VulasConfiguration _cfg) { - this.vulasConfiguration = _cfg; - } - - /** - * The JAR to be analyzed. - */ - //private String appJar = null; - private String classpath = null; - private Iterable entrypoints = null; - private final Set filteredEP = new HashSet(); - // represents code to be analyzed - private AnalysisScope scope = null; - // a class hierarchy for name resolution, etc. - private IClassHierarchy cha = null; - - private CallGraph callgraph = null; - - private long buildTimeNano = -1; - - - /** {@inheritDoc} */ - public void setAppContext(Application _ctx) { - this.appContext = _ctx; - } - - /** {@inheritDoc} */ - public void setAppClasspath(String _cp) { - if (this.classpath != null) { - this.classpath += System.getProperty("path.separator"); - this.classpath += _cp; - } else - this.classpath = _cp; - WalaCallgraphConstructor.log.info("Add to wala classpath the application: [" + this.classpath + "]"); - } - - /** {@inheritDoc} */ - public void setDepClasspath(String _dependenciesClasspath) { - if (this.classpath != null) { - this.classpath += System.getProperty("path.separator"); - this.classpath += _dependenciesClasspath; - } else - this.classpath = _dependenciesClasspath; - WalaCallgraphConstructor.log.info("Add to wala classpath the dependencies: [" + this.classpath + "]"); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + /** Constant FRAMEWORK="wala" */ + public static final String FRAMEWORK = "wala"; + + // Packages to be excluded for call graph construction, which is read from wala-cfg.properties + private File excludedPackagesFile = null; + + /** + * The context information of the application JAR to be analyzed + */ + private Application appContext = null; + + private VulasConfiguration vulasConfiguration = null; + + /** + *

getFramework.

+ * + * @return a {@link java.lang.String} object. + */ + public String getFramework() { + return WalaCallgraphConstructor.FRAMEWORK; + } + + /** + *

Getter for the field appContext.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public Application getAppContext() { + return this.appContext; + } + + /** {@inheritDoc} */ + public void setVulasConfiguration(VulasConfiguration _cfg) { + this.vulasConfiguration = _cfg; + } + + /** + * The JAR to be analyzed. + */ + // private String appJar = null; + private String classpath = null; + + private Iterable entrypoints = null; + private final Set filteredEP = + new HashSet(); + // represents code to be analyzed + private AnalysisScope scope = null; + // a class hierarchy for name resolution, etc. + private IClassHierarchy cha = null; + + private CallGraph callgraph = null; + + private long buildTimeNano = -1; + + /** {@inheritDoc} */ + public void setAppContext(Application _ctx) { + this.appContext = _ctx; + } + + /** {@inheritDoc} */ + public void setAppClasspath(String _cp) { + if (this.classpath != null) { + this.classpath += System.getProperty("path.separator"); + this.classpath += _cp; + } else this.classpath = _cp; + WalaCallgraphConstructor.log.info( + "Add to wala classpath the application: [" + this.classpath + "]"); + } + + /** {@inheritDoc} */ + public void setDepClasspath(String _dependenciesClasspath) { + if (this.classpath != null) { + this.classpath += System.getProperty("path.separator"); + this.classpath += _dependenciesClasspath; + } else this.classpath = _dependenciesClasspath; + WalaCallgraphConstructor.log.info( + "Add to wala classpath the dependencies: [" + this.classpath + "]"); + } + + /** + * {@inheritDoc} + * + * Filter and find all entrypoints in scope + */ + public void setEntrypoints(Set _constructs) + throws CallgraphConstructException { + try { + this.scope = + AnalysisScopeReader.makeJavaBinaryAnalysisScope( + this.classpath, this.excludedPackagesFile); + + // The removal of ClassHierarchy.make(AnalysisScope) was made with commit + // https://github.com/wala/WALA/commit/c9b1006305f3a72fa584792f1e3a47f772c0aaa6#diff-537da437552ca52fe290d9def0cb5b16 + // ClassHierarchy.make(this.scope); + this.cha = ClassHierarchyFactory.make(this.scope); + } catch (Exception e) { + WalaCallgraphConstructor.log.error(e.getMessage()); + throw new IllegalStateException("Could not build class hierarchy", e); + } catch (Error e) { + WalaCallgraphConstructor.log.error(e.getMessage()); + throw new CallgraphConstructException("Could not set entrypoints", e); } - /** - * {@inheritDoc} - * - * Filter and find all entrypoints in scope - */ - public void setEntrypoints(Set _constructs) throws CallgraphConstructException { - try { - this.scope = AnalysisScopeReader.makeJavaBinaryAnalysisScope(this.classpath, this.excludedPackagesFile); - - // The removal of ClassHierarchy.make(AnalysisScope) was made with commit https://github.com/wala/WALA/commit/c9b1006305f3a72fa584792f1e3a47f772c0aaa6#diff-537da437552ca52fe290d9def0cb5b16 - //ClassHierarchy.make(this.scope); - this.cha = ClassHierarchyFactory.make(this.scope); - } catch (Exception e) { - WalaCallgraphConstructor.log.error(e.getMessage()); - throw new IllegalStateException("Could not build class hierarchy", e); + // If no entrypoints found to be set, set the main method as entrypoint + if (_constructs.isEmpty()) { + // this.entrypoints = new AllApplicationEntrypoints(this.scope, this.cha); + this.entrypoints = Util.makeMainEntrypoints(scope, cha); + Iterator iter = this.entrypoints.iterator(); + IMethod m = null; + while (iter.hasNext()) { + m = iter.next().getMethod(); + this.filteredEP.add(getCid(m)); + } + WalaCallgraphConstructor.log.warn( + "No customized entrypoints found to be set; Therefore set " + + this.filteredEP.size() + + " application [main] methods as entrypoints by default"); + } else { + IMethod method = null; + String method_qname = null; + HashSet ep = new HashSet(); + HashSet _constructs_qname = new HashSet(); + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : _constructs) { + + // Prevent IllegalArgumentException in toCoreType for non-Java app constructs + if (ProgrammingLanguage.JAVA.equals(cid.getLang())) { + + // Only use constructors and methods as entrypoints + // TODO: Also static initializers? + final JavaId jcid = (JavaId) JavaId.toCoreType(cid); + if (jcid instanceof com.sap.psr.vulas.java.JavaConstructorId + || jcid instanceof com.sap.psr.vulas.java.JavaMethodId) { + _constructs_qname.add(cid.getQname()); + this.filteredEP.add(cid); + } } - catch (Error e){ - WalaCallgraphConstructor.log.error(e.getMessage()); - throw new CallgraphConstructException("Could not set entrypoints", e); - } - - // If no entrypoints found to be set, set the main method as entrypoint - if (_constructs.isEmpty()) { - //this.entrypoints = new AllApplicationEntrypoints(this.scope, this.cha); - this.entrypoints = Util.makeMainEntrypoints(scope, cha); - Iterator iter = this.entrypoints.iterator(); - IMethod m = null; - while (iter.hasNext()) { - m = iter.next().getMethod(); - this.filteredEP.add(getCid(m)); - } - WalaCallgraphConstructor.log.warn("No customized entrypoints found to be set; Therefore set " + this.filteredEP.size() + - " application [main] methods as entrypoints by default"); - } else { - IMethod method = null; - String method_qname = null; - HashSet ep = new HashSet(); - HashSet _constructs_qname = new HashSet(); - for(com.sap.psr.vulas.shared.json.model.ConstructId cid : _constructs) { - - // Prevent IllegalArgumentException in toCoreType for non-Java app constructs - if(ProgrammingLanguage.JAVA.equals(cid.getLang())) { - - // Only use constructors and methods as entrypoints - //TODO: Also static initializers? - final JavaId jcid = (JavaId) JavaId.toCoreType(cid); - if (jcid instanceof com.sap.psr.vulas.java.JavaConstructorId || jcid instanceof com.sap.psr.vulas.java.JavaMethodId) { - _constructs_qname.add(cid.getQname()); - this.filteredEP.add(cid); - } - } + } + + for (IClass klass : cha) { + // klass is not an interface and it's application class + if ((!klass.isInterface()) + && (cha.getScope() + .getApplicationLoader() + .equals(klass.getClassLoader().getReference()))) { + for (Iterator m_iter = klass.getDeclaredMethods().iterator(); + m_iter.hasNext(); ) { + method = (IMethod) m_iter.next(); + if (!method.isClinit()) { + method_qname = getCid(method).getQname(); + if (!method.isAbstract() && (_constructs_qname.contains(method_qname))) { + ep.add(new ArgumentTypeEntrypoint(method, cha)); + } } - - for (IClass klass : cha) { - // klass is not an interface and it's application class - if ((!klass.isInterface()) && (cha.getScope().getApplicationLoader().equals(klass.getClassLoader().getReference()))) { - for (Iterator m_iter = klass.getDeclaredMethods().iterator(); m_iter.hasNext(); ) { - method = (IMethod) m_iter.next(); - if (!method.isClinit()) { - method_qname = getCid(method).getQname(); - if (!method.isAbstract() && (_constructs_qname.contains(method_qname))) { - ep.add(new ArgumentTypeEntrypoint(method, cha)); - } - } - } - } - } - - final Iterator iter = ep.iterator(); - //Convert HashSet to Iterable - this.entrypoints = new Iterable() { - public Iterator iterator() { - return iter; - } - }; + } } - - if (this.entrypoints.iterator().hasNext()) - WalaCallgraphConstructor.log.info("[" + this.filteredEP.size() + "] entry points set"); - else - throw new CallgraphConstructException("No entry points could be set, which will not allow to build the call graph", null); + } + + final Iterator iter = ep.iterator(); + // Convert HashSet to Iterable + this.entrypoints = + new Iterable() { + public Iterator iterator() { + return iter; + } + }; } - - private static String getRefType(TypeReference _t) { - String type = null; - if (_t.isArrayType()) { - if (_t.equals(TypeReference.BooleanArray)) type = "boolean[]"; - else if (_t.equals(TypeReference.ByteArray)) type = "byte[]"; - else if (_t.equals(TypeReference.CharArray)) type = "char[]"; - else if (_t.equals(TypeReference.DoubleArray)) type = "double[]"; - else if (_t.equals(TypeReference.FloatArray)) type = "float[]"; - else if (_t.equals(TypeReference.IntArray)) type = "int[]"; - else if (_t.equals(TypeReference.LongArray)) type = "long[]"; - else if (_t.equals(TypeReference.ShortArray)) type = "short[]"; - else type = _t.getName().getClassName().toString() + "[]"; - } else if (_t.isPrimitiveType()) { - if (_t.equals(TypeReference.Boolean)) type = "boolean"; - else if (_t.equals(TypeReference.Byte)) type = "byte"; - else if (_t.equals(TypeReference.Char)) type = "char"; - else if (_t.equals(TypeReference.Double)) type = "double"; - else if (_t.equals(TypeReference.Float)) type = "float"; - else if (_t.equals(TypeReference.Int)) type = "int"; - else if (_t.equals(TypeReference.Long)) type = "long"; - else if (_t.equals(TypeReference.Short)) type = "short"; - } else if (_t.isClassType()) { - type = _t.getName().getClassName().toString(); - } else { - type = "other"; - } - return type; + if (this.entrypoints.iterator().hasNext()) + WalaCallgraphConstructor.log.info("[" + this.filteredEP.size() + "] entry points set"); + else + throw new CallgraphConstructException( + "No entry points could be set, which will not allow to build the call graph", null); + } + + private static String getRefType(TypeReference _t) { + String type = null; + if (_t.isArrayType()) { + if (_t.equals(TypeReference.BooleanArray)) type = "boolean[]"; + else if (_t.equals(TypeReference.ByteArray)) type = "byte[]"; + else if (_t.equals(TypeReference.CharArray)) type = "char[]"; + else if (_t.equals(TypeReference.DoubleArray)) type = "double[]"; + else if (_t.equals(TypeReference.FloatArray)) type = "float[]"; + else if (_t.equals(TypeReference.IntArray)) type = "int[]"; + else if (_t.equals(TypeReference.LongArray)) type = "long[]"; + else if (_t.equals(TypeReference.ShortArray)) type = "short[]"; + else type = _t.getName().getClassName().toString() + "[]"; + } else if (_t.isPrimitiveType()) { + if (_t.equals(TypeReference.Boolean)) type = "boolean"; + else if (_t.equals(TypeReference.Byte)) type = "byte"; + else if (_t.equals(TypeReference.Char)) type = "char"; + else if (_t.equals(TypeReference.Double)) type = "double"; + else if (_t.equals(TypeReference.Float)) type = "float"; + else if (_t.equals(TypeReference.Int)) type = "int"; + else if (_t.equals(TypeReference.Long)) type = "long"; + else if (_t.equals(TypeReference.Short)) type = "short"; + } else if (_t.isClassType()) { + type = _t.getName().getClassName().toString(); + } else { + type = "other"; } - - /** - * Given an IMethod, identify whether it's an object constructor<clinit>, class initializer<clinit> or a method, return the ConstructId - * - * @param _method - * @return - */ - private static com.sap.psr.vulas.shared.json.model.ConstructId getCid(IMethod _method) { - String qname = ""; - com.sap.psr.vulas.shared.json.model.ConstructId cid = null; - if (_method.isClinit()) { - qname = _method.getSignature().substring(0, _method.getSignature().indexOf("<") - 1); - cid = JavaId.toSharedType(JavaId.parseClassQName(qname).getClassInit()); - } else { - int p_size = _method.getNumberOfParameters(); - StringBuilder params = new StringBuilder("("); - String type = ""; - if (_method.isInit()) { - for (int i = 1; i < p_size; i++) { - type = getRefType(_method.getParameterType(i)); - if (type.contains("$")) { - type = type.substring((type.lastIndexOf("$") + 1), type.length()); - } - params.append(type); - if (i != p_size - 1) params.append(","); - } - params.append(")"); - qname = _method.getSignature().substring(0, _method.getSignature().indexOf("<") - 1) + params; - cid = JavaId.toSharedType(JavaId.parseConstructorQName(qname)); - } else { - for (int i = (_method.isStatic() ? 0 : 1); i < p_size; i++) { - type = getRefType(_method.getParameterType(i)); - if (type.contains("$")) { - type = type.substring((type.lastIndexOf("$") + 1), type.length()); - } - params.append(type); - if (i != p_size - 1) params.append(","); - } - params.append(")"); - qname = _method.getSignature().substring(0, _method.getSignature().indexOf("(")) + params; - qname = ClassVisitor.removeParameterQualification(qname); - cid = JavaId.toSharedType(JavaId.parseMethodQName(qname)); - } + return type; + } + + /** + * Given an IMethod, identify whether it's an object constructor<clinit>, class initializer<clinit> or a method, return the ConstructId + * + * @param _method + * @return + */ + private static com.sap.psr.vulas.shared.json.model.ConstructId getCid(IMethod _method) { + String qname = ""; + com.sap.psr.vulas.shared.json.model.ConstructId cid = null; + if (_method.isClinit()) { + qname = _method.getSignature().substring(0, _method.getSignature().indexOf("<") - 1); + cid = JavaId.toSharedType(JavaId.parseClassQName(qname).getClassInit()); + } else { + int p_size = _method.getNumberOfParameters(); + StringBuilder params = new StringBuilder("("); + String type = ""; + if (_method.isInit()) { + for (int i = 1; i < p_size; i++) { + type = getRefType(_method.getParameterType(i)); + if (type.contains("$")) { + type = type.substring((type.lastIndexOf("$") + 1), type.length()); + } + params.append(type); + if (i != p_size - 1) params.append(","); + } + params.append(")"); + qname = + _method.getSignature().substring(0, _method.getSignature().indexOf("<") - 1) + params; + cid = JavaId.toSharedType(JavaId.parseConstructorQName(qname)); + } else { + for (int i = (_method.isStatic() ? 0 : 1); i < p_size; i++) { + type = getRefType(_method.getParameterType(i)); + if (type.contains("$")) { + type = type.substring((type.lastIndexOf("$") + 1), type.length()); + } + params.append(type); + if (i != p_size - 1) params.append(","); } - return cid; + params.append(")"); + qname = _method.getSignature().substring(0, _method.getSignature().indexOf("(")) + params; + qname = ClassVisitor.removeParameterQualification(qname); + cid = JavaId.toSharedType(JavaId.parseMethodQName(qname)); + } } - - /** - * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. - * - * @return the time required for building the call graph (in nanoseconds) - */ - public long getConstructionTime() { - return this.buildTimeNano; + return cid; + } + + /** + * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. + * + * @return the time required for building the call graph (in nanoseconds) + */ + public long getConstructionTime() { + return this.buildTimeNano; + } + + /** + * Returns a human-readable description of the constructor's specific configuration. + * + * @return a {@link org.apache.commons.configuration.Configuration} object. + */ + public Configuration getConstructorConfiguration() { + return this.vulasConfiguration.getConfiguration().subset("vulas.reach.wala"); + } + + /** + * {@inheritDoc} + * + * Parse command line arguments, and then build callgraph based on these properties + */ + public void buildCallgraph(boolean _policy) throws CallgraphConstructException { + WalaCallgraphConstructor.log.info( + "Starting call graph construction for " + this.appContext.toString(false)); + try { + // String[] args = new String[]{"-appJar", this.classpath, "-cg", + // VulasConfiguration.getSingleton().getConfiguration().getString("vulas.reach.wala.callgraph.algorithm")}; + // CommandLine.parse(args); + String cg_algorithm = + this.vulasConfiguration + .getConfiguration() + .getString("vulas.reach.wala.callgraph.algorithm"); + WalaCallgraphConstructor.log.info( + "Using algorithm [" + + cg_algorithm + + "], reflection option [" + + this.vulasConfiguration + .getConfiguration() + .getString("vulas.reach.wala.callgraph.reflection") + + "]"); + final long start_nanos = System.nanoTime(); + + // encapsulates various analysis options + AnalysisOptions options = new AnalysisOptions(this.scope, this.entrypoints); + options.setReflectionOptions( + ReflectionOptions.valueOf( + this.vulasConfiguration + .getConfiguration() + .getString("vulas.reach.wala.callgraph.reflection"))); + // callgraph builder based on algorithm + CallGraphBuilder builder = null; + + // The removal of the default constructor AnalysisCache was removed with commit + // https://github.com/wala/WALA/commit/d24519e97497e24fe8e4495331a649343905694b#diff-a431691cd25b49752402611d45061d01 + final AnalysisCache cache = new AnalysisCacheImpl(); // AstIRFactory.makeDefaultFactory()); + + if (cg_algorithm.equals("RTA")) { + builder = Util.makeRTABuilder(options, cache, this.cha, this.scope); + } else if (cg_algorithm.equals("0-CFA")) { + builder = Util.makeZeroCFABuilder(options, cache, this.cha, this.scope); + } else if (cg_algorithm.equals("0-ctn-CFA")) { + builder = Util.makeZeroContainerCFABuilder(options, cache, this.cha, this.scope); + } else if (cg_algorithm.equals("vanilla-0-1-CFA")) { + builder = Util.makeVanillaZeroOneCFABuilder(options, cache, this.cha, this.scope); + } else if (cg_algorithm.equals("0-1-CFA")) { + builder = Util.makeZeroOneCFABuilder(options, cache, this.cha, this.scope); + } else if (cg_algorithm.equals("0-1-ctn-CFA")) { + builder = Util.makeZeroOneContainerCFABuilder(options, cache, this.cha, this.scope); + } else { + builder = Util.makeZeroOneCFABuilder(options, cache, this.cha, this.scope); + } + + // Build callgraph based on options and algorithm + try { + this.callgraph = builder.makeCallGraph(options, null); + this.buildTimeNano = System.nanoTime() - start_nanos; + WalaCallgraphConstructor.log.info( + "Call graph construction completed in " + + StringUtil.nanoToFlexDurationString(this.buildTimeNano)); + WalaCallgraphConstructor.log.info( + "[" + cg_algorithm + "] " + CallGraphStats.getStats(this.callgraph)); + this.checkEntrypoints(_policy); + } + // Wala construction problems sometimes result in NPEs, e.g., if certain language features are + // not supported + catch (NullPointerException e) { + WalaCallgraphConstructor.log.error("NPE during call graph construction", e); + throw new CallgraphConstructException( + "Cannot build call graph with framework [" + + this.getFramework() + + "] and algorithm [" + + cg_algorithm + + "]"); + } } - - /** - * Returns a human-readable description of the constructor's specific configuration. - * - * @return a {@link org.apache.commons.configuration.Configuration} object. - */ - public Configuration getConstructorConfiguration() { - return this.vulasConfiguration.getConfiguration().subset("vulas.reach.wala"); + // Just re-throw what has been created (NPE during makeCallGraph or checkEntrypoints) + catch (CallgraphConstructException e) { + throw e; + } catch (Exception e) { + WalaCallgraphConstructor.log.error("Error building call graph: " + e.getMessage()); + throw new CallgraphConstructException("Error building call graph", e); } - - /** - * {@inheritDoc} - * - * Parse command line arguments, and then build callgraph based on these properties - */ - public void buildCallgraph(boolean _policy) throws CallgraphConstructException { - WalaCallgraphConstructor.log.info("Starting call graph construction for " + this.appContext.toString(false)); - try { - //String[] args = new String[]{"-appJar", this.classpath, "-cg", VulasConfiguration.getSingleton().getConfiguration().getString("vulas.reach.wala.callgraph.algorithm")}; - //CommandLine.parse(args); - String cg_algorithm = this.vulasConfiguration.getConfiguration().getString("vulas.reach.wala.callgraph.algorithm"); - WalaCallgraphConstructor.log.info("Using algorithm [" + cg_algorithm + "], reflection option [" + this.vulasConfiguration.getConfiguration().getString("vulas.reach.wala.callgraph.reflection") + "]"); - final long start_nanos = System.nanoTime(); - - // encapsulates various analysis options - AnalysisOptions options = new AnalysisOptions(this.scope, this.entrypoints); - options.setReflectionOptions(ReflectionOptions.valueOf(this.vulasConfiguration.getConfiguration().getString("vulas.reach.wala.callgraph.reflection"))); - // callgraph builder based on algorithm - CallGraphBuilder builder = null; - - // The removal of the default constructor AnalysisCache was removed with commit https://github.com/wala/WALA/commit/d24519e97497e24fe8e4495331a649343905694b#diff-a431691cd25b49752402611d45061d01 - final AnalysisCache cache = new AnalysisCacheImpl(); //AstIRFactory.makeDefaultFactory()); - - if (cg_algorithm.equals("RTA")) { - builder = Util.makeRTABuilder(options, cache, this.cha, this.scope); - } else if (cg_algorithm.equals("0-CFA")) { - builder = Util.makeZeroCFABuilder(options, cache, this.cha, this.scope); - } else if (cg_algorithm.equals("0-ctn-CFA")) { - builder = Util.makeZeroContainerCFABuilder(options, cache, this.cha, this.scope); - } else if (cg_algorithm.equals("vanilla-0-1-CFA")) { - builder = Util.makeVanillaZeroOneCFABuilder(options, cache, this.cha, this.scope); - } else if (cg_algorithm.equals("0-1-CFA")) { - builder = Util.makeZeroOneCFABuilder(options, cache, this.cha, this.scope); - } else if (cg_algorithm.equals("0-1-ctn-CFA")) { - builder = Util.makeZeroOneContainerCFABuilder(options, cache, this.cha, this.scope); - } else { - builder = Util.makeZeroOneCFABuilder(options, cache, this.cha, this.scope); - } - - // Build callgraph based on options and algorithm - try { - this.callgraph = builder.makeCallGraph(options, null); - this.buildTimeNano = System.nanoTime() - start_nanos; - WalaCallgraphConstructor.log.info("Call graph construction completed in " + StringUtil.nanoToFlexDurationString(this.buildTimeNano)); - WalaCallgraphConstructor.log.info("[" + cg_algorithm + "] " + CallGraphStats.getStats(this.callgraph)); - this.checkEntrypoints(_policy); - } - // Wala construction problems sometimes result in NPEs, e.g., if certain language features are not supported - catch (NullPointerException e) { - WalaCallgraphConstructor.log.error("NPE during call graph construction", e); - throw new CallgraphConstructException("Cannot build call graph with framework [" + this.getFramework() + "] and algorithm [" + cg_algorithm + "]"); - } - } - // Just re-throw what has been created (NPE during makeCallGraph or checkEntrypoints) - catch (CallgraphConstructException e) { - throw e; - } - catch (Exception e) { - WalaCallgraphConstructor.log.error("Error building call graph: " + e.getMessage()); - throw new CallgraphConstructException("Error building call graph", e); - } + } + + /** + * check whether all entrypoints are existing in callgraph + * + * @throws CallgraphConstructException + */ + private void checkEntrypoints(boolean _policy) throws CallgraphConstructException { + HashSet ep_diff = + new HashSet(); + com.sap.psr.vulas.shared.json.model.ConstructId cid = null; + ep_diff.addAll(this.filteredEP); + for (CGNode node : this.callgraph.getEntrypointNodes()) { + cid = getCid(node.getMethod()); + ep_diff.remove(cid); } - - /** - * check whether all entrypoints are existing in callgraph - * - * @throws CallgraphConstructException - */ - private void checkEntrypoints(boolean _policy) throws CallgraphConstructException { - HashSet ep_diff = new HashSet(); - com.sap.psr.vulas.shared.json.model.ConstructId cid = null; - ep_diff.addAll(this.filteredEP); - for (CGNode node : this.callgraph.getEntrypointNodes()) { - cid = getCid(node.getMethod()); - ep_diff.remove(cid); - } - if (_policy && (!ep_diff.isEmpty())) - throw new CallgraphConstructException("Strict policy applied; terminating as there are [" + ep_diff.size() + "] entry points missing in call graph", null); - if (ep_diff.size() == this.filteredEP.size()) - throw new CallgraphConstructException("[0/" + ep_diff.size() + "] entry points found in call graph", null); - - if ((!_policy) && (!ep_diff.isEmpty())) { - WalaCallgraphConstructor.log.warn("There should be [" + this.filteredEP.size() + "] entrypoints set; but [" + - ep_diff.size() + "] entrypoints are missing in the call graph"); - for (com.sap.psr.vulas.shared.json.model.ConstructId m : ep_diff) - WalaCallgraphConstructor.log.warn(" [" + m.getQname() + "] is missing"); - } else { - WalaCallgraphConstructor.log.info("All [" + this.filteredEP.size() + "] entrypoints exist in the call graph"); - } + if (_policy && (!ep_diff.isEmpty())) + throw new CallgraphConstructException( + "Strict policy applied; terminating as there are [" + + ep_diff.size() + + "] entry points missing in call graph", + null); + if (ep_diff.size() == this.filteredEP.size()) + throw new CallgraphConstructException( + "[0/" + ep_diff.size() + "] entry points found in call graph", null); + + if ((!_policy) && (!ep_diff.isEmpty())) { + WalaCallgraphConstructor.log.warn( + "There should be [" + + this.filteredEP.size() + + "] entrypoints set; but [" + + ep_diff.size() + + "] entrypoints are missing in the call graph"); + for (com.sap.psr.vulas.shared.json.model.ConstructId m : ep_diff) + WalaCallgraphConstructor.log.warn(" [" + m.getQname() + "] is missing"); + } else { + WalaCallgraphConstructor.log.info( + "All [" + this.filteredEP.size() + "] entrypoints exist in the call graph"); } - - /** - * Normalizing a wala callgraph to a general graph represented by ConstructId - * - * @return a {@link com.ibm.wala.util.graph.Graph} object. - */ - public Graph getCallgraph() { - Graph graph = SlowSparseNumberedGraph.make(); - - if (this.callgraph != null) { - int edges_no = 0; - Iterator nodes = this.callgraph.iterator(); - CGNode srcnode = null, tgtnode = null; - com.sap.psr.vulas.shared.json.model.ConstructId src_cid = null, tgt_cid = null; - Iterator succNodes = null; - while (nodes.hasNext()) { - srcnode = nodes.next(); - src_cid = getCid(srcnode.getMethod()); - graph.addNode(src_cid); - //add edges - succNodes = this.callgraph.getSuccNodes(srcnode); - while (succNodes.hasNext()) { - tgtnode = succNodes.next(); - tgt_cid = getCid(tgtnode.getMethod()); - graph.addNode(tgt_cid); - if (!graph.hasEdge(src_cid, tgt_cid)) { - graph.addEdge(src_cid, tgt_cid); - edges_no++; - } - } - } - WalaCallgraphConstructor.log.info("Normalized call graph has [" + graph.getNumberOfNodes() + " nodes] (with distinct ConstructId) and [" + edges_no + " edges]"); + } + + /** + * Normalizing a wala callgraph to a general graph represented by ConstructId + * + * @return a {@link com.ibm.wala.util.graph.Graph} object. + */ + public Graph getCallgraph() { + Graph graph = SlowSparseNumberedGraph.make(); + + if (this.callgraph != null) { + int edges_no = 0; + Iterator nodes = this.callgraph.iterator(); + CGNode srcnode = null, tgtnode = null; + com.sap.psr.vulas.shared.json.model.ConstructId src_cid = null, tgt_cid = null; + Iterator succNodes = null; + while (nodes.hasNext()) { + srcnode = nodes.next(); + src_cid = getCid(srcnode.getMethod()); + graph.addNode(src_cid); + // add edges + succNodes = this.callgraph.getSuccNodes(srcnode); + while (succNodes.hasNext()) { + tgtnode = succNodes.next(); + tgt_cid = getCid(tgtnode.getMethod()); + graph.addNode(tgt_cid); + if (!graph.hasEdge(src_cid, tgt_cid)) { + graph.addEdge(src_cid, tgt_cid); + edges_no++; + } } - // No callgrpah exists - else { - throw new IllegalStateException("There exists no call graph"); - } - return graph; + } + WalaCallgraphConstructor.log.info( + "Normalized call graph has [" + + graph.getNumberOfNodes() + + " nodes] (with distinct ConstructId) and [" + + edges_no + + " edges]"); } - - /** - *

Getter for the field entrypoints.

- * - * @return a {@link java.util.Set} object. - */ - public Set getEntrypoints() { - return this.filteredEP; + // No callgrpah exists + else { + throw new IllegalStateException("There exists no call graph"); } - - /** {@inheritDoc} */ - public void setExcludePackages(String _packages) { - - // Overwrite configuration (if requested) - if (_packages != null && !_packages.equals("")) - this.vulasConfiguration.setProperty("vulas.reach.wala.callgraph.exclusions", _packages); - - // Get configuration (original or overwritten) - final String buffer = this.vulasConfiguration.getConfiguration().getString("vulas.reach.wala.callgraph.exclusions"); - - // Write exluded packages into file - try { - this.excludedPackagesFile = FileUtil.writeToTmpFile("exclusion", "txt", buffer.replaceAll(";", System.getProperty("line.separator"))).toFile(); - } catch (IOException e) { - WalaCallgraphConstructor.log.error("Cannot create file with exlcuded Java packages: " + e.getMessage(), e); - } - - WalaCallgraphConstructor.log.info("Set packages to be excluded [ " + buffer + " ]"); + return graph; + } + + /** + *

Getter for the field entrypoints.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getEntrypoints() { + return this.filteredEP; + } + + /** {@inheritDoc} */ + public void setExcludePackages(String _packages) { + + // Overwrite configuration (if requested) + if (_packages != null && !_packages.equals("")) + this.vulasConfiguration.setProperty("vulas.reach.wala.callgraph.exclusions", _packages); + + // Get configuration (original or overwritten) + final String buffer = + this.vulasConfiguration + .getConfiguration() + .getString("vulas.reach.wala.callgraph.exclusions"); + + // Write exluded packages into file + try { + this.excludedPackagesFile = + FileUtil.writeToTmpFile( + "exclusion", "txt", buffer.replaceAll(";", System.getProperty("line.separator"))) + .toFile(); + } catch (IOException e) { + WalaCallgraphConstructor.log.error( + "Cannot create file with exlcuded Java packages: " + e.getMessage(), e); } + + WalaCallgraphConstructor.log.info("Set packages to be excluded [ " + buffer + " ]"); + } } diff --git a/lang-java-reach-wala/src/test/java/WalaCallGraphTest.java b/lang-java-reach-wala/src/test/java/WalaCallGraphTest.java index b1982f2d4..1eaa6d9f0 100644 --- a/lang-java-reach-wala/src/test/java/WalaCallGraphTest.java +++ b/lang-java-reach-wala/src/test/java/WalaCallGraphTest.java @@ -42,60 +42,73 @@ import static org.junit.Assert.assertTrue; public class WalaCallGraphTest { - - static{ - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.OFFLINE.toString()); - } - private GoalContext getGoalContext() { - final GoalContext ctx = new GoalContext(); - ctx.setApplication(new Application("foo", "bar", "0.0")); - ctx.setVulasConfiguration(new VulasConfiguration()); - return ctx; - } + static { + VulasConfiguration.getGlobal() + .setProperty( + CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.OFFLINE.toString()); + } + private GoalContext getGoalContext() { + final GoalContext ctx = new GoalContext(); + ctx.setApplication(new Application("foo", "bar", "0.0")); + ctx.setVulasConfiguration(new VulasConfiguration()); + return ctx; + } - @Test - public void callgraphServiceRegistered() { - ICallgraphConstructor callgraphConstructor = CallgraphConstructorFactory.buildCallgraphConstructor("wala", null, false); - assertEquals(callgraphConstructor.getFramework(), "wala"); - assertEquals(callgraphConstructor.getClass().getName(), WalaCallgraphConstructor.class.getName()); - assertTrue(callgraphConstructor instanceof ICallgraphConstructor); - } + @Test + public void callgraphServiceRegistered() { + ICallgraphConstructor callgraphConstructor = + CallgraphConstructorFactory.buildCallgraphConstructor("wala", null, false); + assertEquals(callgraphConstructor.getFramework(), "wala"); + assertEquals( + callgraphConstructor.getClass().getName(), WalaCallgraphConstructor.class.getName()); + assertTrue(callgraphConstructor instanceof ICallgraphConstructor); + } - @Test - public void examplesWalaTest() { - final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); - ra.setCallgraphConstructor(WalaCallgraphConstructor.FRAMEWORK, false); + @Test + public void examplesWalaTest() { + final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); + ra.setCallgraphConstructor(WalaCallgraphConstructor.FRAMEWORK, false); - // Set classpaths - final Set app_paths = new HashSet(), dep_paths = new HashSet(); - app_paths.add(Paths.get("./src/test/resources/examples.jar")); - dep_paths.add(Paths.get("./src/test/resources/empty.jar")); - ra.setAppClasspaths(app_paths); - ra.setDependencyClasspaths(dep_paths); + // Set classpaths + final Set app_paths = new HashSet(), dep_paths = new HashSet(); + app_paths.add(Paths.get("./src/test/resources/examples.jar")); + dep_paths.add(Paths.get("./src/test/resources/empty.jar")); + ra.setAppClasspaths(app_paths); + ra.setDependencyClasspaths(dep_paths); - // Set the EP manually - final Set entrypoints = new HashSet(); - entrypoints.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Examples.main(String[])"))); - ra.setEntryPoints(entrypoints, PathSource.A2C, false); - ra.setAppConstructs(entrypoints); + // Set the EP manually + final Set entrypoints = new HashSet(); + entrypoints.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Examples.main(String[])"))); + ra.setEntryPoints(entrypoints, PathSource.A2C, false); + ra.setAppConstructs(entrypoints); - // Set the target constructs (manually, rather than using a bug) - final Map> target_constructs = new HashMap>(); - final Set changes = new HashSet(); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Cat.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Fish.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Dog.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Car.saySomething()"))); - target_constructs.put("does-not-exist", changes); - ra.setTargetConstructs(target_constructs); + // Set the target constructs (manually, rather than using a bug) + final Map> target_constructs = new HashMap>(); + final Set changes = new HashSet(); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Cat.saySomething()"))); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Fish.saySomething()"))); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Dog.saySomething()"))); + changes.add( + JavaId.toSharedType( + JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Car.saySomething()"))); + target_constructs.put("does-not-exist", changes); + ra.setTargetConstructs(target_constructs); - try { - ReachabilityAnalyzer.startAnalysis(ra, 600000); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } + try { + ReachabilityAnalyzer.startAnalysis(ra, 600000); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); } + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/A2CGoal.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/A2CGoal.java index 46fd19315..9d585e2c5 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/A2CGoal.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/A2CGoal.java @@ -23,51 +23,59 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.shared.enums.GoalType; import com.sap.psr.vulas.shared.enums.PathSource; import com.sap.psr.vulas.shared.util.ConstructIdUtil; -import com.sap.psr.vulas.shared.util.VulasConfiguration; /** *

A2CGoal class.

* */ public class A2CGoal extends AbstractReachGoal { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - private Set entryPoints = null; - - /** - *

Constructor for A2CGoal.

- */ - public A2CGoal() { super(GoalType.A2C); } - - /** - *

Getter for the field entryPoints.

- * - * @return a {@link java.util.Set} object. - */ - protected final Set getEntryPoints() { - if(this.entryPoints==null) { - // Filter app constructs (if requested) - final String[] filter = this.getConfiguration().getConfiguration().getStringArray(ReachabilityConfiguration.REACH_CONSTR_FILTER); - if(filter!=null && filter.length>0 && !(filter.length==1 && filter[0].equals(""))) { - this.entryPoints = ConstructIdUtil.filterWithRegex(this.getAppConstructs(), filter); - } else { - this.entryPoints = this.getAppConstructs(); - } - } - return this.entryPoints; - } - - /** - * {@inheritDoc} - * - * Sets the application constructs as entry points of the {@link ReachabilityAnalyzer}. - */ - protected final void setEntryPoints(ReachabilityAnalyzer _ra) { - _ra.setEntryPoints(this.getEntryPoints(), PathSource.A2C, this.getConfiguration().getConfiguration().getBoolean(ReachabilityConfiguration.REACH_EXIT_UNKOWN_EP, false)); - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private Set entryPoints = null; + + /** + *

Constructor for A2CGoal.

+ */ + public A2CGoal() { + super(GoalType.A2C); + } + + /** + *

Getter for the field entryPoints.

+ * + * @return a {@link java.util.Set} object. + */ + protected final Set getEntryPoints() { + if (this.entryPoints == null) { + // Filter app constructs (if requested) + final String[] filter = + this.getConfiguration() + .getConfiguration() + .getStringArray(ReachabilityConfiguration.REACH_CONSTR_FILTER); + if (filter != null && filter.length > 0 && !(filter.length == 1 && filter[0].equals(""))) { + this.entryPoints = ConstructIdUtil.filterWithRegex(this.getAppConstructs(), filter); + } else { + this.entryPoints = this.getAppConstructs(); + } + } + return this.entryPoints; + } + + /** + * {@inheritDoc} + * + * Sets the application constructs as entry points of the {@link ReachabilityAnalyzer}. + */ + protected final void setEntryPoints(ReachabilityAnalyzer _ra) { + _ra.setEntryPoints( + this.getEntryPoints(), + PathSource.A2C, + this.getConfiguration() + .getConfiguration() + .getBoolean(ReachabilityConfiguration.REACH_EXIT_UNKOWN_EP, false)); + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractGetPaths.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractGetPaths.java index 004dada9a..8c02a7857 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractGetPaths.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractGetPaths.java @@ -30,28 +30,27 @@ * To implement different algorithms of computing all paths */ public abstract class AbstractGetPaths { - - protected Graph graph = null; - protected ArrayList nodeId = null; - - /** - *

Constructor for AbstractGetPaths.

- * - * @param _graph a {@link com.ibm.wala.util.graph.Graph} object. - * @param _nodeid a {@link java.util.ArrayList} object. - */ - public AbstractGetPaths(Graph _graph, ArrayList _nodeid) { - this.graph = _graph; - this.nodeId = _nodeid; - } - - /** - *

getAllPaths.

- * - * @param _src a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @param _tgt a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a {@link java.util.HashSet} object. - */ - public abstract HashSet> getAllPaths (ConstructId _src, ConstructId _tgt); + protected Graph graph = null; + protected ArrayList nodeId = null; + + /** + *

Constructor for AbstractGetPaths.

+ * + * @param _graph a {@link com.ibm.wala.util.graph.Graph} object. + * @param _nodeid a {@link java.util.ArrayList} object. + */ + public AbstractGetPaths(Graph _graph, ArrayList _nodeid) { + this.graph = _graph; + this.nodeId = _nodeid; + } + + /** + *

getAllPaths.

+ * + * @param _src a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @param _tgt a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a {@link java.util.HashSet} object. + */ + public abstract HashSet> getAllPaths(ConstructId _src, ConstructId _tgt); } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractReachGoal.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractReachGoal.java index d732b1cfa..a048b6d12 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractReachGoal.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/AbstractReachGoal.java @@ -26,7 +26,6 @@ import com.sap.psr.vulas.shared.enums.GoalClient; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.backend.BackendConnectionException; import com.sap.psr.vulas.backend.BackendConnector; import com.sap.psr.vulas.goals.AbstractAppGoal; @@ -38,7 +37,6 @@ import com.sap.psr.vulas.shared.util.StringList; import com.sap.psr.vulas.shared.util.StringList.CaseSensitivity; import com.sap.psr.vulas.shared.util.StringList.ComparisonMode; -import com.sap.psr.vulas.shared.util.VulasConfiguration; /** *

Abstract AbstractReachGoal class.

@@ -46,195 +44,228 @@ */ public abstract class AbstractReachGoal extends AbstractAppGoal { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private Set preparedDepClasspath = new HashSet(); - - private Set preparedAppClasspath = new HashSet(); - - /** Rewritten Java archives to be deleted after goal execution. */ - private Set rewrittenJars = new HashSet(); - - private Set appConstructs = null; - - /** - *

Constructor for AbstractReachGoal.

- * - * @param _type a {@link com.sap.psr.vulas.shared.enums.GoalType} object. - */ - protected AbstractReachGoal(GoalType _type) { - super(_type); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private Set preparedDepClasspath = new HashSet(); + + private Set preparedAppClasspath = new HashSet(); + + /** Rewritten Java archives to be deleted after goal execution. */ + private Set rewrittenJars = new HashSet(); + + private Set appConstructs = null; + + /** + *

Constructor for AbstractReachGoal.

+ * + * @param _type a {@link com.sap.psr.vulas.shared.enums.GoalType} object. + */ + protected AbstractReachGoal(GoalType _type) { + super(_type); + } + + /** + * Calls the backend in order to retrieve all application constructs of the given application. + * + * @return a {@link java.util.Set} object. + */ + protected final Set getAppConstructs() { + if (this.appConstructs == null) { + try { + this.appConstructs = + BackendConnector.getInstance() + .getAppConstructIds(this.getGoalContext(), this.getApplicationContext()); + } catch (BackendConnectionException e) { + throw new IllegalStateException(e.getMessage()); + } } - - /** - * Calls the backend in order to retrieve all application constructs of the given application. - * - * @return a {@link java.util.Set} object. - */ - protected final Set getAppConstructs() { - if (this.appConstructs == null) { - try { - this.appConstructs = BackendConnector.getInstance().getAppConstructIds(this.getGoalContext(), this.getApplicationContext()); - } catch (BackendConnectionException e) { - throw new IllegalStateException(e.getMessage()); - } - } - return this.appConstructs; - } - - /** - * Prepares the classpaths, including the rewriting of JAR files (if requested). - */ - private final void prepareClasspath() { - - // The problems described in Jira ticket VULAS-1429 look as if the caches survive A2C executions on different modules. Check and clear explicitly. - ClassPoolUpdater.getInstance().reset(); - - final FileSearch jar_search = new FileSearch(JAR_EXT); - final FileSearch class_search = new FileSearch(CLASS_EXT); - - final boolean preprocess = this.getConfiguration().getConfiguration().getBoolean(ReachabilityConfiguration.REACH_PREPROCESS, true); - - final StringList exclude_jars = new StringList(this.getConfiguration().getConfiguration().getStringArray(ReachabilityConfiguration.REACH_EXCL_JARS)); - - // Append known dependencies to classpath (can be none in case of CLI) - for (Path p : this.getKnownDependencies().keySet()) { - Path appended_path = null; - if (exclude_jars.isEmpty()) - appended_path = JarWriter.appendToClasspath(this.preparedDepClasspath, p, preprocess); - else if (!exclude_jars.contains(p.getFileName().toString(), ComparisonMode.PATTERN, CaseSensitivity.CASE_INSENSITIVE)) - appended_path = JarWriter.appendToClasspath(this.preparedDepClasspath, p, preprocess); - else - log.info("[" + p + "] excluded from reachability analysis"); - - if(appended_path!=null && !appended_path.equals(p)) - this.rewrittenJars.add(appended_path); - } - - ClassPoolUpdater.getInstance().appendToClasspath(this.preparedDepClasspath); - - // Find JARs in all source paths (can contain app code and dependencies in case of the CLI) - for (Path app_dir : this.getAppPaths()) { - // Search for JAR files - jar_search.clear(); - - // Add them one by one to the classpath (except those excluded through configuration) - final Set paths = jar_search.search(app_dir); - for (Path p : paths) { - Path appended_path = null; - if (exclude_jars.isEmpty()) - appended_path = JarWriter.appendToClasspath(this.preparedAppClasspath, p, preprocess); - else if (!exclude_jars.contains(p.getFileName().toString(), ComparisonMode.PATTERN, CaseSensitivity.CASE_INSENSITIVE)) - appended_path = JarWriter.appendToClasspath(this.preparedAppClasspath, p, preprocess); - else - log.info("[" + p + "] excluded from reachability analysis"); - - if(appended_path!=null && !appended_path.equals(p)) - this.rewrittenJars.add(appended_path); - } - - // Search for class files - class_search.clear(); - final Set classes = class_search.search(app_dir); - log.info("Update class path for [" + classes.size() + "] class files"); - this.preparedAppClasspath.addAll(ClassPoolUpdater.getInstance().getClasspaths(classes)); - } - - ClassPoolUpdater.getInstance().appendToClasspath(preparedAppClasspath); - - log.info("Rewrote [" + this.rewrittenJars.size() + "] dependencies"); + return this.appConstructs; + } + + /** + * Prepares the classpaths, including the rewriting of JAR files (if requested). + */ + private final void prepareClasspath() { + + // The problems described in Jira ticket VULAS-1429 look as if the caches survive A2C executions + // on different modules. Check and clear explicitly. + ClassPoolUpdater.getInstance().reset(); + + final FileSearch jar_search = new FileSearch(JAR_EXT); + final FileSearch class_search = new FileSearch(CLASS_EXT); + + final boolean preprocess = + this.getConfiguration() + .getConfiguration() + .getBoolean(ReachabilityConfiguration.REACH_PREPROCESS, true); + + final StringList exclude_jars = + new StringList( + this.getConfiguration() + .getConfiguration() + .getStringArray(ReachabilityConfiguration.REACH_EXCL_JARS)); + + // Append known dependencies to classpath (can be none in case of CLI) + for (Path p : this.getKnownDependencies().keySet()) { + Path appended_path = null; + if (exclude_jars.isEmpty()) + appended_path = JarWriter.appendToClasspath(this.preparedDepClasspath, p, preprocess); + else if (!exclude_jars.contains( + p.getFileName().toString(), ComparisonMode.PATTERN, CaseSensitivity.CASE_INSENSITIVE)) + appended_path = JarWriter.appendToClasspath(this.preparedDepClasspath, p, preprocess); + else log.info("[" + p + "] excluded from reachability analysis"); + + if (appended_path != null && !appended_path.equals(p)) this.rewrittenJars.add(appended_path); } - /** - * Gets the entry points of the {@link ReachabilityAnalyzer}. - *

- * MUST be overridden by subclasses, e.g., by {@link A2CGoal} and {@link T2CGoal}. - * - * @return a {@link java.util.Set} object. - */ - protected abstract Set getEntryPoints(); - - /** - * Sets the entry points of the {@link ReachabilityAnalyzer}. - *

- * MUST be overridden by subclasses, e.g., by {@link A2CGoal} and {@link T2CGoal}. - * - * @param _ra a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. - */ - protected abstract void setEntryPoints(ReachabilityAnalyzer _ra); - - /** - * {@inheritDoc} - * - * Prepares the classpaths. - */ - @Override - protected final void prepareExecution() throws GoalConfigurationException { - super.prepareExecution(); - this.prepareClasspath(); + ClassPoolUpdater.getInstance().appendToClasspath(this.preparedDepClasspath); + + // Find JARs in all source paths (can contain app code and dependencies in case of the CLI) + for (Path app_dir : this.getAppPaths()) { + // Search for JAR files + jar_search.clear(); + + // Add them one by one to the classpath (except those excluded through configuration) + final Set paths = jar_search.search(app_dir); + for (Path p : paths) { + Path appended_path = null; + if (exclude_jars.isEmpty()) + appended_path = JarWriter.appendToClasspath(this.preparedAppClasspath, p, preprocess); + else if (!exclude_jars.contains( + p.getFileName().toString(), ComparisonMode.PATTERN, CaseSensitivity.CASE_INSENSITIVE)) + appended_path = JarWriter.appendToClasspath(this.preparedAppClasspath, p, preprocess); + else log.info("[" + p + "] excluded from reachability analysis"); + + if (appended_path != null && !appended_path.equals(p)) + this.rewrittenJars.add(appended_path); + } + + // Search for class files + class_search.clear(); + final Set classes = class_search.search(app_dir); + log.info("Update class path for [" + classes.size() + "] class files"); + this.preparedAppClasspath.addAll(ClassPoolUpdater.getInstance().getClasspaths(classes)); } - /** {@inheritDoc} */ - @Override - protected final void executeTasks() throws Exception { - - // Create reachability analyzer - final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); - ra.setAppConstructs(this.getAppConstructs()); - ra.setAppClasspaths(this.preparedAppClasspath); - ra.setDependencyClasspaths(this.preparedDepClasspath); - - // Are there any entry points - if (this.getEntryPoints() == null || this.getEntryPoints().isEmpty()) { - log.warn("No entry points, reachability analysis cannot be performed"); - return; - } - - // Set the entry points in the resp. subclass - this.setEntryPoints(ra); - - //set the call graph constructor, based on the configured framework - ra.setCallgraphConstructor(this.getConfiguration().getConfiguration().getString(ReachabilityConfiguration.REACH_FWK, "wala"), this.getGoalClient() == GoalClient.CLI); - - ra.setTargetConstructs(this.getConfiguration().getConfiguration().getString(ReachabilityConfiguration.REACH_BUGS, null)); - ra.setExcludePackages(this.getConfiguration().getConfiguration().getString(ReachabilityConfiguration.REACH_EXCL_PACK, null)); - - // Trigger the analysis - final boolean success = ReachabilityAnalyzer.startAnalysis(ra, this.getConfiguration().getConfiguration().getInt(ReachabilityConfiguration.REACH_TIMEOUT, 15) * 60L * 1000L); - - // Upload - if (success) - ra.upload(); - - // Add goal stats - this.addGoalStats(this.getGoalType().toString() + ".analysisTerminated", (success ? 1 : 0)); - this.addGoalStats(this.getGoalType().toString() + ".entryPoints", this.getEntryPoints().size()); - this.addGoalStats(this.getGoalType().toString() + ".classpathLength", ra.getAppClasspath().split(System.getProperty("path.separator")).length + ra.getDependencyClasspath().split(System.getProperty("path.separator")).length); - this.addGoalStats(this.getGoalType().toString() + ".callgraphNodes", ra.getNodeCount()); - this.addGoalStats(this.getGoalType().toString() + ".callgraphEdges", ra.getEdgeCount()); - this.addGoalStats(this.getGoalType().toString(), ra.getStatistics()); + ClassPoolUpdater.getInstance().appendToClasspath(preparedAppClasspath); + + log.info("Rewrote [" + this.rewrittenJars.size() + "] dependencies"); + } + + /** + * Gets the entry points of the {@link ReachabilityAnalyzer}. + *

+ * MUST be overridden by subclasses, e.g., by {@link A2CGoal} and {@link T2CGoal}. + * + * @return a {@link java.util.Set} object. + */ + protected abstract Set getEntryPoints(); + + /** + * Sets the entry points of the {@link ReachabilityAnalyzer}. + *

+ * MUST be overridden by subclasses, e.g., by {@link A2CGoal} and {@link T2CGoal}. + * + * @param _ra a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. + */ + protected abstract void setEntryPoints(ReachabilityAnalyzer _ra); + + /** + * {@inheritDoc} + * + * Prepares the classpaths. + */ + @Override + protected final void prepareExecution() throws GoalConfigurationException { + super.prepareExecution(); + this.prepareClasspath(); + } + + /** {@inheritDoc} */ + @Override + protected final void executeTasks() throws Exception { + + // Create reachability analyzer + final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); + ra.setAppConstructs(this.getAppConstructs()); + ra.setAppClasspaths(this.preparedAppClasspath); + ra.setDependencyClasspaths(this.preparedDepClasspath); + + // Are there any entry points + if (this.getEntryPoints() == null || this.getEntryPoints().isEmpty()) { + log.warn("No entry points, reachability analysis cannot be performed"); + return; } - /** - * {@inheritDoc} - * - * Deletes pre-processed JAR files (if any). - */ - @Override - protected final void cleanAfterExecution() { - if (this.getConfiguration().getConfiguration().getBoolean(ReachabilityConfiguration.REACH_PREPROCESS, true)) { - log.info("Deleting [" + this.rewrittenJars.size() + "] temporary (pre-processed) dependencies..."); - for (Path p : this.rewrittenJars) { - try { - boolean ret = p.toFile().delete(); - if(ret) - log.info(" Deleted temporary (pre-processed) dependency [" + p + "] "); - else - log.warn(" Cannot delete temporary (pre-processed) dependency [" + p + "]"); - } catch (Exception ioe) { - log.error(" Cannot delete temporary (pre-processed) dependency [" + p + "]: " + ioe.getMessage()); - } - } + // Set the entry points in the resp. subclass + this.setEntryPoints(ra); + + // set the call graph constructor, based on the configured framework + ra.setCallgraphConstructor( + this.getConfiguration() + .getConfiguration() + .getString(ReachabilityConfiguration.REACH_FWK, "wala"), + this.getGoalClient() == GoalClient.CLI); + + ra.setTargetConstructs( + this.getConfiguration() + .getConfiguration() + .getString(ReachabilityConfiguration.REACH_BUGS, null)); + ra.setExcludePackages( + this.getConfiguration() + .getConfiguration() + .getString(ReachabilityConfiguration.REACH_EXCL_PACK, null)); + + // Trigger the analysis + final boolean success = + ReachabilityAnalyzer.startAnalysis( + ra, + this.getConfiguration() + .getConfiguration() + .getInt(ReachabilityConfiguration.REACH_TIMEOUT, 15) + * 60L + * 1000L); + + // Upload + if (success) ra.upload(); + + // Add goal stats + this.addGoalStats(this.getGoalType().toString() + ".analysisTerminated", (success ? 1 : 0)); + this.addGoalStats(this.getGoalType().toString() + ".entryPoints", this.getEntryPoints().size()); + this.addGoalStats( + this.getGoalType().toString() + ".classpathLength", + ra.getAppClasspath().split(System.getProperty("path.separator")).length + + ra.getDependencyClasspath().split(System.getProperty("path.separator")).length); + this.addGoalStats(this.getGoalType().toString() + ".callgraphNodes", ra.getNodeCount()); + this.addGoalStats(this.getGoalType().toString() + ".callgraphEdges", ra.getEdgeCount()); + this.addGoalStats(this.getGoalType().toString(), ra.getStatistics()); + } + + /** + * {@inheritDoc} + * + * Deletes pre-processed JAR files (if any). + */ + @Override + protected final void cleanAfterExecution() { + if (this.getConfiguration() + .getConfiguration() + .getBoolean(ReachabilityConfiguration.REACH_PREPROCESS, true)) { + log.info( + "Deleting [" + this.rewrittenJars.size() + "] temporary (pre-processed) dependencies..."); + for (Path p : this.rewrittenJars) { + try { + boolean ret = p.toFile().delete(); + if (ret) log.info(" Deleted temporary (pre-processed) dependency [" + p + "] "); + else log.warn(" Cannot delete temporary (pre-processed) dependency [" + p + "]"); + } catch (Exception ioe) { + log.error( + " Cannot delete temporary (pre-processed) dependency [" + + p + + "]: " + + ioe.getMessage()); } + } } + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/Callgraph.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/Callgraph.java index 96c897480..f642183e6 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/Callgraph.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/Callgraph.java @@ -35,7 +35,6 @@ import org.apache.logging.log4j.Logger; - import com.ibm.wala.util.graph.Graph; import com.ibm.wala.util.graph.impl.SlowSparseNumberedGraph; import com.sap.psr.vulas.ConstructId; @@ -51,470 +50,494 @@ import javassist.Modifier; import javassist.NotFoundException; - /** * A general call graph representation for both wala and soot framework. * Usage: Graph path computation; rendering/visualization */ public class Callgraph { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private int nodeCount = 0; - private int edgeCount = 0; - - private Graph idgraph = SlowSparseNumberedGraph.make(); - /** - *

getGraph.

- * - * @return a {@link com.ibm.wala.util.graph.Graph} object. - */ - public Graph getGraph() { - return this.idgraph; - } - - /** - * Maps all callgraph constructs to integers (useful when wanting to have the unique integer ID for a given construct). - * The IDs are equivalant to the ones in nodeId. - * @see Callgraph#nodeId - */ - private final HashMap nodeMap = new HashMap(); - - /** - * Maps all callgraph metaInformation to integers (useful when wanting to have the unique integer ID for a given construct). - * The IDs are equivalant to the ones in nodeId. - * @see Callgraph#nodeId - */ - private final HashMap nodeInfoMap = new HashMap(); - - /** - * For each URL contains a JarAnalyzer Object. This allows us to get every - * information about the JAR of each node without the need to create - * an instance of JarAnalyzer for all of them. Every node is a method so - * most of them share the JAR with others methods - */ - private final HashMap jarAnalyzersCache = new HashMap(); - - /** - * Cache of JAR URLs for given construct Ids. - */ - private final Map cachedJarUrls = new HashMap(); - - /** - * Constructs for which no JAR URL information can be obtained. - */ - private final Set constructsWithoutJarUrl = new HashSet(); - - /** - * Returns the unique integer ID of the given construct in the context of this callgraph, or -1 if no such identifier exists. - * - * @param _c a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return the unique integer ID of the construct - */ - public int getIdForConstruct(com.sap.psr.vulas.shared.json.model.ConstructId _c) { - final Integer i = this.nodeMap.get(_c); - if(i==null) return -1; - else return i.intValue(); - } - - /** - * Returns true if the given construct exists in this callgraph, false otherwise. - * - * @param _c a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a boolean. - */ - public boolean existsInCallgraph(com.sap.psr.vulas.shared.json.model.ConstructId _c) { - return this.getIdForConstruct(_c)!=-1; - } - - /** - * Contains all callgraph constructs (useful when wanting a construct for a given integer ID). - * The IDs are equivalant to the ones in nodeMap. - * @see Callgraph#nodeMap - */ - private final ArrayList nodeId = new ArrayList(); - /** - *

Getter for the field nodeId.

- * - * @return a {@link java.util.ArrayList} object. - */ - public ArrayList getNodeId() { return this.nodeId; } - /** - *

getConstructForId.

- * - * @param _id a int. - * @return a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - */ - public com.sap.psr.vulas.shared.json.model.ConstructId getConstructForId(int _id) { return this.nodeId.get(_id); } - - /** - * Creates a callgraph and populates an internal map of constructs and integer indices (which allow faster processing and more compact representations). - * - * @param _g a {@link com.ibm.wala.util.graph.Graph} object. - */ - public Callgraph (Graph _g) { - if( _g!=null ) { - - // The problems described in Jira ticket VULAS-1429 look as if the caches survive A2C executions on different modules. Check and clear explicitly. - if(!this.cachedJarUrls.isEmpty()) { - log.warn("JAR URL cache not empty, clearing now..."); - this.cachedJarUrls.clear(); - } - if(!this.jarAnalyzersCache.isEmpty()) { - log.warn("JarAnalyzer cache not empty, clearing now ..."); - this.jarAnalyzersCache.clear(); - } - - Iterator iter = _g.iterator(); - com.sap.psr.vulas.shared.json.model.ConstructId src_node = null, tgt_node = null; - Iterator succNodes = null; - Integer src_id = null, tgt_id = null, count = -1; - - // Populate the map of constructs and integers - while (iter.hasNext()) { - this.nodeCount++; - src_node = iter.next(); - src_id = this.nodeMap.get(src_node); - if(src_id == null) { - src_id = ++count; - this.nodeMap.put(src_node, src_id); - this.nodeInfoMap.put(src_id, this.createNodeMetaInformation(src_node, src_id)); - this.nodeId.add(src_node); - this.idgraph.addNode(src_id); - } - //targets - succNodes = _g.getSuccNodes(src_node); - while(succNodes.hasNext()){ - this.edgeCount++; - tgt_node = succNodes.next(); - tgt_id = this.nodeMap.get(tgt_node); - if(tgt_id == null) { - tgt_id = ++count; - this.nodeMap.put(tgt_node, tgt_id); - this.nodeInfoMap.put(tgt_id, this.createNodeMetaInformation(tgt_node, tgt_id)); - this.nodeId.add(tgt_node); - this.idgraph.addNode(tgt_id); - } - //add edges - this.idgraph.addEdge(src_id, tgt_id); - } - } - Callgraph.log.info("Built Graph of " + this.idgraph.getNumberOfNodes() + " nodes"); - } - } - - /** - * Given a {@link ConstructId} and its ID (look {@link Callgraph#nodeId}) return - * the NodeMetaInformation object that represent this node. - * @param target - * @param target_id - * @return - */ - private NodeMetaInformation createNodeMetaInformation(com.sap.psr.vulas.shared.json.model.ConstructId target, Integer target_id){ - URL jar_url = this.collectArchiveInformation(target); - String archiveID = null; - if(jar_url!=null && jar_url.toString().startsWith("file:")) { - archiveID = this.getShaFromCachedJarAnalyzer(jar_url); - } - else { - jar_url = null; - } - return new NodeMetaInformation(target, this.parseNonStaticInnerClassConstruct(target), jar_url, archiveID); - } - - /** - *

getInformationForConstructId.

- * - * @param target a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. - */ - public NodeMetaInformation getInformationForConstructId(com.sap.psr.vulas.shared.json.model.ConstructId target){ - return this.nodeInfoMap.get(this.getIdForConstruct(target)); - } - - /** - *

Getter for the field constructsWithoutJarUrl.

- * - * @return a {@link java.util.Set} object. - */ - public Set getConstructsWithoutJarUrl() { - return constructsWithoutJarUrl; - } - - /** - *

getInformationForId.

- * - * @param id a {@link java.lang.Integer} object. - * @return a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. - */ - public NodeMetaInformation getInformationForId(Integer id){ - return this.nodeInfoMap.get(id); - } - - /** - * Returns the number of nodes in this graph. - * - * @see #getEdgeCount() - * @return the number of nodes in this graph - */ - public int getNodeCount() { return this.nodeCount; } - - /** - * Returns the number of edges in this graph. - * - * @see #getNodeCount() - * @return the number of edges in this graph - */ - public int getEdgeCount() { return this.edgeCount; } - - /** - * Given a target (changes), compute the shortest distance from all nodes to this target - * - * @param _tgt a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a {@link java.util.Map} object. - */ - public Map getDist (com.sap.psr.vulas.shared.json.model.ConstructId _tgt) { - - // Initialize the distances map, whereby the distance from source to source is 0, - // from all other nodes to source is Int.max (= infinite by initialization) - Map dist = new HashMap(); - final int tgt_id = this.nodeMap.get(_tgt); - final Iterator nodes = this.idgraph.iterator(); - while (nodes.hasNext()) { - final int node = nodes.next(); - if(node == tgt_id) - dist.put(node, 0); - else - dist.put(node, Integer.MAX_VALUE); - } - - // Now compute all distances - dist = this.computeDist(tgt_id, dist); - - // Map to be returned: ConstructId->Integer - final Map result = new HashMap(); - for(Map.Entry entry : dist.entrySet()) - result.put(this.nodeId.get(entry.getKey()), entry.getValue()); - - return result; - } - - /** - * Recursive method of getDist, updating the Map _dist - * @param _tgt - * @param _dist - * @return - */ - private Map computeDist(Integer _tgt, Map _dist) { - - // For all predecessor nodes of _tgt, distance to the original target plus one - final int distance = _dist.get(_tgt) + 1; - - // Loop all predecessor nodes of _tgt - final Iterator pred_nodes = this.idgraph.getPredNodes(_tgt); - while (pred_nodes.hasNext()) { - final Integer prednode = pred_nodes.next(); - - // Only update _dist when the distance becomes shorter (-1 = infinite) - // HP, 29.11: Changed from -1 for infinite to Integer.MAX_VALUE, which safes one comparison - if (_dist.get(prednode) > distance) { - _dist.put(prednode, distance); - _dist = this.computeDist(prednode, _dist); - } - } - return _dist; - } - - /** - * Given a target construct (e.g., a change list element of a security patch), the method computes the shortest - * path from all callgraph nodes to this target (if any). - * The method internally performs a back search, starting from the target node. - * - * @param _tgt a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @param _stop_if_path_found a {@link java.util.Set} object. - * @return a map of shortest paths from constructs (= keys of the map) to the target node - * @see Callgraph#computeShortestPath(Integer, Map, Set) - */ - public Map> getShortestPath(com.sap.psr.vulas.shared.json.model.ConstructId _tgt, final Set _stop_if_path_found) { - - // Get the integer index for the target construct to be reached - final int tgt_id = this.nodeMap.get(_tgt); - - // Initialize the shortest path map (which maps integers to constructs), whereby - // the path from target to target is empty (size of linked list = 0), from all other nodes to target is null (= no path) - Map> path = new HashMap>(); - final Iterator nodes = this.idgraph.iterator(); - while (nodes.hasNext()) { - final int node = nodes.next(); - if(node == tgt_id) - path.put(node, new LinkedList()); - else - path.put(node, null); - } - - // Convert the set of search stops - Set stop_nodes = null; - if(_stop_if_path_found!=null) { - stop_nodes = new HashSet(); - for(com.sap.psr.vulas.shared.json.model.ConstructId cid: _stop_if_path_found) { - final Integer node_id = this.nodeMap.get(cid); - if(node_id!=null) - stop_nodes.add(node_id); - } - } - - // Compute the shortest path to target, thereby updating the path map - path = this.computeShortestPath(tgt_id, path, stop_nodes); - - // Create the return map (which maps constructs to integers), thereby inverting the shortest path map used above - final Map> result = new HashMap>(); - for(Map.Entry> entry : path.entrySet()) - result.put(this.nodeId.get(entry.getKey()), entry.getValue()); - return result; - } - - /** - * Recursive method of getShortestPath, updating the Map _path - * @param _tgt - * @param _paths - * @return - */ - private Map> computeShortestPath(Integer _tgt, Map> _paths, final Set _stop_nodes) { - - final LinkedList new_path = new LinkedList(); - new_path.addAll(_paths.get(_tgt)); - // Create the new path by adding the current target node (i.e. _tgt) - new_path.add(_tgt); - - final int new_path_length = new_path.size(); - - final Iterator pred_nodes = this.idgraph.getPredNodes(_tgt); - while (pred_nodes.hasNext()) { - final int prednode = pred_nodes.next(); - - // Only update when there is no path or when the path becomes shorter - if ( _paths.get(prednode) == null || (_paths.get(prednode).size() > new_path_length) ) { - _paths.put(prednode, new_path); - - // Only continue searching if there are no stop nodes, or none of them has been reached yet - if(_stop_nodes==null || !this.existsPath(_paths, _stop_nodes)) - _paths = this.computeShortestPath(prednode, _paths, _stop_nodes); - } - - - } - return _paths; - } - - /** - * Returns true if there exists a path with length > 0 for at least one of the nodes. - * - * @param _paths - * @param _nodes - * @return - */ - private final boolean existsPath(Map> _paths, final Set _nodes) { - for(Integer n: _nodes) { - if(_paths.containsKey(n) && _paths.get(n)!=null && _paths.get(n).size()>0) { - return true; - } - } - return false; - } - - private synchronized URL collectArchiveInformation(com.sap.psr.vulas.shared.json.model.ConstructId tgt_node) { - URL url = null; - final JavaId jid = ((JavaId)JavaId.toCoreType(tgt_node)).getCompilationUnit(); - - // We should always have a Java ID, since packages are not part of the callgraph - if(jid!=null) { - // Not in cache -> put in cache - if(!this.cachedJarUrls.containsKey(jid)) { - url = jid.getJarUrl(); - this.cachedJarUrls.put(jid, url); - - // Warn if we do not find a URL - if(url==null) - constructsWithoutJarUrl.add(tgt_node); - } - // Read from cache - url = this.cachedJarUrls.get(jid); - } - - return url; - } - - /** - * This method parse a construct, if is the constructor of a NON static - * inner class that take as first argument a reference to the outer class - * it will be deleted from the argument list (is added by the compiler). - * - * If the ConstructId is not a constructor OR if is not of an inner class - * OR if there are no reason to modify this constructor the method return null - * - * @param target the {@link ConstructId} to be examined - * @return the {@link ConstructId} modified or null if is nothing needs to be changed - */ - private com.sap.psr.vulas.shared.json.model.ConstructId parseNonStaticInnerClassConstruct(com.sap.psr.vulas.shared.json.model.ConstructId target) { - // If is a construct we should check for the constructs modified by the compiler - // so if is a non-static inner class constructor that has as first arguments the - // parent class we should change it and delete the first arg. - // Skip the first constructor parameter (added by the compiler for non-static classes)? - // For nested classes, get the declaring (outer) class: It is used to skip the first argument in non-static inner classes - - final JavaId target_jid = (JavaId)JavaId.toCoreType(target); - final JavaId comp_unit = target_jid.getCompilationUnit(); - final boolean is_nested_class = comp_unit instanceof JavaClassId && ((JavaClassId)comp_unit).isNestedClass(); - - if(target_jid instanceof com.sap.psr.vulas.java.JavaConstructorId && is_nested_class) { - CtClass declaringClass = null; - CtClass clazz = null; - try { - ClassPool cp = ClassPoolUpdater.getInstance().getCustomClassPool(); - if(cp==null)cp=ClassPool.getDefault(); - clazz = cp.get(comp_unit.getQualifiedName()); - declaringClass = clazz.getDeclaringClass(); - final String param_to_skip = ( declaringClass!=null && !Modifier.isStatic(clazz.getModifiers()) ? ClassVisitor.removePackageContext(declaringClass.getName()) : null ); - com.sap.psr.vulas.shared.json.model.ConstructId result = JavaId.toSharedType(JavaId.parseConstructorQName(comp_unit.getType(), ClassVisitor.removeParameterQualification(target.getQname()), param_to_skip)); - return result.getQname().contentEquals(target.getQname())? null : result; - } catch (NotFoundException e) { - // means that we cannot find declaringClass or the class itself - return null; - } - } - else{ - // is not nested ==> we dont need to process it - return null; - } - } - - private synchronized String getShaFromCachedJarAnalyzer(URL _jar_url) { - - // Build the JarAnalyzer (if possible) and put it into the cache - if(!this.jarAnalyzersCache.containsKey(_jar_url)) { - JarAnalyzer ja = null; - try { - final URI uri = _jar_url.toURI(); - final File file = Paths.get(uri).toFile(); - ja = new JarAnalyzer(); - ja.analyze(file); - } catch (InvalidPathException ex) { - log.error("Invalid path [" + _jar_url + "]: " + ex.getMessage(), ex); - } catch (FileAnalysisException ex) { - log.error("Error analyzing the JAR at [" + _jar_url + "]: " + ex.getMessage(), ex); - } catch(java.nio.file.FileSystemNotFoundException fsnfe) { - log.error("File system not found for [" + _jar_url + "]: " + fsnfe.getMessage(), fsnfe); - } catch (URISyntaxException e) { - log.error("URI syntax exception for [" + _jar_url + "]: " + e.getMessage(), e); - } - this.jarAnalyzersCache.put(_jar_url, ja); // ja can be null - } - - // Return the digest or null (if the JarAnalyzer could not be built) - final JarAnalyzer ja = this.jarAnalyzersCache.get(_jar_url); - if(ja!=null) - return ja.getSHA1(); - else - return null; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private int nodeCount = 0; + private int edgeCount = 0; + + private Graph idgraph = SlowSparseNumberedGraph.make(); + /** + *

getGraph.

+ * + * @return a {@link com.ibm.wala.util.graph.Graph} object. + */ + public Graph getGraph() { + return this.idgraph; + } + + /** + * Maps all callgraph constructs to integers (useful when wanting to have the unique integer ID for a given construct). + * The IDs are equivalant to the ones in nodeId. + * @see Callgraph#nodeId + */ + private final HashMap nodeMap = + new HashMap(); + + /** + * Maps all callgraph metaInformation to integers (useful when wanting to have the unique integer ID for a given construct). + * The IDs are equivalant to the ones in nodeId. + * @see Callgraph#nodeId + */ + private final HashMap nodeInfoMap = + new HashMap(); + + /** + * For each URL contains a JarAnalyzer Object. This allows us to get every + * information about the JAR of each node without the need to create + * an instance of JarAnalyzer for all of them. Every node is a method so + * most of them share the JAR with others methods + */ + private final HashMap jarAnalyzersCache = new HashMap(); + + /** + * Cache of JAR URLs for given construct Ids. + */ + private final Map cachedJarUrls = new HashMap(); + + /** + * Constructs for which no JAR URL information can be obtained. + */ + private final Set constructsWithoutJarUrl = + new HashSet(); + + /** + * Returns the unique integer ID of the given construct in the context of this callgraph, or -1 if no such identifier exists. + * + * @param _c a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return the unique integer ID of the construct + */ + public int getIdForConstruct(com.sap.psr.vulas.shared.json.model.ConstructId _c) { + final Integer i = this.nodeMap.get(_c); + if (i == null) return -1; + else return i.intValue(); + } + + /** + * Returns true if the given construct exists in this callgraph, false otherwise. + * + * @param _c a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a boolean. + */ + public boolean existsInCallgraph(com.sap.psr.vulas.shared.json.model.ConstructId _c) { + return this.getIdForConstruct(_c) != -1; + } + + /** + * Contains all callgraph constructs (useful when wanting a construct for a given integer ID). + * The IDs are equivalant to the ones in nodeMap. + * @see Callgraph#nodeMap + */ + private final ArrayList nodeId = + new ArrayList(); + /** + *

Getter for the field nodeId.

+ * + * @return a {@link java.util.ArrayList} object. + */ + public ArrayList getNodeId() { + return this.nodeId; + } + /** + *

getConstructForId.

+ * + * @param _id a int. + * @return a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + */ + public com.sap.psr.vulas.shared.json.model.ConstructId getConstructForId(int _id) { + return this.nodeId.get(_id); + } + + /** + * Creates a callgraph and populates an internal map of constructs and integer indices (which allow faster processing and more compact representations). + * + * @param _g a {@link com.ibm.wala.util.graph.Graph} object. + */ + public Callgraph(Graph _g) { + if (_g != null) { + + // The problems described in Jira ticket VULAS-1429 look as if the caches survive A2C + // executions on different modules. Check and clear explicitly. + if (!this.cachedJarUrls.isEmpty()) { + log.warn("JAR URL cache not empty, clearing now..."); + this.cachedJarUrls.clear(); + } + if (!this.jarAnalyzersCache.isEmpty()) { + log.warn("JarAnalyzer cache not empty, clearing now ..."); + this.jarAnalyzersCache.clear(); + } + + Iterator iter = _g.iterator(); + com.sap.psr.vulas.shared.json.model.ConstructId src_node = null, tgt_node = null; + Iterator succNodes = null; + Integer src_id = null, tgt_id = null, count = -1; + + // Populate the map of constructs and integers + while (iter.hasNext()) { + this.nodeCount++; + src_node = iter.next(); + src_id = this.nodeMap.get(src_node); + if (src_id == null) { + src_id = ++count; + this.nodeMap.put(src_node, src_id); + this.nodeInfoMap.put(src_id, this.createNodeMetaInformation(src_node, src_id)); + this.nodeId.add(src_node); + this.idgraph.addNode(src_id); + } + // targets + succNodes = _g.getSuccNodes(src_node); + while (succNodes.hasNext()) { + this.edgeCount++; + tgt_node = succNodes.next(); + tgt_id = this.nodeMap.get(tgt_node); + if (tgt_id == null) { + tgt_id = ++count; + this.nodeMap.put(tgt_node, tgt_id); + this.nodeInfoMap.put(tgt_id, this.createNodeMetaInformation(tgt_node, tgt_id)); + this.nodeId.add(tgt_node); + this.idgraph.addNode(tgt_id); + } + // add edges + this.idgraph.addEdge(src_id, tgt_id); + } + } + Callgraph.log.info("Built Graph of " + this.idgraph.getNumberOfNodes() + " nodes"); + } + } + + /** + * Given a {@link ConstructId} and its ID (look {@link Callgraph#nodeId}) return + * the NodeMetaInformation object that represent this node. + * @param target + * @param target_id + * @return + */ + private NodeMetaInformation createNodeMetaInformation( + com.sap.psr.vulas.shared.json.model.ConstructId target, Integer target_id) { + URL jar_url = this.collectArchiveInformation(target); + String archiveID = null; + if (jar_url != null && jar_url.toString().startsWith("file:")) { + archiveID = this.getShaFromCachedJarAnalyzer(jar_url); + } else { + jar_url = null; + } + return new NodeMetaInformation( + target, this.parseNonStaticInnerClassConstruct(target), jar_url, archiveID); + } + + /** + *

getInformationForConstructId.

+ * + * @param target a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. + */ + public NodeMetaInformation getInformationForConstructId( + com.sap.psr.vulas.shared.json.model.ConstructId target) { + return this.nodeInfoMap.get(this.getIdForConstruct(target)); + } + + /** + *

Getter for the field constructsWithoutJarUrl.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getConstructsWithoutJarUrl() { + return constructsWithoutJarUrl; + } + + /** + *

getInformationForId.

+ * + * @param id a {@link java.lang.Integer} object. + * @return a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. + */ + public NodeMetaInformation getInformationForId(Integer id) { + return this.nodeInfoMap.get(id); + } + + /** + * Returns the number of nodes in this graph. + * + * @see #getEdgeCount() + * @return the number of nodes in this graph + */ + public int getNodeCount() { + return this.nodeCount; + } + + /** + * Returns the number of edges in this graph. + * + * @see #getNodeCount() + * @return the number of edges in this graph + */ + public int getEdgeCount() { + return this.edgeCount; + } + + /** + * Given a target (changes), compute the shortest distance from all nodes to this target + * + * @param _tgt a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a {@link java.util.Map} object. + */ + public Map getDist( + com.sap.psr.vulas.shared.json.model.ConstructId _tgt) { + + // Initialize the distances map, whereby the distance from source to source is 0, + // from all other nodes to source is Int.max (= infinite by initialization) + Map dist = new HashMap(); + final int tgt_id = this.nodeMap.get(_tgt); + final Iterator nodes = this.idgraph.iterator(); + while (nodes.hasNext()) { + final int node = nodes.next(); + if (node == tgt_id) dist.put(node, 0); + else dist.put(node, Integer.MAX_VALUE); + } + + // Now compute all distances + dist = this.computeDist(tgt_id, dist); + + // Map to be returned: ConstructId->Integer + final Map result = + new HashMap(); + for (Map.Entry entry : dist.entrySet()) + result.put(this.nodeId.get(entry.getKey()), entry.getValue()); + + return result; + } + + /** + * Recursive method of getDist, updating the Map _dist + * @param _tgt + * @param _dist + * @return + */ + private Map computeDist(Integer _tgt, Map _dist) { + + // For all predecessor nodes of _tgt, distance to the original target plus one + final int distance = _dist.get(_tgt) + 1; + + // Loop all predecessor nodes of _tgt + final Iterator pred_nodes = this.idgraph.getPredNodes(_tgt); + while (pred_nodes.hasNext()) { + final Integer prednode = pred_nodes.next(); + + // Only update _dist when the distance becomes shorter (-1 = infinite) + // HP, 29.11: Changed from -1 for infinite to Integer.MAX_VALUE, which safes one comparison + if (_dist.get(prednode) > distance) { + _dist.put(prednode, distance); + _dist = this.computeDist(prednode, _dist); + } + } + return _dist; + } + + /** + * Given a target construct (e.g., a change list element of a security patch), the method computes the shortest + * path from all callgraph nodes to this target (if any). + * The method internally performs a back search, starting from the target node. + * + * @param _tgt a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @param _stop_if_path_found a {@link java.util.Set} object. + * @return a map of shortest paths from constructs (= keys of the map) to the target node + * @see Callgraph#computeShortestPath(Integer, Map, Set) + */ + public Map> getShortestPath( + com.sap.psr.vulas.shared.json.model.ConstructId _tgt, + final Set _stop_if_path_found) { + + // Get the integer index for the target construct to be reached + final int tgt_id = this.nodeMap.get(_tgt); + + // Initialize the shortest path map (which maps integers to constructs), whereby + // the path from target to target is empty (size of linked list = 0), from all other nodes to + // target is null (= no path) + Map> path = new HashMap>(); + final Iterator nodes = this.idgraph.iterator(); + while (nodes.hasNext()) { + final int node = nodes.next(); + if (node == tgt_id) path.put(node, new LinkedList()); + else path.put(node, null); + } + + // Convert the set of search stops + Set stop_nodes = null; + if (_stop_if_path_found != null) { + stop_nodes = new HashSet(); + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : _stop_if_path_found) { + final Integer node_id = this.nodeMap.get(cid); + if (node_id != null) stop_nodes.add(node_id); + } + } + + // Compute the shortest path to target, thereby updating the path map + path = this.computeShortestPath(tgt_id, path, stop_nodes); + + // Create the return map (which maps constructs to integers), thereby inverting the shortest + // path map used above + final Map> result = + new HashMap>(); + for (Map.Entry> entry : path.entrySet()) + result.put(this.nodeId.get(entry.getKey()), entry.getValue()); + return result; + } + + /** + * Recursive method of getShortestPath, updating the Map _path + * @param _tgt + * @param _paths + * @return + */ + private Map> computeShortestPath( + Integer _tgt, Map> _paths, final Set _stop_nodes) { + + final LinkedList new_path = new LinkedList(); + new_path.addAll(_paths.get(_tgt)); + // Create the new path by adding the current target node (i.e. _tgt) + new_path.add(_tgt); + + final int new_path_length = new_path.size(); + + final Iterator pred_nodes = this.idgraph.getPredNodes(_tgt); + while (pred_nodes.hasNext()) { + final int prednode = pred_nodes.next(); + + // Only update when there is no path or when the path becomes shorter + if (_paths.get(prednode) == null || (_paths.get(prednode).size() > new_path_length)) { + _paths.put(prednode, new_path); + + // Only continue searching if there are no stop nodes, or none of them has been reached yet + if (_stop_nodes == null || !this.existsPath(_paths, _stop_nodes)) + _paths = this.computeShortestPath(prednode, _paths, _stop_nodes); + } + } + return _paths; + } + + /** + * Returns true if there exists a path with length > 0 for at least one of the nodes. + * + * @param _paths + * @param _nodes + * @return + */ + private final boolean existsPath( + Map> _paths, final Set _nodes) { + for (Integer n : _nodes) { + if (_paths.containsKey(n) && _paths.get(n) != null && _paths.get(n).size() > 0) { + return true; + } + } + return false; + } + + private synchronized URL collectArchiveInformation( + com.sap.psr.vulas.shared.json.model.ConstructId tgt_node) { + URL url = null; + final JavaId jid = ((JavaId) JavaId.toCoreType(tgt_node)).getCompilationUnit(); + + // We should always have a Java ID, since packages are not part of the callgraph + if (jid != null) { + // Not in cache -> put in cache + if (!this.cachedJarUrls.containsKey(jid)) { + url = jid.getJarUrl(); + this.cachedJarUrls.put(jid, url); + + // Warn if we do not find a URL + if (url == null) constructsWithoutJarUrl.add(tgt_node); + } + // Read from cache + url = this.cachedJarUrls.get(jid); + } + + return url; + } + + /** + * This method parse a construct, if is the constructor of a NON static + * inner class that take as first argument a reference to the outer class + * it will be deleted from the argument list (is added by the compiler). + * + * If the ConstructId is not a constructor OR if is not of an inner class + * OR if there are no reason to modify this constructor the method return null + * + * @param target the {@link ConstructId} to be examined + * @return the {@link ConstructId} modified or null if is nothing needs to be changed + */ + private com.sap.psr.vulas.shared.json.model.ConstructId parseNonStaticInnerClassConstruct( + com.sap.psr.vulas.shared.json.model.ConstructId target) { + // If is a construct we should check for the constructs modified by the compiler + // so if is a non-static inner class constructor that has as first arguments the + // parent class we should change it and delete the first arg. + // Skip the first constructor parameter (added by the compiler for non-static classes)? + // For nested classes, get the declaring (outer) class: It is used to skip the first argument in + // non-static inner classes + + final JavaId target_jid = (JavaId) JavaId.toCoreType(target); + final JavaId comp_unit = target_jid.getCompilationUnit(); + final boolean is_nested_class = + comp_unit instanceof JavaClassId && ((JavaClassId) comp_unit).isNestedClass(); + + if (target_jid instanceof com.sap.psr.vulas.java.JavaConstructorId && is_nested_class) { + CtClass declaringClass = null; + CtClass clazz = null; + try { + ClassPool cp = ClassPoolUpdater.getInstance().getCustomClassPool(); + if (cp == null) cp = ClassPool.getDefault(); + clazz = cp.get(comp_unit.getQualifiedName()); + declaringClass = clazz.getDeclaringClass(); + final String param_to_skip = + (declaringClass != null && !Modifier.isStatic(clazz.getModifiers()) + ? ClassVisitor.removePackageContext(declaringClass.getName()) + : null); + com.sap.psr.vulas.shared.json.model.ConstructId result = + JavaId.toSharedType( + JavaId.parseConstructorQName( + comp_unit.getType(), + ClassVisitor.removeParameterQualification(target.getQname()), + param_to_skip)); + return result.getQname().contentEquals(target.getQname()) ? null : result; + } catch (NotFoundException e) { + // means that we cannot find declaringClass or the class itself + return null; + } + } else { + // is not nested ==> we dont need to process it + return null; + } + } + + private synchronized String getShaFromCachedJarAnalyzer(URL _jar_url) { + + // Build the JarAnalyzer (if possible) and put it into the cache + if (!this.jarAnalyzersCache.containsKey(_jar_url)) { + JarAnalyzer ja = null; + try { + final URI uri = _jar_url.toURI(); + final File file = Paths.get(uri).toFile(); + ja = new JarAnalyzer(); + ja.analyze(file); + } catch (InvalidPathException ex) { + log.error("Invalid path [" + _jar_url + "]: " + ex.getMessage(), ex); + } catch (FileAnalysisException ex) { + log.error("Error analyzing the JAR at [" + _jar_url + "]: " + ex.getMessage(), ex); + } catch (java.nio.file.FileSystemNotFoundException fsnfe) { + log.error("File system not found for [" + _jar_url + "]: " + fsnfe.getMessage(), fsnfe); + } catch (URISyntaxException e) { + log.error("URI syntax exception for [" + _jar_url + "]: " + e.getMessage(), e); + } + this.jarAnalyzersCache.put(_jar_url, ja); // ja can be null + } + + // Return the digest or null (if the JarAnalyzer could not be built) + final JarAnalyzer ja = this.jarAnalyzersCache.get(_jar_url); + if (ja != null) return ja.getSHA1(); + else return null; + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphConstructException.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphConstructException.java index fe87f72b4..203934c13 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphConstructException.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphConstructException.java @@ -24,21 +24,21 @@ * */ public class CallgraphConstructException extends Exception { - /** - *

Constructor for CallgraphConstructException.

- * - * @param _msg a {@link java.lang.String} object. - */ - public CallgraphConstructException (String _msg) { - super(_msg); - } - /** - *

Constructor for CallgraphConstructException.

- * - * @param _msg a {@link java.lang.String} object. - * @param _cause a {@link java.lang.Throwable} object. - */ - public CallgraphConstructException (String _msg, Throwable _cause) { - super(_msg, _cause); - } + /** + *

Constructor for CallgraphConstructException.

+ * + * @param _msg a {@link java.lang.String} object. + */ + public CallgraphConstructException(String _msg) { + super(_msg); + } + /** + *

Constructor for CallgraphConstructException.

+ * + * @param _msg a {@link java.lang.String} object. + * @param _cause a {@link java.lang.Throwable} object. + */ + public CallgraphConstructException(String _msg, Throwable _cause) { + super(_msg, _cause); + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphPathSearch.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphPathSearch.java index e09274c36..befea53b2 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphPathSearch.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphPathSearch.java @@ -28,7 +28,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.shared.util.StopWatch; /** @@ -36,205 +35,235 @@ * */ public class CallgraphPathSearch implements Runnable { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private Callgraph graph = null; - - private boolean shortestPaths = true; - - private Set entrypoints; - - private Set targetpoints; - - private ArrayList> paths = new ArrayList>(); - - private String label = null; - - private StopWatch sw = null; - - private ReachabilityAnalyzer analyzer = null; - - /** - *

setCallgraph.

- * - * @param _g a {@link com.sap.psr.vulas.cg.Callgraph} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. - */ - public CallgraphPathSearch setCallgraph(Callgraph _g) { - this.graph = _g; - return this; - } - - /** - *

Getter for the field label.

- * - * @return a {@link java.lang.String} object. - */ - public String getLabel() { return this.label; } - - /** - *

Setter for the field label.

- * - * @param _label a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. - */ - public CallgraphPathSearch setLabel(String _label) { - this.label = _label; - return this; - } - - /** - *

Setter for the field shortestPaths.

- * - * @param shortestPaths a boolean. - * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. - */ - public CallgraphPathSearch setShortestPaths(boolean shortestPaths) { - this.shortestPaths = shortestPaths; - return this; - } - - /** - *

Setter for the field entrypoints.

- * - * @param entrypoints a {@link java.util.Set} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. - */ - public CallgraphPathSearch setEntrypoints(Set entrypoints) { - this.entrypoints = entrypoints; - return this; - } - - /** - *

Setter for the field targetpoints.

- * - * @param targetpoints a {@link java.util.Set} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. - */ - public CallgraphPathSearch setTargetpoints(Set targetpoints) { - this.targetpoints = targetpoints; - return this; - } - - /** - *

setCallback.

- * - * @param _analyzer a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. - */ - public CallgraphPathSearch setCallback(ReachabilityAnalyzer _analyzer) { - this.analyzer = _analyzer; - return this; - } - - /** {@inheritDoc} */ - @Override - public void run() { - sw = new StopWatch(this.label + ": Search for paths from [" + this.entrypoints.size() + "] entry points to [" + this.targetpoints.size() + "] target points"); - sw.start(); - - final HashSet reachable_target_points = new HashSet(); - - // Loop all target points - for (com.sap.psr.vulas.shared.json.model.ConstructId cid : this.targetpoints) { - - // Check whether the target construct is actually part of the callgraph - if( this.graph.existsInCallgraph(cid) ) { - - log.info("Target construct [" + cid.getQname() + "] is part of the callgraph"); - - // Compute the distances from all nodes to cid - final Map distance = this.graph.getDist(cid); - for (com.sap.psr.vulas.shared.json.model.ConstructId ep : this.entrypoints) { - // get the distance from entry points to changed construct; if it's not -1, then this changed construct is reachable from entrypoints - if ( this.graph.existsInCallgraph(ep) ) { - if ( distance.get(ep) != Integer.MAX_VALUE) { - reachable_target_points.add(cid); - // At this point in time, we should be able to exit the loop over all entry points, added break - break; - } - } - } - - // Only if the construct is reachable, compute the paths - if(reachable_target_points.contains(cid)) { - - // Path(s) found in the call graph - Map> searched_paths = null; - - // Search shortest or first path to cid - if(this.shortestPaths) { - log.info("Searching the shortest path(s) to [" + cid.getQname() + "]"); - searched_paths = this.graph.getShortestPath(cid, null); - } - else { - log.info("Searching a path to [" + cid.getQname() + "], stopping after first hit"); - searched_paths = this.graph.getShortestPath(cid, this.entrypoints); - } - - // For all entry points, check whether there is a path - // TODO: Check if the loop can be exited depending on the search_shortest option - for(com.sap.psr.vulas.shared.json.model.ConstructId ep : this.entrypoints) { - if ( this.graph.existsInCallgraph(ep) ) { - - // Linked list of integers, each one being the unique ID given to constructs in the callgraph - final LinkedList spath = searched_paths.get(ep); - if( spath != null ) { - log.info("Shortest path from entrypoint [ " + ep.getQname() + " ] with distance " + spath.size()); - - // Create a new path (linked list of constructs), thereby resolving the unique integer IDs used in the callgraph class - final LinkedList newpath = new LinkedList(); - newpath.add(ep); - for(int n = (spath.size()-1); n >= 0 ; n--) { - log.info(" ===> " + this.graph.getConstructForId(spath.get(n)).getQname()); - newpath.add(this.graph.getConstructForId(spath.get(n))); - } - this.paths.add(newpath); - } - } - } - - // Performance killer, commented out! - /* - ReachabilityAnalyzer.log.info("Starting to Compute all paths"); - AbstractGetPaths getpaths = new DepthFirstGetPaths(this.callgraph.getGraph()); - HashSet> paths = new HashSet>(); - for (ConstructId ep : _entrypoints) { - if (this.callgraph.nodeId.contains(ep)) { - paths = getpaths.getAllPaths(ep, cid); - } - }*/ - } - } - else { - log.info("Target construct [" + cid.getQname() + "] is NOT part of the callgraph"); - } - } - - log.info("Search paths for [" + label + "] completed: [" + reachable_target_points.size() + "/" + this.targetpoints.size() + "] constructs are reachable"); - sw.stop(); - - if(this.analyzer!=null) { - this.analyzer.callback(this); - } - } - - /** - *

Getter for the field paths.

- * - * @return a {@link java.util.ArrayList} object. - */ - public ArrayList> getPaths() { - return paths; - } - - /** - *

getStopWatch.

- * - * @return a {@link com.sap.psr.vulas.shared.util.StopWatch} object. - */ - public StopWatch getStopWatch() { - return this.sw; - } + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private Callgraph graph = null; + + private boolean shortestPaths = true; + + private Set entrypoints; + + private Set targetpoints; + + private ArrayList> paths = + new ArrayList>(); + + private String label = null; + + private StopWatch sw = null; + + private ReachabilityAnalyzer analyzer = null; + + /** + *

setCallgraph.

+ * + * @param _g a {@link com.sap.psr.vulas.cg.Callgraph} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. + */ + public CallgraphPathSearch setCallgraph(Callgraph _g) { + this.graph = _g; + return this; + } + + /** + *

Getter for the field label.

+ * + * @return a {@link java.lang.String} object. + */ + public String getLabel() { + return this.label; + } + + /** + *

Setter for the field label.

+ * + * @param _label a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. + */ + public CallgraphPathSearch setLabel(String _label) { + this.label = _label; + return this; + } + + /** + *

Setter for the field shortestPaths.

+ * + * @param shortestPaths a boolean. + * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. + */ + public CallgraphPathSearch setShortestPaths(boolean shortestPaths) { + this.shortestPaths = shortestPaths; + return this; + } + + /** + *

Setter for the field entrypoints.

+ * + * @param entrypoints a {@link java.util.Set} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. + */ + public CallgraphPathSearch setEntrypoints( + Set entrypoints) { + this.entrypoints = entrypoints; + return this; + } + + /** + *

Setter for the field targetpoints.

+ * + * @param targetpoints a {@link java.util.Set} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. + */ + public CallgraphPathSearch setTargetpoints( + Set targetpoints) { + this.targetpoints = targetpoints; + return this; + } + + /** + *

setCallback.

+ * + * @param _analyzer a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphPathSearch} object. + */ + public CallgraphPathSearch setCallback(ReachabilityAnalyzer _analyzer) { + this.analyzer = _analyzer; + return this; + } + + /** {@inheritDoc} */ + @Override + public void run() { + sw = + new StopWatch( + this.label + + ": Search for paths from [" + + this.entrypoints.size() + + "] entry points to [" + + this.targetpoints.size() + + "] target points"); + sw.start(); + + final HashSet reachable_target_points = + new HashSet(); + + // Loop all target points + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : this.targetpoints) { + + // Check whether the target construct is actually part of the callgraph + if (this.graph.existsInCallgraph(cid)) { + + log.info("Target construct [" + cid.getQname() + "] is part of the callgraph"); + + // Compute the distances from all nodes to cid + final Map distance = + this.graph.getDist(cid); + for (com.sap.psr.vulas.shared.json.model.ConstructId ep : this.entrypoints) { + // get the distance from entry points to changed construct; if it's not -1, then this + // changed construct is reachable from entrypoints + if (this.graph.existsInCallgraph(ep)) { + if (distance.get(ep) != Integer.MAX_VALUE) { + reachable_target_points.add(cid); + // At this point in time, we should be able to exit the loop over all entry points, + // added break + break; + } + } + } + + // Only if the construct is reachable, compute the paths + if (reachable_target_points.contains(cid)) { + + // Path(s) found in the call graph + Map> searched_paths = + null; + + // Search shortest or first path to cid + if (this.shortestPaths) { + log.info("Searching the shortest path(s) to [" + cid.getQname() + "]"); + searched_paths = this.graph.getShortestPath(cid, null); + } else { + log.info("Searching a path to [" + cid.getQname() + "], stopping after first hit"); + searched_paths = this.graph.getShortestPath(cid, this.entrypoints); + } + + // For all entry points, check whether there is a path + // TODO: Check if the loop can be exited depending on the search_shortest option + for (com.sap.psr.vulas.shared.json.model.ConstructId ep : this.entrypoints) { + if (this.graph.existsInCallgraph(ep)) { + + // Linked list of integers, each one being the unique ID given to constructs in the + // callgraph + final LinkedList spath = searched_paths.get(ep); + if (spath != null) { + log.info( + "Shortest path from entrypoint [ " + + ep.getQname() + + " ] with distance " + + spath.size()); + + // Create a new path (linked list of constructs), thereby resolving the unique + // integer IDs used in the callgraph class + final LinkedList newpath = + new LinkedList(); + newpath.add(ep); + for (int n = (spath.size() - 1); n >= 0; n--) { + log.info( + " ===> " + this.graph.getConstructForId(spath.get(n)).getQname()); + newpath.add(this.graph.getConstructForId(spath.get(n))); + } + this.paths.add(newpath); + } + } + } + + // Performance killer, commented out! + /* + ReachabilityAnalyzer.log.info("Starting to Compute all paths"); + AbstractGetPaths getpaths = new DepthFirstGetPaths(this.callgraph.getGraph()); + HashSet> paths = new HashSet>(); + for (ConstructId ep : _entrypoints) { + if (this.callgraph.nodeId.contains(ep)) { + paths = getpaths.getAllPaths(ep, cid); + } + }*/ + } + } else { + log.info("Target construct [" + cid.getQname() + "] is NOT part of the callgraph"); + } + } + + log.info( + "Search paths for [" + + label + + "] completed: [" + + reachable_target_points.size() + + "/" + + this.targetpoints.size() + + "] constructs are reachable"); + sw.stop(); + + if (this.analyzer != null) { + this.analyzer.callback(this); + } + } + + /** + *

Getter for the field paths.

+ * + * @return a {@link java.util.ArrayList} object. + */ + public ArrayList> getPaths() { + return paths; + } + + /** + *

getStopWatch.

+ * + * @return a {@link com.sap.psr.vulas.shared.util.StopWatch} object. + */ + public StopWatch getStopWatch() { + return this.sw; + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphReachableSearch.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphReachableSearch.java index 75f376994..e55d461a0 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphReachableSearch.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/CallgraphReachableSearch.java @@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger; - import com.ibm.wala.util.graph.Graph; import com.sap.psr.vulas.shared.util.StopWatch; @@ -39,213 +38,231 @@ */ public class CallgraphReachableSearch implements Runnable { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private Callgraph graph = null; - - private boolean findTouchPoints = true; - - private StopWatch sw = null; - - private ReachabilityAnalyzer analyzer = null; - - private Set appConstructs = null; - - private int min = -1; - - private int max = -1; - - /** - * Library touch points (stored as a set of linked lists with two elements each) per library (SHA1). - */ - private Map>> touchPoints = new HashMap>>(); - - /** - * Reachable constructs per library (SHA1). - */ - private Map> reachableConstructs = new HashMap>(); - - /** - *

setCallgraph.

- * - * @param _g a {@link com.sap.psr.vulas.cg.Callgraph} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. - */ - public CallgraphReachableSearch setCallgraph(Callgraph _g) { - this.graph = _g; - return this; - } - - /** - *

Setter for the field findTouchPoints.

- * - * @param _ft a boolean. - * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. - */ - public CallgraphReachableSearch setFindTouchPoints(boolean _ft) { - this.findTouchPoints = _ft; - return this; - } - - /** - *

setCallback.

- * - * @param _analyzer a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. - */ - public CallgraphReachableSearch setCallback(ReachabilityAnalyzer _analyzer) { - this.analyzer = _analyzer; - return this; - } - - /** - *

setMinMax.

- * - * @param _min a int. - * @param _max a int. - * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. - */ - public CallgraphReachableSearch setMinMax(int _min, int _max) { - this.min = _min; - this.max = _max; - return this; - } - - /** - *

Setter for the field appConstructs.

- * - * @param _app_constructs a {@link java.util.Set} object. - * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. - */ - public CallgraphReachableSearch setAppConstructs(Set _app_constructs) { - this.appConstructs = _app_constructs; - return this; - } - - /** - * Adds a given node to the set of reachable constructs for a given library (dependency). - * @param _node - */ - private void addReachableNode(NodeMetaInformation _node) { - final String sha1 = _node.getArchiveId(); - if(sha1!=null) { - if(!this.reachableConstructs.containsKey(sha1)) { - this.reachableConstructs.put(sha1, new HashSet()); - } - final Set nodes = this.reachableConstructs.get(sha1); - nodes.add(_node); - } - } - - /** - * Adds a given node to the set of touch points for a given library (dependency). - * @param _node - */ - private void addTouchPoint(NodeMetaInformation _from, NodeMetaInformation _to) { - final String sha1 = _to.getArchiveId(); - if(sha1!=null) { - if(!this.touchPoints.containsKey(sha1)) { - this.touchPoints.put(sha1, new HashSet>()); - } - final Set> touch_points = this.touchPoints.get(sha1); - final List touch_point = new ArrayList(); - touch_point.add(_from); - touch_point.add(_to); - touch_points.add(touch_point); - } - } - - /** {@inheritDoc} */ - @Override - public void run() { - if(this.graph!=null && this.graph.getGraph()!=null) { - StopWatch sw = null; - try { - // Loop over all nodes - final Graph wala_graph = this.graph.getGraph(); - final Iterator wala_graph_iterator = wala_graph.iterator(); - - if(wala_graph_iterator==null) { - log.error("No iterator for callgraph [" + wala_graph + "]"); - } - else { - // Loop variables - Integer successor_node = null; - Iterator successor_nodes_iterator = null; - NodeMetaInformation current_node_metainf = null, successor_node_metainf = null; - String current_node_qname = null; - - sw = new StopWatch("Collect touch points and reachable constructs per library, nodes [" + this.min + " - " + this.max + "]").setTotal(max-min).start(); - - for(int current_node=this.min; current_node reachable constructs - if(MethodNameFilter.getInstance().isLibraryMethod(this.appConstructs, current_node_qname)) { - if(!MethodNameFilter.getInstance().isBlackListed(current_node_qname)) - this.addReachableNode(current_node_metainf); - } - // Current node is part of app --> touch points - else { - // Collection enabled? - if(this.findTouchPoints) { - // Loop all successors of the current node - successor_nodes_iterator = wala_graph.getSuccNodes(current_node); - while(successor_nodes_iterator.hasNext()){ - - // Successor node of the current node - successor_node = successor_nodes_iterator.next(); - successor_node_metainf = this.graph.getInformationForId(successor_node); - - final String succ_node_qname = successor_node_metainf.getConstructId().getQname(); - if(MethodNameFilter.getInstance().isLibraryMethod(this.appConstructs, succ_node_qname) && !MethodNameFilter.getInstance().isBlackListed(succ_node_qname)){ - //current_node_metainf.addToList(successor_node_metainf); - this.addTouchPoint(current_node_metainf, successor_node_metainf); - } - } - } - } - } - sw.progress(); - - //TODO Davide: Also collect touchpoints from Library to Application (L2A) - } catch(Exception e) { - log.error(e.getClass().getSimpleName() + " occured when looping callgraph node " + current_node_metainf + ": " + e.getMessage()); - } - } - sw.stop(); - } - } - catch(NullPointerException npe) { - sw.stop(npe); - log.error(npe.getClass().getSimpleName() + " occured when looping callgraph", npe); - } - catch(Exception e) { - sw.stop(e); - log.error(e.getClass().getSimpleName() + " occured when looping callgraph: " + e.getMessage()); - } - } - } - - /** - *

Getter for the field touchPoints.

- * - * @return a {@link java.util.Map} object. - */ - public Map>> getTouchPoints() { - return touchPoints; - } - - /** - *

Getter for the field reachableConstructs.

- * - * @return a {@link java.util.Map} object. - */ - public Map> getReachableConstructs() { - return reachableConstructs; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private Callgraph graph = null; + + private boolean findTouchPoints = true; + + private StopWatch sw = null; + + private ReachabilityAnalyzer analyzer = null; + + private Set appConstructs = null; + + private int min = -1; + + private int max = -1; + + /** + * Library touch points (stored as a set of linked lists with two elements each) per library (SHA1). + */ + private Map>> touchPoints = + new HashMap>>(); + + /** + * Reachable constructs per library (SHA1). + */ + private Map> reachableConstructs = + new HashMap>(); + + /** + *

setCallgraph.

+ * + * @param _g a {@link com.sap.psr.vulas.cg.Callgraph} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. + */ + public CallgraphReachableSearch setCallgraph(Callgraph _g) { + this.graph = _g; + return this; + } + + /** + *

Setter for the field findTouchPoints.

+ * + * @param _ft a boolean. + * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. + */ + public CallgraphReachableSearch setFindTouchPoints(boolean _ft) { + this.findTouchPoints = _ft; + return this; + } + + /** + *

setCallback.

+ * + * @param _analyzer a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. + */ + public CallgraphReachableSearch setCallback(ReachabilityAnalyzer _analyzer) { + this.analyzer = _analyzer; + return this; + } + + /** + *

setMinMax.

+ * + * @param _min a int. + * @param _max a int. + * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. + */ + public CallgraphReachableSearch setMinMax(int _min, int _max) { + this.min = _min; + this.max = _max; + return this; + } + + /** + *

Setter for the field appConstructs.

+ * + * @param _app_constructs a {@link java.util.Set} object. + * @return a {@link com.sap.psr.vulas.cg.CallgraphReachableSearch} object. + */ + public CallgraphReachableSearch setAppConstructs( + Set _app_constructs) { + this.appConstructs = _app_constructs; + return this; + } + + /** + * Adds a given node to the set of reachable constructs for a given library (dependency). + * @param _node + */ + private void addReachableNode(NodeMetaInformation _node) { + final String sha1 = _node.getArchiveId(); + if (sha1 != null) { + if (!this.reachableConstructs.containsKey(sha1)) { + this.reachableConstructs.put(sha1, new HashSet()); + } + final Set nodes = this.reachableConstructs.get(sha1); + nodes.add(_node); + } + } + + /** + * Adds a given node to the set of touch points for a given library (dependency). + * @param _node + */ + private void addTouchPoint(NodeMetaInformation _from, NodeMetaInformation _to) { + final String sha1 = _to.getArchiveId(); + if (sha1 != null) { + if (!this.touchPoints.containsKey(sha1)) { + this.touchPoints.put(sha1, new HashSet>()); + } + final Set> touch_points = this.touchPoints.get(sha1); + final List touch_point = new ArrayList(); + touch_point.add(_from); + touch_point.add(_to); + touch_points.add(touch_point); + } + } + + /** {@inheritDoc} */ + @Override + public void run() { + if (this.graph != null && this.graph.getGraph() != null) { + StopWatch sw = null; + try { + // Loop over all nodes + final Graph wala_graph = this.graph.getGraph(); + final Iterator wala_graph_iterator = wala_graph.iterator(); + + if (wala_graph_iterator == null) { + log.error("No iterator for callgraph [" + wala_graph + "]"); + } else { + // Loop variables + Integer successor_node = null; + Iterator successor_nodes_iterator = null; + NodeMetaInformation current_node_metainf = null, successor_node_metainf = null; + String current_node_qname = null; + + sw = + new StopWatch( + "Collect touch points and reachable constructs per library, nodes [" + + this.min + + " - " + + this.max + + "]") + .setTotal(max - min) + .start(); + + for (int current_node = this.min; current_node < this.max; current_node++) { + try { + // Current node and its meta information + current_node_metainf = this.graph.getInformationForId(current_node); + if (current_node_metainf != null) { + current_node_qname = current_node_metainf.getConstructId().getQname(); + + // Current node is part of library --> reachable constructs + if (MethodNameFilter.getInstance() + .isLibraryMethod(this.appConstructs, current_node_qname)) { + if (!MethodNameFilter.getInstance().isBlackListed(current_node_qname)) + this.addReachableNode(current_node_metainf); + } + // Current node is part of app --> touch points + else { + // Collection enabled? + if (this.findTouchPoints) { + // Loop all successors of the current node + successor_nodes_iterator = wala_graph.getSuccNodes(current_node); + while (successor_nodes_iterator.hasNext()) { + + // Successor node of the current node + successor_node = successor_nodes_iterator.next(); + successor_node_metainf = this.graph.getInformationForId(successor_node); + + final String succ_node_qname = + successor_node_metainf.getConstructId().getQname(); + if (MethodNameFilter.getInstance() + .isLibraryMethod(this.appConstructs, succ_node_qname) + && !MethodNameFilter.getInstance().isBlackListed(succ_node_qname)) { + // current_node_metainf.addToList(successor_node_metainf); + this.addTouchPoint(current_node_metainf, successor_node_metainf); + } + } + } + } + } + sw.progress(); + + // TODO Davide: Also collect touchpoints from Library to Application (L2A) + } catch (Exception e) { + log.error( + e.getClass().getSimpleName() + + " occured when looping callgraph node " + + current_node_metainf + + ": " + + e.getMessage()); + } + } + sw.stop(); + } + } catch (NullPointerException npe) { + sw.stop(npe); + log.error(npe.getClass().getSimpleName() + " occured when looping callgraph", npe); + } catch (Exception e) { + sw.stop(e); + log.error( + e.getClass().getSimpleName() + " occured when looping callgraph: " + e.getMessage()); + } + } + } + + /** + *

Getter for the field touchPoints.

+ * + * @return a {@link java.util.Map} object. + */ + public Map>> getTouchPoints() { + return touchPoints; + } + + /** + *

Getter for the field reachableConstructs.

+ * + * @return a {@link java.util.Map} object. + */ + public Map> getReachableConstructs() { + return reachableConstructs; + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/DepthFirstGetPaths.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/DepthFirstGetPaths.java index 8639e5b6b..42ed3e70b 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/DepthFirstGetPaths.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/DepthFirstGetPaths.java @@ -26,7 +26,6 @@ import org.apache.logging.log4j.Logger; - import com.ibm.wala.util.graph.Graph; import com.sap.psr.vulas.shared.json.model.ConstructId; @@ -35,62 +34,66 @@ * */ public class DepthFirstGetPaths extends AbstractGetPaths { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private long start_millis = System.currentTimeMillis(), end_millis = System.currentTimeMillis(); - - /** - *

Constructor for DepthFirstGetPaths.

- * - * @param _graph a {@link com.ibm.wala.util.graph.Graph} object. - * @param _nodeid a {@link java.util.ArrayList} object. - */ - public DepthFirstGetPaths(Graph _graph, ArrayList _nodeid) { - super(_graph, _nodeid); - } - /** {@inheritDoc} */ - public HashSet> getAllPaths(ConstructId _src, ConstructId _tgt) { - this.start_millis = System.currentTimeMillis(); - HashSet> paths = new HashSet>(); - Integer currentNode = this.nodeId.indexOf(_src); - LinkedList visited = new LinkedList(); - visited.add(currentNode); - findAllPaths(visited, paths, currentNode, this.nodeId.indexOf(_tgt)); - HashSet> result = new HashSet>(); - for(LinkedList p : paths) { - LinkedList newp = new LinkedList(); - for(Integer i : p) newp.add(this.nodeId.get(i)); - result.add(newp); - } - return result; - } - - private void findAllPaths(LinkedList visited, HashSet> paths, Integer currentNode, Integer _tgt) { - if (currentNode == _tgt) { - LinkedList newpath = new LinkedList(); - newpath.addAll(visited); - paths.add(newpath); - if((!paths.isEmpty()) && paths.size()%5 == 0) { - this.end_millis = System.currentTimeMillis(); - DepthFirstGetPaths.log.info("Found 5 more paths in [ " + (this.end_millis - this.start_millis) + " millisecs ]"); - } - return; - } - else { - int succnode = -1; - Iterator nodes = this.graph.getSuccNodes(currentNode); - while (nodes.hasNext()) { - succnode = nodes.next(); - if (visited.contains(succnode)) { - continue; - } - LinkedList temp = new LinkedList(); - temp.addAll(visited); - temp.add(succnode); - findAllPaths(temp, paths, succnode, _tgt); - } - } - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private long start_millis = System.currentTimeMillis(), end_millis = System.currentTimeMillis(); + + /** + *

Constructor for DepthFirstGetPaths.

+ * + * @param _graph a {@link com.ibm.wala.util.graph.Graph} object. + * @param _nodeid a {@link java.util.ArrayList} object. + */ + public DepthFirstGetPaths(Graph _graph, ArrayList _nodeid) { + super(_graph, _nodeid); + } + + /** {@inheritDoc} */ + public HashSet> getAllPaths(ConstructId _src, ConstructId _tgt) { + this.start_millis = System.currentTimeMillis(); + HashSet> paths = new HashSet>(); + Integer currentNode = this.nodeId.indexOf(_src); + LinkedList visited = new LinkedList(); + visited.add(currentNode); + findAllPaths(visited, paths, currentNode, this.nodeId.indexOf(_tgt)); + HashSet> result = new HashSet>(); + for (LinkedList p : paths) { + LinkedList newp = new LinkedList(); + for (Integer i : p) newp.add(this.nodeId.get(i)); + result.add(newp); + } + return result; + } + + private void findAllPaths( + LinkedList visited, + HashSet> paths, + Integer currentNode, + Integer _tgt) { + if (currentNode == _tgt) { + LinkedList newpath = new LinkedList(); + newpath.addAll(visited); + paths.add(newpath); + if ((!paths.isEmpty()) && paths.size() % 5 == 0) { + this.end_millis = System.currentTimeMillis(); + DepthFirstGetPaths.log.info( + "Found 5 more paths in [ " + (this.end_millis - this.start_millis) + " millisecs ]"); + } + return; + } else { + int succnode = -1; + Iterator nodes = this.graph.getSuccNodes(currentNode); + while (nodes.hasNext()) { + succnode = nodes.next(); + if (visited.contains(succnode)) { + continue; + } + LinkedList temp = new LinkedList(); + temp.addAll(visited); + temp.add(succnode); + findAllPaths(temp, paths, succnode, _tgt); + } + } + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/MethodNameFilter.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/MethodNameFilter.java index f88a700b4..a113fc4ce 100644 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/MethodNameFilter.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/MethodNameFilter.java @@ -29,7 +29,6 @@ import org.apache.commons.configuration.Configuration; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.backend.BackendConnector; import com.sap.psr.vulas.shared.util.StringList; @@ -41,76 +40,81 @@ */ public class MethodNameFilter { - private static Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static MethodNameFilter instance = null; - - private StringList classnameBlacklist = null; + private static Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static MethodNameFilter instance = null; + + private StringList classnameBlacklist = null; - /** - * Singleton. - */ - private MethodNameFilter() { - final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); - this.classnameBlacklist = new StringList(); - this.classnameBlacklist.addAll(cfg.getStringArray(ReachabilityConfiguration.REACH_BL_CLASS_JRE)); - this.classnameBlacklist.addAll(cfg.getStringArray(ReachabilityConfiguration.REACH_BL_CLASS_CUST)); - } + /** + * Singleton. + */ + private MethodNameFilter() { + final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); + this.classnameBlacklist = new StringList(); + this.classnameBlacklist.addAll( + cfg.getStringArray(ReachabilityConfiguration.REACH_BL_CLASS_JRE)); + this.classnameBlacklist.addAll( + cfg.getStringArray(ReachabilityConfiguration.REACH_BL_CLASS_CUST)); + } - /** - * If there is a MethodNameFilter instance available it will return it, - * otherwise instantiate it and then return - * - * @return an instantiation of the class MethodNameFilter - */ - public synchronized static MethodNameFilter getInstance() { - if(MethodNameFilter.instance==null) - MethodNameFilter.instance = new MethodNameFilter(); - return MethodNameFilter.instance; - } + /** + * If there is a MethodNameFilter instance available it will return it, + * otherwise instantiate it and then return + * + * @return an instantiation of the class MethodNameFilter + */ + public static synchronized MethodNameFilter getInstance() { + if (MethodNameFilter.instance == null) MethodNameFilter.instance = new MethodNameFilter(); + return MethodNameFilter.instance; + } - /** - * Check if the argument is a string contained in the list of the blacklisted - * methods - * - * @param value a string representing the complete name of a method - * @return a boolean value stating if value is blacklisted or not - */ - public boolean isBlackListed(String value){ - return this.classnameBlacklist.contains(value, StringList.ComparisonMode.STARTSWITH, StringList.CaseSensitivity.CASE_SENSITIVE); - } + /** + * Check if the argument is a string contained in the list of the blacklisted + * methods + * + * @param value a string representing the complete name of a method + * @return a boolean value stating if value is blacklisted or not + */ + public boolean isBlackListed(String value) { + return this.classnameBlacklist.contains( + value, StringList.ComparisonMode.STARTSWITH, StringList.CaseSensitivity.CASE_SENSITIVE); + } - /** - * Check if the argument is a string representing a method of an external library - * (meaning not of my application). To define the domain of the application we use - * the entries on which we built the graph. - * - * @param app_entries Entry methods that we used to define the app domain. Use {@link BackendConnector#getAppConstructIds(com.sap.psr.vulas.goals.GoalContext, com.sap.psr.vulas.shared.json.model.Application)} to get them. - * @param value a string representing the complete name of a method - * @return a boolean value stating if value is part of a library or not - */ - public boolean isLibraryMethod(Set app_entries, String value){ - return !this.isAnAppMethod(app_entries, value); - } + /** + * Check if the argument is a string representing a method of an external library + * (meaning not of my application). To define the domain of the application we use + * the entries on which we built the graph. + * + * @param app_entries Entry methods that we used to define the app domain. Use {@link BackendConnector#getAppConstructIds(com.sap.psr.vulas.goals.GoalContext, com.sap.psr.vulas.shared.json.model.Application)} to get them. + * @param value a string representing the complete name of a method + * @return a boolean value stating if value is part of a library or not + */ + public boolean isLibraryMethod( + Set app_entries, String value) { + return !this.isAnAppMethod(app_entries, value); + } - /** - * Check if the argument is a string representing a method of my application - * (meaning not of an external library). To define the domain of the application we use - * the entries on which we built the graph. - * - * @param app_entries Entry methods that we used to define the app domain. Use {@link BackendConnector#getAppConstructIds(com.sap.psr.vulas.goals.GoalContext, com.sap.psr.vulas.shared.json.model.Application)} to get them. - * @param value a string representing the complete name of a method - * @return a boolean value stating if value is part of the application or not - */ - public boolean isAnAppMethod(Set app_entries, String value){ - // this method take as input the constructs of the app but if the inner class - // constructor is modified (e.g. a$1(a)==>a$1() ) we have problems so we - // can just add a workaround here. - // NB: even is the name of the class contains a $ and is not an innerclass - // the method result is right anyway - if(value.contains("$")) value = value.substring(0, value.indexOf("$")); // this solve problems with inner classes - for(com.sap.psr.vulas.shared.json.model.ConstructId entry : app_entries) - if(entry.getQname().startsWith(value)) return true; - return false; - } + /** + * Check if the argument is a string representing a method of my application + * (meaning not of an external library). To define the domain of the application we use + * the entries on which we built the graph. + * + * @param app_entries Entry methods that we used to define the app domain. Use {@link BackendConnector#getAppConstructIds(com.sap.psr.vulas.goals.GoalContext, com.sap.psr.vulas.shared.json.model.Application)} to get them. + * @param value a string representing the complete name of a method + * @return a boolean value stating if value is part of the application or not + */ + public boolean isAnAppMethod( + Set app_entries, String value) { + // this method take as input the constructs of the app but if the inner class + // constructor is modified (e.g. a$1(a)==>a$1() ) we have problems so we + // can just add a workaround here. + // NB: even is the name of the class contains a $ and is not an innerclass + // the method result is right anyway + if (value.contains("$")) + value = value.substring(0, value.indexOf("$")); // this solve problems with inner classes + for (com.sap.psr.vulas.shared.json.model.ConstructId entry : app_entries) + if (entry.getQname().startsWith(value)) return true; + return false; + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/NodeMetaInformation.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/NodeMetaInformation.java index d93ee8414..406dfaa0e 100644 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/NodeMetaInformation.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/NodeMetaInformation.java @@ -39,164 +39,172 @@ * This class represent the MetaInformation that a node in the {@link CallGraph} can carry with himself */ public class NodeMetaInformation { - private ConstructId originalConstructId = null; - private ConstructId modifiedConstructId = null; - private String jarUrl = null; - private String archiveID = null; - - /** - * Used for the attackSurface detection in {@link ReachabilityAnalyzer#identifyTouchPoints()} - */ - private List attackSurface = null; - - /** - *

Constructor for NodeMetaInformation.

- * - * @param _originalConstructId a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @param _modifiedConstructId a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @param _jar_url a {@link java.net.URL} object. - * @param _archiveID a {@link java.lang.String} object. - */ - public NodeMetaInformation(ConstructId _originalConstructId, ConstructId _modifiedConstructId, URL _jar_url, String _archiveID){ - this.originalConstructId = _originalConstructId; - this.modifiedConstructId = _modifiedConstructId; - this.jarUrl = (_jar_url==null?null:_jar_url.toString()); - this.archiveID = _archiveID; - } - - /** - *

Constructor for NodeMetaInformation.

- * - * @param _originalConstructId a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - */ - public NodeMetaInformation(ConstructId _originalConstructId){ - this.originalConstructId = _originalConstructId; - } - - /** - * Used for the attackSurface detection in {@link ReachabilityAnalyzer#identifyTouchPoints()} - * - * @param _rs a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. - */ - public void addToList(NodeMetaInformation _rs){ - if(this.attackSurface == null){ - this.attackSurface = new ArrayList(); - } - this.attackSurface.add(_rs); - } - - /** - * Used for the attackSurface detection in {@link ReachabilityAnalyzer#identifyTouchPoints()} - * - * @return a int. - */ - public int getListSize(){ - return attackSurface!=null ? attackSurface.size() : 0; - } + private ConstructId originalConstructId = null; + private ConstructId modifiedConstructId = null; + private String jarUrl = null; + private String archiveID = null; - /** - * Compares the construct with the given construct by comparing their qualified name. - * - * @param _c a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. - * @return a int. - */ - public final int compareTo(NodeMetaInformation _c) { return this.getOriginalConstructId().compareTo(_c.getOriginalConstructId()); } - - /** {@inheritDoc} */ - @Override - public String toString() { - final StringBuilder b = new StringBuilder(); - b.append("[oc=").append(this.originalConstructId.getQname()); - if(this.modifiedConstructId!=null) - b.append(", mc=").append(this.modifiedConstructId.getQname()); - b.append(", jarUrl=").append(this.jarUrl).append("]"); - return b.toString(); - } - - /** {@inheritDoc} */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + this.getOriginalConstructId().hashCode(); - return result; - } + /** + * Used for the attackSurface detection in {@link ReachabilityAnalyzer#identifyTouchPoints()} + */ + private List attackSurface = null; - /** - * {@inheritDoc} - * - * Returns true if the qualified name of the two constructs are equal, false otherwise. - */ - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - NodeMetaInformation other = (NodeMetaInformation) obj; - return this.getOriginalConstructId().equals(other.getOriginalConstructId()); - } + /** + *

Constructor for NodeMetaInformation.

+ * + * @param _originalConstructId a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @param _modifiedConstructId a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @param _jar_url a {@link java.net.URL} object. + * @param _archiveID a {@link java.lang.String} object. + */ + public NodeMetaInformation( + ConstructId _originalConstructId, + ConstructId _modifiedConstructId, + URL _jar_url, + String _archiveID) { + this.originalConstructId = _originalConstructId; + this.modifiedConstructId = _modifiedConstructId; + this.jarUrl = (_jar_url == null ? null : _jar_url.toString()); + this.archiveID = _archiveID; + } - private ConstructId getOriginalConstructId() { - return this.originalConstructId; - } - - /** - *

getConstructId.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - */ - public ConstructId getConstructId(){ - return this.modifiedConstructId!=null? this.modifiedConstructId : this.originalConstructId; - } - - /** - *

Getter for the field jarUrl.

- * - * @return a {@link java.lang.String} object. - */ - public String getJarUrl(){ - return this.jarUrl; + /** + *

Constructor for NodeMetaInformation.

+ * + * @param _originalConstructId a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + */ + public NodeMetaInformation(ConstructId _originalConstructId) { + this.originalConstructId = _originalConstructId; + } + + /** + * Used for the attackSurface detection in {@link ReachabilityAnalyzer#identifyTouchPoints()} + * + * @param _rs a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. + */ + public void addToList(NodeMetaInformation _rs) { + if (this.attackSurface == null) { + this.attackSurface = new ArrayList(); } - - /** - *

toJSON.

- * - * @return a {@link com.google.gson.JsonObject} object. - */ - public JsonObject toJSON() { return this.toJSON(false); } - - /** - *

toJSON.

- * - * @param _addAlsoAttackSurface a boolean. - * @return a {@link com.google.gson.JsonObject} object. - */ - public JsonObject toJSON(boolean _addAlsoAttackSurface){ - // create GSON object with the right constructID - final JsonObject rootObj = new JsonParser().parse(JacksonUtil.asJsonString(this.getConstructId())).getAsJsonObject(); - // add JAR URL - if(this.jarUrl!=null) rootObj.addProperty("jarUrl", this.jarUrl); - // add JAR ID - if(this.archiveID!=null) rootObj.addProperty("archiveID", this.archiveID); - // add list - if(_addAlsoAttackSurface && this.getListSize()>0){ - JsonArray myArray = new JsonArray(); - for(NodeMetaInformation element : this.attackSurface){ - JsonObject child = element.toJSON(_addAlsoAttackSurface); - myArray.add(child); - } - rootObj.add("attackSurface", myArray); - } - return rootObj; + this.attackSurface.add(_rs); + } + + /** + * Used for the attackSurface detection in {@link ReachabilityAnalyzer#identifyTouchPoints()} + * + * @return a int. + */ + public int getListSize() { + return attackSurface != null ? attackSurface.size() : 0; + } + + /** + * Compares the construct with the given construct by comparing their qualified name. + * + * @param _c a {@link com.sap.psr.vulas.cg.NodeMetaInformation} object. + * @return a int. + */ + public final int compareTo(NodeMetaInformation _c) { + return this.getOriginalConstructId().compareTo(_c.getOriginalConstructId()); + } + + /** {@inheritDoc} */ + @Override + public String toString() { + final StringBuilder b = new StringBuilder(); + b.append("[oc=").append(this.originalConstructId.getQname()); + if (this.modifiedConstructId != null) + b.append(", mc=").append(this.modifiedConstructId.getQname()); + b.append(", jarUrl=").append(this.jarUrl).append("]"); + return b.toString(); + } + + /** {@inheritDoc} */ + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + this.getOriginalConstructId().hashCode(); + return result; + } + + /** + * {@inheritDoc} + * + * Returns true if the qualified name of the two constructs are equal, false otherwise. + */ + @Override + public boolean equals(Object obj) { + if (this == obj) return true; + if (obj == null) return false; + if (getClass() != obj.getClass()) return false; + NodeMetaInformation other = (NodeMetaInformation) obj; + return this.getOriginalConstructId().equals(other.getOriginalConstructId()); + } + + private ConstructId getOriginalConstructId() { + return this.originalConstructId; + } + + /** + *

getConstructId.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + */ + public ConstructId getConstructId() { + return this.modifiedConstructId != null ? this.modifiedConstructId : this.originalConstructId; + } + + /** + *

Getter for the field jarUrl.

+ * + * @return a {@link java.lang.String} object. + */ + public String getJarUrl() { + return this.jarUrl; + } + + /** + *

toJSON.

+ * + * @return a {@link com.google.gson.JsonObject} object. + */ + public JsonObject toJSON() { + return this.toJSON(false); + } + + /** + *

toJSON.

+ * + * @param _addAlsoAttackSurface a boolean. + * @return a {@link com.google.gson.JsonObject} object. + */ + public JsonObject toJSON(boolean _addAlsoAttackSurface) { + // create GSON object with the right constructID + final JsonObject rootObj = + new JsonParser().parse(JacksonUtil.asJsonString(this.getConstructId())).getAsJsonObject(); + // add JAR URL + if (this.jarUrl != null) rootObj.addProperty("jarUrl", this.jarUrl); + // add JAR ID + if (this.archiveID != null) rootObj.addProperty("archiveID", this.archiveID); + // add list + if (_addAlsoAttackSurface && this.getListSize() > 0) { + JsonArray myArray = new JsonArray(); + for (NodeMetaInformation element : this.attackSurface) { + JsonObject child = element.toJSON(_addAlsoAttackSurface); + myArray.add(child); + } + rootObj.add("attackSurface", myArray); } - - /** - *

getArchiveId.

- * - * @return a {@link java.lang.String} object. - */ - public String getArchiveId() { return this.archiveID; } + return rootObj; + } + + /** + *

getArchiveId.

+ * + * @return a {@link java.lang.String} object. + */ + public String getArchiveId() { + return this.archiveID; + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PathSimilarity.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PathSimilarity.java index eef47f0a5..f26ff9fbe 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PathSimilarity.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PathSimilarity.java @@ -27,117 +27,123 @@ import org.apache.logging.log4j.Logger; - /** *

PathSimilarity class.

* */ public class PathSimilarity { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger( PathSimilarity.class ); - //ArrayList: every path has a unique index - ArrayList> paths = null; - - //group all paths based on the node joint, the map key is the qname of the node joint, the value are all paths id in this group, id is read from ArrayList paths - HashMap> groupedPaths = null; - - /** - *

Constructor for PathSimilarity.

- * - * @param _p a {@link java.util.ArrayList} object. - */ - public PathSimilarity(ArrayList> _p) { - this.paths = _p; - } - - /** - *

addPath.

- * - * @param _p a {@link java.util.LinkedList} object. - */ - public void addPath (LinkedList _p) { - this.paths.add(_p); - } - - /** - *

groupPathsByJointNode.

- */ - public void groupPathsByJointNode () { - this.groupedPaths = new HashMap>(); - for (int i = 0; i < this.paths.size(); i++) { - LinkedList p = this.paths.get(i); - for(String s : p) { - if(!this.groupedPaths.containsKey(s)) { - HashSet tmp = new HashSet(); - tmp.add(i); - this.groupedPaths.put(s, tmp); - } else { - this.groupedPaths.get(s).add(i); - } - } - } - } + private static final Logger log = + org.apache.logging.log4j.LogManager.getLogger(PathSimilarity.class); + + // ArrayList: every path has a unique index + ArrayList> paths = null; + + // group all paths based on the node joint, the map key is the qname of the node joint, the value + // are all paths id in this group, id is read from ArrayList paths + HashMap> groupedPaths = null; + + /** + *

Constructor for PathSimilarity.

+ * + * @param _p a {@link java.util.ArrayList} object. + */ + public PathSimilarity(ArrayList> _p) { + this.paths = _p; + } + + /** + *

addPath.

+ * + * @param _p a {@link java.util.LinkedList} object. + */ + public void addPath(LinkedList _p) { + this.paths.add(_p); + } + + /** + *

groupPathsByJointNode.

+ */ + public void groupPathsByJointNode() { + this.groupedPaths = new HashMap>(); + for (int i = 0; i < this.paths.size(); i++) { + LinkedList p = this.paths.get(i); + for (String s : p) { + if (!this.groupedPaths.containsKey(s)) { + HashSet tmp = new HashSet(); + tmp.add(i); + this.groupedPaths.put(s, tmp); + } else { + this.groupedPaths.get(s).add(i); + } + } + } + } - //return all the overlapping paths (linked edges) - private HashSet> overlapPath (LinkedList _path1, LinkedList _path2) { - LinkedList shortpath = new LinkedList(); - LinkedList longpath = new LinkedList(); - if(_path1.size() >= _path2.size()) { - shortpath.addAll(_path2); - longpath.addAll(_path1); - } else { - shortpath.addAll(_path1); - longpath.addAll(_path2); - } - HashSet> results = new HashSet>(); - List overlap = new LinkedList(); - int length = 1, pointer = 0; - //complexity: looping only once by increasing / decreasing i and j - for(int i = 0, j= 0; i < shortpath.size() && j < longpath.size();) { - String node = shortpath.get(i); - if(node.equals(longpath.get(j))) { - overlap.add(node); - i++; - j++; - } - else { - if(!overlap.isEmpty()) { - List newoverlap = new LinkedList(); - newoverlap.addAll(overlap); - if(newoverlap.size() > length) length = newoverlap.size(); - results.add(newoverlap); - overlap.clear(); - i = pointer; - } else { - if( i!=(shortpath.size()-1) && j == (longpath.size()-1) ) { - i = i + length; - pointer = i; - j = 0; - length = 1; - } - else j++; - } - } - } - if(!overlap.isEmpty()) results.add(overlap); - PathSimilarity.log.info("Results: " + results); - return results; - } - - //one way to compute the similarity between two paths - /** - *

pathSimilarity.

- * - * @param _path1 a {@link java.util.LinkedList} object. - * @param _path2 a {@link java.util.LinkedList} object. - */ - public void pathSimilarity (LinkedList _path1, LinkedList _path2) { - int count = 0; - HashSet> overlaps = overlapPath(_path1, _path2); - for(List sp : overlaps) count += sp.size(); - PathSimilarity.log.info("The lengths of two paths are " + _path1.size() + " and " + _path2.size() - + " separately; overlapping [ " + count + " nodes ] distributed in [ " + overlaps.size() + " subpaths ]"); - } + // return all the overlapping paths (linked edges) + private HashSet> overlapPath(LinkedList _path1, LinkedList _path2) { + LinkedList shortpath = new LinkedList(); + LinkedList longpath = new LinkedList(); + if (_path1.size() >= _path2.size()) { + shortpath.addAll(_path2); + longpath.addAll(_path1); + } else { + shortpath.addAll(_path1); + longpath.addAll(_path2); + } + HashSet> results = new HashSet>(); + List overlap = new LinkedList(); + int length = 1, pointer = 0; + // complexity: looping only once by increasing / decreasing i and j + for (int i = 0, j = 0; i < shortpath.size() && j < longpath.size(); ) { + String node = shortpath.get(i); + if (node.equals(longpath.get(j))) { + overlap.add(node); + i++; + j++; + } else { + if (!overlap.isEmpty()) { + List newoverlap = new LinkedList(); + newoverlap.addAll(overlap); + if (newoverlap.size() > length) length = newoverlap.size(); + results.add(newoverlap); + overlap.clear(); + i = pointer; + } else { + if (i != (shortpath.size() - 1) && j == (longpath.size() - 1)) { + i = i + length; + pointer = i; + j = 0; + length = 1; + } else j++; + } + } + } + if (!overlap.isEmpty()) results.add(overlap); + PathSimilarity.log.info("Results: " + results); + return results; + } + // one way to compute the similarity between two paths + /** + *

pathSimilarity.

+ * + * @param _path1 a {@link java.util.LinkedList} object. + * @param _path2 a {@link java.util.LinkedList} object. + */ + public void pathSimilarity(LinkedList _path1, LinkedList _path2) { + int count = 0; + HashSet> overlaps = overlapPath(_path1, _path2); + for (List sp : overlaps) count += sp.size(); + PathSimilarity.log.info( + "The lengths of two paths are " + + _path1.size() + + " and " + + _path2.size() + + " separately; overlapping [ " + + count + + " nodes ] distributed in [ " + + overlaps.size() + + " subpaths ]"); + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PrunedGraphGetPaths.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PrunedGraphGetPaths.java index da3aaaed1..46cd133e0 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PrunedGraphGetPaths.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/PrunedGraphGetPaths.java @@ -28,7 +28,6 @@ import org.apache.logging.log4j.Logger; - import com.ibm.wala.util.graph.Graph; import com.sap.psr.vulas.shared.json.model.ConstructId; @@ -37,110 +36,116 @@ * */ public class PrunedGraphGetPaths extends AbstractGetPaths { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private long start_millis = System.currentTimeMillis(), end_millis = System.currentTimeMillis(); - private Map> edges = new HashMap>(); - - /** - *

Constructor for PrunedGraphGetPaths.

- * - * @param _graph a {@link com.ibm.wala.util.graph.Graph} object. - * @param _nodeid a {@link java.util.ArrayList} object. - */ - public PrunedGraphGetPaths(Graph _graph, ArrayList _nodeid) { - super(_graph, _nodeid); - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private long start_millis = System.currentTimeMillis(), end_millis = System.currentTimeMillis(); + + private Map> edges = new HashMap>(); + + /** + *

Constructor for PrunedGraphGetPaths.

+ * + * @param _graph a {@link com.ibm.wala.util.graph.Graph} object. + * @param _nodeid a {@link java.util.ArrayList} object. + */ + public PrunedGraphGetPaths(Graph _graph, ArrayList _nodeid) { + super(_graph, _nodeid); + } + + /** {@inheritDoc} */ + public HashSet> getAllPaths(ConstructId _src, ConstructId _tgt) { + this.start_millis = System.currentTimeMillis(); + int src_id = this.nodeId.indexOf(_src), tgt_id = this.nodeId.indexOf(_tgt); + this.getAllEdges(tgt_id); + this.end_millis = System.currentTimeMillis(); + PrunedGraphGetPaths.log.info( + "Finished computing all edges in [ " + + (this.end_millis - this.start_millis) + + " millisecs]"); + LinkedList singlepath = new LinkedList(); + HashSet> allpaths = new HashSet>(); + this.assemblePath(src_id, tgt_id, singlepath, allpaths); + HashSet> result = new HashSet>(); + for (LinkedList p : allpaths) { + LinkedList newp = new LinkedList(); + for (Integer i : p) newp.add(this.nodeId.get(i)); + result.add(newp); + } + return result; + } - /** {@inheritDoc} */ - public HashSet> getAllPaths(ConstructId _src, ConstructId _tgt) { - this.start_millis = System.currentTimeMillis(); - int src_id = this.nodeId.indexOf(_src), tgt_id = this.nodeId.indexOf(_tgt); - this.getAllEdges(tgt_id); - this.end_millis = System.currentTimeMillis(); - PrunedGraphGetPaths.log.info("Finished computing all edges in [ " + (this.end_millis - this.start_millis) + " millisecs]"); - LinkedList singlepath = new LinkedList(); - HashSet> allpaths = new HashSet>(); - this.assemblePath(src_id, tgt_id, singlepath, allpaths); - HashSet> result = new HashSet>(); - for(LinkedList p : allpaths) { - LinkedList newp = new LinkedList(); - for(Integer i : p) newp.add(this.nodeId.get(i)); - result.add(newp); - } - return result; - } + private void assemblePath( + Integer _src, + Integer _tgt, + LinkedList _path, + HashSet> _allpaths) { + if (_src == _tgt) { + LinkedList newPath = new LinkedList(); + newPath.addAll(_path); + _allpaths.add(newPath); + _path.removeLast(); + if ((!_allpaths.isEmpty()) && _allpaths.size() % 5 == 0) { + this.end_millis = System.currentTimeMillis(); + PrunedGraphGetPaths.log.info( + "Found 5 more paths in [ " + (this.end_millis - this.start_millis) + " millisecs]"); + } + return; + } else { + HashSet edges = this.edges.get(_src); + if (edges != null) { + for (Integer i : edges) { + if (!_path.contains(i)) { + _path.add(i); + assemblePath(i, _tgt, _path, _allpaths); + } + } + } + } + if (_path != null && !_path.isEmpty()) _path.removeLast(); + } - private void assemblePath(Integer _src, Integer _tgt, LinkedList _path, HashSet> _allpaths) { - if (_src == _tgt) { - LinkedList newPath = new LinkedList(); - newPath.addAll(_path); - _allpaths.add(newPath); - _path.removeLast(); - if((!_allpaths.isEmpty()) && _allpaths.size()%5 == 0) { - this.end_millis = System.currentTimeMillis(); - PrunedGraphGetPaths.log.info("Found 5 more paths in [ " + (this.end_millis - this.start_millis) + " millisecs]"); - } - return; - } else { - HashSet edges = this.edges.get(_src); - if (edges != null) { - for (Integer i : edges) { - if (!_path.contains(i)) { - _path.add(i); - assemblePath (i, _tgt, _path, _allpaths); - } - } - } - } - if (_path != null && !_path.isEmpty()) - _path.removeLast(); - } - - /** - * Prune the callgraph, make it only contain all edges heading to the target - * (_tgt) - * - * @param _tgt - * @return - */ - private void getAllEdges(Integer _tgt) { - Iterator nodes = this.graph.iterator(); - Integer node = null; - // Intialization: no edge at all in the pruned callgraph - while (nodes.hasNext()) { - node = nodes.next(); - if (node == _tgt) { - this.edges.put(node, new HashSet()); - } else - this.edges.put(node, null); - } - computeAllEdges(_tgt); - } + /** + * Prune the callgraph, make it only contain all edges heading to the target + * (_tgt) + * + * @param _tgt + * @return + */ + private void getAllEdges(Integer _tgt) { + Iterator nodes = this.graph.iterator(); + Integer node = null; + // Intialization: no edge at all in the pruned callgraph + while (nodes.hasNext()) { + node = nodes.next(); + if (node == _tgt) { + this.edges.put(node, new HashSet()); + } else this.edges.put(node, null); + } + computeAllEdges(_tgt); + } - /** - * Recursive method of getAllEdges, update the Map _edges - * - * @param _tgt - * @param _edges - * @return - */ - private void computeAllEdges(Integer _tgt) { - Iterator predNodes = this.graph.getPredNodes(_tgt); - Integer prednode = null; - while (predNodes.hasNext()) { - prednode = predNodes.next(); - HashSet newedge = this.edges.get(prednode); - if (newedge == null) { - newedge = new HashSet(); - } - if (!newedge.contains(_tgt)) { - newedge.add(_tgt); - this.edges.put(prednode, newedge); - computeAllEdges(prednode); - } - } - } + /** + * Recursive method of getAllEdges, update the Map _edges + * + * @param _tgt + * @param _edges + * @return + */ + private void computeAllEdges(Integer _tgt) { + Iterator predNodes = this.graph.getPredNodes(_tgt); + Integer prednode = null; + while (predNodes.hasNext()) { + prednode = predNodes.next(); + HashSet newedge = this.edges.get(prednode); + if (newedge == null) { + newedge = new HashSet(); + } + if (!newedge.contains(_tgt)) { + newedge.add(_tgt); + this.edges.put(prednode, newedge); + computeAllEdges(prednode); + } + } + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityAnalyzer.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityAnalyzer.java index 4d82c87c1..39e1ff12c 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityAnalyzer.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityAnalyzer.java @@ -41,7 +41,6 @@ import org.apache.commons.configuration.Configuration; import org.apache.logging.log4j.Logger; - import com.google.gson.JsonArray; import com.google.gson.JsonObject; import com.google.gson.JsonParser; @@ -59,839 +58,996 @@ import com.sap.psr.vulas.shared.util.StopWatch; import com.sap.psr.vulas.shared.util.StringUtil; import com.sap.psr.vulas.shared.util.ThreadUtil; -import com.sap.psr.vulas.shared.util.VulasConfiguration; - /** * Reachability Analyzer */ public class ReachabilityAnalyzer implements Runnable { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static int THREAD_COUNT = 0; - - /** - * The application JAR to be analyzed and its context information - */ - private Application app_ctx = null; - - /** - * The goal context (ideally, this should be kept out of this class) - */ - private GoalContext goalContext = null; - - private Set app_classpaths = null; - private Set dep_classpaths = null; - - /** - * All the constructs used as entry points and its source description (e.g., 'app' or 'traces'). - */ - private Set entrypoints = null; - private PathSource source = null; - /** - * Whether apply a strict policy to callgraph construction; that is whether allowing any entrypoint missing in the callgraph - */ - private boolean strictPolicy = false; - - /** - * The call graph constructed for reachability analysis - */ - private Callgraph callgraph = null; - - /** - *

Getter for the field callgraph.

- * - * @return a {@link com.sap.psr.vulas.cg.Callgraph} object. - */ - public Callgraph getCallgraph() { - return this.callgraph; - } - - ; - - //private String bugid = null; - - private Map> targetConstructs = null; - - /** - * All the packages to be excluded during callgraph construction - */ - private String excludedPackages = null; - - private Map stats = new HashMap(); - - // contains the result of the attacksurface analysis performed during the a2c goal - //private List libraryEntryPoints = null; - - /** - * Application constructs (identical to entry points in case of {@link GoalType#A2C}). - */ - private Set appConstructs = null; - - /** - * Library touch points (stored as a set of linked lists with two elements each) per library (SHA1). - */ - private Map>> touchPoints = new HashMap>>(); - - /** - * Reachable constructs per library (SHA1). - */ - private Map> reachableConstructs = new HashMap>(); - - /** - * The constructor used to build the call graph (implementations exist for Wala and Soot). - */ - private ICallgraphConstructor constructor = null; - - /** - * All paths for each bugid - */ - private HashMap>> rcPaths = new HashMap>>(); - - private static final Runtime runtime = Runtime.getRuntime(); - - /** - *

Constructor for ReachabilityAnalyzer.

- * - * @param _ctx a {@link com.sap.psr.vulas.goals.GoalContext} object. - */ - public ReachabilityAnalyzer(GoalContext _ctx) { - this.goalContext = _ctx; - this.app_ctx = _ctx.getApplication(); - } - - /** - * Sets the directories where to find compiled application classes. Each path is typically a directory, e.g., 'WEB-INF/classes' in - * case of uncompressed WARs or 'target/classes' in case of Maven projects. - * - * @param _paths a {@link java.util.Set} object. - */ - public void setAppClasspaths(Set _paths) { - this.app_classpaths = _paths; - } - - /** - *

getAppClasspath.

- * - * @return a {@link java.lang.String} object. - */ - public String getAppClasspath() { - StringBuilder b = new StringBuilder(); - int i = 0; - if (this.app_classpaths != null) { - for (Path p : this.app_classpaths) { - if (i++ > 0) b.append(System.getProperty("path.separator")); - b.append(p.toString()); - } - } - return b.toString(); - } - - /** - * Sets the directories where to find the classes of application dependencies. Each path is typically a JAR file, e.g., 'WEB-INF/lib' - * in case of uncompressed WARs or 'target/dependencies' in case of Maven projects. - * - * @param _paths a {@link java.util.Set} object. - */ - public void setDependencyClasspaths(Set _paths) { - this.dep_classpaths = _paths; - } - - /** - *

getDependencyClasspath.

- * - * @return a {@link java.lang.String} object. - */ - public String getDependencyClasspath() { - StringBuilder b = new StringBuilder(); - int i = 0; - if (this.dep_classpaths != null) { - for (Path p : this.dep_classpaths) { - if (i++ > 0) b.append(System.getProperty("path.separator")); - b.append(p.toString()); - } - } - return b.toString(); - } - - /** - * Sets the application constructs. - * - * @param _constructs a {@link java.util.Set} object. - */ - public void setAppConstructs(Set _constructs) { - this.appConstructs = _constructs; + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static int THREAD_COUNT = 0; + + /** + * The application JAR to be analyzed and its context information + */ + private Application app_ctx = null; + + /** + * The goal context (ideally, this should be kept out of this class) + */ + private GoalContext goalContext = null; + + private Set app_classpaths = null; + private Set dep_classpaths = null; + + /** + * All the constructs used as entry points and its source description (e.g., 'app' or 'traces'). + */ + private Set entrypoints = null; + + private PathSource source = null; + /** + * Whether apply a strict policy to callgraph construction; that is whether allowing any entrypoint missing in the callgraph + */ + private boolean strictPolicy = false; + + /** + * The call graph constructed for reachability analysis + */ + private Callgraph callgraph = null; + + /** + *

Getter for the field callgraph.

+ * + * @return a {@link com.sap.psr.vulas.cg.Callgraph} object. + */ + public Callgraph getCallgraph() { + return this.callgraph; + } + ; + + // private String bugid = null; + + private Map> targetConstructs = null; + + /** + * All the packages to be excluded during callgraph construction + */ + private String excludedPackages = null; + + private Map stats = new HashMap(); + + // contains the result of the attacksurface analysis performed during the a2c goal + // private List libraryEntryPoints = null; + + /** + * Application constructs (identical to entry points in case of {@link GoalType#A2C}). + */ + private Set appConstructs = null; + + /** + * Library touch points (stored as a set of linked lists with two elements each) per library (SHA1). + */ + private Map>> touchPoints = + new HashMap>>(); + + /** + * Reachable constructs per library (SHA1). + */ + private Map> reachableConstructs = + new HashMap>(); + + /** + * The constructor used to build the call graph (implementations exist for Wala and Soot). + */ + private ICallgraphConstructor constructor = null; + + /** + * All paths for each bugid + */ + private HashMap>> rcPaths = + new HashMap>>(); + + private static final Runtime runtime = Runtime.getRuntime(); + + /** + *

Constructor for ReachabilityAnalyzer.

+ * + * @param _ctx a {@link com.sap.psr.vulas.goals.GoalContext} object. + */ + public ReachabilityAnalyzer(GoalContext _ctx) { + this.goalContext = _ctx; + this.app_ctx = _ctx.getApplication(); + } + + /** + * Sets the directories where to find compiled application classes. Each path is typically a directory, e.g., 'WEB-INF/classes' in + * case of uncompressed WARs or 'target/classes' in case of Maven projects. + * + * @param _paths a {@link java.util.Set} object. + */ + public void setAppClasspaths(Set _paths) { + this.app_classpaths = _paths; + } + + /** + *

getAppClasspath.

+ * + * @return a {@link java.lang.String} object. + */ + public String getAppClasspath() { + StringBuilder b = new StringBuilder(); + int i = 0; + if (this.app_classpaths != null) { + for (Path p : this.app_classpaths) { + if (i++ > 0) b.append(System.getProperty("path.separator")); + b.append(p.toString()); + } } - - /** - * Sets the entry points that will be used as a starting point for the call graph construction. - * The entry points used depend on the {@link GoalType}. - * - * @param _constructs a {@link java.util.Set} object. - * @param _source a {@link com.sap.psr.vulas.shared.enums.PathSource} object. - * @param _throw_exception a boolean. - */ - public void setEntryPoints(Set _constructs, PathSource _source, boolean _throw_exception) { - this.entrypoints = _constructs; - this.source = _source; - this.strictPolicy = _throw_exception; - } - - - /*public String getClasspath() { - final StringBuilder b = new StringBuilder(); - int i = 0; - if(this.app_classpaths!=null) { - for(Path p: this.app_classpaths) { - if(i++>0) b.append(System.getProperty("path.separator")); - b.append(p.toString()); - } - } - if(this.dep_classpaths!=null) { - for(Path p: this.dep_classpaths) { - if(i++>0) b.append(System.getProperty("path.separator")); - b.append(p.toString()); - } - } - return b.toString(); - }*/ - - /** - *

setExcludePackages.

- * - * @param _packages a {@link java.lang.String} object. - */ - public void setExcludePackages(String _packages) { - if ((_packages != null) && (!_packages.isEmpty())) this.excludedPackages = _packages; + return b.toString(); + } + + /** + * Sets the directories where to find the classes of application dependencies. Each path is typically a JAR file, e.g., 'WEB-INF/lib' + * in case of uncompressed WARs or 'target/dependencies' in case of Maven projects. + * + * @param _paths a {@link java.util.Set} object. + */ + public void setDependencyClasspaths(Set _paths) { + this.dep_classpaths = _paths; + } + + /** + *

getDependencyClasspath.

+ * + * @return a {@link java.lang.String} object. + */ + public String getDependencyClasspath() { + StringBuilder b = new StringBuilder(); + int i = 0; + if (this.dep_classpaths != null) { + for (Path p : this.dep_classpaths) { + if (i++ > 0) b.append(System.getProperty("path.separator")); + b.append(p.toString()); + } } - - /** - * Sets the change list elements of the given bug(s) as target constructs. If no bugs are passed, all bugs - * relevant for the application will be considered (cf. {@link BackendConnector#getAppBugs(GoalContext, Application)}). - * - * @param _filter Comma-separated list of bug identifiers - */ - public void setTargetConstructs(String _filter) { - try { - final Map> change_lists = BackendConnector.getInstance().getAppBugs(this.goalContext, this.app_ctx, _filter); - if (change_lists == null || change_lists.size() == 0) { - if (_filter == null || _filter.equals("")) { - ReachabilityAnalyzer.log.info("No change list found, i.e., no target points can be set"); - } else { - ReachabilityAnalyzer.log.info("No change list found for bug(s) [" + _filter + "], i.e., no target points can be set"); - } - } else { - ReachabilityAnalyzer.log.info("Found change lists for [" + change_lists.size() + "] bugs, their constructs will be used as target points"); - this.setTargetConstructs(change_lists); - } - } catch (BackendConnectionException e) { - ReachabilityAnalyzer.log.error("Error retrieving change lists from the backend: " + e.getMessage()); + return b.toString(); + } + + /** + * Sets the application constructs. + * + * @param _constructs a {@link java.util.Set} object. + */ + public void setAppConstructs(Set _constructs) { + this.appConstructs = _constructs; + } + + /** + * Sets the entry points that will be used as a starting point for the call graph construction. + * The entry points used depend on the {@link GoalType}. + * + * @param _constructs a {@link java.util.Set} object. + * @param _source a {@link com.sap.psr.vulas.shared.enums.PathSource} object. + * @param _throw_exception a boolean. + */ + public void setEntryPoints( + Set _constructs, + PathSource _source, + boolean _throw_exception) { + this.entrypoints = _constructs; + this.source = _source; + this.strictPolicy = _throw_exception; + } + + /*public String getClasspath() { + final StringBuilder b = new StringBuilder(); + int i = 0; + if(this.app_classpaths!=null) { + for(Path p: this.app_classpaths) { + if(i++>0) b.append(System.getProperty("path.separator")); + b.append(p.toString()); + } + } + if(this.dep_classpaths!=null) { + for(Path p: this.dep_classpaths) { + if(i++>0) b.append(System.getProperty("path.separator")); + b.append(p.toString()); + } + } + return b.toString(); + }*/ + + /** + *

setExcludePackages.

+ * + * @param _packages a {@link java.lang.String} object. + */ + public void setExcludePackages(String _packages) { + if ((_packages != null) && (!_packages.isEmpty())) this.excludedPackages = _packages; + } + + /** + * Sets the change list elements of the given bug(s) as target constructs. If no bugs are passed, all bugs + * relevant for the application will be considered (cf. {@link BackendConnector#getAppBugs(GoalContext, Application)}). + * + * @param _filter Comma-separated list of bug identifiers + */ + public void setTargetConstructs(String _filter) { + try { + final Map> change_lists = + BackendConnector.getInstance().getAppBugs(this.goalContext, this.app_ctx, _filter); + if (change_lists == null || change_lists.size() == 0) { + if (_filter == null || _filter.equals("")) { + ReachabilityAnalyzer.log.info("No change list found, i.e., no target points can be set"); + } else { + ReachabilityAnalyzer.log.info( + "No change list found for bug(s) [" + + _filter + + "], i.e., no target points can be set"); } + } else { + ReachabilityAnalyzer.log.info( + "Found change lists for [" + + change_lists.size() + + "] bugs, their constructs will be used as target points"); + this.setTargetConstructs(change_lists); + } + } catch (BackendConnectionException e) { + ReachabilityAnalyzer.log.error( + "Error retrieving change lists from the backend: " + e.getMessage()); } - - /** - *

Setter for the field targetConstructs.

- * - * @param _target_constructs a {@link java.util.Map} object. - */ - public void setTargetConstructs(Map> _target_constructs) { - this.targetConstructs = _target_constructs; + } + + /** + *

Setter for the field targetConstructs.

+ * + * @param _target_constructs a {@link java.util.Map} object. + */ + public void setTargetConstructs( + Map> _target_constructs) { + this.targetConstructs = _target_constructs; + } + + /** + *

setCallgraphConstructor.

+ * + * @param analysisFramework a {@link java.lang.String} object. + * @param _is_cli a boolean. + */ + public void setCallgraphConstructor(String analysisFramework, boolean _is_cli) { + this.constructor = + CallgraphConstructorFactory.buildCallgraphConstructor( + analysisFramework, this.app_ctx, _is_cli); + this.constructor.setVulasConfiguration(this.goalContext.getVulasConfiguration()); + } + + private Graph readFromDisk(String _file) { + try { + try (final ObjectInputStream ois = new ObjectInputStream(new FileInputStream(_file))) { + final Object object = ois.readObject(); + @SuppressWarnings("unchecked") + final Graph g = (Graph) object; + log.info("Read call graph with [" + g.getNumberOfNodes() + "] nodes from [" + _file + "]"); + return g; + } + } catch (IOException ioe) { + log.error("I/O error when reading object from [" + _file + "]: " + ioe.getMessage(), ioe); + } catch (ClassNotFoundException cnfe) { + log.error( + "Class not found when reading object from [" + _file + "]: " + cnfe.getMessage(), cnfe); } - - /** - *

setCallgraphConstructor.

- * - * @param analysisFramework a {@link java.lang.String} object. - * @param _is_cli a boolean. - */ - public void setCallgraphConstructor(String analysisFramework, boolean _is_cli) { - this.constructor = CallgraphConstructorFactory.buildCallgraphConstructor(analysisFramework, this.app_ctx, _is_cli); - this.constructor.setVulasConfiguration(this.goalContext.getVulasConfiguration()); + return null; + } + + private void writeToDisk(String _file, Graph _g) { + try { + // Create all parent dirs + final Path p = Paths.get(_file); + FileUtil.createDirectory(p.getParent()); + + // Write object + final File f = new File(_file); + try (final ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f))) { + oos.writeObject(_g); + log.info("Wrote call graph with [" + _g.getNumberOfNodes() + "] nodes to [" + _file + "]"); + } + } catch (IOException ioe) { + log.error("I/O error when writing object to [" + _file + "]: " + ioe.getMessage(), ioe); } - - private Graph readFromDisk(String _file) { - try { - try (final ObjectInputStream ois = new ObjectInputStream(new FileInputStream(_file))) { - final Object object = ois.readObject(); - @SuppressWarnings("unchecked") final Graph g = (Graph) object; - log.info("Read call graph with [" + g.getNumberOfNodes() + "] nodes from [" + _file + "]"); - return g; - } - } catch (IOException ioe) { - log.error("I/O error when reading object from [" + _file + "]: " + ioe.getMessage(), ioe); - } catch (ClassNotFoundException cnfe) { - log.error("Class not found when reading object from [" + _file + "]: " + cnfe.getMessage(), cnfe); + } + + /** + * Given the bugid and callgraph constructor framework, do the reachability analysis from callgraph construction to callgraph computation + */ + public void run() { // throws CallgraphConstructException { + // Entry points should have been set + if (this.entrypoints == null) + throw new IllegalStateException("No entry points defined, cannot compute call graph"); + + // Factory must be defined + else if (this.constructor == null) + throw new IllegalStateException("No call graph constructor defined"); + + try { + + // ===== Phase 1: Call graph construction + + // Get a callgraph constructor (using the factory received earlier as argument) + // AbstractConstructorFactory factory = AbstractConstructorFactory.getFactory(_framework); + // Create a callgraph constructor, no matter which framework(soot/wala) is used. + // this.constructor = this.factory.createConstructor(this.app_ctx, this.app_classes_path); + // ICallgraphConstructor constructor = factory.createConstructor(this.app_ctx, p); + + Graph g = null; + + // Read the call graph from disk + /*final String read_from = VulasConfiguration.getConfiguration().getString(ReachabilityConfiguration.REACH_READ_FROM, null); + if(read_from!=null && FileUtil.isAccessibleFile(read_from)) { + g = this.readFromDisk(read_from); + callgraph_construction_time = 0; + }*/ + + // Build the callgraph using the specific fwk (1.set classpath; 2. set entrypoints; 3. build + // callgraph; 4. get callgraph) + if (g == null) { + constructor.setDepClasspath(this.getDependencyClasspath()); + constructor.setAppClasspath(this.getAppClasspath()); + constructor.setExcludePackages(this.excludedPackages); + constructor.setEntrypoints(this.entrypoints); + constructor.buildCallgraph(this.strictPolicy); + g = constructor.getCallgraph(); + final long callgraph_construction_time = this.getConstructionTime() / 1000000; + + // Stats + ReachabilityAnalyzer.log.info( + "Call graph construction time (ms) : " + callgraph_construction_time); + this.stats.put("cgConstructionTime (ms)", callgraph_construction_time); + + // Write graph to disk + /*final String write_to = VulasConfiguration.getConfiguration().getString(ReachabilityConfiguration.REACH_WRITE_TO, null); + if(write_to!=null) { + this.writeToDisk(write_to, g); + }*/ + } + + // The call graph we're going to work with, transformed into our representation + this.callgraph = new Callgraph(g); + + // Warn for all non-app entry points for which no archive info was found + int no_jar_url = 0; + for (ConstructId cid : this.callgraph.getConstructsWithoutJarUrl()) { + if (!this.entrypoints.contains(cid)) { + log.warn( + "[" + + StringUtil.padLeft(++no_jar_url, 4) + + "] Cannot determine archive for construct [" + + cid.getQname() + + "]; size of class pool is [" + + ClassPoolUpdater.getInstance().countClasspathElements() + + "]"); } - return null; - } - - private void writeToDisk(String _file, Graph _g) { - try { - // Create all parent dirs - final Path p = Paths.get(_file); - FileUtil.createDirectory(p.getParent()); - - // Write object - final File f = new File(_file); - try (final ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f))) { - oos.writeObject(_g); - log.info("Wrote call graph with [" + _g.getNumberOfNodes() + "] nodes to [" + _file + "]"); - } - } catch (IOException ioe) { - log.error("I/O error when writing object to [" + _file + "]: " + ioe.getMessage(), ioe); - } - } - - /** - * Given the bugid and callgraph constructor framework, do the reachability analysis from callgraph construction to callgraph computation - */ - public void run() { //throws CallgraphConstructException { - // Entry points should have been set - if (this.entrypoints == null) - throw new IllegalStateException("No entry points defined, cannot compute call graph"); - - // Factory must be defined - else if (this.constructor == null) - throw new IllegalStateException("No call graph constructor defined"); - - try { - - // ===== Phase 1: Call graph construction - - // Get a callgraph constructor (using the factory received earlier as argument) - //AbstractConstructorFactory factory = AbstractConstructorFactory.getFactory(_framework); - //Create a callgraph constructor, no matter which framework(soot/wala) is used. - //this.constructor = this.factory.createConstructor(this.app_ctx, this.app_classes_path); - //ICallgraphConstructor constructor = factory.createConstructor(this.app_ctx, p); - - Graph g = null; - - // Read the call graph from disk - /*final String read_from = VulasConfiguration.getConfiguration().getString(ReachabilityConfiguration.REACH_READ_FROM, null); - if(read_from!=null && FileUtil.isAccessibleFile(read_from)) { - g = this.readFromDisk(read_from); - callgraph_construction_time = 0; - }*/ - - // Build the callgraph using the specific fwk (1.set classpath; 2. set entrypoints; 3. build callgraph; 4. get callgraph) - if (g == null) { - constructor.setDepClasspath(this.getDependencyClasspath()); - constructor.setAppClasspath(this.getAppClasspath()); - constructor.setExcludePackages(this.excludedPackages); - constructor.setEntrypoints(this.entrypoints); - constructor.buildCallgraph(this.strictPolicy); - g = constructor.getCallgraph(); - final long callgraph_construction_time = this.getConstructionTime() / 1000000; - - // Stats - ReachabilityAnalyzer.log.info("Call graph construction time (ms) : " + callgraph_construction_time); - this.stats.put("cgConstructionTime (ms)", callgraph_construction_time); - - // Write graph to disk - /*final String write_to = VulasConfiguration.getConfiguration().getString(ReachabilityConfiguration.REACH_WRITE_TO, null); - if(write_to!=null) { - this.writeToDisk(write_to, g); - }*/ - } - - // The call graph we're going to work with, transformed into our representation - this.callgraph = new Callgraph(g); - - // Warn for all non-app entry points for which no archive info was found - int no_jar_url = 0; - for (ConstructId cid : this.callgraph.getConstructsWithoutJarUrl()) { - if (!this.entrypoints.contains(cid)) { - log.warn("[" + StringUtil.padLeft(++no_jar_url, 4) + "] Cannot determine archive for construct [" + cid.getQname() + "]; size of class pool is [" + ClassPoolUpdater.getInstance().countClasspathElements() + "]"); - } - } - this.stats.put("callgraphNodesWithoutJar", (long) Integer.valueOf(no_jar_url)); - - // ===== Phase 2: Search for paths to vulnerable methods - - // Target constructs do not exist: Stop here - if (this.targetConstructs == null || this.targetConstructs.isEmpty()) { - ReachabilityAnalyzer.log.info("No target points defined, i.e., no vulnerability to check reachability for"); - } - // Target constructs do exist: Compute paths from entry points to change list elements of the bugs - else { - // Sources for the reachability analysis (= always the same, independent of the current bug) - final Set src_ep = constructor.getEntrypoints(); - - final boolean search_shortest = this.goalContext.getVulasConfiguration().getConfiguration().getBoolean(ReachabilityConfiguration.REACH_SEARCH_SHORTEST, true); - - final StopWatch sw = new StopWatch("Check reachability of change list elements").start(); - - // Thread pool - final int no_threads = ThreadUtil.getNoThreads(); - final ExecutorService pool = Executors.newFixedThreadPool(no_threads); - - // Create parallel call graph searches - final Set searches = new HashSet(); - for (String bug : this.targetConstructs.keySet()) { - final CallgraphPathSearch search = new CallgraphPathSearch() - .setEntrypoints(src_ep) - .setTargetpoints(this.targetConstructs.get(bug)) - .setLabel(bug) - .setCallback(this) - .setShortestPaths(search_shortest) - .setCallgraph(this.callgraph); - searches.add(search); - pool.execute(search); - } - - try { - // Wait for the thread pool to finish the work - pool.shutdown(); - while (!pool.awaitTermination(60, TimeUnit.SECONDS)) - log.info("Wait for the completion of call graph searches ..."); - } catch (InterruptedException e) { - throw new CallgraphConstructException("Interrupt exception", e); - } - - sw.stop(); - - // Compute stats - long time_max = 0; - long bugs_count = (this.targetConstructs == null ? 0 : this.targetConstructs.keySet().size()), bugs_reachable = 0; - long tp_sum = 0, tp_min = Long.MAX_VALUE, tp_max = 0, tp_avg = 0; - long shortest_path_sum = 0, shortest_path_min = Long.MAX_VALUE, shortest_path_max = 0, shortest_path_avg = 0, path_count = 0; - for (CallgraphPathSearch search : searches) { - final long dur = search.getStopWatch().getRuntime(); - time_max = (dur > time_max ? dur : time_max); - - if (this.rcPaths.get(search.getLabel()).size() > 0) { - bugs_reachable++; - - // Get the shortest and longest path - for (List l : this.rcPaths.get(search.getLabel())) { - path_count++; - shortest_path_sum += l.size(); - shortest_path_avg = new Double(Math.abs((double) shortest_path_sum / path_count)).intValue(); - shortest_path_min = (l.size() < shortest_path_min ? l.size() : shortest_path_min); - shortest_path_max = (l.size() > shortest_path_max ? l.size() : shortest_path_max); - } - } - - tp_sum += this.targetConstructs.get(search.getLabel()).size(); - tp_avg = new Double(Math.abs((double) tp_sum / bugs_count)).intValue(); - tp_min = (this.targetConstructs.get(search.getLabel()).size() < tp_min ? this.targetConstructs.get(search.getLabel()).size() : tp_min); - tp_max = (this.targetConstructs.get(search.getLabel()).size() > tp_max ? this.targetConstructs.get(search.getLabel()).size() : tp_max); - } - - // Write stats to map - this.stats.put("bugs", bugs_count); - this.stats.put("bugsReachable", bugs_reachable); - this.stats.put("targetPointsMin", tp_min); - this.stats.put("targetPointsMax", tp_max); - this.stats.put("targetPointsAvg", tp_avg); - this.stats.put("shortestPathMin", shortest_path_min); - this.stats.put("shortestPathMax", shortest_path_max); - this.stats.put("shortestPathAvg", shortest_path_avg); - } - - // ===== Phase 3: Identify reachable methods and touch points - - this.identifyTouchPoints(); - - // Stats - this.stats.put("reachableArchives", (long) Integer.valueOf(this.reachableConstructs.size())); - this.stats.put("touchedArchives", (long) Integer.valueOf(this.touchPoints.size())); - long touch_points = 0; - for (Map.Entry>> entry : this.touchPoints.entrySet()) - touch_points += entry.getValue().size(); - this.stats.put("touchPointsTotal", Long.valueOf(touch_points)); - - } catch (CallgraphConstructException e) { - ReachabilityAnalyzer.log.info("Call graph cannot be constructed or analyzed, reachability analysis will be interrupted: " + e.getMessage()); - Thread.currentThread().interrupt(); - } - } - - /** - * Loops all nodes of the {@link Callgraph} in order to identify touch points (direct calls - * from an application construct to a library construct or vice versa) and the total set - * of reachable constructs per library. - */ - private void identifyTouchPoints() { - // Allow to skip the collection of touch points (which is potentially time consuming due to nested looping over app methods and all their edges) - final boolean identify_touchpoints = this.goalContext.getVulasConfiguration().getConfiguration().getBoolean(ReachabilityConfiguration.REACH_TOUCHPOINTS, true); - if (!identify_touchpoints) - log.warn("Identification of touch points disabled per configuration"); - - final StopWatch sw = new StopWatch("Identify reachable constructs and touch points").start(); + } + this.stats.put("callgraphNodesWithoutJar", (long) Integer.valueOf(no_jar_url)); + + // ===== Phase 2: Search for paths to vulnerable methods + + // Target constructs do not exist: Stop here + if (this.targetConstructs == null || this.targetConstructs.isEmpty()) { + ReachabilityAnalyzer.log.info( + "No target points defined, i.e., no vulnerability to check reachability for"); + } + // Target constructs do exist: Compute paths from entry points to change list elements of the + // bugs + else { + // Sources for the reachability analysis (= always the same, independent of the current bug) + final Set src_ep = + constructor.getEntrypoints(); + + final boolean search_shortest = + this.goalContext + .getVulasConfiguration() + .getConfiguration() + .getBoolean(ReachabilityConfiguration.REACH_SEARCH_SHORTEST, true); + + final StopWatch sw = new StopWatch("Check reachability of change list elements").start(); // Thread pool final int no_threads = ThreadUtil.getNoThreads(); final ExecutorService pool = Executors.newFixedThreadPool(no_threads); - // Partition size - final int size = new Double(Math.ceil((double) this.callgraph.getNodeCount() / (double) no_threads)).intValue(); - // Create parallel call graph searches - final Set searches = new HashSet(); - for (int i = 0; i < no_threads; i++) { - int min = i * size; - int max = Math.min((i + 1) * size, this.callgraph.getNodeCount()); - final CallgraphReachableSearch search = new CallgraphReachableSearch() - .setAppConstructs(this.appConstructs) - .setFindTouchPoints(identify_touchpoints) - .setCallgraph(this.callgraph) - .setMinMax(min, max); - searches.add(search); - pool.execute(search); + final Set searches = new HashSet(); + for (String bug : this.targetConstructs.keySet()) { + final CallgraphPathSearch search = + new CallgraphPathSearch() + .setEntrypoints(src_ep) + .setTargetpoints(this.targetConstructs.get(bug)) + .setLabel(bug) + .setCallback(this) + .setShortestPaths(search_shortest) + .setCallgraph(this.callgraph); + searches.add(search); + pool.execute(search); } try { - // Wait for the thread pool to finish the work - pool.shutdown(); - while (!pool.awaitTermination(60, TimeUnit.SECONDS)) - log.info("Wait for the completion of call graph searches ..."); - - // Join reachable constructs and touch points - for (CallgraphReachableSearch search : searches) { - - // Reachable constructs - final Map> reachable_constructs = search.getReachableConstructs(); - for (String key : reachable_constructs.keySet()) { - if (!this.reachableConstructs.containsKey(key)) - this.reachableConstructs.put(key, new HashSet()); - this.reachableConstructs.get(key).addAll(reachable_constructs.get(key)); - } - - // Touch points - final Map>> touch_points = search.getTouchPoints(); - for (String key : touch_points.keySet()) { - if (!this.touchPoints.containsKey(key)) - this.touchPoints.put(key, new HashSet>()); - this.touchPoints.get(key).addAll(touch_points.get(key)); - } - } + // Wait for the thread pool to finish the work + pool.shutdown(); + while (!pool.awaitTermination(60, TimeUnit.SECONDS)) + log.info("Wait for the completion of call graph searches ..."); } catch (InterruptedException e) { - log.error("Interrupt exception", e); + throw new CallgraphConstructException("Interrupt exception", e); } sw.stop(); - } - /** - *

getStatistics.

- * - * @return a {@link java.util.Map} object. - */ - public Map getStatistics() { - return this.stats; - } + // Compute stats + long time_max = 0; + long + bugs_count = + (this.targetConstructs == null ? 0 : this.targetConstructs.keySet().size()), + bugs_reachable = 0; + long tp_sum = 0, tp_min = Long.MAX_VALUE, tp_max = 0, tp_avg = 0; + long shortest_path_sum = 0, + shortest_path_min = Long.MAX_VALUE, + shortest_path_max = 0, + shortest_path_avg = 0, + path_count = 0; + for (CallgraphPathSearch search : searches) { + final long dur = search.getStopWatch().getRuntime(); + time_max = (dur > time_max ? dur : time_max); + + if (this.rcPaths.get(search.getLabel()).size() > 0) { + bugs_reachable++; + + // Get the shortest and longest path + for (List l : + this.rcPaths.get(search.getLabel())) { + path_count++; + shortest_path_sum += l.size(); + shortest_path_avg = + new Double(Math.abs((double) shortest_path_sum / path_count)).intValue(); + shortest_path_min = (l.size() < shortest_path_min ? l.size() : shortest_path_min); + shortest_path_max = (l.size() > shortest_path_max ? l.size() : shortest_path_max); + } + } + + tp_sum += this.targetConstructs.get(search.getLabel()).size(); + tp_avg = new Double(Math.abs((double) tp_sum / bugs_count)).intValue(); + tp_min = + (this.targetConstructs.get(search.getLabel()).size() < tp_min + ? this.targetConstructs.get(search.getLabel()).size() + : tp_min); + tp_max = + (this.targetConstructs.get(search.getLabel()).size() > tp_max + ? this.targetConstructs.get(search.getLabel()).size() + : tp_max); + } - /** - * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. - * - * @return the time required for building the call graph (in nanoseconds) - */ - public long getConstructionTime() { - return (constructor == null ? -1 : constructor.getConstructionTime()); + // Write stats to map + this.stats.put("bugs", bugs_count); + this.stats.put("bugsReachable", bugs_reachable); + this.stats.put("targetPointsMin", tp_min); + this.stats.put("targetPointsMax", tp_max); + this.stats.put("targetPointsAvg", tp_avg); + this.stats.put("shortestPathMin", shortest_path_min); + this.stats.put("shortestPathMax", shortest_path_max); + this.stats.put("shortestPathAvg", shortest_path_avg); + } + + // ===== Phase 3: Identify reachable methods and touch points + + this.identifyTouchPoints(); + + // Stats + this.stats.put("reachableArchives", (long) Integer.valueOf(this.reachableConstructs.size())); + this.stats.put("touchedArchives", (long) Integer.valueOf(this.touchPoints.size())); + long touch_points = 0; + for (Map.Entry>> entry : this.touchPoints.entrySet()) + touch_points += entry.getValue().size(); + this.stats.put("touchPointsTotal", Long.valueOf(touch_points)); + + } catch (CallgraphConstructException e) { + ReachabilityAnalyzer.log.info( + "Call graph cannot be constructed or analyzed, reachability analysis will be" + + " interrupted: " + + e.getMessage()); + Thread.currentThread().interrupt(); } - - /** - * Returns a human-readable description of the constructor's specific configuration. - * - * @return a {@link org.apache.commons.configuration.Configuration} object. - */ - public Configuration getConfiguration() { - return (constructor == null ? null : constructor.getConstructorConfiguration()); + } + + /** + * Loops all nodes of the {@link Callgraph} in order to identify touch points (direct calls + * from an application construct to a library construct or vice versa) and the total set + * of reachable constructs per library. + */ + private void identifyTouchPoints() { + // Allow to skip the collection of touch points (which is potentially time consuming due to + // nested looping over app methods and all their edges) + final boolean identify_touchpoints = + this.goalContext + .getVulasConfiguration() + .getConfiguration() + .getBoolean(ReachabilityConfiguration.REACH_TOUCHPOINTS, true); + if (!identify_touchpoints) + log.warn("Identification of touch points disabled per configuration"); + + final StopWatch sw = new StopWatch("Identify reachable constructs and touch points").start(); + + // Thread pool + final int no_threads = ThreadUtil.getNoThreads(); + final ExecutorService pool = Executors.newFixedThreadPool(no_threads); + + // Partition size + final int size = + new Double(Math.ceil((double) this.callgraph.getNodeCount() / (double) no_threads)) + .intValue(); + + // Create parallel call graph searches + final Set searches = new HashSet(); + for (int i = 0; i < no_threads; i++) { + int min = i * size; + int max = Math.min((i + 1) * size, this.callgraph.getNodeCount()); + final CallgraphReachableSearch search = + new CallgraphReachableSearch() + .setAppConstructs(this.appConstructs) + .setFindTouchPoints(identify_touchpoints) + .setCallgraph(this.callgraph) + .setMinMax(min, max); + searches.add(search); + pool.execute(search); } - /** - * Returns the number of nodes in the constructed call graph (or -1 if the call graph has not been constructed). - * - * @return the number of nodes in this graph - * @see #getEdgeCount() - */ - public int getNodeCount() { - return (this.callgraph == null ? -1 : this.callgraph.getNodeCount()); + try { + // Wait for the thread pool to finish the work + pool.shutdown(); + while (!pool.awaitTermination(60, TimeUnit.SECONDS)) + log.info("Wait for the completion of call graph searches ..."); + + // Join reachable constructs and touch points + for (CallgraphReachableSearch search : searches) { + + // Reachable constructs + final Map> reachable_constructs = + search.getReachableConstructs(); + for (String key : reachable_constructs.keySet()) { + if (!this.reachableConstructs.containsKey(key)) + this.reachableConstructs.put(key, new HashSet()); + this.reachableConstructs.get(key).addAll(reachable_constructs.get(key)); + } + + // Touch points + final Map>> touch_points = search.getTouchPoints(); + for (String key : touch_points.keySet()) { + if (!this.touchPoints.containsKey(key)) + this.touchPoints.put(key, new HashSet>()); + this.touchPoints.get(key).addAll(touch_points.get(key)); + } + } + } catch (InterruptedException e) { + log.error("Interrupt exception", e); } - /** - * Returns the number of edges in constructed call graph (or -1 if the call graph has not been constructed). - * - * @return the number of edges in this graph - * @see #getNodeCount() - */ - public int getEdgeCount() { - return (this.callgraph == null ? -1 : this.callgraph.getEdgeCount()); + sw.stop(); + } + + /** + *

getStatistics.

+ * + * @return a {@link java.util.Map} object. + */ + public Map getStatistics() { + return this.stats; + } + + /** + * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. + * + * @return the time required for building the call graph (in nanoseconds) + */ + public long getConstructionTime() { + return (constructor == null ? -1 : constructor.getConstructionTime()); + } + + /** + * Returns a human-readable description of the constructor's specific configuration. + * + * @return a {@link org.apache.commons.configuration.Configuration} object. + */ + public Configuration getConfiguration() { + return (constructor == null ? null : constructor.getConstructorConfiguration()); + } + + /** + * Returns the number of nodes in the constructed call graph (or -1 if the call graph has not been constructed). + * + * @return the number of nodes in this graph + * @see #getEdgeCount() + */ + public int getNodeCount() { + return (this.callgraph == null ? -1 : this.callgraph.getNodeCount()); + } + + /** + * Returns the number of edges in constructed call graph (or -1 if the call graph has not been constructed). + * + * @return the number of edges in this graph + * @see #getNodeCount() + */ + public int getEdgeCount() { + return (this.callgraph == null ? -1 : this.callgraph.getEdgeCount()); + } + + /** + *

startAnalysis.

+ * + * @param _ra a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. + * @param _timeout_ms timeout in milliseconds (no timeout if negative or 0) + * @return true if the analysis terminated, false otherwise + * @throws java.lang.InterruptedException + */ + public static boolean startAnalysis(ReachabilityAnalyzer _ra, long _timeout_ms) + throws InterruptedException { + boolean success = false; + long start_time = System.currentTimeMillis(), runtime = -1, timeout = -1, wait = -1; + + // Loop until analysis finished or is interrupted + final Thread t = new Thread(_ra, "vulas-reach-" + ++ReachabilityAnalyzer.THREAD_COUNT); + + // Wait time between checks (15 min if no timeout is given, timeout/10 otherwise) + if (_timeout_ms <= 0) { + ReachabilityAnalyzer.log.info( + "Starting reachability analysis (thread [" + t.getName() + "], no timeout"); + wait = 1000 * 60 * 15; + } else { + ReachabilityAnalyzer.log.info( + "Starting reachability analysis (thread [" + + t.getName() + + "], timeout after " + + StringUtil.formatMinString(_timeout_ms) + + ")"); + wait = (long) Math.abs((double) _timeout_ms / (double) 10); } - /** - *

startAnalysis.

- * - * @param _ra a {@link com.sap.psr.vulas.cg.ReachabilityAnalyzer} object. - * @param _timeout_ms timeout in milliseconds (no timeout if negative or 0) - * @return true if the analysis terminated, false otherwise - * @throws java.lang.InterruptedException - */ - public static boolean startAnalysis(ReachabilityAnalyzer _ra, long _timeout_ms) throws InterruptedException { - boolean success = false; - long start_time = System.currentTimeMillis(), runtime = -1, timeout = -1, wait = -1; - - // Loop until analysis finished or is interrupted - final Thread t = new Thread(_ra, "vulas-reach-" + ++ReachabilityAnalyzer.THREAD_COUNT); - - // Wait time between checks (15 min if no timeout is given, timeout/10 otherwise) - if (_timeout_ms <= 0) { - ReachabilityAnalyzer.log.info("Starting reachability analysis (thread [" + t.getName() + "], no timeout"); - wait = 1000 * 60 * 15; + // Print mem info + ReachabilityAnalyzer.logMemoryConsumption(true); + + t.start(); + while (t.isAlive()) { + + // Wait for analysis to finish + t.join(wait); + + // Since when and for how long? + runtime = System.currentTimeMillis() - start_time; + timeout = (_timeout_ms <= 0 ? -1 : _timeout_ms - runtime); + + // It terminated + if (!t.isAlive()) { + success = true; + break; + } + // Still running + else { + // Interrupt if a timeout has been specified and we exceed it + if (_timeout_ms > 0 && runtime > _timeout_ms) { + ReachabilityAnalyzer.log.warn( + "[" + t.getName() + "] reached timeout and will be interrupted"); + final StackTraceElement[] stack = t.getStackTrace(); + for (StackTraceElement e : stack) { + ReachabilityAnalyzer.log.warn(" " + e.toString()); + } + t.interrupt(); + // Shouldn't be long now + // -- wait indefinitely + // t.join(); + + success = false; + break; } else { - ReachabilityAnalyzer.log.info("Starting reachability analysis (thread [" + t.getName() + "], timeout after " + StringUtil.formatMinString(_timeout_ms) + ")"); - wait = (long) Math.abs((double) _timeout_ms / (double) 10); + // Print runtime info + if (_timeout_ms <= 0) + ReachabilityAnalyzer.log.info( + "[" + t.getName() + "] runs for " + StringUtil.formatMinString(runtime)); + else + ReachabilityAnalyzer.log.info( + "[" + + t.getName() + + "] runs for " + + StringUtil.formatMinString(runtime) + + ", will be interrupted in " + + StringUtil.formatMinString(timeout)); + + // Print mem info + ReachabilityAnalyzer.logMemoryConsumption(true); } - - // Print mem info - ReachabilityAnalyzer.logMemoryConsumption(true); - - t.start(); - while (t.isAlive()) { - - // Wait for analysis to finish - t.join(wait); - - // Since when and for how long? - runtime = System.currentTimeMillis() - start_time; - timeout = (_timeout_ms <= 0 ? -1 : _timeout_ms - runtime); - - // It terminated - if (!t.isAlive()) { - success = true; - break; - } - // Still running - else { - // Interrupt if a timeout has been specified and we exceed it - if (_timeout_ms > 0 && runtime > _timeout_ms) { - ReachabilityAnalyzer.log.warn("[" + t.getName() + "] reached timeout and will be interrupted"); - final StackTraceElement[] stack = t.getStackTrace(); - for (StackTraceElement e : stack) { - ReachabilityAnalyzer.log.warn(" " + e.toString()); - } - t.interrupt(); - // Shouldn't be long now - // -- wait indefinitely - //t.join(); - - success = false; - break; - } else { - // Print runtime info - if (_timeout_ms <= 0) - ReachabilityAnalyzer.log.info("[" + t.getName() + "] runs for " + StringUtil.formatMinString(runtime)); - else - ReachabilityAnalyzer.log.info("[" + t.getName() + "] runs for " + StringUtil.formatMinString(runtime) + ", will be interrupted in " + StringUtil.formatMinString(timeout)); - - // Print mem info - ReachabilityAnalyzer.logMemoryConsumption(true); - } - } - } - - if (success) - ReachabilityAnalyzer.log.info("[" + t.getName() + "] terminated successfully after " + StringUtil.formatMinString(runtime)); - else - ReachabilityAnalyzer.log.error("[" + t.getName() + "] terminated w/o success after " + StringUtil.formatMinString(runtime)); - - return success; + } } - private static void logMemoryConsumption(boolean _run_gc) { - // if(_run_gc) - // ReachabilityAnalyzer.runtime.gc(); - final long mem_total = ReachabilityAnalyzer.runtime.totalMemory(); - final long mem_free = ReachabilityAnalyzer.runtime.freeMemory(); - final long mem_max = ReachabilityAnalyzer.runtime.maxMemory(); - ReachabilityAnalyzer.log.info("Memory stats (used/free/total/max): [" + StringUtil.byteToMBString(mem_total - mem_free) + "/" + StringUtil.byteToMBString(mem_free) + "/" + StringUtil.byteToMBString(mem_total) + "/" + StringUtil.byteToMBString(mem_max) + "]"); + if (success) + ReachabilityAnalyzer.log.info( + "[" + + t.getName() + + "] terminated successfully after " + + StringUtil.formatMinString(runtime)); + else + ReachabilityAnalyzer.log.error( + "[" + + t.getName() + + "] terminated w/o success after " + + StringUtil.formatMinString(runtime)); + + return success; + } + + private static void logMemoryConsumption(boolean _run_gc) { + // if(_run_gc) + // ReachabilityAnalyzer.runtime.gc(); + final long mem_total = ReachabilityAnalyzer.runtime.totalMemory(); + final long mem_free = ReachabilityAnalyzer.runtime.freeMemory(); + final long mem_max = ReachabilityAnalyzer.runtime.maxMemory(); + ReachabilityAnalyzer.log.info( + "Memory stats (used/free/total/max): [" + + StringUtil.byteToMBString(mem_total - mem_free) + + "/" + + StringUtil.byteToMBString(mem_free) + + "/" + + StringUtil.byteToMBString(mem_total) + + "/" + + StringUtil.byteToMBString(mem_max) + + "]"); + } + + synchronized void callback(CallgraphPathSearch _search) { + this.rcPaths.put(_search.getLabel(), _search.getPaths()); + this.uploadBug(_search.getLabel(), _search.getPaths()); + } + + /** + * Uploads paths for the given bug to the backend. If there is no such path, an empty array will be uploaded + * to indicate that the analysis ran but did not yield a result. + * + * @param _bugid a {@link java.lang.String} object. + * @param _paths a {@link java.util.List} object. + */ + public synchronized void uploadBug(String _bugid, List> _paths) { + + // Used to limit the number of paths (per change list element) that will be uploaded to the + // backend + final int max_path = + this.goalContext + .getVulasConfiguration() + .getConfiguration() + .getInt(ReachabilityConfiguration.REACH_MAX_PATH, 10); + final Map counters = + new HashMap(); + int count = -1; + + final JsonParser parser = new JsonParser(); + final JsonObject json_app = + parser.parse(JacksonUtil.asJsonString(this.app_ctx)).getAsJsonObject(); + final JsonArray json_paths = new JsonArray(); + + JsonObject json_path = null; + JsonArray json_path_path = null; + JsonObject path_node_obj = null; + + counters.clear(); + + // Prepare each single path + for (List path : this.rcPaths.get(_bugid)) { + + // Do not serialize more than max_path paths + com.sap.psr.vulas.shared.json.model.ConstructId target_construct = path.get(path.size() - 1); + count = + (counters.get(target_construct) == null ? 0 : counters.get(target_construct).intValue()) + + 1; + counters.put(target_construct, Integer.valueOf(count)); + if (count > max_path) continue; + + // Serialize + json_path = new JsonObject(); + + json_path.add("app", json_app); + json_path.addProperty("bug", _bugid); + json_path.addProperty("source", this.source.toString()); + json_path.addProperty("executionId", "dummy"); + + // The actual path + json_path_path = new JsonArray(); + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : path) { + path_node_obj = new JsonObject(); + path_node_obj.add("constructId", parser.parse(JacksonUtil.asJsonString(cid))); + final NodeMetaInformation nmi = this.callgraph.getInformationForConstructId(cid); + path_node_obj.addProperty("lib", nmi.getArchiveId()); + json_path_path.add(path_node_obj); + } + json_path.add("path", json_path_path); + json_paths.add(json_path); } - synchronized void callback(CallgraphPathSearch _search) { - this.rcPaths.put(_search.getLabel(), _search.getPaths()); - this.uploadBug(_search.getLabel(), _search.getPaths()); + // Log if paths will be dropped + int uploaded_path_count = 0; + for (com.sap.psr.vulas.shared.json.model.ConstructId con : counters.keySet()) { + if (counters.get(con).intValue() > max_path) { + ReachabilityAnalyzer.log.warn( + "[" + + counters.get(con).intValue() + + "] paths lead to construct [" + + con + + "], only [" + + max_path + + "] will be uploaded"); + uploaded_path_count += max_path; + } else { + uploaded_path_count += counters.get(con).intValue(); + } } - /** - * Uploads paths for the given bug to the backend. If there is no such path, an empty array will be uploaded - * to indicate that the analysis ran but did not yield a result. - * - * @param _bugid a {@link java.lang.String} object. - * @param _paths a {@link java.util.List} object. - */ - public synchronized void uploadBug(String _bugid, List> _paths) { - - // Used to limit the number of paths (per change list element) that will be uploaded to the backend - final int max_path = this.goalContext.getVulasConfiguration().getConfiguration().getInt(ReachabilityConfiguration.REACH_MAX_PATH, 10); - final Map counters = new HashMap(); - int count = -1; - - final JsonParser parser = new JsonParser(); - final JsonObject json_app = parser.parse(JacksonUtil.asJsonString(this.app_ctx)).getAsJsonObject(); - final JsonArray json_paths = new JsonArray(); - - JsonObject json_path = null; - JsonArray json_path_path = null; - JsonObject path_node_obj = null; - - counters.clear(); - - // Prepare each single path - for (List path : this.rcPaths.get(_bugid)) { - - // Do not serialize more than max_path paths - com.sap.psr.vulas.shared.json.model.ConstructId target_construct = path.get(path.size() - 1); - count = (counters.get(target_construct) == null ? 0 : counters.get(target_construct).intValue()) + 1; - counters.put(target_construct, Integer.valueOf(count)); - if (count > max_path) continue; - - // Serialize - json_path = new JsonObject(); - - json_path.add("app", json_app); - json_path.addProperty("bug", _bugid); - json_path.addProperty("source", this.source.toString()); - json_path.addProperty("executionId", "dummy"); - - // The actual path - json_path_path = new JsonArray(); - for (com.sap.psr.vulas.shared.json.model.ConstructId cid : path) { - path_node_obj = new JsonObject(); - path_node_obj.add("constructId", parser.parse(JacksonUtil.asJsonString(cid))); - final NodeMetaInformation nmi = this.callgraph.getInformationForConstructId(cid); - path_node_obj.addProperty("lib", nmi.getArchiveId()); - json_path_path.add(path_node_obj); - } - json_path.add("path", json_path_path); - json_paths.add(json_path); - } - - // Log if paths will be dropped - int uploaded_path_count = 0; - for (com.sap.psr.vulas.shared.json.model.ConstructId con : counters.keySet()) { - if (counters.get(con).intValue() > max_path) { - ReachabilityAnalyzer.log.warn("[" + counters.get(con).intValue() + "] paths lead to construct [" + con + "], only [" + max_path + "] will be uploaded"); - uploaded_path_count += max_path; - } else { - uploaded_path_count += counters.get(con).intValue(); - } + // Save JSON + ReachabilityAnalyzer.log.info( + "Upload [" + + uploaded_path_count + + "] path(s) for bug [" + + _bugid + + "]: " + + (this.rcPaths.get(_bugid).size() == 0 + ? "Change list NOT reachable " + : "Change list reachable")); + try { + BackendConnector.getInstance() + .uploadPaths(this.goalContext, this.app_ctx, json_paths.toString()); + } catch (BackendConnectionException e) { + ReachabilityAnalyzer.log.error( + "Error while uploading paths for bug [" + _bugid + "]: " + e.getMessage()); + } + } + + private void appendJarName(String _jar_url, StringBuffer _buffer) { + if (_jar_url != null) { + if (_buffer.length() > 0) _buffer.append(", "); + if (_jar_url.indexOf("/") != -1) { + _buffer.append(_jar_url.substring(_jar_url.indexOf("/") + 1)); + } else { + _buffer.append(_jar_url); + } + } + } + + /** + * Uploads reachable constructs and touch points to the backend. + */ + public void upload() { + + // 1) Upload reachable constructs (per dependency + if (!this.reachableConstructs.isEmpty()) { + final StringBuffer upload_succeeded = new StringBuffer(), upload_failed = new StringBuffer(); + Set nodes = null; + JsonArray json_constructs = null; + + // Loop dependencies + for (String sha1 : this.reachableConstructs.keySet()) { + nodes = this.reachableConstructs.get(sha1); + json_constructs = new JsonArray(); + + // Loop reachable constructs + String jar_url = null; + for (NodeMetaInformation nmi : nodes) { + if (jar_url == null) jar_url = nmi.getJarUrl(); + json_constructs.add( + new JsonParser() + .parse(JacksonUtil.asJsonString(nmi.getConstructId())) + .getAsJsonObject()); } - // Save JSON - ReachabilityAnalyzer.log.info("Upload [" + uploaded_path_count + "] path(s) for bug [" + _bugid + "]: " + (this.rcPaths.get(_bugid).size() == 0 ? "Change list NOT reachable " : "Change list reachable")); + // Upload try { - BackendConnector.getInstance().uploadPaths(this.goalContext, this.app_ctx, json_paths.toString()); + ReachabilityAnalyzer.log.info( + "Upload [" + + nodes.size() + + "] reachable construct IDs for library [sha1=" + + sha1 + + ", jar URL=" + + jar_url + + "]"); + final boolean success = + BackendConnector.getInstance() + .uploadReachableConstructs( + this.goalContext, this.app_ctx, sha1, json_constructs.toString()); + if (success) this.appendJarName(jar_url, upload_succeeded); + else this.appendJarName(jar_url, upload_failed); } catch (BackendConnectionException e) { - ReachabilityAnalyzer.log.error("Error while uploading paths for bug [" + _bugid + "]: " + e.getMessage()); + ReachabilityAnalyzer.log.error( + "Error while uploading reachable constructs for library [sha1=" + + sha1 + + ", jar URL=" + + jar_url + + "]: " + + e.getMessage()); + this.appendJarName(jar_url, upload_failed); } - } + } - private void appendJarName(String _jar_url, StringBuffer _buffer) { - if (_jar_url != null) { - if (_buffer.length() > 0) - _buffer.append(", "); - if (_jar_url.indexOf("/") != -1) { - _buffer.append(_jar_url.substring(_jar_url.indexOf("/") + 1)); - } else { - _buffer.append(_jar_url); - } - } + ReachabilityAnalyzer.log.info( + "Upload of reachable constructs succeeded for [" + upload_succeeded + "]"); + ReachabilityAnalyzer.log.warn( + "Upload of reachable constructs failed for [" + upload_failed + "]"); } - /** - * Uploads reachable constructs and touch points to the backend. - */ - public void upload() { - - // 1) Upload reachable constructs (per dependency - if (!this.reachableConstructs.isEmpty()) { - final StringBuffer upload_succeeded = new StringBuffer(), upload_failed = new StringBuffer(); - Set nodes = null; - JsonArray json_constructs = null; - - // Loop dependencies - for (String sha1 : this.reachableConstructs.keySet()) { - nodes = this.reachableConstructs.get(sha1); - json_constructs = new JsonArray(); - - // Loop reachable constructs - String jar_url = null; - for (NodeMetaInformation nmi : nodes) { - if (jar_url == null) - jar_url = nmi.getJarUrl(); - json_constructs.add(new JsonParser().parse(JacksonUtil.asJsonString(nmi.getConstructId())).getAsJsonObject()); - } - - // Upload - try { - ReachabilityAnalyzer.log.info("Upload [" + nodes.size() + "] reachable construct IDs for library [sha1=" + sha1 + ", jar URL=" + jar_url + "]"); - final boolean success = BackendConnector.getInstance().uploadReachableConstructs(this.goalContext, this.app_ctx, sha1, json_constructs.toString()); - if (success) - this.appendJarName(jar_url, upload_succeeded); - else - this.appendJarName(jar_url, upload_failed); - } catch (BackendConnectionException e) { - ReachabilityAnalyzer.log.error("Error while uploading reachable constructs for library [sha1=" + sha1 + ", jar URL=" + jar_url + "]: " + e.getMessage()); - this.appendJarName(jar_url, upload_failed); - } - } - - ReachabilityAnalyzer.log.info("Upload of reachable constructs succeeded for [" + upload_succeeded + "]"); - ReachabilityAnalyzer.log.warn("Upload of reachable constructs failed for [" + upload_failed + "]"); + // 2) Upload touch points per dependency + if (!this.touchPoints.isEmpty()) { + final StringBuffer upload_succeeded = new StringBuffer(), upload_failed = new StringBuffer(); + Set> touch_points = null; + JsonArray json_tps = null; + JsonObject json_tp = null; + NodeMetaInformation from = null, to = null; + + // Loop dependencies + for (String sha1 : this.touchPoints.keySet()) { + touch_points = this.touchPoints.get(sha1); + json_tps = new JsonArray(); + + String jar_url = null; + + // Loop touch points + for (List touch_point : touch_points) { + json_tp = new JsonObject(); + from = touch_point.get(0); + to = touch_point.get(1); + json_tp.add( + "from", + new JsonParser() + .parse(JacksonUtil.asJsonString(from.getConstructId())) + .getAsJsonObject()); + json_tp.add( + "to", + new JsonParser() + .parse(JacksonUtil.asJsonString(to.getConstructId())) + .getAsJsonObject()); + json_tp.addProperty("source", this.source.toString()); + if (sha1.equals(to.getArchiveId())) { + json_tp.addProperty("direction", "A2L"); + jar_url = to.getJarUrl(); + } else { + json_tp.addProperty("direction", "L2A"); + jar_url = from.getJarUrl(); + } + + json_tps.add(json_tp); } - // 2) Upload touch points per dependency - if (!this.touchPoints.isEmpty()) { - final StringBuffer upload_succeeded = new StringBuffer(), upload_failed = new StringBuffer(); - Set> touch_points = null; - JsonArray json_tps = null; - JsonObject json_tp = null; - NodeMetaInformation from = null, to = null; - - // Loop dependencies - for (String sha1 : this.touchPoints.keySet()) { - touch_points = this.touchPoints.get(sha1); - json_tps = new JsonArray(); - - String jar_url = null; - - // Loop touch points - for (List touch_point : touch_points) { - json_tp = new JsonObject(); - from = touch_point.get(0); - to = touch_point.get(1); - json_tp.add("from", new JsonParser().parse(JacksonUtil.asJsonString(from.getConstructId())).getAsJsonObject()); - json_tp.add("to", new JsonParser().parse(JacksonUtil.asJsonString(to.getConstructId())).getAsJsonObject()); - json_tp.addProperty("source", this.source.toString()); - if (sha1.equals(to.getArchiveId())) { - json_tp.addProperty("direction", "A2L"); - jar_url = to.getJarUrl(); - } else { - json_tp.addProperty("direction", "L2A"); - jar_url = from.getJarUrl(); - } - - json_tps.add(json_tp); - } - - // Upload - try { - ReachabilityAnalyzer.log.info("Upload [" + touch_points.size() + "] touch points for library [sha1=" + sha1 + ", jar URL=" + jar_url + "]"); - final boolean success = BackendConnector.getInstance().uploadTouchPoints(this.goalContext, this.app_ctx, sha1, json_tps.toString()); - if (success) - this.appendJarName(jar_url, upload_succeeded); - else - this.appendJarName(jar_url, upload_failed); - } catch (BackendConnectionException e) { - ReachabilityAnalyzer.log.error("Error while uploading touch points for library [sha1=" + sha1 + ", jar URL=" + jar_url + "]: " + e.getMessage()); - this.appendJarName(jar_url, upload_failed); - } - } - - ReachabilityAnalyzer.log.info("Upload of touch points succeeded for [" + upload_succeeded + "]"); - ReachabilityAnalyzer.log.warn("Upload of touch points failed for [" + upload_failed + "]"); + // Upload + try { + ReachabilityAnalyzer.log.info( + "Upload [" + + touch_points.size() + + "] touch points for library [sha1=" + + sha1 + + ", jar URL=" + + jar_url + + "]"); + final boolean success = + BackendConnector.getInstance() + .uploadTouchPoints(this.goalContext, this.app_ctx, sha1, json_tps.toString()); + if (success) this.appendJarName(jar_url, upload_succeeded); + else this.appendJarName(jar_url, upload_failed); + } catch (BackendConnectionException e) { + ReachabilityAnalyzer.log.error( + "Error while uploading touch points for library [sha1=" + + sha1 + + ", jar URL=" + + jar_url + + "]: " + + e.getMessage()); + this.appendJarName(jar_url, upload_failed); } + } + + ReachabilityAnalyzer.log.info( + "Upload of touch points succeeded for [" + upload_succeeded + "]"); + ReachabilityAnalyzer.log.warn("Upload of touch points failed for [" + upload_failed + "]"); } + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityConfiguration.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityConfiguration.java index 178245786..b3ab1f653 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityConfiguration.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/ReachabilityConfiguration.java @@ -25,41 +25,41 @@ */ public class ReachabilityConfiguration { - /** Constant REACH_BUGS="vulas.reach.bugs" */ - public final static String REACH_BUGS = "vulas.reach.bugs"; - /** Constant REACH_FWK="vulas.reach.fwk" */ - public final static String REACH_FWK = "vulas.reach.fwk"; - /** Constant REACH_EXIT_UNKOWN_EP="vulas.reach.exitOnUnknownEntryPoints" */ - public final static String REACH_EXIT_UNKOWN_EP = "vulas.reach.exitOnUnknownEntryPoints"; - /** Constant REACH_CONSTR_FILTER="vulas.reach.constructFilter" */ - public final static String REACH_CONSTR_FILTER = "vulas.reach.constructFilter"; - /** Constant REACH_EXCL_JARS="vulas.reach.excludeJars" */ - public final static String REACH_EXCL_JARS = "vulas.reach.excludeJars"; - /** Constant REACH_EXCL_PACK="vulas.reach.excludePackages" */ - public final static String REACH_EXCL_PACK = "vulas.reach.excludePackages"; - /** Constant REACH_PREPROCESS="vulas.reach.preprocessDependencies" */ - public final static String REACH_PREPROCESS = "vulas.reach.preprocessDependencies"; - /** Constant REACH_TIMEOUT="vulas.reach.timeout" */ - public final static String REACH_TIMEOUT = "vulas.reach.timeout"; - /** Constant REACH_MAX_PATH="vulas.reach.maxPathPerChangeListElement" */ - public final static String REACH_MAX_PATH = "vulas.reach.maxPathPerChangeListElement"; + /** Constant REACH_BUGS="vulas.reach.bugs" */ + public static final String REACH_BUGS = "vulas.reach.bugs"; + /** Constant REACH_FWK="vulas.reach.fwk" */ + public static final String REACH_FWK = "vulas.reach.fwk"; + /** Constant REACH_EXIT_UNKOWN_EP="vulas.reach.exitOnUnknownEntryPoints" */ + public static final String REACH_EXIT_UNKOWN_EP = "vulas.reach.exitOnUnknownEntryPoints"; + /** Constant REACH_CONSTR_FILTER="vulas.reach.constructFilter" */ + public static final String REACH_CONSTR_FILTER = "vulas.reach.constructFilter"; + /** Constant REACH_EXCL_JARS="vulas.reach.excludeJars" */ + public static final String REACH_EXCL_JARS = "vulas.reach.excludeJars"; + /** Constant REACH_EXCL_PACK="vulas.reach.excludePackages" */ + public static final String REACH_EXCL_PACK = "vulas.reach.excludePackages"; + /** Constant REACH_PREPROCESS="vulas.reach.preprocessDependencies" */ + public static final String REACH_PREPROCESS = "vulas.reach.preprocessDependencies"; + /** Constant REACH_TIMEOUT="vulas.reach.timeout" */ + public static final String REACH_TIMEOUT = "vulas.reach.timeout"; + /** Constant REACH_MAX_PATH="vulas.reach.maxPathPerChangeListElement" */ + public static final String REACH_MAX_PATH = "vulas.reach.maxPathPerChangeListElement"; - /** Constant REACH_BL_CLASS_JRE="vulas.reach.blacklist.classes.jre" */ - public final static String REACH_BL_CLASS_JRE = "vulas.reach.blacklist.classes.jre"; - /** Constant REACH_BL_CLASS_CUST="vulas.reach.blacklist.classes.custom" */ - public final static String REACH_BL_CLASS_CUST = "vulas.reach.blacklist.classes.custom"; + /** Constant REACH_BL_CLASS_JRE="vulas.reach.blacklist.classes.jre" */ + public static final String REACH_BL_CLASS_JRE = "vulas.reach.blacklist.classes.jre"; + /** Constant REACH_BL_CLASS_CUST="vulas.reach.blacklist.classes.custom" */ + public static final String REACH_BL_CLASS_CUST = "vulas.reach.blacklist.classes.custom"; - /** Constant REACH_TOUCHPOINTS="vulas.reach.identifyTouchpoints" */ - public final static String REACH_TOUCHPOINTS = "vulas.reach.identifyTouchpoints"; + /** Constant REACH_TOUCHPOINTS="vulas.reach.identifyTouchpoints" */ + public static final String REACH_TOUCHPOINTS = "vulas.reach.identifyTouchpoints"; - /** Constant REACH_SEARCH_SHORTEST="vulas.reach.searchShortest" */ - public final static String REACH_SEARCH_SHORTEST = "vulas.reach.searchShortest"; + /** Constant REACH_SEARCH_SHORTEST="vulas.reach.searchShortest" */ + public static final String REACH_SEARCH_SHORTEST = "vulas.reach.searchShortest"; - /** Constant REACH_WRITE_TO="vulas.reach.callgraph.writeTo" */ - public final static String REACH_WRITE_TO = "vulas.reach.callgraph.writeTo"; - /** Constant REACH_READ_FROM="vulas.reach.callgraph.readFrom" */ - public final static String REACH_READ_FROM = "vulas.reach.callgraph.readFrom"; + /** Constant REACH_WRITE_TO="vulas.reach.callgraph.writeTo" */ + public static final String REACH_WRITE_TO = "vulas.reach.callgraph.writeTo"; + /** Constant REACH_READ_FROM="vulas.reach.callgraph.readFrom" */ + public static final String REACH_READ_FROM = "vulas.reach.callgraph.readFrom"; - /** Constant CLI_PLUGIN_DIR="vulas.reach.cli.plugins.dir" */ - public final static String CLI_PLUGIN_DIR = "vulas.reach.cli.plugins.dir"; + /** Constant CLI_PLUGIN_DIR="vulas.reach.cli.plugins.dir" */ + public static final String CLI_PLUGIN_DIR = "vulas.reach.cli.plugins.dir"; } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/T2CGoal.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/T2CGoal.java index f0367b719..890dab9ed 100755 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/T2CGoal.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/T2CGoal.java @@ -26,7 +26,6 @@ import com.sap.psr.vulas.shared.enums.GoalType; import com.sap.psr.vulas.shared.enums.PathSource; import com.sap.psr.vulas.shared.util.ConstructIdUtil; -import com.sap.psr.vulas.shared.util.VulasConfiguration; /** *

T2CGoal class.

@@ -34,46 +33,58 @@ */ public class T2CGoal extends AbstractReachGoal { - private Set entryPoints = null; + private Set entryPoints = null; - private Set tracedConstructs = null; + private Set tracedConstructs = null; - /** - *

Constructor for T2CGoal.

- */ - public T2CGoal() { super(GoalType.T2C); } + /** + *

Constructor for T2CGoal.

+ */ + public T2CGoal() { + super(GoalType.T2C); + } - /** - *

Getter for the field entryPoints.

- * - * @return a {@link java.util.Set} object. - */ - protected final Set getEntryPoints() { - if(this.entryPoints==null) { - try { - // Get traces - this.tracedConstructs = BackendConnector.getInstance().getAppTraces(this.getGoalContext(), this.getApplicationContext()); - - // Filter constructs (if requested) - final String[] filter = this.getConfiguration().getConfiguration().getStringArray(ReachabilityConfiguration.REACH_CONSTR_FILTER); - if(filter!=null && filter.length>0 && !(filter.length==1 && filter[0].equals(""))) { - this.entryPoints = ConstructIdUtil.filterWithRegex(this.tracedConstructs, filter); - } else { - this.entryPoints = this.tracedConstructs; - } - } catch (BackendConnectionException e) { - throw new IllegalStateException(e.getMessage()); - } - } - return this.entryPoints; - } + /** + *

Getter for the field entryPoints.

+ * + * @return a {@link java.util.Set} object. + */ + protected final Set getEntryPoints() { + if (this.entryPoints == null) { + try { + // Get traces + this.tracedConstructs = + BackendConnector.getInstance() + .getAppTraces(this.getGoalContext(), this.getApplicationContext()); - /** - * {@inheritDoc} - * - * Sets the traced constructs as entry points of the {@link ReachabilityAnalyzer}. - */ - protected final void setEntryPoints(ReachabilityAnalyzer _ra) { - _ra.setEntryPoints(this.getEntryPoints(), PathSource.T2C, this.getConfiguration().getConfiguration().getBoolean(ReachabilityConfiguration.REACH_EXIT_UNKOWN_EP, false)); - } + // Filter constructs (if requested) + final String[] filter = + this.getConfiguration() + .getConfiguration() + .getStringArray(ReachabilityConfiguration.REACH_CONSTR_FILTER); + if (filter != null && filter.length > 0 && !(filter.length == 1 && filter[0].equals(""))) { + this.entryPoints = ConstructIdUtil.filterWithRegex(this.tracedConstructs, filter); + } else { + this.entryPoints = this.tracedConstructs; + } + } catch (BackendConnectionException e) { + throw new IllegalStateException(e.getMessage()); + } + } + return this.entryPoints; + } + + /** + * {@inheritDoc} + * + * Sets the traced constructs as entry points of the {@link ReachabilityAnalyzer}. + */ + protected final void setEntryPoints(ReachabilityAnalyzer _ra) { + _ra.setEntryPoints( + this.getEntryPoints(), + PathSource.T2C, + this.getConfiguration() + .getConfiguration() + .getBoolean(ReachabilityConfiguration.REACH_EXIT_UNKOWN_EP, false)); + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/CallgraphConstructorFactory.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/CallgraphConstructorFactory.java index 87b6505c4..7f2080ca5 100644 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/CallgraphConstructorFactory.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/CallgraphConstructorFactory.java @@ -32,7 +32,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.cg.ReachabilityConfiguration; import com.sap.psr.vulas.shared.json.model.Application; import com.sap.psr.vulas.shared.util.VulasConfiguration; @@ -43,70 +42,84 @@ */ public class CallgraphConstructorFactory { - /** Constant classLoaderToFindPlugins */ - public static ClassLoader classLoaderToFindPlugins = Thread.currentThread().getContextClassLoader(); - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** - * Build a call graph constructor, searching the service registry for a service implementation that registers itself using the given string - * - * @param analysisFramework the framework to use, e.g., wala, soot - * @param appContext the application for the call graph construction - * @return the build call graph constructor - * @param useURLClassloader a boolean. - */ - public static ICallgraphConstructor buildCallgraphConstructor(String analysisFramework, Application appContext, boolean useURLClassloader) { - ClassLoader classloader = Thread.currentThread().getContextClassLoader(); - if (useURLClassloader) { - classloader = searchInPluginFolder(); - } - - final ServiceLoader loader = ServiceLoader.load(ICallgraphConstructor.class, classloader); - ICallgraphConstructor cgConstructor = null; - - for (ICallgraphConstructor constructor : loader) { - if (constructor.getFramework().equals(analysisFramework)) { - cgConstructor = constructor; - break; - } - } + /** Constant classLoaderToFindPlugins */ + public static ClassLoader classLoaderToFindPlugins = + Thread.currentThread().getContextClassLoader(); + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** + * Build a call graph constructor, searching the service registry for a service implementation that registers itself using the given string + * + * @param analysisFramework the framework to use, e.g., wala, soot + * @param appContext the application for the call graph construction + * @return the build call graph constructor + * @param useURLClassloader a boolean. + */ + public static ICallgraphConstructor buildCallgraphConstructor( + String analysisFramework, Application appContext, boolean useURLClassloader) { + ClassLoader classloader = Thread.currentThread().getContextClassLoader(); + if (useURLClassloader) { + classloader = searchInPluginFolder(); + } - if (cgConstructor != null) { - cgConstructor.setAppContext(appContext); - } else { - log.error("No Callgraph Constructor found for requested framework [" + analysisFramework + "]"); - } + final ServiceLoader loader = + ServiceLoader.load(ICallgraphConstructor.class, classloader); + ICallgraphConstructor cgConstructor = null; - return cgConstructor; + for (ICallgraphConstructor constructor : loader) { + if (constructor.getFramework().equals(analysisFramework)) { + cgConstructor = constructor; + break; + } + } + if (cgConstructor != null) { + cgConstructor.setAppContext(appContext); + } else { + log.error( + "No Callgraph Constructor found for requested framework [" + analysisFramework + "]"); } - /** - * Searches for plugins in the configured plugin directory (only command-line interface) - * - * @return - */ - private static ClassLoader searchInPluginFolder() { - String pluginFolder = VulasConfiguration.getGlobal().getConfiguration().getString(ReachabilityConfiguration.CLI_PLUGIN_DIR); - Path loc = Paths.get(pluginFolder); - List fileNames = new ArrayList<>(); - try (DirectoryStream directoryStream = Files.newDirectoryStream(loc)) { - for (Path path : directoryStream) { - URL fileUrl = path.toUri().toURL(); - if (fileUrl.getFile().endsWith(".jar")) { - fileNames.add(fileUrl); - log.debug("Found JAR file [" + fileUrl.toString() + "] in service folder [" + pluginFolder + "]"); - } - } - } catch (IOException ex) { - log.warn("Cannot load plugin JARs (with additional call graph constructors) from directory [" + loc.toAbsolutePath() + "]"); + return cgConstructor; + } + + /** + * Searches for plugins in the configured plugin directory (only command-line interface) + * + * @return + */ + private static ClassLoader searchInPluginFolder() { + String pluginFolder = + VulasConfiguration.getGlobal() + .getConfiguration() + .getString(ReachabilityConfiguration.CLI_PLUGIN_DIR); + Path loc = Paths.get(pluginFolder); + List fileNames = new ArrayList<>(); + try (DirectoryStream directoryStream = Files.newDirectoryStream(loc)) { + for (Path path : directoryStream) { + URL fileUrl = path.toUri().toURL(); + if (fileUrl.getFile().endsWith(".jar")) { + fileNames.add(fileUrl); + log.debug( + "Found JAR file [" + + fileUrl.toString() + + "] in service folder [" + + pluginFolder + + "]"); } + } + } catch (IOException ex) { + log.warn( + "Cannot load plugin JARs (with additional call graph constructors) from directory [" + + loc.toAbsolutePath() + + "]"); + } - URL[] urls = new URL[fileNames.size()]; - urls = fileNames.toArray(urls); - URLClassLoader ucl = new URLClassLoader(urls); + URL[] urls = new URL[fileNames.size()]; + urls = fileNames.toArray(urls); + URLClassLoader ucl = new URLClassLoader(urls); - return ucl; - } + return ucl; + } } diff --git a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/ICallgraphConstructor.java b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/ICallgraphConstructor.java index 358753cc7..a565d59d8 100644 --- a/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/ICallgraphConstructor.java +++ b/lang-java-reach/src/main/java/com/sap/psr/vulas/cg/spi/ICallgraphConstructor.java @@ -35,95 +35,93 @@ */ public interface ICallgraphConstructor { - - /** - * The name of the analysis framework, used to register this callgraph constructor - * - * @return the framework's name - */ - public String getFramework(); - - /** - * Sets the application for call graph construction. - * - * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public void setAppContext(Application _ctx); - - /** - *

setVulasConfiguration.

- * - * @param _cfg a {@link com.sap.psr.vulas.shared.util.VulasConfiguration} object. - */ - public void setVulasConfiguration(VulasConfiguration _cfg); - - /** - * Sets the class path with directories and/or JAR files for the application. Individual entries must be separated by the system-specific path separator. - * - * @param _cp a {@link java.lang.String} object. - */ - public void setAppClasspath(String _cp); - - /** - * Sets the class path with directories and/or JAR files for the dependencies. Individual entries must be separated by the system-specific path separator. - * - * @param _dependencyClasspath a {@link java.lang.String} object. - */ - public void setDepClasspath(String _dependencyClasspath); - - /** - * Sets the entry points for call graph construction. These are the starting point of the call graph construction. - * - * @param _constructs a {@link java.util.Set} object. - * @throws com.sap.psr.vulas.cg.CallgraphConstructException - */ - public void setEntrypoints(Set _constructs) throws CallgraphConstructException; - - /** - * Excludes certain packages from the analysis, i.e., potential invocations happening in {@link Construct}s of those packages will - * be ignored. - * - * @param _packages a {@link java.lang.String} object. - */ - public void setExcludePackages(String _packages); - - /** - * Returns the effectively used entry points. {@link Construct}s of type class or package, for instance, will be filtered. - * Also, it may happen that some of the specified entry points cannot be found, e.g., due to an incomplete class path. - * - * @return a {@link java.util.Set} object. - */ - public Set getEntrypoints(); - - /** - * Builds the call graph. If the argument is set to true, the construction will be aborted if - * not all of the specified entry points could be used. - * - * @throws com.sap.psr.vulas.cg.CallgraphConstructException - * @param _policy a boolean. - */ - public void buildCallgraph(boolean _policy) throws CallgraphConstructException; - - /** - * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. - * - * @return the time required for building the call graph (in nanoseconds) - */ - public long getConstructionTime(); - - /** - * Returns the constructor's specific configuration settings. - * - * @return a {@link org.apache.commons.configuration.Configuration} object. - */ - public Configuration getConstructorConfiguration(); - - /** - * Returns the call graph. - * - * @return a {@link com.ibm.wala.util.graph.Graph} object. - */ - public Graph getCallgraph(); - - + /** + * The name of the analysis framework, used to register this callgraph constructor + * + * @return the framework's name + */ + public String getFramework(); + + /** + * Sets the application for call graph construction. + * + * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public void setAppContext(Application _ctx); + + /** + *

setVulasConfiguration.

+ * + * @param _cfg a {@link com.sap.psr.vulas.shared.util.VulasConfiguration} object. + */ + public void setVulasConfiguration(VulasConfiguration _cfg); + + /** + * Sets the class path with directories and/or JAR files for the application. Individual entries must be separated by the system-specific path separator. + * + * @param _cp a {@link java.lang.String} object. + */ + public void setAppClasspath(String _cp); + + /** + * Sets the class path with directories and/or JAR files for the dependencies. Individual entries must be separated by the system-specific path separator. + * + * @param _dependencyClasspath a {@link java.lang.String} object. + */ + public void setDepClasspath(String _dependencyClasspath); + + /** + * Sets the entry points for call graph construction. These are the starting point of the call graph construction. + * + * @param _constructs a {@link java.util.Set} object. + * @throws com.sap.psr.vulas.cg.CallgraphConstructException + */ + public void setEntrypoints(Set _constructs) + throws CallgraphConstructException; + + /** + * Excludes certain packages from the analysis, i.e., potential invocations happening in {@link Construct}s of those packages will + * be ignored. + * + * @param _packages a {@link java.lang.String} object. + */ + public void setExcludePackages(String _packages); + + /** + * Returns the effectively used entry points. {@link Construct}s of type class or package, for instance, will be filtered. + * Also, it may happen that some of the specified entry points cannot be found, e.g., due to an incomplete class path. + * + * @return a {@link java.util.Set} object. + */ + public Set getEntrypoints(); + + /** + * Builds the call graph. If the argument is set to true, the construction will be aborted if + * not all of the specified entry points could be used. + * + * @throws com.sap.psr.vulas.cg.CallgraphConstructException + * @param _policy a boolean. + */ + public void buildCallgraph(boolean _policy) throws CallgraphConstructException; + + /** + * Returns the time required for building the call graph (in nanoseconds), or -1 if the construction did not finish. + * + * @return the time required for building the call graph (in nanoseconds) + */ + public long getConstructionTime(); + + /** + * Returns the constructor's specific configuration settings. + * + * @return a {@link org.apache.commons.configuration.Configuration} object. + */ + public Configuration getConstructorConfiguration(); + + /** + * Returns the call graph. + * + * @return a {@link com.ibm.wala.util.graph.Graph} object. + */ + public Graph getCallgraph(); } diff --git a/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphConstructorFactoryTest.java b/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphConstructorFactoryTest.java index ba6485649..c3bea99f7 100644 --- a/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphConstructorFactoryTest.java +++ b/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphConstructorFactoryTest.java @@ -21,7 +21,6 @@ import com.sap.psr.vulas.cg.spi.CallgraphConstructorFactory; import com.sap.psr.vulas.cg.spi.ICallgraphConstructor; -import com.sap.psr.vulas.core.util.CoreConfiguration; import com.sap.psr.vulas.shared.util.VulasConfiguration; import org.junit.Test; @@ -29,26 +28,26 @@ public class CallgraphConstructorFactoryTest { - - static { - VulasConfiguration.getGlobal().setProperty("vulas.reach.cli.plugins.dir", "target/test-classes"); - } - - - @Test - public void getDummyCallgraphServiceFromPluginFolder() { - ICallgraphConstructor callgraphConstructor = CallgraphConstructorFactory.buildCallgraphConstructor("dummy", null, true); - assertEquals(callgraphConstructor.getFramework(), "dummy"); - assertEquals(callgraphConstructor.getClass().getName(), "com.sap.psr.vulas.cg.DummyCallgraphConstructor"); - assertTrue(callgraphConstructor instanceof ICallgraphConstructor); - } - - - @Test - public void getDummyCallgraphServiceFromClasspath() { - ICallgraphConstructor callgraphConstructor = CallgraphConstructorFactory.buildCallgraphConstructor("dummy", null, false); - assertEquals(callgraphConstructor,null); - } - - -} \ No newline at end of file + static { + VulasConfiguration.getGlobal() + .setProperty("vulas.reach.cli.plugins.dir", "target/test-classes"); + } + + @Test + public void getDummyCallgraphServiceFromPluginFolder() { + ICallgraphConstructor callgraphConstructor = + CallgraphConstructorFactory.buildCallgraphConstructor("dummy", null, true); + assertEquals(callgraphConstructor.getFramework(), "dummy"); + assertEquals( + callgraphConstructor.getClass().getName(), + "com.sap.psr.vulas.cg.DummyCallgraphConstructor"); + assertTrue(callgraphConstructor instanceof ICallgraphConstructor); + } + + @Test + public void getDummyCallgraphServiceFromClasspath() { + ICallgraphConstructor callgraphConstructor = + CallgraphConstructorFactory.buildCallgraphConstructor("dummy", null, false); + assertEquals(callgraphConstructor, null); + } +} diff --git a/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphTest.java b/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphTest.java index 3f211ce97..a9e8ec931 100755 --- a/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphTest.java +++ b/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/CallgraphTest.java @@ -48,171 +48,172 @@ public class CallgraphTest { - // Disable upload for JUnit tests - static { - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.OFFLINE.toString()); - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_GROUP, "examples"); - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_ARTIF, "examples"); - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_VERSI, "0.0"); + // Disable upload for JUnit tests + static { + VulasConfiguration.getGlobal() + .setProperty( + CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.OFFLINE.toString()); + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_GROUP, "examples"); + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_ARTIF, "examples"); + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_VERSI, "0.0"); + } + + private GoalContext getGoalContext() { + final GoalContext ctx = new GoalContext(); + ctx.setApplication(new Application("foo", "bar", "0.0")); + return ctx; + } + + /** + * Expected tested class: Callgraph + * Test 1: compute the distance + * Test 2: compute the shortest path + * Test 3/4: compute all paths based on different algorithms + */ + @Test + public void callgraphTest() { + // Manually build a call graph: 10 nodes and 14 edges + Graph graph = SlowSparseNumberedGraph.make(); + ConstructId a = JavaId.toSharedType(JavaId.parseMethodQName("test.a()")); + graph.addNode(a); + ConstructId b = JavaId.toSharedType(JavaId.parseMethodQName("test.b()")); + graph.addNode(b); + ConstructId c = JavaId.toSharedType(JavaId.parseMethodQName("test.c()")); + graph.addNode(c); + ConstructId d = JavaId.toSharedType(JavaId.parseMethodQName("test.d()")); + graph.addNode(d); + ConstructId e = JavaId.toSharedType(JavaId.parseMethodQName("test.e()")); + graph.addNode(e); + ConstructId f = JavaId.toSharedType(JavaId.parseMethodQName("test.f()")); + graph.addNode(f); + ConstructId g = JavaId.toSharedType(JavaId.parseMethodQName("test.g()")); + graph.addNode(g); + ConstructId h = JavaId.toSharedType(JavaId.parseMethodQName("test.h()")); + graph.addNode(h); + ConstructId i = JavaId.toSharedType(JavaId.parseMethodQName("test.i()")); + graph.addNode(i); + ConstructId j = JavaId.toSharedType(JavaId.parseMethodQName("test.j()")); + graph.addNode(j); + graph.addEdge(a, b); + graph.addEdge(a, c); + graph.addEdge(b, d); + graph.addEdge(b, e); + graph.addEdge(b, f); + graph.addEdge(c, f); + graph.addEdge(c, g); + graph.addEdge(e, h); + graph.addEdge(f, i); + graph.addEdge(h, i); + graph.addEdge(h, j); + graph.addEdge(i, j); + graph.addEdge(g, j); + graph.addEdge(i, e); + + Callgraph cg = new Callgraph(graph); + + // source = a; target = j; + // Test 1: compute the distance + Map distance = cg.getDist(j); + int dist = distance.get(a); + assertEquals(dist, 3); + + // Test 2: compute the shortest path + Map> shortestPaths = cg.getShortestPath(j, null); + LinkedList expectedShortestPath = new LinkedList(); + expectedShortestPath.add(c); + expectedShortestPath.add(g); + expectedShortestPath.add(j); + LinkedList spath = shortestPaths.get(a); + LinkedList computedShortestPath = new LinkedList(); + if (spath != null) { + for (int n = (spath.size() - 1); n >= 0; n--) { + computedShortestPath.add(cg.getConstructForId(spath.get(n))); + } } - - private GoalContext getGoalContext() { - final GoalContext ctx = new GoalContext(); - ctx.setApplication(new Application("foo", "bar", "0.0")); - return ctx; + assertEquals(computedShortestPath, expectedShortestPath); + + // Test 3: compute all paths: DepthFirstGetPaths + AbstractGetPaths getpaths = new DepthFirstGetPaths(cg.getGraph(), cg.getNodeId()); + HashSet> paths = getpaths.getAllPaths(a, j); + for (LinkedList p : paths) { + for (ConstructId cid : p) System.out.print(cid.getQname() + " "); + System.out.println(); } - - /** - * Expected tested class: Callgraph - * Test 1: compute the distance - * Test 2: compute the shortest path - * Test 3/4: compute all paths based on different algorithms - */ - @Test - public void callgraphTest() { - // Manually build a call graph: 10 nodes and 14 edges - Graph graph = SlowSparseNumberedGraph.make(); - ConstructId a = JavaId.toSharedType(JavaId.parseMethodQName("test.a()")); - graph.addNode(a); - ConstructId b = JavaId.toSharedType(JavaId.parseMethodQName("test.b()")); - graph.addNode(b); - ConstructId c = JavaId.toSharedType(JavaId.parseMethodQName("test.c()")); - graph.addNode(c); - ConstructId d = JavaId.toSharedType(JavaId.parseMethodQName("test.d()")); - graph.addNode(d); - ConstructId e = JavaId.toSharedType(JavaId.parseMethodQName("test.e()")); - graph.addNode(e); - ConstructId f = JavaId.toSharedType(JavaId.parseMethodQName("test.f()")); - graph.addNode(f); - ConstructId g = JavaId.toSharedType(JavaId.parseMethodQName("test.g()")); - graph.addNode(g); - ConstructId h = JavaId.toSharedType(JavaId.parseMethodQName("test.h()")); - graph.addNode(h); - ConstructId i = JavaId.toSharedType(JavaId.parseMethodQName("test.i()")); - graph.addNode(i); - ConstructId j = JavaId.toSharedType(JavaId.parseMethodQName("test.j()")); - graph.addNode(j); - graph.addEdge(a, b); - graph.addEdge(a, c); - graph.addEdge(b, d); - graph.addEdge(b, e); - graph.addEdge(b, f); - graph.addEdge(c, f); - graph.addEdge(c, g); - graph.addEdge(e, h); - graph.addEdge(f, i); - graph.addEdge(h, i); - graph.addEdge(h, j); - graph.addEdge(i, j); - graph.addEdge(g, j); - graph.addEdge(i, e); - - Callgraph cg = new Callgraph(graph); - - //source = a; target = j; - // Test 1: compute the distance - Map distance = cg.getDist(j); - int dist = distance.get(a); - assertEquals(dist, 3); - - // Test 2: compute the shortest path - Map> shortestPaths = cg.getShortestPath(j, null); - LinkedList expectedShortestPath = new LinkedList(); - expectedShortestPath.add(c); - expectedShortestPath.add(g); - expectedShortestPath.add(j); - LinkedList spath = shortestPaths.get(a); - LinkedList computedShortestPath = new LinkedList(); - if (spath != null) { - for (int n = (spath.size() - 1); n >= 0; n--) { - computedShortestPath.add(cg.getConstructForId(spath.get(n))); - } - } - assertEquals(computedShortestPath, expectedShortestPath); - - // Test 3: compute all paths: DepthFirstGetPaths - AbstractGetPaths getpaths = new DepthFirstGetPaths(cg.getGraph(), cg.getNodeId()); - HashSet> paths = getpaths.getAllPaths(a, j); - for (LinkedList p : paths) { - for (ConstructId cid : p) System.out.print(cid.getQname() + " "); - System.out.println(); - } - assertEquals(paths.size(), 7); - - // Test 4: compute all paths: Get all paths from pruned graph - getpaths = new PrunedGraphGetPaths(cg.getGraph(), cg.getNodeId()); - paths = getpaths.getAllPaths(a, j); - for (LinkedList p : paths) { - for (ConstructId cid : p) System.out.print(cid.getQname() + " "); - System.out.println(); - } - assertEquals(paths.size(), 7); + assertEquals(paths.size(), 7); + + // Test 4: compute all paths: Get all paths from pruned graph + getpaths = new PrunedGraphGetPaths(cg.getGraph(), cg.getNodeId()); + paths = getpaths.getAllPaths(a, j); + for (LinkedList p : paths) { + for (ConstructId cid : p) System.out.print(cid.getQname() + " "); + System.out.println(); } - - - - /*@Test - public void examplesSootTest () throws CallgraphConstructException { - final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); - ra.setCallGraphConstructor(AbstractConstructorFactory.getFactory("soot")); - - // Set classpaths - final Set app_paths = new HashSet(), dep_paths = new HashSet(); - app_paths.add(Paths.get("./src/test/resources/examples.jar")); - dep_paths.add(Paths.get("./src/test/resources/empty.jar")); - ra.setAppClasspaths(app_paths); - ra.setDependencyClasspaths(dep_paths); - - // Set the EP manually - final Set entrypoints = new HashSet(); - entrypoints.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Examples.main(String[])"))); - ra.setEntryPoints(entrypoints, PathSource.A2C, false); - ra.setAppConstructs(entrypoints); - - // Set the target constructs (manually, rather than using a bug) - final Map> target_constructs = new HashMap>(); - final Set changes = new HashSet(); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Cat.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Fish.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Dog.saySomething()"))); - changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Car.saySomething()"))); - target_constructs.put("does-not-exist", changes); - ra.setTargetConstructs(target_constructs); - - try { - ReachabilityAnalyzer.startAnalysis(ra, 600000); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - }*/ - - // @Test - // public void getChangesTest () { - // MavenId app = new MavenId("com.sap.research.security.vulas", "vulas-testapp", "0.0.2-SNAPSHOT"); - // ReachabilityAnalyzer ra = new ReachabilityAnalyzer(app, null); - // Map> changes = Collector.getInstance().getChangeList(app, null, false); - // for(Map.Entry> entry : changes.entrySet()) { - // System.out.println("\r\nAll changes of bug [ " + entry.getKey() + " ]"); - // for(ConstructId cid : entry.getValue()) System.out.println("--- " + cid.getQName()); - // } - // } - - @Test - public void testJarDigest() { - final String qname = "java.lang.String"; - final JavaClassId cid = JavaId.parseClassQName(qname); - final JarAnalyzer ja = new JarAnalyzer(); - try { - final URL jar_url = cid.getJarUrl(); - final URI uri = jar_url.toURI(); - System.out.println("Jar URL [" + jar_url + "], URI [" + uri + "]"); - ja.analyze(Paths.get(uri).toFile()); - assertTrue(true); - } catch (Exception e) { - System.err.println(e.getMessage()); - assertTrue(false); - } + assertEquals(paths.size(), 7); + } + + /*@Test + public void examplesSootTest () throws CallgraphConstructException { + final ReachabilityAnalyzer ra = new ReachabilityAnalyzer(this.getGoalContext()); + ra.setCallGraphConstructor(AbstractConstructorFactory.getFactory("soot")); + + // Set classpaths + final Set app_paths = new HashSet(), dep_paths = new HashSet(); + app_paths.add(Paths.get("./src/test/resources/examples.jar")); + dep_paths.add(Paths.get("./src/test/resources/empty.jar")); + ra.setAppClasspaths(app_paths); + ra.setDependencyClasspaths(dep_paths); + + // Set the EP manually + final Set entrypoints = new HashSet(); + entrypoints.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Examples.main(String[])"))); + ra.setEntryPoints(entrypoints, PathSource.A2C, false); + ra.setAppConstructs(entrypoints); + + // Set the target constructs (manually, rather than using a bug) + final Map> target_constructs = new HashMap>(); + final Set changes = new HashSet(); + changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Cat.saySomething()"))); + changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Fish.saySomething()"))); + changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Dog.saySomething()"))); + changes.add(JavaId.toSharedType(JavaId.parseMethodQName("com.sap.psr.vulas.cg.test.Car.saySomething()"))); + target_constructs.put("does-not-exist", changes); + ra.setTargetConstructs(target_constructs); + + try { + ReachabilityAnalyzer.startAnalysis(ra, 600000); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + }*/ + + // @Test + // public void getChangesTest () { + // MavenId app = new MavenId("com.sap.research.security.vulas", "vulas-testapp", + // "0.0.2-SNAPSHOT"); + // ReachabilityAnalyzer ra = new ReachabilityAnalyzer(app, null); + // Map> changes = Collector.getInstance().getChangeList(app, null, + // false); + // for(Map.Entry> entry : changes.entrySet()) { + // System.out.println("\r\nAll changes of bug [ " + entry.getKey() + " ]"); + // for(ConstructId cid : entry.getValue()) System.out.println("--- " + cid.getQName()); + // } + // } + + @Test + public void testJarDigest() { + final String qname = "java.lang.String"; + final JavaClassId cid = JavaId.parseClassQName(qname); + final JarAnalyzer ja = new JarAnalyzer(); + try { + final URL jar_url = cid.getJarUrl(); + final URI uri = jar_url.toURI(); + System.out.println("Jar URL [" + jar_url + "], URI [" + uri + "]"); + ja.analyze(Paths.get(uri).toFile()); + assertTrue(true); + } catch (Exception e) { + System.err.println(e.getMessage()); + assertTrue(false); } - + } } diff --git a/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/Examples.java b/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/Examples.java index c9ded84ea..8d536a634 100755 --- a/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/Examples.java +++ b/lang-java-reach/src/test/java/com/sap/psr/vulas/cg/test/Examples.java @@ -23,28 +23,26 @@ import java.util.TreeSet; abstract class Animal implements Comparable { - - public abstract void saySomething(); - - public int compareTo(Object _a) { - return getClass().getName().compareTo(_a.getClass().getName()); - } + + public abstract void saySomething(); + + public int compareTo(Object _a) { + return getClass().getName().compareTo(_a.getClass().getName()); + } } class Cat extends Animal { - public void saySomething() { - System.out.println("purr"); - } + public void saySomething() { + System.out.println("purr"); + } } - class Dog extends Animal { public void saySomething() { System.out.println("woof"); } } - class Fish extends Animal { public void saySomething() { System.out.println("..."); @@ -59,27 +57,25 @@ public void saySomething() { public class Examples { static SortedSet animals = new TreeSet(); - + private static Animal createFish() { return new Fish(); } - - private static Animal createCat() - { + + private static Animal createCat() { Animal cat = new Cat(); animals.add(cat); return cat; } - - public static void main(String[] args) - { + + public static void main(String[] args) { Animal animal = null; - if(args.length == 0) { - animal = createCat(); - animal.saySomething(); + if (args.length == 0) { + animal = createCat(); + animal.saySomething(); } else { - animal = createFish(); - animal.saySomething(); + animal = createFish(); + animal.saySomething(); } } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/bytecode/BytecodeComparator.java b/lang-java/src/main/java/com/sap/psr/vulas/bytecode/BytecodeComparator.java index 48fab5dc8..f588a7af1 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/bytecode/BytecodeComparator.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/bytecode/BytecodeComparator.java @@ -19,7 +19,6 @@ import org.apache.commons.io.IOUtils; import org.apache.logging.log4j.Logger; - import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.sap.psr.vulas.backend.BackendConnectionException; import com.sap.psr.vulas.backend.BackendConnector; @@ -41,215 +40,285 @@ import com.sap.psr.vulas.shared.json.model.LibraryId; import com.sap.psr.vulas.sign.SignatureFactory; -public class BytecodeComparator { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private GoalContext context; - private Map,StdDeserializer> custom_deserializers = new HashMap,StdDeserializer>(); - - public BytecodeComparator() { this(null); } - - public BytecodeComparator(GoalContext _g) { - custom_deserializers.put(ASTSignatureChange.class, new ASTSignatureChangeDeserializer()); - context = _g; - } - - public void compareLibForBug(Library _l, String _bug_id, Path _p) throws BackendConnectionException, IOException { - boolean vuln = false; - boolean fixed = false; - - Set list = new HashSet(); - - final Bug b1 = BackendConnector.getInstance().getBug(context, _bug_id); - - // Retrieve existing affectedVersions - final List alist = new ArrayList(); - for (AffectedVersionSource s : AffectedVersionSource.values()) { - if (!s.equals(AffectedVersionSource.TO_REVIEW)) { - AffectedLibrary[] als = BackendConnector.getInstance().getBugAffectedLibraries(context, _bug_id, s.toString(), true); - alist.addAll(Arrays.asList(als)); - log.debug("Existing [" + als.length + "] affected libraries in backend for source [" + s.toString() + "]"); - } - } - - // Check if current pair bug/digest was already assessed - for(AffectedLibrary a: alist){ - if(a.getLib()!=null && a.getLib().getDigest().equals(_l.getDigest())){ - return; - } - } - - b1.setAffectedVersions(alist); - - try { - final JarFile archive = new JarFile(_p.toFile()); - for (ConstructChange cc : b1.getConstructChanges()) { - - // Only compare for type MOD of METH,CONS - if (cc.getConstructChangeType().equals(ConstructChangeType.MOD) - && (cc.getConstructId().getType().equals(ConstructType.CONS) - || cc.getConstructId().getType().equals(ConstructType.METH))) { - - // Retrieve the construct from JAR - JavaId jid = JavaId.getJavaId(cc.getConstructId().getType().toString(),cc.getConstructId().getQname()); - JavaId def_ctx = JavaId.getCompilationUnit(jid); - - // Extract class file to disk - Path classfile = null; - final String entry_name = def_ctx.getQualifiedName().replace('.', '/') + ".class"; - final JarEntry entry = (JarEntry)archive.getEntry(entry_name); - if (entry != null) { - classfile = File.createTempFile(def_ctx.getQualifiedName(), ".class", this.context.getVulasConfiguration().getTmpDir().toFile()).toPath(); - log.debug("Extract class file to [" + classfile.toAbsolutePath() + "]"); - try(final InputStream ais = archive.getInputStream(entry); final FileOutputStream fos = new FileOutputStream(classfile.toFile());) { - IOUtils.copy(ais, fos); - } - } else { - log.warn("Artifact does not contain entry [" + entry_name + "] for class [" + def_ctx.getQualifiedName() + "]"); - } - - // Create AST of construct to assess - String ast_current = null; - ASTConstructBodySignature sign = null; - if (classfile != null) { - SignatureFactory sf = CoreConfiguration.getSignatureFactory(JavaId.toSharedType(jid)); - sign = (ASTConstructBodySignature) sf.createSignature(JavaId.toSharedType(jid),classfile.toFile()); - if (sign != null) - ast_current = sign.toJson(); - } - - - if (ast_current != null) { - - final ConstructBytecodeASTManager ast_mgr = new ConstructBytecodeASTManager( - this.context, cc.getConstructId().getQname(), cc.getRepoPath(), cc.getConstructId().getType()); - for (AffectedLibrary a : b1.getAffectedVersions()) { - if (a.getAffected() && a.getLibraryId() != null) - ast_mgr.addVulnLid(a.getLibraryId()); - else if (!a.getAffected() && a.getLibraryId() != null) - ast_mgr.addFixedLid(a.getLibraryId()); - } - - // Retrieve and compare source whose libid was assessed as vuln - for (LibraryId v : ast_mgr.getVulnLids()) { - log.debug(v.toString()); - // retrieve bytecode of the known to be vulnerable library - String ast_lid = ast_mgr.getVulnAst(v); - - if (ast_lid != null) { - // check if the ast's diff is empty - - String body = "[" + ast_lid + "," + ast_current + "]"; - String editV = BackendConnector.getInstance().getAstDiff(context, body); - ASTSignatureChange scV = (ASTSignatureChange)JacksonUtil.asObject(editV, custom_deserializers, ASTSignatureChange.class); - - // SP check if scV get mofidications is null? - log.debug("size to vulnerable lib " + v.toString() + " is [" - + scV.getModifications().size() + "]"); - if (scV.getModifications().size() == 0) { - - // check that there isn't also a construct = to vuln - - log.info("Library ID equal to vuln based on AST bytecode comparison with " + v.toString()); - vuln = true; - list.add(v); - break; - } - } - } - - // Retrieve and compare source whose libid was assessed as fixed - for (LibraryId f : ast_mgr.getFixedLids()) { - log.debug(f.toString()); - // retrieve bytecode of the known to be vulnerable library - String ast_lid = ast_mgr.getFixedAst(f); - - if (ast_lid != null) { - // check if the ast's diff is empty - - String body = "[" + ast_lid + "," + ast_current + "]"; - String editV = BackendConnector.getInstance().getAstDiff(context, body); - ASTSignatureChange scV = (ASTSignatureChange)JacksonUtil.asObject(editV, custom_deserializers, ASTSignatureChange.class); - - log.debug("size to fixed lib " + f.toString() + " is [" + scV.getModifications().size() + "]"); - if (scV.getModifications().size() == 0) { - - log.info("Library ID equal to fix based on AST bytecode comparison with " + f.toString()); - // cpa2.addLibsSameBytecode(l); - fixed = true; - list.add(f); - break; - } - } - } - - if(vuln && fixed) { - log.warn("No conclusion taken for vulnerability [" + _bug_id + "] in archive [" + _l.getDigest() + "]: Construct of change " + cc.toString() + " is equal both to a vulnerable and to a fixed archive"); - break; - } - } - } - - // cia does not serve code for type class - - // if(cc.getConstructChangeType().equals(ConstructChangeType.MOD) && cc.getConstructId().getType().equals(ConstructType.CLAS)) { - // // retrieve the bytecode of the currently analyzed library - // String cls_current = BackendConnector.getInstance().getSourcesForQnameInLib(context, toAssess.getMvnGroup()+"/"+toAssess.getArtifact() - // +"/"+toAssess.getVersion()+"/"+cc.getConstructId().getType().toString()+"/"+cc.getConstructId().getQname()); - // - // if(cls_current!=null){ - // for(AffectedLibrary[] array: existingxSource.values()){ - // for(AffectedLibrary a : array){ - // if(a.getLibraryId()!=null) { - // String cls_known = BackendConnector.getInstance().getSourcesForQnameInLib(context, a.getLibraryId().getMvnGroup()+"/"+a.getLibraryId().getArtifact() - // +"/"+a.getLibraryId().getVersion()+"/"+cc.getConstructId().getType().toString()+"/"+cc.getConstructId().getQname()); - // - // if(cls_known!=null && cls_current.equals(cls_known)) { - // list.add(a.getLibraryId()); - // if(a.getAffected()) - // vuln=true; - // else if(!a.getAffected()) - // fixed=true; - // } - // } - // } - // } - // } - // } - - } - archive.close(); - } catch (ZipException ze) { - log.error("Error in opening archive [" + _p + "]: " + ze.getMessage(), ze); - } - - // Only create assessment if all constructs are equal to either vulnerable or fixed - if (vuln ^ fixed) { - log.info("Library with digest [" + _l.getDigest() + "] assessed as [" + (vuln?"vulnerable":"non-vulnerable") + "] with regard to bug [" + b1.getBugId() + "]"); - - final AffectedLibrary al = new AffectedLibrary(); - al.setBugId(b1); - al.setLib(_l); - al.setAffected(vuln); - al.setExplanation("Same bytecode found in library(ies) [" + list.toString() + "]"); - al.setSource(AffectedVersionSource.CHECK_CODE); - - final JsonBuilder json = new JsonBuilder().startArray(); - json.appendJsonToArray(JacksonUtil.asJsonString(al)); - json.endArray(); - - BackendConnector.getInstance().uploadBugAffectedLibraries(context, b1.getBugId(), json.getJson(), AffectedVersionSource.CHECK_CODE); - } - - // Some constructs are equal to vulnerable, others are equal to fixed - else if (vuln && fixed) { - log.warn("No conclusion taken for bug [" + _bug_id + "] in archive [" + _l.getDigest() + "]: found equalities both to vulnerable and fixed archive"); - } - - // No conclusion taken - else { - log.warn("No conclusion taken for bug [" + _bug_id + "] in archive [" + _l.getDigest() + "]"); - } - } +public class BytecodeComparator { + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private GoalContext context; + private Map, StdDeserializer> custom_deserializers = + new HashMap, StdDeserializer>(); + + public BytecodeComparator() { + this(null); + } + + public BytecodeComparator(GoalContext _g) { + custom_deserializers.put(ASTSignatureChange.class, new ASTSignatureChangeDeserializer()); + context = _g; + } + + public void compareLibForBug(Library _l, String _bug_id, Path _p) + throws BackendConnectionException, IOException { + boolean vuln = false; + boolean fixed = false; + + Set list = new HashSet(); + + final Bug b1 = BackendConnector.getInstance().getBug(context, _bug_id); + + // Retrieve existing affectedVersions + final List alist = new ArrayList(); + for (AffectedVersionSource s : AffectedVersionSource.values()) { + if (!s.equals(AffectedVersionSource.TO_REVIEW)) { + AffectedLibrary[] als = + BackendConnector.getInstance() + .getBugAffectedLibraries(context, _bug_id, s.toString(), true); + alist.addAll(Arrays.asList(als)); + log.debug( + "Existing [" + + als.length + + "] affected libraries in backend for source [" + + s.toString() + + "]"); + } + } + + // Check if current pair bug/digest was already assessed + for (AffectedLibrary a : alist) { + if (a.getLib() != null && a.getLib().getDigest().equals(_l.getDigest())) { + return; + } + } + + b1.setAffectedVersions(alist); + + try { + final JarFile archive = new JarFile(_p.toFile()); + for (ConstructChange cc : b1.getConstructChanges()) { + + // Only compare for type MOD of METH,CONS + if (cc.getConstructChangeType().equals(ConstructChangeType.MOD) + && (cc.getConstructId().getType().equals(ConstructType.CONS) + || cc.getConstructId().getType().equals(ConstructType.METH))) { + + // Retrieve the construct from JAR + JavaId jid = + JavaId.getJavaId( + cc.getConstructId().getType().toString(), cc.getConstructId().getQname()); + JavaId def_ctx = JavaId.getCompilationUnit(jid); + + // Extract class file to disk + Path classfile = null; + final String entry_name = def_ctx.getQualifiedName().replace('.', '/') + ".class"; + final JarEntry entry = (JarEntry) archive.getEntry(entry_name); + if (entry != null) { + classfile = + File.createTempFile( + def_ctx.getQualifiedName(), + ".class", + this.context.getVulasConfiguration().getTmpDir().toFile()) + .toPath(); + log.debug("Extract class file to [" + classfile.toAbsolutePath() + "]"); + try (final InputStream ais = archive.getInputStream(entry); + final FileOutputStream fos = new FileOutputStream(classfile.toFile()); ) { + IOUtils.copy(ais, fos); + } + } else { + log.warn( + "Artifact does not contain entry [" + + entry_name + + "] for class [" + + def_ctx.getQualifiedName() + + "]"); + } + + // Create AST of construct to assess + String ast_current = null; + ASTConstructBodySignature sign = null; + if (classfile != null) { + SignatureFactory sf = CoreConfiguration.getSignatureFactory(JavaId.toSharedType(jid)); + sign = + (ASTConstructBodySignature) + sf.createSignature(JavaId.toSharedType(jid), classfile.toFile()); + if (sign != null) ast_current = sign.toJson(); + } + + if (ast_current != null) { + + final ConstructBytecodeASTManager ast_mgr = + new ConstructBytecodeASTManager( + this.context, + cc.getConstructId().getQname(), + cc.getRepoPath(), + cc.getConstructId().getType()); + for (AffectedLibrary a : b1.getAffectedVersions()) { + if (a.getAffected() && a.getLibraryId() != null) ast_mgr.addVulnLid(a.getLibraryId()); + else if (!a.getAffected() && a.getLibraryId() != null) + ast_mgr.addFixedLid(a.getLibraryId()); + } + + // Retrieve and compare source whose libid was assessed as vuln + for (LibraryId v : ast_mgr.getVulnLids()) { + log.debug(v.toString()); + // retrieve bytecode of the known to be vulnerable library + String ast_lid = ast_mgr.getVulnAst(v); + + if (ast_lid != null) { + // check if the ast's diff is empty + + String body = "[" + ast_lid + "," + ast_current + "]"; + String editV = BackendConnector.getInstance().getAstDiff(context, body); + ASTSignatureChange scV = + (ASTSignatureChange) + JacksonUtil.asObject(editV, custom_deserializers, ASTSignatureChange.class); + + // SP check if scV get mofidications is null? + log.debug( + "size to vulnerable lib " + + v.toString() + + " is [" + + scV.getModifications().size() + + "]"); + if (scV.getModifications().size() == 0) { + + // check that there isn't also a construct = to vuln + + log.info( + "Library ID equal to vuln based on AST bytecode comparison with " + + v.toString()); + vuln = true; + list.add(v); + break; + } + } + } + + // Retrieve and compare source whose libid was assessed as fixed + for (LibraryId f : ast_mgr.getFixedLids()) { + log.debug(f.toString()); + // retrieve bytecode of the known to be vulnerable library + String ast_lid = ast_mgr.getFixedAst(f); + + if (ast_lid != null) { + // check if the ast's diff is empty + + String body = "[" + ast_lid + "," + ast_current + "]"; + String editV = BackendConnector.getInstance().getAstDiff(context, body); + ASTSignatureChange scV = + (ASTSignatureChange) + JacksonUtil.asObject(editV, custom_deserializers, ASTSignatureChange.class); + + log.debug( + "size to fixed lib " + + f.toString() + + " is [" + + scV.getModifications().size() + + "]"); + if (scV.getModifications().size() == 0) { + + log.info( + "Library ID equal to fix based on AST bytecode comparison with " + + f.toString()); + // cpa2.addLibsSameBytecode(l); + fixed = true; + list.add(f); + break; + } + } + } + + if (vuln && fixed) { + log.warn( + "No conclusion taken for vulnerability [" + + _bug_id + + "] in archive [" + + _l.getDigest() + + "]: Construct of change " + + cc.toString() + + " is equal both to a vulnerable and to a fixed archive"); + break; + } + } + } + + // cia does not serve code for type class + + // if(cc.getConstructChangeType().equals(ConstructChangeType.MOD) && + // cc.getConstructId().getType().equals(ConstructType.CLAS)) { + // // retrieve the bytecode of the currently analyzed library + // String cls_current = BackendConnector.getInstance().getSourcesForQnameInLib(context, + // toAssess.getMvnGroup()+"/"+toAssess.getArtifact() + // + // +"/"+toAssess.getVersion()+"/"+cc.getConstructId().getType().toString()+"/"+cc.getConstructId().getQname()); + // + // if(cls_current!=null){ + // for(AffectedLibrary[] array: existingxSource.values()){ + // for(AffectedLibrary a : array){ + // if(a.getLibraryId()!=null) { + // String cls_known = BackendConnector.getInstance().getSourcesForQnameInLib(context, + // a.getLibraryId().getMvnGroup()+"/"+a.getLibraryId().getArtifact() + // + // +"/"+a.getLibraryId().getVersion()+"/"+cc.getConstructId().getType().toString()+"/"+cc.getConstructId().getQname()); + // + // if(cls_known!=null && cls_current.equals(cls_known)) { + // list.add(a.getLibraryId()); + // if(a.getAffected()) + // vuln=true; + // else if(!a.getAffected()) + // fixed=true; + // } + // } + // } + // } + // } + // } + + } + archive.close(); + } catch (ZipException ze) { + log.error("Error in opening archive [" + _p + "]: " + ze.getMessage(), ze); + } + + // Only create assessment if all constructs are equal to either vulnerable or fixed + if (vuln ^ fixed) { + log.info( + "Library with digest [" + + _l.getDigest() + + "] assessed as [" + + (vuln ? "vulnerable" : "non-vulnerable") + + "] with regard to bug [" + + b1.getBugId() + + "]"); + + final AffectedLibrary al = new AffectedLibrary(); + al.setBugId(b1); + al.setLib(_l); + al.setAffected(vuln); + al.setExplanation("Same bytecode found in library(ies) [" + list.toString() + "]"); + al.setSource(AffectedVersionSource.CHECK_CODE); + + final JsonBuilder json = new JsonBuilder().startArray(); + json.appendJsonToArray(JacksonUtil.asJsonString(al)); + json.endArray(); + + BackendConnector.getInstance() + .uploadBugAffectedLibraries( + context, b1.getBugId(), json.getJson(), AffectedVersionSource.CHECK_CODE); + } + + // Some constructs are equal to vulnerable, others are equal to fixed + else if (vuln && fixed) { + log.warn( + "No conclusion taken for bug [" + + _bug_id + + "] in archive [" + + _l.getDigest() + + "]: found equalities both to vulnerable and fixed archive"); + } + + // No conclusion taken + else { + log.warn("No conclusion taken for bug [" + _bug_id + "] in archive [" + _l.getDigest() + "]"); + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/bytecode/ConstructBytecodeASTManager.java b/lang-java/src/main/java/com/sap/psr/vulas/bytecode/ConstructBytecodeASTManager.java index bec67391e..c86cfd545 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/bytecode/ConstructBytecodeASTManager.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/bytecode/ConstructBytecodeASTManager.java @@ -28,139 +28,161 @@ import com.sap.psr.vulas.shared.enums.ProgrammingLanguage; import com.sap.psr.vulas.shared.json.model.LibraryId; - /** *

ConstructBytecodeASTManager class.

* */ public class ConstructBytecodeASTManager { - String construct; - String path; - - ConstructType type; - - private GoalContext goalContext = null; - - private static final String BYTECODE_NOT_FOUND = "none"; - - HashMap lidVulnBytecodeAST; - HashMap lidFixedBytecodeAST; - - /** - *

Constructor for ConstructBytecodeASTManager.

- * @param _gc TODO - * @param _c a {@link java.lang.String} object. - * @param _p a {@link java.lang.String} object. - * @param _t a {@link com.sap.psr.vulas.shared.enums.ConstructType} object. - */ - public ConstructBytecodeASTManager(GoalContext _gc, String _c, String _p, ConstructType _t) { - this.goalContext = _gc; - this.construct = _c; - this.path = _p; - this.type = _t; - this.lidVulnBytecodeAST = new HashMap(); - this.lidFixedBytecodeAST = new HashMap(); - } - - /** - *

addVulnLid.

- * - * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - */ - public void addVulnLid(LibraryId l){ - this.lidVulnBytecodeAST.put(l, null); - } - - /** - *

addFixedLid.

- * - * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - */ - public void addFixedLid(LibraryId l){ - this.lidFixedBytecodeAST.put(l, null); - } - - /** - *

getVulnLids.

- * - * @return a {@link java.util.Set} object. - */ - public Set getVulnLids(){ - return this.lidVulnBytecodeAST.keySet(); - } - - /** - *

getVulnAst.

- * - * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - * @return a {@link java.lang.String} object. - */ - public synchronized String getVulnAst(LibraryId l){ - if(this.lidVulnBytecodeAST.get(l)==null){ - String ast_lid = BackendConnector.getInstance().getAstForQnameInLib(this.goalContext, l.getMvnGroup()+"/"+l.getArtifact()+"/"+l.getVersion()+"/"+ - type.toString()+"/"+construct,false, ProgrammingLanguage.JAVA); - // the file is found - if (ast_lid != null) { - this.lidVulnBytecodeAST.put(l,ast_lid); - } - else { // the file is not found and cannot be used as a comparison basis, we set it to BytecodeNotFound to avoid further requests - this.lidVulnBytecodeAST.put (l,BYTECODE_NOT_FOUND); - } - } - String res = this.lidVulnBytecodeAST.get(l); - if(res==BYTECODE_NOT_FOUND){ - return null; - } - else { - return res; - } - } - - /** - *

getFixedLids.

- * - * @return a {@link java.util.Set} object. - */ - public Set getFixedLids(){ - return this.lidFixedBytecodeAST.keySet(); - } - - /** - *

getFixedAst.

- * - * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - * @return a {@link java.lang.String} object. - */ - public synchronized String getFixedAst(LibraryId l){ - if(this.lidFixedBytecodeAST.get(l)==null){ - String ast_lid = BackendConnector.getInstance().getAstForQnameInLib(this.goalContext, l.getMvnGroup()+"/"+l.getArtifact()+"/"+l.getVersion()+"/"+ - type.toString()+"/"+construct,false, ProgrammingLanguage.JAVA); - // the file is found - if (ast_lid != null) { - this.lidFixedBytecodeAST.put(l,ast_lid); - } - else { // the file is not found and cannot be used as a comparison basis, we set it to BytecodeNotFound to avoid furthur requests - this.lidFixedBytecodeAST.put (l,BYTECODE_NOT_FOUND); - } - } - - String res = this.lidFixedBytecodeAST.get(l); - if(res==BYTECODE_NOT_FOUND){ - return null; - } - else { - return res; - } - } - - /** - *

getLidsSize.

- * - * @return a {@link java.lang.Integer} object. - */ - public synchronized Integer getLidsSize(){ - return this.lidVulnBytecodeAST.size() + this.lidFixedBytecodeAST.size(); - } - + String construct; + String path; + + ConstructType type; + + private GoalContext goalContext = null; + + private static final String BYTECODE_NOT_FOUND = "none"; + + HashMap lidVulnBytecodeAST; + HashMap lidFixedBytecodeAST; + + /** + *

Constructor for ConstructBytecodeASTManager.

+ * @param _gc TODO + * @param _c a {@link java.lang.String} object. + * @param _p a {@link java.lang.String} object. + * @param _t a {@link com.sap.psr.vulas.shared.enums.ConstructType} object. + */ + public ConstructBytecodeASTManager(GoalContext _gc, String _c, String _p, ConstructType _t) { + this.goalContext = _gc; + this.construct = _c; + this.path = _p; + this.type = _t; + this.lidVulnBytecodeAST = new HashMap(); + this.lidFixedBytecodeAST = new HashMap(); + } + + /** + *

addVulnLid.

+ * + * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + */ + public void addVulnLid(LibraryId l) { + this.lidVulnBytecodeAST.put(l, null); + } + + /** + *

addFixedLid.

+ * + * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + */ + public void addFixedLid(LibraryId l) { + this.lidFixedBytecodeAST.put(l, null); + } + + /** + *

getVulnLids.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getVulnLids() { + return this.lidVulnBytecodeAST.keySet(); + } + + /** + *

getVulnAst.

+ * + * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + * @return a {@link java.lang.String} object. + */ + public synchronized String getVulnAst(LibraryId l) { + if (this.lidVulnBytecodeAST.get(l) == null) { + String ast_lid = + BackendConnector.getInstance() + .getAstForQnameInLib( + this.goalContext, + l.getMvnGroup() + + "/" + + l.getArtifact() + + "/" + + l.getVersion() + + "/" + + type.toString() + + "/" + + construct, + false, + ProgrammingLanguage.JAVA); + // the file is found + if (ast_lid != null) { + this.lidVulnBytecodeAST.put(l, ast_lid); + } else { // the file is not found and cannot be used as a comparison basis, we set it to + // BytecodeNotFound to avoid further requests + this.lidVulnBytecodeAST.put(l, BYTECODE_NOT_FOUND); + } + } + String res = this.lidVulnBytecodeAST.get(l); + if (res == BYTECODE_NOT_FOUND) { + return null; + } else { + return res; + } + } + + /** + *

getFixedLids.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getFixedLids() { + return this.lidFixedBytecodeAST.keySet(); + } + + /** + *

getFixedAst.

+ * + * @param l a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + * @return a {@link java.lang.String} object. + */ + public synchronized String getFixedAst(LibraryId l) { + if (this.lidFixedBytecodeAST.get(l) == null) { + String ast_lid = + BackendConnector.getInstance() + .getAstForQnameInLib( + this.goalContext, + l.getMvnGroup() + + "/" + + l.getArtifact() + + "/" + + l.getVersion() + + "/" + + type.toString() + + "/" + + construct, + false, + ProgrammingLanguage.JAVA); + // the file is found + if (ast_lid != null) { + this.lidFixedBytecodeAST.put(l, ast_lid); + } else { // the file is not found and cannot be used as a comparison basis, we set it to + // BytecodeNotFound to avoid furthur requests + this.lidFixedBytecodeAST.put(l, BYTECODE_NOT_FOUND); + } + } + + String res = this.lidFixedBytecodeAST.get(l); + if (res == BYTECODE_NOT_FOUND) { + return null; + } else { + return res; + } + } + + /** + *

getLidsSize.

+ * + * @return a {@link java.lang.Integer} object. + */ + public synchronized Integer getLidsSize() { + return this.lidVulnBytecodeAST.size() + this.lidFixedBytecodeAST.size(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/AarAnalyzer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/AarAnalyzer.java index 506fbcd7f..ac9416633 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/AarAnalyzer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/AarAnalyzer.java @@ -26,7 +26,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.FileAnalysisException; import com.sap.psr.vulas.shared.util.FileUtil; @@ -36,71 +35,77 @@ */ public class AarAnalyzer extends JarAnalyzer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final String CLASSES_JAR = "classes.jar"; - - private JarFile aar; - private JarWriter aarWriter; - - private Path tmpDir = null; // To where the AAR is extracted - - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { return new String[] { "aar" }; } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - try { - this.aar = new JarFile(_file, false, java.util.zip.ZipFile.OPEN_READ); - this.aarWriter = new JarWriter(_file.toPath()); - this.url = _file.getAbsolutePath().toString(); - - try { - this.tmpDir = java.nio.file.Files.createTempDirectory("aar_analysis_"); - } catch (IOException e) { - throw new IllegalStateException("Unable to create temp directory", e); - } - - this.aarWriter.extract(this.tmpDir); - - // TODO: What if no classes.jar - final File classes_jar = this.tmpDir.resolve(CLASSES_JAR).toFile(); - if(classes_jar!=null && FileUtil.isAccessibleFile(classes_jar.toPath())) { - JarAnalyzer.insertClasspath(classes_jar.toPath().toAbsolutePath().toString()); - this.jar = new JarFile(classes_jar, false, java.util.zip.ZipFile.OPEN_READ); - this.jarWriter = new JarWriter(classes_jar.toPath()); - } - else { - log.warn("No " + CLASSES_JAR + " found in [" + _file.toPath().toAbsolutePath() + "]"); - } - } catch (IllegalStateException e) { - log.error("IllegalStateException when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } catch (IOException e) { - log.error("IOException when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } catch (Exception e) { - log.error("Exception when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } - } - - /** - * {@inheritDoc} - * - * Returns the SHA1 digest of the AAR by computing it on the fly. - */ - @Override - public synchronized String getSHA1() { return this.aarWriter.getSHA1(); } - - /** - *

getFileName.

- * - * @return a {@link java.lang.String} object. - */ - public String getFileName() { - return this.aarWriter.getOriginalJarFileName().toString();// + "!" + CLASSES_JAR; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static final String CLASSES_JAR = "classes.jar"; + + private JarFile aar; + private JarWriter aarWriter; + + private Path tmpDir = null; // To where the AAR is extracted + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"aar"}; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + try { + this.aar = new JarFile(_file, false, java.util.zip.ZipFile.OPEN_READ); + this.aarWriter = new JarWriter(_file.toPath()); + this.url = _file.getAbsolutePath().toString(); + + try { + this.tmpDir = java.nio.file.Files.createTempDirectory("aar_analysis_"); + } catch (IOException e) { + throw new IllegalStateException("Unable to create temp directory", e); + } + + this.aarWriter.extract(this.tmpDir); + + // TODO: What if no classes.jar + final File classes_jar = this.tmpDir.resolve(CLASSES_JAR).toFile(); + if (classes_jar != null && FileUtil.isAccessibleFile(classes_jar.toPath())) { + JarAnalyzer.insertClasspath(classes_jar.toPath().toAbsolutePath().toString()); + this.jar = new JarFile(classes_jar, false, java.util.zip.ZipFile.OPEN_READ); + this.jarWriter = new JarWriter(classes_jar.toPath()); + } else { + log.warn("No " + CLASSES_JAR + " found in [" + _file.toPath().toAbsolutePath() + "]"); + } + } catch (IllegalStateException e) { + log.error("IllegalStateException when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } catch (IOException e) { + log.error("IOException when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } catch (Exception e) { + log.error("Exception when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } + } + + /** + * {@inheritDoc} + * + * Returns the SHA1 digest of the AAR by computing it on the fly. + */ + @Override + public synchronized String getSHA1() { + return this.aarWriter.getSHA1(); + } + + /** + *

getFileName.

+ * + * @return a {@link java.lang.String} object. + */ + public String getFileName() { + return this.aarWriter.getOriginalJarFileName().toString(); // + "!" + CLASSES_JAR; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/ArchiveAnalysisManager.java b/lang-java/src/main/java/com/sap/psr/vulas/java/ArchiveAnalysisManager.java index 6e5e7e407..be44c0505 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/ArchiveAnalysisManager.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/ArchiveAnalysisManager.java @@ -23,7 +23,6 @@ import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; -import java.nio.file.SimpleFileVisitor; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -37,16 +36,12 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.FileAnalyzer; -import com.sap.psr.vulas.core.util.CoreConfiguration; import com.sap.psr.vulas.shared.json.model.Application; import com.sap.psr.vulas.shared.json.model.Dependency; import com.sap.psr.vulas.shared.util.FileSearch; import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.shared.util.StopWatch; -import com.sap.psr.vulas.shared.util.VulasConfiguration; - /** * Parallelizes the analysis of Java archives. @@ -54,348 +49,380 @@ */ public class ArchiveAnalysisManager { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private ExecutorService pool; - - private boolean instrument = false; - private Application ctx = null; - private Path workDir = null; - private Path libDir = null; - private Path inclDir = null; - private Map analyzers = new HashMap(); - - /** Maps {@link JarAnalyzer}s, which implement {@link Callable}, to their respective {@link Future}. */ - private Map> futures = new HashMap>(); - - private boolean rename = false; - - private Map knownDependencies = null; - - private long analysisTimeout = -1; - - /** - *

Constructor for ArchiveAnalysisManager.

- * - * @param _pool_size the number of parallel analysis threads - * @param _timeout the timeout in milleseconds to wait for the completion of all analysis tasks (-1 means no timeout) - * @param _instr whether or not the Java archives shall be instrumented - * @param _ctx the application context in which the analysis takes place (if any) - */ - public ArchiveAnalysisManager(int _pool_size, long _timeout, boolean _instr, Application _ctx) { - this.pool = Executors.newFixedThreadPool(_pool_size); - this.analysisTimeout = _timeout; - this.instrument = _instr; - this.ctx = _ctx; - } - - /** - *

Setter for the field instrument.

- * - * @param _instr a boolean. - */ - public void setInstrument(boolean _instr) { this.instrument = _instr; } - - /** - *

Setter for the field workDir.

- * - * @param _p a {@link java.nio.file.Path} object. - */ - public void setWorkDir(Path _p) { this.setWorkDir(_p, false); } - - /** - *

Setter for the field workDir.

- * - * @param _p a {@link java.nio.file.Path} object. - * @param _create a boolean. - */ - public void setWorkDir(Path _p, boolean _create) { - this.workDir = _p; - if(_create) { - try { - Files.createDirectories(_p); - } catch (IOException e) { - ArchiveAnalysisManager.log.error("Error while creating dir [" + _p + "]: " + e.getMessage()); - } - } - ArchiveAnalysisManager.log.info("Work dir set to [" + _p + "]"); - } - - /** - *

Setter for the field libDir.

- * - * @param _p a {@link java.nio.file.Path} object. - */ - public void setLibDir(Path _p) { - this.libDir = _p; - ArchiveAnalysisManager.log.info("Lib dir set to [" + _p + "]"); - } - - /** - *

setIncludeDir.

- * - * @param _p a {@link java.nio.file.Path} object. - */ - public void setIncludeDir(Path _p) { - this.inclDir = _p; - ArchiveAnalysisManager.log.info("Include dir set to [" + _p + "]"); - } - - /** - *

getSupportedFileExtensions.

- * - * @return an array of {@link java.lang.String} objects. - */ - public static String[] getSupportedFileExtensions() { return new String[] { "jar", "war", "aar" }; } - - /** - *

canAnalyze.

- * - * @param _file a {@link java.io.File} object. - * @return a boolean. - */ - public static final boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** - * Determines whether the instrumented JAR is renamed or not. If yes, the new file name follows the following format: - * - If app context is provided: [originalJarName]-vulas-[appGroupId]-[appArtifactId]-[appVersion].jar - * - Otherwise: [originalJarName]-vulas.jar - * - * @param _b a boolean. - */ - public void setRename(boolean _b) { this.rename = _b; } - - /** - * Takes a map of file system paths to {@link Dependency}s. - * Entries will be used when instantiating {@link JarAnalyzer}s in {@link #startAnalysis(Set, JarAnalyzer)}. - * - * @param _deps a {@link java.util.Map} object. - */ - public void setKnownDependencies(Map _deps) { - this.knownDependencies = _deps; - } - - /** - * Returns the {@link Dependency} for a given archive, or null if no such archive is known. - * The underlying map is built during the execution of the Maven plugin. - * - * @param _p a {@link java.nio.file.Path} object. - * @return a {@link com.sap.psr.vulas.shared.json.model.Dependency} object. - */ - public Dependency getKnownDependency(Path _p) { - if(this.knownDependencies!=null) - return this.knownDependencies.get(_p); - else - return null; - } - - /** - * Starts the analysis for all {@link Path}s of the given {@link Map} that have a null value. - * As such, it can be used to avoid analyzing archives multiple times. - * - * @param _paths a {@link java.util.Map} object. - * @param _parent a {@link com.sap.psr.vulas.java.JarAnalyzer} object. - */ - public void startAnalysis(@NotNull Map _paths, JarAnalyzer _parent) { - - // Split those that have been analyzed already and those that need analysis - final Set not_yet_analyzed = new HashSet(); - for(Map.Entry entry: _paths.entrySet()) { - if(entry.getValue()==null) - not_yet_analyzed.add(entry.getKey()); - else - this.analyzers.put(entry.getKey(), entry.getValue()); - } - - // Analyze if necessary - if(!not_yet_analyzed.isEmpty()) { - log.info("[" + this.analyzers.size() + "/" + _paths.size() + "] archives already analyzed, the remaining [" + not_yet_analyzed.size() + "] will be analyzed now ..."); - this.startAnalysis(not_yet_analyzed, _parent); - } else { - log.info("All [" + this.analyzers.size() + "/" + _paths.size() + "] archives have been analyzed already"); - } - } - - /** - * Starts the analysis for all the given {@link Path}s, which must point to either JAR or WAR archives. - * - * @param _paths a {@link java.util.Set} object. - * @param parent a {@link com.sap.psr.vulas.java.JarAnalyzer} object. - */ - public void startAnalysis(@NotNull Set _paths, JarAnalyzer parent) { - - // Set the several static attributes of the JarAnalyzer, for all the instances created later - JarAnalyzer.setAppContext(this.ctx); - - // Add all the paths to the classpath, so that the compilation works (if instrumentation is requested). - for(Path p: _paths) { - try { - JarAnalyzer.insertClasspath(p.toString()); - } catch (Exception e) { - // No problem at all if instrumentation is not requested. - // If instrumentation is requested, however, some classes may not compile - ArchiveAnalysisManager.log.error("Error while updating the classpath: " + e.getMessage()); - } - } - - // Add additional JARs into the classpath (if any) - if(this.libDir!=null && (this.libDir.toFile().exists())) { - final FileSearch vis = new FileSearch(new String[] {"jar"}); - final Set libs = vis.search(this.libDir); - for(Path p: libs) { - try { - JarAnalyzer.insertClasspath(p.toString()); - } catch (Exception e) { - // No problem at all if instrumentation is not requested. - // If instrumentation is requested, however, some classes may not compile - ArchiveAnalysisManager.log.error("Error while updating the classpath from lib [" + this.libDir + "]: " + e.getMessage()); - } - } - } - - // Create temp directory for storing the modified JARs (if any) - if(this.instrument && this.workDir==null) { - try { - workDir = java.nio.file.Files.createTempDirectory("jar_analysis_"); - } catch (IOException e) { - throw new IllegalStateException("Unable to create work directory", e); - } - } - - // Create a JarAnalyzer for all paths, and ask the thread pool to start them - for(Path p: _paths) { - try { - JarAnalyzer ja = null; - if(p.toString().endsWith("jar")) { - ja = new JarAnalyzer(); - } - else if(p.toString().endsWith("war")) { - ja = new WarAnalyzer(); - ((WarAnalyzer)ja).setIncludeDir(this.inclDir); - } - else if(p.toString().endsWith("aar")) { - ja = new AarAnalyzer(); - } - else { - ArchiveAnalysisManager.log.warn("File extension not supported (only JAR, WAR, AAR): " + p); - continue; - } - - if(parent!=null) - ja.setParent(parent); - - ja.setRename(this.rename); - ja.setWorkDir(this.workDir); - - if(this.getKnownDependency(p)!=null) - ja.setLibraryId(this.getKnownDependency(p).getLib().getLibraryId()); - - ja.analyze(p.toFile()); - ja.setInstrument(this.instrument); // To be called after analyze, since instrument uses the URL member - - this.analyzers.put(p, ja); - - // Execute the analyzer - final Future future = this.pool.submit(ja); - this.futures.put(ja, future); - } catch (Exception e) { - ArchiveAnalysisManager.log.error("Error while analyzing path [" + p + "]: " + e.getMessage()); - } - } - - final StopWatch sw = new StopWatch("Analysis of [" + futures.size() + "] Java archives").setTotal(futures.size()).start(); - - this.pool.shutdown(); // Don't accept new tasks, wait for the completion of existing ones - - try { - while (!this.pool.awaitTermination(10, TimeUnit.SECONDS)) { - final Map> open_tasks = this.getOpenTasks(); - final long sw_runtime = sw.getRuntimeMillis(); - - // There are remaining tasks, and a timeout has been configured and reached - if(!open_tasks.isEmpty() && this.analysisTimeout!=-1 && sw_runtime > this.analysisTimeout) { - ArchiveAnalysisManager.log.warn("Timeout of [" + this.analysisTimeout + "ms] reached, the following [" + open_tasks.size() + "] non-completed analysis tasks will be canceled:"); - for(JarAnalyzer ja: open_tasks.keySet()) { - ArchiveAnalysisManager.log.info(" " + ja); - open_tasks.get(ja).cancel(true); - } - throw new JarAnalysisException("Timeout of [" + this.analysisTimeout + "ms] reached, [" + open_tasks.size() + "] have been canceled"); - } - // There are remaining tasks, but no timeout is set or reached - else if(!open_tasks.isEmpty()) { - ArchiveAnalysisManager.log.info("Waiting for the completion of [" + open_tasks.size() + "] analysis tasks"); - for(JarAnalyzer ja: open_tasks.keySet()) - ArchiveAnalysisManager.log.debug(" " + ja); - } - } - - sw.stop(); - } - catch (JarAnalysisException jae) { - sw.stop(jae); - } - catch (InterruptedException e) { - sw.stop(e); - } - } - - /** - * Returns all analysis {@link Future}s that are not (yet) done. - * @see Future#isDone() - * @return - */ - private final Map> getOpenTasks() { - final Map> open_tasks = new HashMap>(); - for(JarAnalyzer ja: this.futures.keySet()) { - if(!this.futures.get(ja).isDone()) { - open_tasks.put(ja, this.futures.get(ja)); - } - } - return open_tasks; - } - - /** - *

Getter for the field analyzers.

- * - * @return a {@link java.util.Set} object. - */ - public Set getAnalyzers() { - final HashSet analyzers = new HashSet(); - for(JarAnalyzer ja : this.analyzers.values()) { - analyzers.add(ja); - if(ja.hasChilds()) { - final Set fas = ja.getChilds(true); - for(FileAnalyzer fa: fas) - if(fa instanceof JarAnalyzer) - analyzers.add((JarAnalyzer)fa); - } - } - return analyzers; - } - - /** - * Returns the analyzer used to analyze a Java archive whose path ends with the given sub-path _p (the first match is taken), null if no such analyzer can be found. - * - * @param _p a {@link java.nio.file.Path} object. - * @return a {@link com.sap.psr.vulas.java.JarAnalyzer} object. - */ - public JarAnalyzer getAnalyzerForSubpath(Path _p) { - JarAnalyzer ja = null; - for(Path p: this.analyzers.keySet()) { - if(p.endsWith(_p)) { - ja = this.analyzers.get(p); - break; - } - } - return ja; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private ExecutorService pool; + + private boolean instrument = false; + private Application ctx = null; + private Path workDir = null; + private Path libDir = null; + private Path inclDir = null; + private Map analyzers = new HashMap(); + + /** Maps {@link JarAnalyzer}s, which implement {@link Callable}, to their respective {@link Future}. */ + private Map> futures = + new HashMap>(); + + private boolean rename = false; + + private Map knownDependencies = null; + + private long analysisTimeout = -1; + + /** + *

Constructor for ArchiveAnalysisManager.

+ * + * @param _pool_size the number of parallel analysis threads + * @param _timeout the timeout in milleseconds to wait for the completion of all analysis tasks (-1 means no timeout) + * @param _instr whether or not the Java archives shall be instrumented + * @param _ctx the application context in which the analysis takes place (if any) + */ + public ArchiveAnalysisManager(int _pool_size, long _timeout, boolean _instr, Application _ctx) { + this.pool = Executors.newFixedThreadPool(_pool_size); + this.analysisTimeout = _timeout; + this.instrument = _instr; + this.ctx = _ctx; + } + + /** + *

Setter for the field instrument.

+ * + * @param _instr a boolean. + */ + public void setInstrument(boolean _instr) { + this.instrument = _instr; + } + + /** + *

Setter for the field workDir.

+ * + * @param _p a {@link java.nio.file.Path} object. + */ + public void setWorkDir(Path _p) { + this.setWorkDir(_p, false); + } + + /** + *

Setter for the field workDir.

+ * + * @param _p a {@link java.nio.file.Path} object. + * @param _create a boolean. + */ + public void setWorkDir(Path _p, boolean _create) { + this.workDir = _p; + if (_create) { + try { + Files.createDirectories(_p); + } catch (IOException e) { + ArchiveAnalysisManager.log.error( + "Error while creating dir [" + _p + "]: " + e.getMessage()); + } + } + ArchiveAnalysisManager.log.info("Work dir set to [" + _p + "]"); + } + + /** + *

Setter for the field libDir.

+ * + * @param _p a {@link java.nio.file.Path} object. + */ + public void setLibDir(Path _p) { + this.libDir = _p; + ArchiveAnalysisManager.log.info("Lib dir set to [" + _p + "]"); + } + + /** + *

setIncludeDir.

+ * + * @param _p a {@link java.nio.file.Path} object. + */ + public void setIncludeDir(Path _p) { + this.inclDir = _p; + ArchiveAnalysisManager.log.info("Include dir set to [" + _p + "]"); + } + + /** + *

getSupportedFileExtensions.

+ * + * @return an array of {@link java.lang.String} objects. + */ + public static String[] getSupportedFileExtensions() { + return new String[] {"jar", "war", "aar"}; + } + + /** + *

canAnalyze.

+ * + * @param _file a {@link java.io.File} object. + * @return a boolean. + */ + public static final boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** + * Determines whether the instrumented JAR is renamed or not. If yes, the new file name follows the following format: + * - If app context is provided: [originalJarName]-vulas-[appGroupId]-[appArtifactId]-[appVersion].jar + * - Otherwise: [originalJarName]-vulas.jar + * + * @param _b a boolean. + */ + public void setRename(boolean _b) { + this.rename = _b; + } + + /** + * Takes a map of file system paths to {@link Dependency}s. + * Entries will be used when instantiating {@link JarAnalyzer}s in {@link #startAnalysis(Set, JarAnalyzer)}. + * + * @param _deps a {@link java.util.Map} object. + */ + public void setKnownDependencies(Map _deps) { + this.knownDependencies = _deps; + } + + /** + * Returns the {@link Dependency} for a given archive, or null if no such archive is known. + * The underlying map is built during the execution of the Maven plugin. + * + * @param _p a {@link java.nio.file.Path} object. + * @return a {@link com.sap.psr.vulas.shared.json.model.Dependency} object. + */ + public Dependency getKnownDependency(Path _p) { + if (this.knownDependencies != null) return this.knownDependencies.get(_p); + else return null; + } + + /** + * Starts the analysis for all {@link Path}s of the given {@link Map} that have a null value. + * As such, it can be used to avoid analyzing archives multiple times. + * + * @param _paths a {@link java.util.Map} object. + * @param _parent a {@link com.sap.psr.vulas.java.JarAnalyzer} object. + */ + public void startAnalysis(@NotNull Map _paths, JarAnalyzer _parent) { + + // Split those that have been analyzed already and those that need analysis + final Set not_yet_analyzed = new HashSet(); + for (Map.Entry entry : _paths.entrySet()) { + if (entry.getValue() == null) not_yet_analyzed.add(entry.getKey()); + else this.analyzers.put(entry.getKey(), entry.getValue()); + } + + // Analyze if necessary + if (!not_yet_analyzed.isEmpty()) { + log.info( + "[" + + this.analyzers.size() + + "/" + + _paths.size() + + "] archives already analyzed, the remaining [" + + not_yet_analyzed.size() + + "] will be analyzed now ..."); + this.startAnalysis(not_yet_analyzed, _parent); + } else { + log.info( + "All [" + + this.analyzers.size() + + "/" + + _paths.size() + + "] archives have been analyzed already"); + } + } + + /** + * Starts the analysis for all the given {@link Path}s, which must point to either JAR or WAR archives. + * + * @param _paths a {@link java.util.Set} object. + * @param parent a {@link com.sap.psr.vulas.java.JarAnalyzer} object. + */ + public void startAnalysis(@NotNull Set _paths, JarAnalyzer parent) { + + // Set the several static attributes of the JarAnalyzer, for all the instances created later + JarAnalyzer.setAppContext(this.ctx); + + // Add all the paths to the classpath, so that the compilation works (if instrumentation is + // requested). + for (Path p : _paths) { + try { + JarAnalyzer.insertClasspath(p.toString()); + } catch (Exception e) { + // No problem at all if instrumentation is not requested. + // If instrumentation is requested, however, some classes may not compile + ArchiveAnalysisManager.log.error("Error while updating the classpath: " + e.getMessage()); + } + } + + // Add additional JARs into the classpath (if any) + if (this.libDir != null && (this.libDir.toFile().exists())) { + final FileSearch vis = new FileSearch(new String[] {"jar"}); + final Set libs = vis.search(this.libDir); + for (Path p : libs) { + try { + JarAnalyzer.insertClasspath(p.toString()); + } catch (Exception e) { + // No problem at all if instrumentation is not requested. + // If instrumentation is requested, however, some classes may not compile + ArchiveAnalysisManager.log.error( + "Error while updating the classpath from lib [" + + this.libDir + + "]: " + + e.getMessage()); + } + } + } + + // Create temp directory for storing the modified JARs (if any) + if (this.instrument && this.workDir == null) { + try { + workDir = java.nio.file.Files.createTempDirectory("jar_analysis_"); + } catch (IOException e) { + throw new IllegalStateException("Unable to create work directory", e); + } + } + + // Create a JarAnalyzer for all paths, and ask the thread pool to start them + for (Path p : _paths) { + try { + JarAnalyzer ja = null; + if (p.toString().endsWith("jar")) { + ja = new JarAnalyzer(); + } else if (p.toString().endsWith("war")) { + ja = new WarAnalyzer(); + ((WarAnalyzer) ja).setIncludeDir(this.inclDir); + } else if (p.toString().endsWith("aar")) { + ja = new AarAnalyzer(); + } else { + ArchiveAnalysisManager.log.warn( + "File extension not supported (only JAR, WAR, AAR): " + p); + continue; + } + + if (parent != null) ja.setParent(parent); + + ja.setRename(this.rename); + ja.setWorkDir(this.workDir); + + if (this.getKnownDependency(p) != null) + ja.setLibraryId(this.getKnownDependency(p).getLib().getLibraryId()); + + ja.analyze(p.toFile()); + ja.setInstrument( + this.instrument); // To be called after analyze, since instrument uses the URL member + + this.analyzers.put(p, ja); + + // Execute the analyzer + final Future future = this.pool.submit(ja); + this.futures.put(ja, future); + } catch (Exception e) { + ArchiveAnalysisManager.log.error( + "Error while analyzing path [" + p + "]: " + e.getMessage()); + } + } + + final StopWatch sw = + new StopWatch("Analysis of [" + futures.size() + "] Java archives") + .setTotal(futures.size()) + .start(); + + this.pool.shutdown(); // Don't accept new tasks, wait for the completion of existing ones + + try { + while (!this.pool.awaitTermination(10, TimeUnit.SECONDS)) { + final Map> open_tasks = this.getOpenTasks(); + final long sw_runtime = sw.getRuntimeMillis(); + + // There are remaining tasks, and a timeout has been configured and reached + if (!open_tasks.isEmpty() + && this.analysisTimeout != -1 + && sw_runtime > this.analysisTimeout) { + ArchiveAnalysisManager.log.warn( + "Timeout of [" + + this.analysisTimeout + + "ms] reached, the following [" + + open_tasks.size() + + "] non-completed analysis tasks will be canceled:"); + for (JarAnalyzer ja : open_tasks.keySet()) { + ArchiveAnalysisManager.log.info(" " + ja); + open_tasks.get(ja).cancel(true); + } + throw new JarAnalysisException( + "Timeout of [" + + this.analysisTimeout + + "ms] reached, [" + + open_tasks.size() + + "] have been canceled"); + } + // There are remaining tasks, but no timeout is set or reached + else if (!open_tasks.isEmpty()) { + ArchiveAnalysisManager.log.info( + "Waiting for the completion of [" + open_tasks.size() + "] analysis tasks"); + for (JarAnalyzer ja : open_tasks.keySet()) ArchiveAnalysisManager.log.debug(" " + ja); + } + } + + sw.stop(); + } catch (JarAnalysisException jae) { + sw.stop(jae); + } catch (InterruptedException e) { + sw.stop(e); + } + } + + /** + * Returns all analysis {@link Future}s that are not (yet) done. + * @see Future#isDone() + * @return + */ + private final Map> getOpenTasks() { + final Map> open_tasks = + new HashMap>(); + for (JarAnalyzer ja : this.futures.keySet()) { + if (!this.futures.get(ja).isDone()) { + open_tasks.put(ja, this.futures.get(ja)); + } + } + return open_tasks; + } + + /** + *

Getter for the field analyzers.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getAnalyzers() { + final HashSet analyzers = new HashSet(); + for (JarAnalyzer ja : this.analyzers.values()) { + analyzers.add(ja); + if (ja.hasChilds()) { + final Set fas = ja.getChilds(true); + for (FileAnalyzer fa : fas) if (fa instanceof JarAnalyzer) analyzers.add((JarAnalyzer) fa); + } + } + return analyzers; + } + + /** + * Returns the analyzer used to analyze a Java archive whose path ends with the given sub-path _p (the first match is taken), null if no such analyzer can be found. + * + * @param _p a {@link java.nio.file.Path} object. + * @return a {@link com.sap.psr.vulas.java.JarAnalyzer} object. + */ + public JarAnalyzer getAnalyzerForSubpath(Path _p) { + JarAnalyzer ja = null; + for (Path p : this.analyzers.keySet()) { + if (p.endsWith(_p)) { + ja = this.analyzers.get(p); + break; + } + } + return ja; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/ClassFileAnalyzer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/ClassFileAnalyzer.java index 3f1a5b724..9592bb2fd 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/ClassFileAnalyzer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/ClassFileAnalyzer.java @@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; @@ -46,109 +45,125 @@ */ public class ClassFileAnalyzer implements FileAnalyzer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** The file to be analyzed. */ - private File file = null; - - /** All Java constructs found in the given class file. */ - private Map constructs = null; - - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { - return new String[] { "class" }; - } - - /** {@inheritDoc} */ - @Override - public boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - this.setFile(_file); - } - - /** - *

Setter for the field file.

- * - * @param _file a {@link java.io.File} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void setFile(File _file) throws IllegalArgumentException { - final String ext = FileUtil.getFileExtension(_file); - if(!ext.equals("class")) - throw new IllegalArgumentException("Expected a class file but got [" + _file + "]"); - if(!FileUtil.isAccessibleFile(_file.toPath())) - throw new IllegalArgumentException("Cannot open file [" + _file + "]"); - this.file = _file; - } - - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructs==null) { - try { - this.constructs = new TreeMap(); - - // Create a Javassist representation of the class file - final CtClass ctclass; - try (final FileInputStream fis = new FileInputStream(this.file)) { - ctclass = ClassPool.getDefault().makeClass(fis); - } - - // Update default class pool so that other classes are also found (e.g., the declaring class of nested classes when constructing the ClassVisitor) - //TODO HP, 4.4.16: This does not yet seem to work - ClassPoolUpdater.getInstance().updateClasspath(ctclass, this.file); - - // Only add constructs of ctclass is either a class or enum (no interfaces) - if(ctclass.isInterface()) { - ClassFileAnalyzer.log.debug("Interface [" + ctclass.getName() + "] skipped"); - } - else { - // Use a class visitor to get all constructs from the class file - final ClassVisitor cv = new ClassVisitor(ctclass); - final Set temp_constructs = cv.getConstructs(); - - // Add all constructs with a "" body - // TODO: Change Construct so that string (for source files) and binary bodies (file compiled classes) can be covered - for(ConstructId c: temp_constructs) - this.constructs.put(c, new Construct(c, "")); - } - } catch (FileNotFoundException e) { - throw new FileAnalysisException(e.getMessage(), e); - } catch (IOException e) { - throw new FileAnalysisException("IO exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } catch (RuntimeException e) { - throw new FileAnalysisException("Runtime exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } - } - return this.constructs; - } - - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { return this.getConstructs().containsKey(_id); } - - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { return this.getConstructs().get(_id); } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { return false; } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { return null; } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** The file to be analyzed. */ + private File file = null; + + /** All Java constructs found in the given class file. */ + private Map constructs = null; + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"class"}; + } + + /** {@inheritDoc} */ + @Override + public boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + this.setFile(_file); + } + + /** + *

Setter for the field file.

+ * + * @param _file a {@link java.io.File} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void setFile(File _file) throws IllegalArgumentException { + final String ext = FileUtil.getFileExtension(_file); + if (!ext.equals("class")) + throw new IllegalArgumentException("Expected a class file but got [" + _file + "]"); + if (!FileUtil.isAccessibleFile(_file.toPath())) + throw new IllegalArgumentException("Cannot open file [" + _file + "]"); + this.file = _file; + } + + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructs == null) { + try { + this.constructs = new TreeMap(); + + // Create a Javassist representation of the class file + final CtClass ctclass; + try (final FileInputStream fis = new FileInputStream(this.file)) { + ctclass = ClassPool.getDefault().makeClass(fis); + } + + // Update default class pool so that other classes are also found (e.g., the declaring class + // of nested classes when constructing the ClassVisitor) + // TODO HP, 4.4.16: This does not yet seem to work + ClassPoolUpdater.getInstance().updateClasspath(ctclass, this.file); + + // Only add constructs of ctclass is either a class or enum (no interfaces) + if (ctclass.isInterface()) { + ClassFileAnalyzer.log.debug("Interface [" + ctclass.getName() + "] skipped"); + } else { + // Use a class visitor to get all constructs from the class file + final ClassVisitor cv = new ClassVisitor(ctclass); + final Set temp_constructs = cv.getConstructs(); + + // Add all constructs with a "" body + // TODO: Change Construct so that string (for source files) and binary bodies (file + // compiled classes) can be covered + for (ConstructId c : temp_constructs) this.constructs.put(c, new Construct(c, "")); + } + } catch (FileNotFoundException e) { + throw new FileAnalysisException(e.getMessage(), e); + } catch (IOException e) { + throw new FileAnalysisException( + "IO exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } catch (RuntimeException e) { + throw new FileAnalysisException( + "Runtime exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } + } + return this.constructs; + } + + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().containsKey(_id); + } + + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().get(_id); + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return false; + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + return null; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalysisException.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalysisException.java index a9f9ef36e..84bea3ea1 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalysisException.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalysisException.java @@ -24,22 +24,22 @@ * */ public class JarAnalysisException extends Exception { - private static final long serialVersionUID = 1L; - /** - *

Constructor for JarAnalysisException.

- * - * @param _msg a {@link java.lang.String} object. - */ - public JarAnalysisException(String _msg) { - super(_msg); - } - /** - *

Constructor for JarAnalysisException.

- * - * @param _msg a {@link java.lang.String} object. - * @param _cause a {@link java.lang.Throwable} object. - */ - public JarAnalysisException(String _msg, Throwable _cause) { - super(_msg, _cause); - } + private static final long serialVersionUID = 1L; + /** + *

Constructor for JarAnalysisException.

+ * + * @param _msg a {@link java.lang.String} object. + */ + public JarAnalysisException(String _msg) { + super(_msg); + } + /** + *

Constructor for JarAnalysisException.

+ * + * @param _msg a {@link java.lang.String} object. + * @param _cause a {@link java.lang.Throwable} object. + */ + public JarAnalysisException(String _msg, Throwable _cause) { + super(_msg, _cause); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalyzer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalyzer.java index 59ed0b483..65e022250 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalyzer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JarAnalyzer.java @@ -69,628 +69,772 @@ import javassist.CtClass; import javassist.NotFoundException; - /** * Analyzes a single Java archives as to identify (and potentially instrument) all its constructs. */ public class JarAnalyzer implements Callable, JarEntryWriter, FileAnalyzer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final ClassPool CLASSPOOL = ClassPool.getDefault(); - - // The following can be set statically, and will be given to all ClassVisitors (for being included in the instrumentation) - private static Application APP_CTX = null; - - protected Set constructs = null; - private Map constructBodies = null; - - private Set classNames = new HashSet(); - protected String url = null; - protected JarFile jar = null; - protected boolean instrument = false; // Set by the constructor, determines whether or not the class methods/constructors are instrumented - protected boolean rename = false; // Appends app context to original file name: -vulas---.jar - - protected int classCount = 0; - protected int enumCount = 0; - protected int interfaceCount = 0; - - private MapinstrumentedClasses = new HashMap(); - - protected Path workDir = null; // To where modified JARs are written - - private LibraryId libraryId = null; - - private Set bundledLibraryIds = new HashSet(); - - protected JarWriter jarWriter = null; - - private JarAnalyzer parent = null; - - protected InstrumentationControl instrControl = null; - - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { return new String[] { "jar" }; } - - /** {@inheritDoc} */ - @Override - public final boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - try { - this.jar = new JarFile(_file, false, java.util.zip.ZipFile.OPEN_READ); - this.jarWriter = new JarWriter(_file.toPath()); - this.url = _file.getAbsolutePath().toString(); - } catch (IllegalStateException e) { - log.error("IllegalStateException when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } catch (IOException e) { - log.error("IOException when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } catch (Exception e) { - log.error("Exception when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } - } - - /** - *

Setter for the field instrument.

- * - * @param _instrument a boolean. - */ - public void setInstrument(boolean _instrument) { - this.instrument = _instrument; - if(this.instrument) - this.instrControl = InstrumentationControl.getInstance(this.url); - } - - /** - *

getPath.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getPath() { - return Paths.get(this.url); - } - - /** - *

Setter for the field parent.

- * - * @param ja a {@link com.sap.psr.vulas.java.JarAnalyzer} object. - */ - public void setParent(JarAnalyzer ja){ - this.parent= ja; - } - - /** - *

Getter for the field parent.

- * - * @return a {@link com.sap.psr.vulas.java.JarAnalyzer} object. - */ - public JarAnalyzer getParent(){ - return this.parent; - } - - /** - * Returns the size of the original JAR file (before instrumentation). - * - * @see #getInstrumentedFileSize() - * @return a long. - */ - public long getFileSize() { return this.jarWriter.getFileSize(); } - - /** - * Returns the size of the instrumented JAR file (or -1 if no instrumentation took place). - * - * @see #getFileSize() - * @return a long. - */ - public long getInstrumentedFileSize() { return this.jarWriter.getInstrumentedFileSize(); } - - /** - * Specifies the work directory into which instrumented JARs are written. If null, a temporary directory will be created. - * - * @param _p a {@link java.nio.file.Path} object. - */ - public void setWorkDir(Path _p) { this.workDir = _p; } - - /** - * Determines whether the instrumented JAR is renamed or not. If yes, the new file name follows the following format: - * - If app context is provided: [originalJarName]-vulas-[appGroupId]-[appArtifactId]-[appVersion].jar - * - Otherwise: [originalJarName]-vulas-instr.jar - * - * @param _b a boolean. - */ - public void setRename(boolean _b) { this.rename = _b; } - - /** - * Sets the Maven Id for the JAR to be analyzed. The Maven ID is already known in some contexts (e.g., during Maven plugin execution). - * - * @param _id a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - */ - public void setLibraryId(LibraryId _id) { this.libraryId = _id; } - - /** - * Returns a {@link Library} representing the analyzed Java archive. - * - * @throws com.sap.psr.vulas.FileAnalysisException - * @return a {@link com.sap.psr.vulas.shared.json.model.Library} object. - */ - public Library getLibrary() throws FileAnalysisException { - final Library lib = new Library(this.getSHA1()); - - lib.setDigestAlgorithm(DigestAlgorithm.SHA1); - lib.setConstructs(this.getSharedConstructs()); - lib.setLibraryId(this.libraryId); - - if(this.bundledLibraryIds!=null && !this.bundledLibraryIds.isEmpty()) - lib.setBundledLibraryIds(this.bundledLibraryIds); - - final Set p = new HashSet(); - if(this.jarWriter.getOriginalManifest()!=null) { - for(Object key: this.jarWriter.getOriginalManifest().getMainAttributes().keySet()) { - p.add(new Property(PropertySource.JAVA_MANIFEST, key.toString(), this.jarWriter.getOriginalManifest().getMainAttributes().get(key).toString())); - } - } - lib.setProperties(p); - - return lib; - } - - /** - * Returns the SHA1 digest of the JAR. Either taken from the manifest (entry VULAS-originalSHA1, in case the original JAR has been instrumented - * offline), or by computing it on the fly. - * - * @return the SHA1 digest of the JAR - */ - public synchronized String getSHA1() { return this.jarWriter.getSHA1(); } - - /** - *

getFileName.

- * - * @return a {@link java.lang.String} object. - */ - public String getFileName() { - return this.jarWriter.getOriginalJarFileName().toString(); - } - - /** - * This method is called by {@link ArchiveAnalysisManager}. - * - * @return a {@link com.sap.psr.vulas.FileAnalyzer} object. - */ - public FileAnalyzer call() { - try { - this.getSHA1(); - this.getConstructIds(); - this.getChilds(true); - if(this.instrument) { - try { - this.createInstrumentedArchive(); - } - catch(JarAnalysisException jae) { - JarAnalyzer.log.error(this.toString() + ": " + jae.getMessage()); - } - } - } - catch(Exception e) { - if(e instanceof NullPointerException) { - JarAnalyzer.log.error(this.toString() + ": [" + e.getClass().getSimpleName() + "] during analysis"); - e.printStackTrace(); - } else { - JarAnalyzer.log.error(this.toString() + ": [" + e.getClass().getSimpleName() + "] during analysis: " + e.getMessage()); - } - } - return this; - } - - /** - * See here: http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html - * - * @throws com.sap.psr.vulas.java.JarAnalysisException - */ - protected void createInstrumentedArchive() throws JarAnalysisException { - - // Additional manifest file entries - this.jarWriter.addManifestEntry("VULAS-classInstrStats", "[" + this.classCount + " total, " + this.instrControl.countClassesInstrumentedAlready() + " existed, " + this.instrControl.countClassesInstrumentedSuccess() + " ok, " + this.instrControl.countClassesInstrumentedFailure() + " err]"); - this.jarWriter.addManifestEntry("VULAS-constructStats", "[" + constructs.size() + " constructs]"); - if(JarAnalyzer.getAppContext()!=null) - this.jarWriter.addManifestEntry("VULAS-appContext", JarAnalyzer.getAppContext().getMvnGroup() + ":" + - JarAnalyzer.getAppContext().getArtifact() + ":" + - JarAnalyzer.getAppContext().getVersion()); - - // Register this JarAnalyzer for callbacks - this.jarWriter.register(".*.class$", this); - - // Rename - if(this.rename) - this.jarWriter.setClassifier("vulas-instr"); - - // Rewrite - this.jarWriter.rewrite(this.workDir); - - // Stats - this.instrControl.logStatistics(); - } - - /** - *

getInstrumentedArchive.

- * - * @return a {@link java.io.File} object. - */ - public final File getInstrumentedArchive() { - return this.jarWriter.getRewrittenJarFile(); - } - - /** - * Returns the class names for all class files found in the given archive. - * - * @return a {@link java.util.Set} object. - */ - public Set getClassNames() { - // Trigger the scan (in case not yet done) - this.hasJARConstructs(); - return this.classNames; - } - - /** - *

hasJARConstructs.

- * - * @return a boolean. - */ - public boolean hasJARConstructs() { return this.getConstructIds().size()>0; } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { - return false; - } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { - return null; - } - - /** - * Identifies all {@link ConstructId}s of all methods and constructors. - * - * @return a {@link java.util.Set} object. - */ - public synchronized Set getConstructIds() { - //this method is used to collect statistics about the analyzed jars but these are not available (and thus skipped if the flag skipknownArchive is true - //if(this.constructs==null && !uploadEnabledAndSkipKnownArchive()) { - if(this.constructs==null) { - this.constructs = new TreeSet(); - - final SAXParserFactory spf = SAXParserFactory.newInstance(); - spf.setNamespaceAware(true); - - // Loop all files in order to identify Java classes and bundled pom.xml files - final Enumeration en = this.jar.entries(); - while(en.hasMoreElements()) { - final JarEntry je = en.nextElement(); - - // 18.11.2014: Ignore "package-info.class" files, which can contain annotations and documentation - // 05.12.2017: Ignore "module-info.class" files, which can contain annotations and documentation - if(je.getName().endsWith(".class") && !je.getName().endsWith("package-info.class") && !je.getName().endsWith("module-info.class")) { - final String fqn = JarAnalyzer.getFqClassname(je.getName()); - if(fqn!=null) { - this.classNames.add(fqn); - JarAnalyzer.log.debug("JAR entry [" + je.getName() + "] transformed to Java class identifier [" + fqn + "]"); - } - else { - JarAnalyzer.log.warn("JAR entry [" + je.getName() + "] will be ignored, as no Java class identifier could be built"); - } - } - else if(je.getName().endsWith("pom.xml")) { - try { - final PomParser pp = new PomParser(); - final SAXParser saxParser = spf.newSAXParser(); - final XMLReader xmlReader = saxParser.getXMLReader(); - xmlReader.setContentHandler(pp); - xmlReader.parse(new InputSource(this.jar.getInputStream(je))); - if(pp.getLibraryId().isDefined()) - this.bundledLibraryIds.add(pp.getLibraryId()); - } catch (ParserConfigurationException e) { - JarAnalyzer.log.warn("Parser configuration exception when parsing JAR entry [" + je.getName() + "]: " + e.getMessage(), e); - } catch (SAXException e) { - JarAnalyzer.log.warn("Exception when parsing JAR entry [" + je.getName() + "]: " + e.getMessage(), e); - } catch (IOException e) { - JarAnalyzer.log.warn("I/O exception for JAR entry [" + je.getName() + "]: " + e.getMessage(), e); - } - } - } - - // // From where the classes will be loaded - // ClassPool cp = ClassPool.getDefault(); - // // Must include the JAR file itself plus, optionally, other dependencies (read from a static attribute) - // try { - // cp.insertClassPath(this.url); - // } catch (NotFoundException e) { - // JarAnalyzer.log.error("Error while adding JAR '" + this.url + "' to class path"); - // } - - // Add the current JAR to the classpath - try { - JarAnalyzer.insertClasspath(this.url); - } catch (NotFoundException e) { - JarAnalyzer.log.error("Error while adding JAR [" + this.url + "] to class path"); - } - - // Visit all classes using Javassist (and instrument as many as possible - if requested) - CtClass ctclass = null; - ClassVisitor cv = null; - - for(String cn: this.classNames) { - try { - ctclass = JarAnalyzer.getClassPool().get(cn); - - // Ignore interfaces (no executable code) and enums (rarely containing executable code, perhaps to be included later on) - if(ctclass.isInterface()) { - this.interfaceCount++; - } - else { - - if(ctclass.isEnum()) - this.enumCount++; - else - this.classCount++; - - // Create ClassVisitor for the current Java class - cv = new ClassVisitor(ctclass); - this.constructs.addAll(cv.getConstructs()); - - // Instrument (if requested and not blacklisted) - if(this.instrument && !this.instrControl.isBlacklistedClass(cn)) { - cv.setOriginalArchiveDigest(this.getSHA1()); - cv.setAppContext(JarAnalyzer.getAppContext()); - if(cv.isInstrumented()) - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); - else { - try { - cv.visitMethods(true); - cv.visitConstructors(true); - cv.finalizeInstrumentation(); - this.instrumentedClasses.put(cv.getJavaId(), cv); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(true)); - } catch (IOException ioe) { - JarAnalyzer.log.error("I/O exception while instrumenting class [" + cv.getJavaId().getQualifiedName() + "]: " + ioe.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } catch (CannotCompileException cce) { - JarAnalyzer.log.warn("Cannot compile instrumented class [" + cv.getJavaId().getQualifiedName() + "]: " + cce.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } catch (Exception e) { - JarAnalyzer.log.error(e.getClass().getName() + " occured while instrumenting class [" + cv.getJavaId().getQualifiedName() + "]: " + e.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } - } - } - } - if(!this.instrument){ - //only detach if no static instrumentation (otherwise it will fail because the class was modified) - // in case the instrumentation is performed the detach is done in ClassVisitor.finalizeInstrumentation - ctclass.detach(); - } - } catch (NotFoundException nfe) { - JarAnalyzer.log.error(this.toString() + ": NotFoundException while analyzing class [" + cn + "]: " + nfe.getMessage()); - continue; - } catch (RuntimeException re) { - JarAnalyzer.log.error(this.toString() + ": RuntimeException while analyzing class [" + ctclass.getName() + "]: " + re.getMessage()); - continue; - } - } - if(this.instrument) - JarAnalyzer.log.info(this.toString() + ": classes comprised/already-instr/instr/not-instr [" + this.classCount + "/" + this.instrControl.countClassesInstrumentedAlready() + "/" + this.instrControl.countClassesInstrumentedSuccess() + "/" + this.instrControl.countClassesInstrumentedFailure() + "], constructs comprised [" + constructs.size() + "], enums [" + enumCount + "], interfaces (ignored) [" + interfaceCount + "]"); - else - JarAnalyzer.log.info(this.toString() + ": constructs comprised [" + constructs.size() + "], classes [" + this.classCount + "], enums [" + enumCount + "], interfaces (ignored) [" + interfaceCount + "]"); - } - return this.constructs; - } - - /** - *

toString.

- * - * @return a {@link java.lang.String} object. - */ - public String toString() { - final StringBuilder b = new StringBuilder(); - final String classname = this.getClass().getName().substring(1 + this.getClass().getName().lastIndexOf(".")); - b.append(classname + "[Xar=").append(this.getFileName()); - b.append(", libId=").append( (this.libraryId==null?"false":this.libraryId.toString())); - b.append(", instr=").append(this.instrument); - b.append(", instrCtx=").append( (JarAnalyzer.getAppContext()==null?"false":JarAnalyzer.getAppContext().toString(false)) ).append("]"); - return b.toString(); - } - - /** - *

getInstrumentationControl.

- * - * @return a {@link com.sap.psr.vulas.monitor.InstrumentationControl} object. - */ - public InstrumentationControl getInstrumentationControl() { return this.instrControl; } - - /** - * {@inheritDoc} - * - * In case the archive is rewritten, this method is used to rewrite certain {@link JarEntry}s - * (rather than taking the file from the original archive). - * The callback registration takes place in {@link #createInstrumentedArchive()}. - */ - @Override - public InputStream getInputStream(String _regex, JarEntry _entry) { - InputStream is = null; - - if(_regex.equals(".*.class$")) { - JavaId jid = null; - - // Create JavaId from entry name - try { - String class_name = _entry.getName(); - class_name = class_name.substring(0, class_name.length()-6); // ".class" - class_name = class_name.replace('/', '.'); - jid = JavaId.parseClassQName(class_name); - } catch (Exception e) { - JarAnalyzer.log.error("Cannot parse Java Id from Jar Entry [" + _entry.getName() + "]: " + e.getMessage()); - jid = null; - } - - // Create input stream - if(jid!=null && this.instrumentedClasses.get(jid)!=null) { - //new_entry.setSize(this.instrumentedClasses.get(jid).getBytecode().length); - is = new ByteArrayInputStream(this.instrumentedClasses.get(jid).getBytecode()); - } - } - - return is; - } - - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructBodies==null) { - this.constructBodies = new TreeMap(); - for(ConstructId c: this.getConstructIds()) { - this.constructBodies.put(c, new Construct(c, "")); - } - } - return this.constructBodies; - } - - /** - *

getSharedConstructs.

- * - * @return a {@link java.util.List} object. - * @throws com.sap.psr.vulas.FileAnalysisException if any. - */ - public List getSharedConstructs() throws FileAnalysisException { - List l= new ArrayList(); - for(ConstructId c: this.getConstructIds()) { - l.add(new com.sap.psr.vulas.shared.json.model.ConstructId(ProgrammingLanguage.JAVA, c.getSharedType(),c.getQualifiedName())); - } - return l; - } - - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { return this.getConstructs().containsKey(_id); } - - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { return this.getConstructs().get(_id); } - - /** {@inheritDoc} */ - @Override - public boolean equals(Object obj){ - //We need to distinguish Jars with same digest but different path to be able to link parents to their digest. However the relativePath should be used once we start using it. - return obj instanceof JarAnalyzer && this.getSHA1().equals(((JarAnalyzer)obj).getSHA1()) && this.getPath().toString().equals(((JarAnalyzer)obj).getPath().toString()); - } - - /** {@inheritDoc} */ - @Override - public int hashCode(){ - return this.getSHA1().hashCode(); - } - - // ---------------------------- STATIC METHODS - - /** - *

isJavaIdentifier.

- * - * @param _name a {@link java.lang.String} object. - * @return a boolean. - */ - public static boolean isJavaIdentifier(String _name) { - if(_name==null || _name.equals("")) - return false; - final char[] chars = _name.toCharArray(); - for(int i=0; i i = p.iterator(); - - while(i.hasNext()) { - String element = i.next().toString(); - if(element.endsWith(".class")) - element = element.substring(0, element.length()-6); // ".class" - if(JarAnalyzer.isJavaIdentifier(element)) { - if(fqn.length()!=0) - fqn.append('.'); - fqn.append(element); - } - else { - JarAnalyzer.log.warn("JAR entry [" + _jar_entry_name + "] cannot be transformed to a fully-qualified Java class identifier, because [" + element + "] is not a valid identifier"); - return null; - } - } - cn = fqn.toString(); - } - } - return cn; - } - - /** - *

setAppContext.

- * - * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public static void setAppContext(Application _ctx) { JarAnalyzer.APP_CTX = _ctx; } - /** - *

getAppContext.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public static Application getAppContext() { return JarAnalyzer.APP_CTX; } - - /** - * Adds a given URL to the classpath of the class pool. This allows maintaining dependencies needed for the compilation of instrumented classes. - * - * @param _url a {@link java.lang.String} object. - * @throws javassist.NotFoundException - */ - public static void insertClasspath(String _url) throws NotFoundException { CLASSPOOL.insertClassPath(_url); } - /** - *

getClassPool.

- * - * @return a {@link javassist.ClassPool} object. - */ - protected static ClassPool getClassPool() { return JarAnalyzer.CLASSPOOL; } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static final ClassPool CLASSPOOL = ClassPool.getDefault(); + + // The following can be set statically, and will be given to all ClassVisitors (for being included + // in the instrumentation) + private static Application APP_CTX = null; + + protected Set constructs = null; + private Map constructBodies = null; + + private Set classNames = new HashSet(); + protected String url = null; + protected JarFile jar = null; + protected boolean instrument = + false; // Set by the constructor, determines whether or not the class methods/constructors are + // instrumented + protected boolean rename = false; // Appends app context to original file name: + // -vulas---.jar + + protected int classCount = 0; + protected int enumCount = 0; + protected int interfaceCount = 0; + + private Map instrumentedClasses = new HashMap(); + + protected Path workDir = null; // To where modified JARs are written + + private LibraryId libraryId = null; + + private Set bundledLibraryIds = new HashSet(); + + protected JarWriter jarWriter = null; + + private JarAnalyzer parent = null; + + protected InstrumentationControl instrControl = null; + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"jar"}; + } + + /** {@inheritDoc} */ + @Override + public final boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + try { + this.jar = new JarFile(_file, false, java.util.zip.ZipFile.OPEN_READ); + this.jarWriter = new JarWriter(_file.toPath()); + this.url = _file.getAbsolutePath().toString(); + } catch (IllegalStateException e) { + log.error("IllegalStateException when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } catch (IOException e) { + log.error("IOException when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } catch (Exception e) { + log.error("Exception when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } + } + + /** + *

Setter for the field instrument.

+ * + * @param _instrument a boolean. + */ + public void setInstrument(boolean _instrument) { + this.instrument = _instrument; + if (this.instrument) this.instrControl = InstrumentationControl.getInstance(this.url); + } + + /** + *

getPath.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getPath() { + return Paths.get(this.url); + } + + /** + *

Setter for the field parent.

+ * + * @param ja a {@link com.sap.psr.vulas.java.JarAnalyzer} object. + */ + public void setParent(JarAnalyzer ja) { + this.parent = ja; + } + + /** + *

Getter for the field parent.

+ * + * @return a {@link com.sap.psr.vulas.java.JarAnalyzer} object. + */ + public JarAnalyzer getParent() { + return this.parent; + } + + /** + * Returns the size of the original JAR file (before instrumentation). + * + * @see #getInstrumentedFileSize() + * @return a long. + */ + public long getFileSize() { + return this.jarWriter.getFileSize(); + } + + /** + * Returns the size of the instrumented JAR file (or -1 if no instrumentation took place). + * + * @see #getFileSize() + * @return a long. + */ + public long getInstrumentedFileSize() { + return this.jarWriter.getInstrumentedFileSize(); + } + + /** + * Specifies the work directory into which instrumented JARs are written. If null, a temporary directory will be created. + * + * @param _p a {@link java.nio.file.Path} object. + */ + public void setWorkDir(Path _p) { + this.workDir = _p; + } + + /** + * Determines whether the instrumented JAR is renamed or not. If yes, the new file name follows the following format: + * - If app context is provided: [originalJarName]-vulas-[appGroupId]-[appArtifactId]-[appVersion].jar + * - Otherwise: [originalJarName]-vulas-instr.jar + * + * @param _b a boolean. + */ + public void setRename(boolean _b) { + this.rename = _b; + } + + /** + * Sets the Maven Id for the JAR to be analyzed. The Maven ID is already known in some contexts (e.g., during Maven plugin execution). + * + * @param _id a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + */ + public void setLibraryId(LibraryId _id) { + this.libraryId = _id; + } + + /** + * Returns a {@link Library} representing the analyzed Java archive. + * + * @throws com.sap.psr.vulas.FileAnalysisException + * @return a {@link com.sap.psr.vulas.shared.json.model.Library} object. + */ + public Library getLibrary() throws FileAnalysisException { + final Library lib = new Library(this.getSHA1()); + + lib.setDigestAlgorithm(DigestAlgorithm.SHA1); + lib.setConstructs(this.getSharedConstructs()); + lib.setLibraryId(this.libraryId); + + if (this.bundledLibraryIds != null && !this.bundledLibraryIds.isEmpty()) + lib.setBundledLibraryIds(this.bundledLibraryIds); + + final Set p = new HashSet(); + if (this.jarWriter.getOriginalManifest() != null) { + for (Object key : this.jarWriter.getOriginalManifest().getMainAttributes().keySet()) { + p.add( + new Property( + PropertySource.JAVA_MANIFEST, + key.toString(), + this.jarWriter.getOriginalManifest().getMainAttributes().get(key).toString())); + } + } + lib.setProperties(p); + + return lib; + } + + /** + * Returns the SHA1 digest of the JAR. Either taken from the manifest (entry VULAS-originalSHA1, in case the original JAR has been instrumented + * offline), or by computing it on the fly. + * + * @return the SHA1 digest of the JAR + */ + public synchronized String getSHA1() { + return this.jarWriter.getSHA1(); + } + + /** + *

getFileName.

+ * + * @return a {@link java.lang.String} object. + */ + public String getFileName() { + return this.jarWriter.getOriginalJarFileName().toString(); + } + + /** + * This method is called by {@link ArchiveAnalysisManager}. + * + * @return a {@link com.sap.psr.vulas.FileAnalyzer} object. + */ + public FileAnalyzer call() { + try { + this.getSHA1(); + this.getConstructIds(); + this.getChilds(true); + if (this.instrument) { + try { + this.createInstrumentedArchive(); + } catch (JarAnalysisException jae) { + JarAnalyzer.log.error(this.toString() + ": " + jae.getMessage()); + } + } + } catch (Exception e) { + if (e instanceof NullPointerException) { + JarAnalyzer.log.error( + this.toString() + ": [" + e.getClass().getSimpleName() + "] during analysis"); + e.printStackTrace(); + } else { + JarAnalyzer.log.error( + this.toString() + + ": [" + + e.getClass().getSimpleName() + + "] during analysis: " + + e.getMessage()); + } + } + return this; + } + + /** + * See here: http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html + * + * @throws com.sap.psr.vulas.java.JarAnalysisException + */ + protected void createInstrumentedArchive() throws JarAnalysisException { + + // Additional manifest file entries + this.jarWriter.addManifestEntry( + "VULAS-classInstrStats", + "[" + + this.classCount + + " total, " + + this.instrControl.countClassesInstrumentedAlready() + + " existed, " + + this.instrControl.countClassesInstrumentedSuccess() + + " ok, " + + this.instrControl.countClassesInstrumentedFailure() + + " err]"); + this.jarWriter.addManifestEntry( + "VULAS-constructStats", "[" + constructs.size() + " constructs]"); + if (JarAnalyzer.getAppContext() != null) + this.jarWriter.addManifestEntry( + "VULAS-appContext", + JarAnalyzer.getAppContext().getMvnGroup() + + ":" + + JarAnalyzer.getAppContext().getArtifact() + + ":" + + JarAnalyzer.getAppContext().getVersion()); + + // Register this JarAnalyzer for callbacks + this.jarWriter.register(".*.class$", this); + + // Rename + if (this.rename) this.jarWriter.setClassifier("vulas-instr"); + + // Rewrite + this.jarWriter.rewrite(this.workDir); + + // Stats + this.instrControl.logStatistics(); + } + + /** + *

getInstrumentedArchive.

+ * + * @return a {@link java.io.File} object. + */ + public final File getInstrumentedArchive() { + return this.jarWriter.getRewrittenJarFile(); + } + + /** + * Returns the class names for all class files found in the given archive. + * + * @return a {@link java.util.Set} object. + */ + public Set getClassNames() { + // Trigger the scan (in case not yet done) + this.hasJARConstructs(); + return this.classNames; + } + + /** + *

hasJARConstructs.

+ * + * @return a boolean. + */ + public boolean hasJARConstructs() { + return this.getConstructIds().size() > 0; + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return false; + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + return null; + } + + /** + * Identifies all {@link ConstructId}s of all methods and constructors. + * + * @return a {@link java.util.Set} object. + */ + public synchronized Set getConstructIds() { + // this method is used to collect statistics about the analyzed jars but these are not available + // (and thus skipped if the flag skipknownArchive is true + // if(this.constructs==null && !uploadEnabledAndSkipKnownArchive()) { + if (this.constructs == null) { + this.constructs = new TreeSet(); + + final SAXParserFactory spf = SAXParserFactory.newInstance(); + spf.setNamespaceAware(true); + + // Loop all files in order to identify Java classes and bundled pom.xml files + final Enumeration en = this.jar.entries(); + while (en.hasMoreElements()) { + final JarEntry je = en.nextElement(); + + // 18.11.2014: Ignore "package-info.class" files, which can contain annotations and + // documentation + // 05.12.2017: Ignore "module-info.class" files, which can contain annotations and + // documentation + if (je.getName().endsWith(".class") + && !je.getName().endsWith("package-info.class") + && !je.getName().endsWith("module-info.class")) { + final String fqn = JarAnalyzer.getFqClassname(je.getName()); + if (fqn != null) { + this.classNames.add(fqn); + JarAnalyzer.log.debug( + "JAR entry [" + + je.getName() + + "] transformed to Java class identifier [" + + fqn + + "]"); + } else { + JarAnalyzer.log.warn( + "JAR entry [" + + je.getName() + + "] will be ignored, as no Java class identifier could be built"); + } + } else if (je.getName().endsWith("pom.xml")) { + try { + final PomParser pp = new PomParser(); + final SAXParser saxParser = spf.newSAXParser(); + final XMLReader xmlReader = saxParser.getXMLReader(); + xmlReader.setContentHandler(pp); + xmlReader.parse(new InputSource(this.jar.getInputStream(je))); + if (pp.getLibraryId().isDefined()) this.bundledLibraryIds.add(pp.getLibraryId()); + } catch (ParserConfigurationException e) { + JarAnalyzer.log.warn( + "Parser configuration exception when parsing JAR entry [" + + je.getName() + + "]: " + + e.getMessage(), + e); + } catch (SAXException e) { + JarAnalyzer.log.warn( + "Exception when parsing JAR entry [" + je.getName() + "]: " + e.getMessage(), e); + } catch (IOException e) { + JarAnalyzer.log.warn( + "I/O exception for JAR entry [" + je.getName() + "]: " + e.getMessage(), e); + } + } + } + + // // From where the classes will be loaded + // ClassPool cp = ClassPool.getDefault(); + // // Must include the JAR file itself plus, optionally, other dependencies (read from a + // static attribute) + // try { + // cp.insertClassPath(this.url); + // } catch (NotFoundException e) { + // JarAnalyzer.log.error("Error while adding JAR '" + this.url + "' to class path"); + // } + + // Add the current JAR to the classpath + try { + JarAnalyzer.insertClasspath(this.url); + } catch (NotFoundException e) { + JarAnalyzer.log.error("Error while adding JAR [" + this.url + "] to class path"); + } + + // Visit all classes using Javassist (and instrument as many as possible - if requested) + CtClass ctclass = null; + ClassVisitor cv = null; + + for (String cn : this.classNames) { + try { + ctclass = JarAnalyzer.getClassPool().get(cn); + + // Ignore interfaces (no executable code) and enums (rarely containing executable code, + // perhaps to be included later on) + if (ctclass.isInterface()) { + this.interfaceCount++; + } else { + + if (ctclass.isEnum()) this.enumCount++; + else this.classCount++; + + // Create ClassVisitor for the current Java class + cv = new ClassVisitor(ctclass); + this.constructs.addAll(cv.getConstructs()); + + // Instrument (if requested and not blacklisted) + if (this.instrument && !this.instrControl.isBlacklistedClass(cn)) { + cv.setOriginalArchiveDigest(this.getSHA1()); + cv.setAppContext(JarAnalyzer.getAppContext()); + if (cv.isInstrumented()) + this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); + else { + try { + cv.visitMethods(true); + cv.visitConstructors(true); + cv.finalizeInstrumentation(); + this.instrumentedClasses.put(cv.getJavaId(), cv); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(true)); + } catch (IOException ioe) { + JarAnalyzer.log.error( + "I/O exception while instrumenting class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + ioe.getMessage()); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(false)); + } catch (CannotCompileException cce) { + JarAnalyzer.log.warn( + "Cannot compile instrumented class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + cce.getMessage()); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(false)); + } catch (Exception e) { + JarAnalyzer.log.error( + e.getClass().getName() + + " occured while instrumenting class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + e.getMessage()); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(false)); + } + } + } + } + if (!this.instrument) { + // only detach if no static instrumentation (otherwise it will fail because the class + // was modified) + // in case the instrumentation is performed the detach is done in + // ClassVisitor.finalizeInstrumentation + ctclass.detach(); + } + } catch (NotFoundException nfe) { + JarAnalyzer.log.error( + this.toString() + + ": NotFoundException while analyzing class [" + + cn + + "]: " + + nfe.getMessage()); + continue; + } catch (RuntimeException re) { + JarAnalyzer.log.error( + this.toString() + + ": RuntimeException while analyzing class [" + + ctclass.getName() + + "]: " + + re.getMessage()); + continue; + } + } + if (this.instrument) + JarAnalyzer.log.info( + this.toString() + + ": classes comprised/already-instr/instr/not-instr [" + + this.classCount + + "/" + + this.instrControl.countClassesInstrumentedAlready() + + "/" + + this.instrControl.countClassesInstrumentedSuccess() + + "/" + + this.instrControl.countClassesInstrumentedFailure() + + "], constructs comprised [" + + constructs.size() + + "], enums [" + + enumCount + + "], interfaces (ignored) [" + + interfaceCount + + "]"); + else + JarAnalyzer.log.info( + this.toString() + + ": constructs comprised [" + + constructs.size() + + "], classes [" + + this.classCount + + "], enums [" + + enumCount + + "], interfaces (ignored) [" + + interfaceCount + + "]"); + } + return this.constructs; + } + + /** + *

toString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toString() { + final StringBuilder b = new StringBuilder(); + final String classname = + this.getClass().getName().substring(1 + this.getClass().getName().lastIndexOf(".")); + b.append(classname + "[Xar=").append(this.getFileName()); + b.append(", libId=").append((this.libraryId == null ? "false" : this.libraryId.toString())); + b.append(", instr=").append(this.instrument); + b.append(", instrCtx=") + .append( + (JarAnalyzer.getAppContext() == null + ? "false" + : JarAnalyzer.getAppContext().toString(false))) + .append("]"); + return b.toString(); + } + + /** + *

getInstrumentationControl.

+ * + * @return a {@link com.sap.psr.vulas.monitor.InstrumentationControl} object. + */ + public InstrumentationControl getInstrumentationControl() { + return this.instrControl; + } + + /** + * {@inheritDoc} + * + * In case the archive is rewritten, this method is used to rewrite certain {@link JarEntry}s + * (rather than taking the file from the original archive). + * The callback registration takes place in {@link #createInstrumentedArchive()}. + */ + @Override + public InputStream getInputStream(String _regex, JarEntry _entry) { + InputStream is = null; + + if (_regex.equals(".*.class$")) { + JavaId jid = null; + + // Create JavaId from entry name + try { + String class_name = _entry.getName(); + class_name = class_name.substring(0, class_name.length() - 6); // ".class" + class_name = class_name.replace('/', '.'); + jid = JavaId.parseClassQName(class_name); + } catch (Exception e) { + JarAnalyzer.log.error( + "Cannot parse Java Id from Jar Entry [" + _entry.getName() + "]: " + e.getMessage()); + jid = null; + } + + // Create input stream + if (jid != null && this.instrumentedClasses.get(jid) != null) { + // new_entry.setSize(this.instrumentedClasses.get(jid).getBytecode().length); + is = new ByteArrayInputStream(this.instrumentedClasses.get(jid).getBytecode()); + } + } + + return is; + } + + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructBodies == null) { + this.constructBodies = new TreeMap(); + for (ConstructId c : this.getConstructIds()) { + this.constructBodies.put(c, new Construct(c, "")); + } + } + return this.constructBodies; + } + + /** + *

getSharedConstructs.

+ * + * @return a {@link java.util.List} object. + * @throws com.sap.psr.vulas.FileAnalysisException if any. + */ + public List getSharedConstructs() + throws FileAnalysisException { + List l = + new ArrayList(); + for (ConstructId c : this.getConstructIds()) { + l.add( + new com.sap.psr.vulas.shared.json.model.ConstructId( + ProgrammingLanguage.JAVA, c.getSharedType(), c.getQualifiedName())); + } + return l; + } + + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().containsKey(_id); + } + + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().get(_id); + } + + /** {@inheritDoc} */ + @Override + public boolean equals(Object obj) { + // We need to distinguish Jars with same digest but different path to be able to link parents to + // their digest. However the relativePath should be used once we start using it. + return obj instanceof JarAnalyzer + && this.getSHA1().equals(((JarAnalyzer) obj).getSHA1()) + && this.getPath().toString().equals(((JarAnalyzer) obj).getPath().toString()); + } + + /** {@inheritDoc} */ + @Override + public int hashCode() { + return this.getSHA1().hashCode(); + } + + // ---------------------------- STATIC METHODS + + /** + *

isJavaIdentifier.

+ * + * @param _name a {@link java.lang.String} object. + * @return a boolean. + */ + public static boolean isJavaIdentifier(String _name) { + if (_name == null || _name.equals("")) return false; + final char[] chars = _name.toCharArray(); + for (int i = 0; i < chars.length; i++) { + if (i == 0) { + if (!Character.isJavaIdentifierStart(chars[i])) return false; + } else { + if (!Character.isJavaIdentifierPart(chars[i])) return false; + } + } + return true; + } + + /** + * Returns the fully-qualified Java class identifier for a given JAR entry. + * This is done by removing the file extension and by interpreting folders as packages. + * If anything goes wrong, null is returned. + * + * @param _jar_entry_name a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public static String getFqClassname(String _jar_entry_name) { + String cn = null; + if (_jar_entry_name.endsWith(".class")) { + // 18.11.2014: Ignore "package-info.class" files, which can contain annotations and + // documentation + // 05.12.2017: Ignore "module-info.class" files, which can contain annotations and + // documentation + if (!_jar_entry_name.endsWith("package-info.class") + && !_jar_entry_name.endsWith("module-info.class")) { + final StringBuffer fqn = new StringBuffer(); + + final Path p = Paths.get(_jar_entry_name); + final Iterator i = p.iterator(); + + while (i.hasNext()) { + String element = i.next().toString(); + if (element.endsWith(".class")) + element = element.substring(0, element.length() - 6); // ".class" + if (JarAnalyzer.isJavaIdentifier(element)) { + if (fqn.length() != 0) fqn.append('.'); + fqn.append(element); + } else { + JarAnalyzer.log.warn( + "JAR entry [" + + _jar_entry_name + + "] cannot be transformed to a fully-qualified Java class identifier, because" + + " [" + + element + + "] is not a valid identifier"); + return null; + } + } + cn = fqn.toString(); + } + } + return cn; + } + + /** + *

setAppContext.

+ * + * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public static void setAppContext(Application _ctx) { + JarAnalyzer.APP_CTX = _ctx; + } + /** + *

getAppContext.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public static Application getAppContext() { + return JarAnalyzer.APP_CTX; + } + + /** + * Adds a given URL to the classpath of the class pool. This allows maintaining dependencies needed for the compilation of instrumented classes. + * + * @param _url a {@link java.lang.String} object. + * @throws javassist.NotFoundException + */ + public static void insertClasspath(String _url) throws NotFoundException { + CLASSPOOL.insertClassPath(_url); + } + /** + *

getClassPool.

+ * + * @return a {@link javassist.ClassPool} object. + */ + protected static ClassPool getClassPool() { + return JarAnalyzer.CLASSPOOL; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JarEntryWriter.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JarEntryWriter.java index 077521d33..83735c43b 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JarEntryWriter.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JarEntryWriter.java @@ -33,12 +33,12 @@ */ public interface JarEntryWriter { - /** - * Callback used for rewriting particular JAR entries. Return null to rewrite the original JAR entry. - * - * @param _entry a {@link java.util.jar.JarEntry} object. - * @param _regex a {@link java.lang.String} object. - * @return a {@link java.io.InputStream} object. - */ - public InputStream getInputStream(String _regex, JarEntry _entry); + /** + * Callback used for rewriting particular JAR entries. Return null to rewrite the original JAR entry. + * + * @param _entry a {@link java.util.jar.JarEntry} object. + * @param _regex a {@link java.lang.String} object. + * @return a {@link java.io.InputStream} object. + */ + public InputStream getInputStream(String _regex, JarEntry _entry); } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JarWriter.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JarWriter.java index e037a121f..77308d07f 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JarWriter.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JarWriter.java @@ -19,7 +19,6 @@ */ package com.sap.psr.vulas.java; -import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -28,9 +27,6 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.security.DigestInputStream; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Enumeration; @@ -48,9 +44,7 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.core.util.CoreConfiguration; -import com.sap.psr.vulas.shared.util.DigestUtil; import com.sap.psr.vulas.shared.util.DirUtil; import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.shared.util.VulasConfiguration; @@ -60,551 +54,598 @@ */ public class JarWriter { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - public final SimpleDateFormat dateFormat = new SimpleDateFormat("d MMM yyyy HH:mm:ss"); - - /** - * Included in the manifest file of every JAR rewritten by Vulas. - */ - public static final String MANIFEST_ENTRY_VULAS_MODIF = "VULAS-modifiedAt"; - - /** Constant MANIFEST_ENTRY_ORIG_SHA1="VULAS-originalSHA1" */ - public static final String MANIFEST_ENTRY_ORIG_SHA1 = "VULAS-originalSHA1"; - - /** Constant hexArray */ - final protected static char[] hexArray = "0123456789ABCDEF".toCharArray(); - - private JarFile originalJar = null; - - private long originalFileSize = 0; - - private Manifest originalManifest = null; - - private String sha1 = null; - - /** Original manifest entries to be skipped when rewriting the JAR. */ - private Set mfEntriesToSkip = new HashSet(); - - /** New manifest entries to be added when rewriting the JAR. */ - private Map mfEntriesToAdd = new HashMap(); - - /** Appended to the file name of the rewritten JAR. */ - private String classifier = null; - - /** JarEntryWriters to be called during rewrite, in case the entry name matches the provided pattern. */ - private Map callbacks = new HashMap(); - - /** The rewritten JAR archive (null if rewrite has not yet been called). */ - private File rewrittenFile = null; - - /** Additional files to be written in the JAR (entryname:path). */ - private Map additionalFiles = new HashMap(); - - /** - *

Constructor for JarWriter.

- * - * @param _jar a {@link java.nio.file.Path} object. - * @throws java.io.IOException if any. - */ - public JarWriter(Path _jar) throws IOException { - final File file = _jar.toFile(); - this.originalJar = new JarFile(file, VulasConfiguration.getGlobal().getConfiguration().getBoolean(CoreConfiguration.VERIFY_JARS, true), JarFile.OPEN_READ); - this.originalFileSize = file.length(); - this.originalManifest = this.originalJar.getManifest(); - if(this.originalManifest==null) - JarWriter.log.warn("Manifest file is missing in JAR [" + this.originalJar.getName() + "]"); - } - - /** - * Returns the size of the original JAR file. - * - * @see #getInstrumentedFileSize() - * @return a long. - */ - public long getFileSize() { return this.originalFileSize; } - - /** - * Returns the size of the instrumented JAR file or -1 if no instrumentation took place. - * - * @see #getFileSize() - * @return a long. - */ - public long getInstrumentedFileSize() { - if(this.rewrittenFile!=null) - return this.rewrittenFile.length(); - else - return -1; - } - - /** - * Returns the original manifest. - * - * @return a {@link java.util.jar.Manifest} object. - */ - public Manifest getOriginalManifest() { return this.originalManifest; } - - /** - * Extract the JAR to a given directory, or to a new temporary directory if null. - * - * @param _todir a {@link java.nio.file.Path} object. - * @return a {@link java.nio.file.Path} object. - * @throws java.io.IOException if any. - */ - public Path extract(Path _todir) throws IOException { - // Target directory, to be returned - Path to = _todir; - if(to==null) - to = java.nio.file.Files.createTempDirectory("extracted_jar_"); - - // Reading and writing the JAR entry to the FS - Path path = null; - File dir = null; - byte[] bytes = new byte[1024]; - int bytes_read = 0; - - // Loop all entries - final Enumeration enumeration = this.originalJar.entries(); - JarEntry entry = null; - while(enumeration.hasMoreElements()) { - entry = enumeration.nextElement(); - - // ZipSlip: Do not extract - if(!DirUtil.isBelowDestinationPath(to, entry.getName())) { - log.warn("Entry [" + entry + "] of archive [" + Paths.get(this.originalJar.getName()).toAbsolutePath() + "] will not be extracted, as it would be outside of destination directory"); - } - // Extract - else { - path = Paths.get(to.toString(), entry.getName()); - - try { - if(entry.isDirectory()) { - if(!path.toFile().exists()) - Files.createDirectories(path); - } - else { - // If the entry is a file, check whether we have already created the directory it is contained in. - // According to the JAR spec [?], this should always be the case, but tests showed non-compliant JAR files. - dir = path.getParent().toFile(); - if(!dir.exists()) { - Files.createDirectories(path.getParent()); - JarWriter.log.warn(this.toString() + ": Invalid JAR file: No directory entry for file entry [" + path + "]"); - } - - try (final FileOutputStream fos = new FileOutputStream(path.toFile()); final InputStream is = this.originalJar.getInputStream(entry)) { - while((bytes_read = is.read(bytes)) != -1) fos.write(bytes, 0, bytes_read); - } - } - } - catch(Exception ioe) { - JarWriter.log.error("Error while extracting JAR entry [" + entry.getName() + "]: " + ioe.getMessage(), ioe); - } - } - } - - // Return the path to which the JAR was extracted - JarWriter.log.info("Extracted [" + this.getOriginalJarFileName() + "] to [" + to + "]"); - return to; - } - - /** - * Returns the SHA1 digest of the JAR. Either taken from the manifest (entry VULAS-originalSHA1, in case the original JAR has been instrumented - * offline), or by computing it on the fly. - * - * @return the SHA1 digest of the JAR - */ - public synchronized String getSHA1() { - if(this.sha1==null) { - if(this.originalManifest!=null && this.originalManifest.getMainAttributes().getValue(MANIFEST_ENTRY_ORIG_SHA1)!=null) { - this.sha1 = this.originalManifest.getMainAttributes().getValue(MANIFEST_ENTRY_ORIG_SHA1); - } - else { - this.sha1 = FileUtil.getSHA1(new File(this.originalJar.getName())); - } - } - return this.sha1; - } - - /** - * Entries of the original manifest which will not be rewritten. - * Must be called before "rewrite". - * - * @param _entry a {@link java.lang.String} object. - */ - public void skipManifestEntry(String _entry) { this.mfEntriesToSkip.add(_entry); } - - /** - * Additional manifest file entries to be included in re-written archives. - * Must be called before "rewrite". - * - * @param _key a {@link java.lang.String} object. - * @param _val a {@link java.lang.String} object. - */ - public void addManifestEntry(String _key, String _val) { this.mfEntriesToAdd.put(_key, _val); } - - /** - * Returns true if the given manifest file entry exists, false otherwise. - * - * @param _key a {@link java.lang.String} object. - * @return a boolean. - */ - public boolean hasManifestEntry(String _key) { - //log.info(this.originalManifest.getMainAttributes().keySet()); - - if(this.originalManifest!=null) { - for(Object key: this.originalManifest.getMainAttributes().keySet()) { - if(_key.equals(key.toString())) - return true; - } - } - return false; - - // Does not work - //return this.originalManifest.getMainAttributes().get(_key)!=null;//containsKey(_key); - } - - /** - * Returns true if the JAR has been rewritten by Vulas. Implemented by checking manifest file entries. - * - * @return a boolean. - */ - public boolean isRewrittenByVulas() { - // Somehow the containsKey does not work, use getValue instead - // final boolean modif = this.originalManifest.getMainAttributes().containsKey(JarWriter.MANIFEST_ENTRY_VULAS_MODIF); - // final boolean sha1 = this.originalManifest.getMainAttributes().containsKey(JarWriter.MANIFEST_ENTRY_ORIG_SHA1); - final boolean modif = this.originalManifest.getMainAttributes().getValue(JarWriter.MANIFEST_ENTRY_VULAS_MODIF)!=null; - final boolean sha1 = this.originalManifest.getMainAttributes().getValue(JarWriter.MANIFEST_ENTRY_ORIG_SHA1)!=null; - return modif && sha1; - } - - /** - * Will be appended to the file name of re-written archives (if any). - * Must be called before "rewrite". - * - * @param _string a {@link java.lang.String} object. - */ - public void setClassifier(String _string) { - this.classifier = _string; - } - - /** - * Register a JarEntryWriter for a given pattern. - * - * @param _regex a {@link java.lang.String} object. - * @param _writer a {@link com.sap.psr.vulas.java.JarEntryWriter} object. - */ - public void register(String _regex, JarEntryWriter _writer) { - this.callbacks.put(Pattern.compile(_regex), _writer); - } - - /** - * @return - */ - private Manifest createModifiedManifest() { - final Manifest m = new Manifest(); - final Attributes atts = m.getMainAttributes(); - - // Put all the main attributes of the original JAR - if(this.originalManifest!=null) { - for(Object key: this.originalManifest.getMainAttributes().keySet()) { - // Unless it is one to be skipped - if(!this.mfEntriesToSkip.contains(key.toString())) - atts.putValue(key.toString(), this.originalManifest.getMainAttributes().getValue(key.toString())); - } - } - - // Put all the new entries - for(String key: this.mfEntriesToAdd.keySet()) { - atts.putValue(key, this.mfEntriesToAdd.get(key)); - } - - // Add vulas-specific ones - atts.putValue(JarWriter.MANIFEST_ENTRY_VULAS_MODIF, dateFormat.format(new Date(System.currentTimeMillis()))); - atts.putValue(JarWriter.MANIFEST_ENTRY_ORIG_SHA1, this.getSHA1()); - - return m; - } - - /** - * Returns the file name of the original JAR file. - * - * @return a {@link java.nio.file.Path} object. - */ - public Path getOriginalJarFileName() { - final Path complete_path = Paths.get(this.originalJar.getName()); - return complete_path.getFileName(); - } - - /** - * Returns the file name of the to-be-rewritten JAR. - * - * @return a {@link java.nio.file.Path} object. - */ - public Path getRewriteJarFileName() { - final Path complete_path = Paths.get(this.originalJar.getName()); - Path path = null; - - // Classifier exists, i.e., change file name - if(this.classifier!=null) { - final String original_filename = this.getOriginalJarFileName().toString(); - String new_filename = null; - final int idx = original_filename.lastIndexOf('.'); - if(idx!=-1) - new_filename = original_filename.substring(0, idx) + "-" + this.classifier + original_filename.substring(idx); - else - new_filename = original_filename + "-" + this.classifier; - path = Paths.get(new_filename); - } - // Use original file name - else { - path = complete_path.getFileName(); - } - - return path; - } - - /** - *

addFiles.

- * - * @param _target_dir a {@link java.lang.String} object. - * @param _paths a {@link java.util.Set} object. - * @param _overwrite a boolean. - */ - public void addFiles(String _target_dir, Set _paths, boolean _overwrite) { - for(Path p: _paths) - this.addFile(_target_dir, p, _overwrite); - } - - /** - *

addFile.

- * - * @param _target_dir a {@link java.lang.String} object. - * @param _path a {@link java.nio.file.Path} object. - * @param _overwrite a boolean. - */ - public void addFile(String _target_dir, Path _path, boolean _overwrite) { - String entry_name = null; - if(_target_dir==null) - entry_name = _path.getFileName().toString(); - else - entry_name = _target_dir + (_target_dir.equals("") || _target_dir.endsWith("/") ? "" : "/") + _path.getFileName(); - - if(!this.hasEntry(entry_name) || _overwrite) - this.additionalFiles.put(entry_name, _path); - } - - /** - *

hasEntry.

- * - * @param _entry_name a {@link java.lang.String} object. - * @return a boolean. - */ - public boolean hasEntry(String _entry_name) { - boolean has = false; - final Enumeration en = this.originalJar.entries(); - JarEntry entry = null; - while(en.hasMoreElements()) { - entry = en.nextElement(); - if(entry.getName().equals(_entry_name)) { - has = true; - break; - } - } - return has; - } - - /** - * The rewritten JAR file. Must be called after "rewrite". If rewrite is called multiple times, this method - * only returns the last rewritten JAR file. - * - * @return a {@link java.io.File} object. - */ - public File getRewrittenJarFile() { - return this.rewrittenFile; - } - - /** - * Rewrites the JAR into the directory specified by argument _todir. If _todir is equal to null, - * the JAR will be rewritten to a temporary directory. If the target JAR already exists, it will - * not be written (see {@link JarWriter#getRewriteJarFileName()}). - * See here: http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html - * - * @throws com.sap.psr.vulas.java.JarAnalysisException - * @param _todir a {@link java.nio.file.Path} object. - * @return a {@link java.nio.file.Path} object. - */ - public Path rewrite(Path _todir) throws JarAnalysisException { - // Target dir - Path dir = _todir; - - // Callback logic - Matcher matcher = null; - - // Loop all entries of the old JAR - JarEntry old_entry = null, new_entry = null; - - try { - if(dir==null) - dir = java.nio.file.Files.createTempDirectory("rewritten_jar_"); - this.rewrittenFile = Paths.get(dir.toString(), this.getRewriteJarFileName().toString()).toFile(); - - if(this.rewrittenFile.exists()) { - JarWriter.log.info("The target [" + this.rewrittenFile + "] already exists, skip rewriting"); - } - else { - final FileOutputStream fos = new FileOutputStream(this.rewrittenFile); - final JarOutputStream jos = new JarOutputStream(fos, this.createModifiedManifest()); - InputStream is = null; - byte[] bytes = new byte[1024]; - int bytes_read = 0; - - final Enumeration en = this.originalJar.entries(); - String class_name = null; - JavaId jid = null; - Set jids = new HashSet(); - - // Remember all JAR entries written to the new JAR, so that we do not create duplicate entries - // Example of a duplicate entry: Location.class in xmlbeans-2.6.0.jar - Set written_jar_entries = new HashSet(); - - while(en.hasMoreElements()) { - old_entry = en.nextElement(); - - // The input stream used for writing the entries - is = null; - - // Check whether we already write an entry with this name - if(written_jar_entries.contains(old_entry.getName())) - continue; - - // Ignore the original manifest (we built a new one with certain vulas-specific attributes) - if(old_entry.getName().equals("META-INF/MANIFEST.MF")) - continue; - - // Ignore signature related files (-> http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Signed_JAR_File) - if(old_entry.getName().startsWith("META-INF/") && ( old_entry.getName().toLowerCase().endsWith(".sf") || - old_entry.getName().toLowerCase().endsWith(".dsa") || - old_entry.getName().toLowerCase().endsWith(".rsa") ) ) - continue; - - // Loop registered JarEntryWriters to see if any matches (take the input stream from the first match) - for(Pattern pattern: this.callbacks.keySet()) { - matcher = pattern.matcher(old_entry.getName()); - if(matcher.matches()) { - is = this.callbacks.get(pattern).getInputStream(pattern.toString(), old_entry); - } - } - - // If null, take the original file - if(is==null) - is = this.originalJar.getInputStream(old_entry); - - // Debug information regarding specific attributes - if(old_entry.getAttributes()!=null) - JarWriter.log.debug(this.toString() + ": Entry [" + old_entry.getName() + "] has specific attributes"); - - // Write the entry to the modified JAR - new_entry = new JarEntry(old_entry.getName()); - jos.putNextEntry(new_entry); - while((bytes_read = is.read(bytes)) != -1) - jos.write(bytes, 0, bytes_read); - - //is.close(); - jos.closeEntry(); - - // Remember we wrote it - written_jar_entries.add(new_entry.getName()); - } - - // Add additional files - for(String key: this.additionalFiles.keySet()) { - if(this.additionalFiles.get(key).toFile().exists()) { - new_entry = new JarEntry(key); - jos.putNextEntry(new_entry); - is = new FileInputStream(this.additionalFiles.get(key).toFile()); - while((bytes_read = is.read(bytes)) != -1) - jos.write(bytes, 0, bytes_read); - is.close(); - jos.closeEntry(); - } - } - - jos.flush(); - jos.close(); - this.originalJar.close(); - - // - old_entry = null; - JarWriter.log.info("[" + this.originalJar.getName() + "] rewritten to [" + this.rewrittenFile + "]"); - } - } - catch(Exception ioe) { - if(old_entry!=null) - throw new JarAnalysisException("Error while writing JAR entry [" + old_entry.getName() + "] to modified JAR [" + this.rewrittenFile + "]: " + ioe.getMessage(), ioe); - else - throw new JarAnalysisException("Error while writing modified JAR: " + ioe.getMessage(), ioe); - } - return this.rewrittenFile.toPath(); - } - - /** - *

appendToClasspath.

- * - * @param _classpath a {@link java.util.Set} object. - * @param _to_append a {@link java.util.Set} object. - * @param _preprocess a boolean. - */ - public final static void appendToClasspath(Set _classpath, Set _to_append, boolean _preprocess) { - for(Path p: _to_append) - appendToClasspath(_classpath, p, _preprocess); - } - - /** - * Appends the given {@link Path} to the given set. In case of Java archives, it is checked whether it contains - * a manifest entry "Class-Path", in which case the archive is re-written to a temporary file w/o this entry. - * The method returns the path that has been appended, which is identical to the given path unless an archive - * has been rewritten. - * - * TODO: Maybe add a parameter to specify problematic entries, rather than hardcoding "Class-Path" here. - * - * @param _classpath a {@link java.util.Set} object. - * @param _to_append a {@link java.nio.file.Path} object. - * @param _preprocess a boolean. - * @return a {@link java.nio.file.Path} object. - */ - public final static Path appendToClasspath(Set _classpath, Path _to_append, boolean _preprocess) { - Path appended_path = _to_append; - - // Add w/o preprocessing - if(!_preprocess || _to_append.toFile().isDirectory()) { - _classpath.add(_to_append); - } - // Add after preprocessing (if needed) - else { - try { - // Create a new Jar Writer - final JarWriter jw = new JarWriter(_to_append); - - // Class-Path manifest entry is present: Rewrite JAR and append - if(jw.hasManifestEntry("Class-Path")) { - jw.skipManifestEntry("Class-Path"); - jw.setClassifier(jw.getSHA1()); - appended_path = jw.rewrite(VulasConfiguration.getGlobal().getTmpDir()); - _classpath.add(appended_path); - } - // Entry not present: Just add to classpath - else { - JarWriter.log.info("Rewriting not necessary, original JAR [" + _to_append + "] appended to classpath"); - _classpath.add(_to_append); - } - } - // Add original JAR in case of exception - catch (Exception e) { - _classpath.add(_to_append); - JarWriter.log.error("Error while preprocessing JAR [" + _to_append + "], original JAR appended to classpath: " + e.getMessage()); - } - } - - return appended_path; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + public final SimpleDateFormat dateFormat = new SimpleDateFormat("d MMM yyyy HH:mm:ss"); + + /** + * Included in the manifest file of every JAR rewritten by Vulas. + */ + public static final String MANIFEST_ENTRY_VULAS_MODIF = "VULAS-modifiedAt"; + + /** Constant MANIFEST_ENTRY_ORIG_SHA1="VULAS-originalSHA1" */ + public static final String MANIFEST_ENTRY_ORIG_SHA1 = "VULAS-originalSHA1"; + + /** Constant hexArray */ + protected static final char[] hexArray = "0123456789ABCDEF".toCharArray(); + + private JarFile originalJar = null; + + private long originalFileSize = 0; + + private Manifest originalManifest = null; + + private String sha1 = null; + + /** Original manifest entries to be skipped when rewriting the JAR. */ + private Set mfEntriesToSkip = new HashSet(); + + /** New manifest entries to be added when rewriting the JAR. */ + private Map mfEntriesToAdd = new HashMap(); + + /** Appended to the file name of the rewritten JAR. */ + private String classifier = null; + + /** JarEntryWriters to be called during rewrite, in case the entry name matches the provided pattern. */ + private Map callbacks = new HashMap(); + + /** The rewritten JAR archive (null if rewrite has not yet been called). */ + private File rewrittenFile = null; + + /** Additional files to be written in the JAR (entryname:path). */ + private Map additionalFiles = new HashMap(); + + /** + *

Constructor for JarWriter.

+ * + * @param _jar a {@link java.nio.file.Path} object. + * @throws java.io.IOException if any. + */ + public JarWriter(Path _jar) throws IOException { + final File file = _jar.toFile(); + this.originalJar = + new JarFile( + file, + VulasConfiguration.getGlobal() + .getConfiguration() + .getBoolean(CoreConfiguration.VERIFY_JARS, true), + JarFile.OPEN_READ); + this.originalFileSize = file.length(); + this.originalManifest = this.originalJar.getManifest(); + if (this.originalManifest == null) + JarWriter.log.warn("Manifest file is missing in JAR [" + this.originalJar.getName() + "]"); + } + + /** + * Returns the size of the original JAR file. + * + * @see #getInstrumentedFileSize() + * @return a long. + */ + public long getFileSize() { + return this.originalFileSize; + } + + /** + * Returns the size of the instrumented JAR file or -1 if no instrumentation took place. + * + * @see #getFileSize() + * @return a long. + */ + public long getInstrumentedFileSize() { + if (this.rewrittenFile != null) return this.rewrittenFile.length(); + else return -1; + } + + /** + * Returns the original manifest. + * + * @return a {@link java.util.jar.Manifest} object. + */ + public Manifest getOriginalManifest() { + return this.originalManifest; + } + + /** + * Extract the JAR to a given directory, or to a new temporary directory if null. + * + * @param _todir a {@link java.nio.file.Path} object. + * @return a {@link java.nio.file.Path} object. + * @throws java.io.IOException if any. + */ + public Path extract(Path _todir) throws IOException { + // Target directory, to be returned + Path to = _todir; + if (to == null) to = java.nio.file.Files.createTempDirectory("extracted_jar_"); + + // Reading and writing the JAR entry to the FS + Path path = null; + File dir = null; + byte[] bytes = new byte[1024]; + int bytes_read = 0; + + // Loop all entries + final Enumeration enumeration = this.originalJar.entries(); + JarEntry entry = null; + while (enumeration.hasMoreElements()) { + entry = enumeration.nextElement(); + + // ZipSlip: Do not extract + if (!DirUtil.isBelowDestinationPath(to, entry.getName())) { + log.warn( + "Entry [" + + entry + + "] of archive [" + + Paths.get(this.originalJar.getName()).toAbsolutePath() + + "] will not be extracted, as it would be outside of destination directory"); + } + // Extract + else { + path = Paths.get(to.toString(), entry.getName()); + + try { + if (entry.isDirectory()) { + if (!path.toFile().exists()) Files.createDirectories(path); + } else { + // If the entry is a file, check whether we have already created the directory it is + // contained in. + // According to the JAR spec [?], this should always be the case, but tests showed + // non-compliant JAR files. + dir = path.getParent().toFile(); + if (!dir.exists()) { + Files.createDirectories(path.getParent()); + JarWriter.log.warn( + this.toString() + + ": Invalid JAR file: No directory entry for file entry [" + + path + + "]"); + } + + try (final FileOutputStream fos = new FileOutputStream(path.toFile()); + final InputStream is = this.originalJar.getInputStream(entry)) { + while ((bytes_read = is.read(bytes)) != -1) fos.write(bytes, 0, bytes_read); + } + } + } catch (Exception ioe) { + JarWriter.log.error( + "Error while extracting JAR entry [" + entry.getName() + "]: " + ioe.getMessage(), + ioe); + } + } + } + + // Return the path to which the JAR was extracted + JarWriter.log.info("Extracted [" + this.getOriginalJarFileName() + "] to [" + to + "]"); + return to; + } + + /** + * Returns the SHA1 digest of the JAR. Either taken from the manifest (entry VULAS-originalSHA1, in case the original JAR has been instrumented + * offline), or by computing it on the fly. + * + * @return the SHA1 digest of the JAR + */ + public synchronized String getSHA1() { + if (this.sha1 == null) { + if (this.originalManifest != null + && this.originalManifest.getMainAttributes().getValue(MANIFEST_ENTRY_ORIG_SHA1) != null) { + this.sha1 = this.originalManifest.getMainAttributes().getValue(MANIFEST_ENTRY_ORIG_SHA1); + } else { + this.sha1 = FileUtil.getSHA1(new File(this.originalJar.getName())); + } + } + return this.sha1; + } + + /** + * Entries of the original manifest which will not be rewritten. + * Must be called before "rewrite". + * + * @param _entry a {@link java.lang.String} object. + */ + public void skipManifestEntry(String _entry) { + this.mfEntriesToSkip.add(_entry); + } + + /** + * Additional manifest file entries to be included in re-written archives. + * Must be called before "rewrite". + * + * @param _key a {@link java.lang.String} object. + * @param _val a {@link java.lang.String} object. + */ + public void addManifestEntry(String _key, String _val) { + this.mfEntriesToAdd.put(_key, _val); + } + + /** + * Returns true if the given manifest file entry exists, false otherwise. + * + * @param _key a {@link java.lang.String} object. + * @return a boolean. + */ + public boolean hasManifestEntry(String _key) { + // log.info(this.originalManifest.getMainAttributes().keySet()); + + if (this.originalManifest != null) { + for (Object key : this.originalManifest.getMainAttributes().keySet()) { + if (_key.equals(key.toString())) return true; + } + } + return false; + + // Does not work + // return this.originalManifest.getMainAttributes().get(_key)!=null;//containsKey(_key); + } + + /** + * Returns true if the JAR has been rewritten by Vulas. Implemented by checking manifest file entries. + * + * @return a boolean. + */ + public boolean isRewrittenByVulas() { + // Somehow the containsKey does not work, use getValue instead + // final boolean modif = + // this.originalManifest.getMainAttributes().containsKey(JarWriter.MANIFEST_ENTRY_VULAS_MODIF); + // final boolean sha1 = + // this.originalManifest.getMainAttributes().containsKey(JarWriter.MANIFEST_ENTRY_ORIG_SHA1); + final boolean modif = + this.originalManifest.getMainAttributes().getValue(JarWriter.MANIFEST_ENTRY_VULAS_MODIF) + != null; + final boolean sha1 = + this.originalManifest.getMainAttributes().getValue(JarWriter.MANIFEST_ENTRY_ORIG_SHA1) + != null; + return modif && sha1; + } + + /** + * Will be appended to the file name of re-written archives (if any). + * Must be called before "rewrite". + * + * @param _string a {@link java.lang.String} object. + */ + public void setClassifier(String _string) { + this.classifier = _string; + } + + /** + * Register a JarEntryWriter for a given pattern. + * + * @param _regex a {@link java.lang.String} object. + * @param _writer a {@link com.sap.psr.vulas.java.JarEntryWriter} object. + */ + public void register(String _regex, JarEntryWriter _writer) { + this.callbacks.put(Pattern.compile(_regex), _writer); + } + + /** + * @return + */ + private Manifest createModifiedManifest() { + final Manifest m = new Manifest(); + final Attributes atts = m.getMainAttributes(); + + // Put all the main attributes of the original JAR + if (this.originalManifest != null) { + for (Object key : this.originalManifest.getMainAttributes().keySet()) { + // Unless it is one to be skipped + if (!this.mfEntriesToSkip.contains(key.toString())) + atts.putValue( + key.toString(), this.originalManifest.getMainAttributes().getValue(key.toString())); + } + } + + // Put all the new entries + for (String key : this.mfEntriesToAdd.keySet()) { + atts.putValue(key, this.mfEntriesToAdd.get(key)); + } + + // Add vulas-specific ones + atts.putValue( + JarWriter.MANIFEST_ENTRY_VULAS_MODIF, + dateFormat.format(new Date(System.currentTimeMillis()))); + atts.putValue(JarWriter.MANIFEST_ENTRY_ORIG_SHA1, this.getSHA1()); + + return m; + } + + /** + * Returns the file name of the original JAR file. + * + * @return a {@link java.nio.file.Path} object. + */ + public Path getOriginalJarFileName() { + final Path complete_path = Paths.get(this.originalJar.getName()); + return complete_path.getFileName(); + } + + /** + * Returns the file name of the to-be-rewritten JAR. + * + * @return a {@link java.nio.file.Path} object. + */ + public Path getRewriteJarFileName() { + final Path complete_path = Paths.get(this.originalJar.getName()); + Path path = null; + + // Classifier exists, i.e., change file name + if (this.classifier != null) { + final String original_filename = this.getOriginalJarFileName().toString(); + String new_filename = null; + final int idx = original_filename.lastIndexOf('.'); + if (idx != -1) + new_filename = + original_filename.substring(0, idx) + + "-" + + this.classifier + + original_filename.substring(idx); + else new_filename = original_filename + "-" + this.classifier; + path = Paths.get(new_filename); + } + // Use original file name + else { + path = complete_path.getFileName(); + } + + return path; + } + + /** + *

addFiles.

+ * + * @param _target_dir a {@link java.lang.String} object. + * @param _paths a {@link java.util.Set} object. + * @param _overwrite a boolean. + */ + public void addFiles(String _target_dir, Set _paths, boolean _overwrite) { + for (Path p : _paths) this.addFile(_target_dir, p, _overwrite); + } + + /** + *

addFile.

+ * + * @param _target_dir a {@link java.lang.String} object. + * @param _path a {@link java.nio.file.Path} object. + * @param _overwrite a boolean. + */ + public void addFile(String _target_dir, Path _path, boolean _overwrite) { + String entry_name = null; + if (_target_dir == null) entry_name = _path.getFileName().toString(); + else + entry_name = + _target_dir + + (_target_dir.equals("") || _target_dir.endsWith("/") ? "" : "/") + + _path.getFileName(); + + if (!this.hasEntry(entry_name) || _overwrite) this.additionalFiles.put(entry_name, _path); + } + + /** + *

hasEntry.

+ * + * @param _entry_name a {@link java.lang.String} object. + * @return a boolean. + */ + public boolean hasEntry(String _entry_name) { + boolean has = false; + final Enumeration en = this.originalJar.entries(); + JarEntry entry = null; + while (en.hasMoreElements()) { + entry = en.nextElement(); + if (entry.getName().equals(_entry_name)) { + has = true; + break; + } + } + return has; + } + + /** + * The rewritten JAR file. Must be called after "rewrite". If rewrite is called multiple times, this method + * only returns the last rewritten JAR file. + * + * @return a {@link java.io.File} object. + */ + public File getRewrittenJarFile() { + return this.rewrittenFile; + } + + /** + * Rewrites the JAR into the directory specified by argument _todir. If _todir is equal to null, + * the JAR will be rewritten to a temporary directory. If the target JAR already exists, it will + * not be written (see {@link JarWriter#getRewriteJarFileName()}). + * See here: http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html + * + * @throws com.sap.psr.vulas.java.JarAnalysisException + * @param _todir a {@link java.nio.file.Path} object. + * @return a {@link java.nio.file.Path} object. + */ + public Path rewrite(Path _todir) throws JarAnalysisException { + // Target dir + Path dir = _todir; + + // Callback logic + Matcher matcher = null; + + // Loop all entries of the old JAR + JarEntry old_entry = null, new_entry = null; + + try { + if (dir == null) dir = java.nio.file.Files.createTempDirectory("rewritten_jar_"); + this.rewrittenFile = + Paths.get(dir.toString(), this.getRewriteJarFileName().toString()).toFile(); + + if (this.rewrittenFile.exists()) { + JarWriter.log.info( + "The target [" + this.rewrittenFile + "] already exists, skip rewriting"); + } else { + final FileOutputStream fos = new FileOutputStream(this.rewrittenFile); + final JarOutputStream jos = new JarOutputStream(fos, this.createModifiedManifest()); + InputStream is = null; + byte[] bytes = new byte[1024]; + int bytes_read = 0; + + final Enumeration en = this.originalJar.entries(); + String class_name = null; + JavaId jid = null; + Set jids = new HashSet(); + + // Remember all JAR entries written to the new JAR, so that we do not create duplicate + // entries + // Example of a duplicate entry: Location.class in xmlbeans-2.6.0.jar + Set written_jar_entries = new HashSet(); + + while (en.hasMoreElements()) { + old_entry = en.nextElement(); + + // The input stream used for writing the entries + is = null; + + // Check whether we already write an entry with this name + if (written_jar_entries.contains(old_entry.getName())) continue; + + // Ignore the original manifest (we built a new one with certain vulas-specific + // attributes) + if (old_entry.getName().equals("META-INF/MANIFEST.MF")) continue; + + // Ignore signature related files (-> + // http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Signed_JAR_File) + if (old_entry.getName().startsWith("META-INF/") + && (old_entry.getName().toLowerCase().endsWith(".sf") + || old_entry.getName().toLowerCase().endsWith(".dsa") + || old_entry.getName().toLowerCase().endsWith(".rsa"))) continue; + + // Loop registered JarEntryWriters to see if any matches (take the input stream from the + // first match) + for (Pattern pattern : this.callbacks.keySet()) { + matcher = pattern.matcher(old_entry.getName()); + if (matcher.matches()) { + is = this.callbacks.get(pattern).getInputStream(pattern.toString(), old_entry); + } + } + + // If null, take the original file + if (is == null) is = this.originalJar.getInputStream(old_entry); + + // Debug information regarding specific attributes + if (old_entry.getAttributes() != null) + JarWriter.log.debug( + this.toString() + ": Entry [" + old_entry.getName() + "] has specific attributes"); + + // Write the entry to the modified JAR + new_entry = new JarEntry(old_entry.getName()); + jos.putNextEntry(new_entry); + while ((bytes_read = is.read(bytes)) != -1) jos.write(bytes, 0, bytes_read); + + // is.close(); + jos.closeEntry(); + + // Remember we wrote it + written_jar_entries.add(new_entry.getName()); + } + + // Add additional files + for (String key : this.additionalFiles.keySet()) { + if (this.additionalFiles.get(key).toFile().exists()) { + new_entry = new JarEntry(key); + jos.putNextEntry(new_entry); + is = new FileInputStream(this.additionalFiles.get(key).toFile()); + while ((bytes_read = is.read(bytes)) != -1) jos.write(bytes, 0, bytes_read); + is.close(); + jos.closeEntry(); + } + } + + jos.flush(); + jos.close(); + this.originalJar.close(); + + // + old_entry = null; + JarWriter.log.info( + "[" + this.originalJar.getName() + "] rewritten to [" + this.rewrittenFile + "]"); + } + } catch (Exception ioe) { + if (old_entry != null) + throw new JarAnalysisException( + "Error while writing JAR entry [" + + old_entry.getName() + + "] to modified JAR [" + + this.rewrittenFile + + "]: " + + ioe.getMessage(), + ioe); + else + throw new JarAnalysisException( + "Error while writing modified JAR: " + ioe.getMessage(), ioe); + } + return this.rewrittenFile.toPath(); + } + + /** + *

appendToClasspath.

+ * + * @param _classpath a {@link java.util.Set} object. + * @param _to_append a {@link java.util.Set} object. + * @param _preprocess a boolean. + */ + public static final void appendToClasspath( + Set _classpath, Set _to_append, boolean _preprocess) { + for (Path p : _to_append) appendToClasspath(_classpath, p, _preprocess); + } + + /** + * Appends the given {@link Path} to the given set. In case of Java archives, it is checked whether it contains + * a manifest entry "Class-Path", in which case the archive is re-written to a temporary file w/o this entry. + * The method returns the path that has been appended, which is identical to the given path unless an archive + * has been rewritten. + * + * TODO: Maybe add a parameter to specify problematic entries, rather than hardcoding "Class-Path" here. + * + * @param _classpath a {@link java.util.Set} object. + * @param _to_append a {@link java.nio.file.Path} object. + * @param _preprocess a boolean. + * @return a {@link java.nio.file.Path} object. + */ + public static final Path appendToClasspath( + Set _classpath, Path _to_append, boolean _preprocess) { + Path appended_path = _to_append; + + // Add w/o preprocessing + if (!_preprocess || _to_append.toFile().isDirectory()) { + _classpath.add(_to_append); + } + // Add after preprocessing (if needed) + else { + try { + // Create a new Jar Writer + final JarWriter jw = new JarWriter(_to_append); + + // Class-Path manifest entry is present: Rewrite JAR and append + if (jw.hasManifestEntry("Class-Path")) { + jw.skipManifestEntry("Class-Path"); + jw.setClassifier(jw.getSHA1()); + appended_path = jw.rewrite(VulasConfiguration.getGlobal().getTmpDir()); + _classpath.add(appended_path); + } + // Entry not present: Just add to classpath + else { + JarWriter.log.info( + "Rewriting not necessary, original JAR [" + _to_append + "] appended to classpath"); + _classpath.add(_to_append); + } + } + // Add original JAR in case of exception + catch (Exception e) { + _classpath.add(_to_append); + JarWriter.log.error( + "Error while preprocessing JAR [" + + _to_append + + "], original JAR appended to classpath: " + + e.getMessage()); + } + } + + return appended_path; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassId.java index 9c709732e..ab8904230 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassId.java @@ -21,132 +21,131 @@ import com.sap.psr.vulas.ConstructId; - /** * Identifies a Java class (normal or nested). */ public class JavaClassId extends JavaId { - - private JavaId declarationContext = null; - private String className = null; - - /** - * Constructor for creating the identifier of a nested class. - * - * @param _declaration_ctx a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _simple_name a {@link java.lang.String} object. - */ - public JavaClassId(JavaId _declaration_ctx, String _simple_name) { - //super( (_declaration_ctx.getType().equals(JavaId.Type.PACKAGE) ? JavaId.Type.CLASS : JavaId.Type.NESTED_CLASS) ); - super( JavaId.Type.CLASS ); - this.declarationContext = _declaration_ctx; - this.className = _simple_name; - } - - /** - *

isNestedClass.

- * - * @return a boolean. - */ - public boolean isNestedClass() { - return this.declarationContext!=null && !this.declarationContext.getType().equals(JavaId.Type.PACKAGE); - } - - /** - * {@inheritDoc} - * - * Returns the fully qualified class name, i.e., including the name of the package in which the class is defined. - */ - @Override - public String getQualifiedName() { - final StringBuilder builder = new StringBuilder(); - if(this.declarationContext!=null) { - final String prefix = this.declarationContext.getQualifiedName(); - builder.append(prefix); // Empty string in case of default package - // Outer class - if(!this.isNestedClass()) { - if(!prefix.equals("")) // Could also use JavaPackageId.isDefaultPackage - builder.append("."); - } - // Inner class - else { - if(!prefix.equals("")) // Should probably never happen - builder.append("$"); - } - } - builder.append(this.className); - return builder.toString(); - } - - /** - * {@inheritDoc} - * - * Returns a class name that is unique within the package in which the class is defined. - * In case of nested classes, the names of parent classes will be included (e.g., OuterClass$InnerClass). - * @return the class name including the names of parent classes (if any) - */ - @Override - public String getName() { - if(this.declarationContext!=null) { - if(!this.isNestedClass()) - return this.className; - else - return this.declarationContext.getName() + "$" + this.className; - } else { - return this.className; - } - } - - /** - * {@inheritDoc} - * - * Returns the class name without considering any context. - * @return the simple class name w/o context information - */ - @Override - public String getSimpleName() { return this.className; } - - /** - * {@inheritDoc} - * - * Returns the name of the Java package in which the class or nested class is defined. Returns null if a class is defined outside of a package. - * @return a Java package name - */ - @Override - public ConstructId getDefinitionContext() { - return this.declarationContext; - //return this.getJavaPackageId(); - } - - /** - * {@inheritDoc} - * - * Returns the Java package in the context of which the construct is defined. - */ - @Override - public JavaPackageId getJavaPackageId() { - if(this.isNestedClass()) - return this.declarationContext.getJavaPackageId(); - else - return (JavaPackageId)this.declarationContext; - } - - /** - *

getClassInit.

- * - * @return a {@link com.sap.psr.vulas.java.JavaClassInit} object. - */ - public JavaClassInit getClassInit() { - return new JavaClassInit(this); - } - - /** - *

isTestClass.

- * - * @return a boolean. - */ - public boolean isTestClass() { - return this.className.toLowerCase().startsWith("test") || this.className.toLowerCase().endsWith("test"); - } - + + private JavaId declarationContext = null; + private String className = null; + + /** + * Constructor for creating the identifier of a nested class. + * + * @param _declaration_ctx a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _simple_name a {@link java.lang.String} object. + */ + public JavaClassId(JavaId _declaration_ctx, String _simple_name) { + // super( (_declaration_ctx.getType().equals(JavaId.Type.PACKAGE) ? JavaId.Type.CLASS : + // JavaId.Type.NESTED_CLASS) ); + super(JavaId.Type.CLASS); + this.declarationContext = _declaration_ctx; + this.className = _simple_name; + } + + /** + *

isNestedClass.

+ * + * @return a boolean. + */ + public boolean isNestedClass() { + return this.declarationContext != null + && !this.declarationContext.getType().equals(JavaId.Type.PACKAGE); + } + + /** + * {@inheritDoc} + * + * Returns the fully qualified class name, i.e., including the name of the package in which the class is defined. + */ + @Override + public String getQualifiedName() { + final StringBuilder builder = new StringBuilder(); + if (this.declarationContext != null) { + final String prefix = this.declarationContext.getQualifiedName(); + builder.append(prefix); // Empty string in case of default package + // Outer class + if (!this.isNestedClass()) { + if (!prefix.equals("")) // Could also use JavaPackageId.isDefaultPackage + builder.append("."); + } + // Inner class + else { + if (!prefix.equals("")) // Should probably never happen + builder.append("$"); + } + } + builder.append(this.className); + return builder.toString(); + } + + /** + * {@inheritDoc} + * + * Returns a class name that is unique within the package in which the class is defined. + * In case of nested classes, the names of parent classes will be included (e.g., OuterClass$InnerClass). + * @return the class name including the names of parent classes (if any) + */ + @Override + public String getName() { + if (this.declarationContext != null) { + if (!this.isNestedClass()) return this.className; + else return this.declarationContext.getName() + "$" + this.className; + } else { + return this.className; + } + } + + /** + * {@inheritDoc} + * + * Returns the class name without considering any context. + * @return the simple class name w/o context information + */ + @Override + public String getSimpleName() { + return this.className; + } + + /** + * {@inheritDoc} + * + * Returns the name of the Java package in which the class or nested class is defined. Returns null if a class is defined outside of a package. + * @return a Java package name + */ + @Override + public ConstructId getDefinitionContext() { + return this.declarationContext; + // return this.getJavaPackageId(); + } + + /** + * {@inheritDoc} + * + * Returns the Java package in the context of which the construct is defined. + */ + @Override + public JavaPackageId getJavaPackageId() { + if (this.isNestedClass()) return this.declarationContext.getJavaPackageId(); + else return (JavaPackageId) this.declarationContext; + } + + /** + *

getClassInit.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaClassInit} object. + */ + public JavaClassInit getClassInit() { + return new JavaClassInit(this); + } + + /** + *

isTestClass.

+ * + * @return a boolean. + */ + public boolean isTestClass() { + return this.className.toLowerCase().startsWith("test") + || this.className.toLowerCase().endsWith("test"); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassInit.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassInit.java index af04d49be..c2502356a 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassInit.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaClassInit.java @@ -27,59 +27,72 @@ */ public class JavaClassInit extends JavaId { - /** Constant NAME="<clinit>" */ - public static final String NAME = ""; - private JavaClassId classContext = null; - - /** - *

Constructor for JavaClassInit.

- * - * @param _c a {@link com.sap.psr.vulas.java.JavaClassId} object. - */ - protected JavaClassInit(JavaClassId _c) { - super(JavaId.Type.CLASSINIT); - this.classContext = _c; - } + /** Constant NAME="<clinit>" */ + public static final String NAME = ""; - /** - *

getJavaClassContext.

- * - * @return a {@link com.sap.psr.vulas.java.JavaClassId} object. - */ - public JavaClassId getJavaClassContext() { return this.classContext; } - - /** - *

getQualifiedName.

- * - * @return a {@link java.lang.String} object. - */ - public String getQualifiedName() { return classContext.getQualifiedName() + "." + JavaClassInit.NAME; } + private JavaClassId classContext = null; - /** - * Returns <clinit>. - * - * @return a {@link java.lang.String} object. - */ - public String getName() { return JavaClassInit.NAME; } - - /** - * Returns <clinit>. - * - * @return a {@link java.lang.String} object. - */ - public String getSimpleName() { return JavaClassInit.NAME; } - - /** - *

getDefinitionContext.

- * - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getDefinitionContext() { return this.classContext; } - - /** - *

getJavaPackageId.

- * - * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. - */ - public JavaPackageId getJavaPackageId() { return this.classContext.getJavaPackageId(); } + /** + *

Constructor for JavaClassInit.

+ * + * @param _c a {@link com.sap.psr.vulas.java.JavaClassId} object. + */ + protected JavaClassInit(JavaClassId _c) { + super(JavaId.Type.CLASSINIT); + this.classContext = _c; + } + + /** + *

getJavaClassContext.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaClassId} object. + */ + public JavaClassId getJavaClassContext() { + return this.classContext; + } + + /** + *

getQualifiedName.

+ * + * @return a {@link java.lang.String} object. + */ + public String getQualifiedName() { + return classContext.getQualifiedName() + "." + JavaClassInit.NAME; + } + + /** + * Returns <clinit>. + * + * @return a {@link java.lang.String} object. + */ + public String getName() { + return JavaClassInit.NAME; + } + + /** + * Returns <clinit>. + * + * @return a {@link java.lang.String} object. + */ + public String getSimpleName() { + return JavaClassInit.NAME; + } + + /** + *

getDefinitionContext.

+ * + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getDefinitionContext() { + return this.classContext; + } + + /** + *

getJavaPackageId.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. + */ + public JavaPackageId getJavaPackageId() { + return this.classContext.getJavaPackageId(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaConstructorId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaConstructorId.java index 534c02863..49c1fd3d2 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaConstructorId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaConstructorId.java @@ -28,79 +28,95 @@ */ public class JavaConstructorId extends JavaId { - private JavaId context = null; - private List parameterTypes = null; - - /** - *

Constructor for JavaConstructorId.

- * - * @param _simple_name a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _parameter_types a {@link java.util.List} object. - */ - public JavaConstructorId(JavaId _simple_name, List _parameter_types) { - super(JavaId.Type.CONSTRUCTOR); - this.context = _simple_name; - this.parameterTypes = _parameter_types; - } - - /** - * Returns the definition context, which can be a class or enum. - * Due to the bad naming, rather use {@link JavaMethodId#getDefinitionContext()}. - * - * @return a {@link com.sap.psr.vulas.java.JavaId} object. - */ - @Deprecated - public JavaId getJavaClassContext() { return this.context; } - - /** - * Returns the fully qualified constructor name, including package and (unqualified) parameter types. - * Example: test.package.TestClass(int) - * - * @return a {@link java.lang.String} object. - */ - public String getQualifiedName() { return context.getQualifiedName() + JavaId.parameterTypesToString(this.parameterTypes, true); } - - /** - * Returns the constructor name, which is equal to the class name, plus the (unqualified) parameter types in brackets. - * Example: TestClass(int) - * - * @return a {@link java.lang.String} object. - */ - public String getName() { return this.context.getSimpleName() + JavaId.parameterTypesToString(this.parameterTypes, true); } - - /** - * Returns the simple constructor name, which is equal to the class name. - * Example: Test - * - * @return a {@link java.lang.String} object. - */ - public String getSimpleName() { return this.context.getSimpleName(); } - - /** - *

getDefinitionContext.

- * - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getDefinitionContext() { return this.context; } - - /** - *

getJavaPackageId.

- * - * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. - */ - public JavaPackageId getJavaPackageId() { return this.context.getJavaPackageId(); } - - /** - *

getConstructorIdParams.

- * - * @return a {@link java.lang.String} object. - */ - public String getConstructorIdParams() { return JavaId.parameterTypesToString(this.parameterTypes); } - - /** - * Returns true if the constructor has parameters, false otherwise. - * - * @return a boolean. - */ - public boolean hasParams() { return this.parameterTypes!=null && this.parameterTypes.size()>0; } + private JavaId context = null; + private List parameterTypes = null; + + /** + *

Constructor for JavaConstructorId.

+ * + * @param _simple_name a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _parameter_types a {@link java.util.List} object. + */ + public JavaConstructorId(JavaId _simple_name, List _parameter_types) { + super(JavaId.Type.CONSTRUCTOR); + this.context = _simple_name; + this.parameterTypes = _parameter_types; + } + + /** + * Returns the definition context, which can be a class or enum. + * Due to the bad naming, rather use {@link JavaMethodId#getDefinitionContext()}. + * + * @return a {@link com.sap.psr.vulas.java.JavaId} object. + */ + @Deprecated + public JavaId getJavaClassContext() { + return this.context; + } + + /** + * Returns the fully qualified constructor name, including package and (unqualified) parameter types. + * Example: test.package.TestClass(int) + * + * @return a {@link java.lang.String} object. + */ + public String getQualifiedName() { + return context.getQualifiedName() + JavaId.parameterTypesToString(this.parameterTypes, true); + } + + /** + * Returns the constructor name, which is equal to the class name, plus the (unqualified) parameter types in brackets. + * Example: TestClass(int) + * + * @return a {@link java.lang.String} object. + */ + public String getName() { + return this.context.getSimpleName() + JavaId.parameterTypesToString(this.parameterTypes, true); + } + + /** + * Returns the simple constructor name, which is equal to the class name. + * Example: Test + * + * @return a {@link java.lang.String} object. + */ + public String getSimpleName() { + return this.context.getSimpleName(); + } + + /** + *

getDefinitionContext.

+ * + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getDefinitionContext() { + return this.context; + } + + /** + *

getJavaPackageId.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. + */ + public JavaPackageId getJavaPackageId() { + return this.context.getJavaPackageId(); + } + + /** + *

getConstructorIdParams.

+ * + * @return a {@link java.lang.String} object. + */ + public String getConstructorIdParams() { + return JavaId.parameterTypesToString(this.parameterTypes); + } + + /** + * Returns true if the constructor has parameters, false otherwise. + * + * @return a boolean. + */ + public boolean hasParams() { + return this.parameterTypes != null && this.parameterTypes.size() > 0; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaEnumId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaEnumId.java index 2f4a8edff..b09738df0 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaEnumId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaEnumId.java @@ -21,100 +21,98 @@ import com.sap.psr.vulas.ConstructId; - /** * Identifies a Java enum. */ public class JavaEnumId extends JavaId { - - private JavaId declarationContext = null; - private String enumName = null; - - /** - * Constructor for creating the identifier of an enum. - * - * @param _declaration_ctx a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _simple_name a {@link java.lang.String} object. - */ - public JavaEnumId(JavaId _declaration_ctx, String _simple_name) { - super(JavaId.Type.ENUM); - this.declarationContext = _declaration_ctx; - this.enumName = _simple_name; - } - - /** - * Returns true if the enum is not directly declared within a package, but within another construct like a class or interface. - * - * @return a boolean. - */ - public boolean isNested() { - return this.declarationContext!=null && !this.declarationContext.getType().equals(JavaId.Type.PACKAGE); - } - - /** - * {@inheritDoc} - * - * Returns the fully qualified class name, i.e., including the name of the package in which the class is defined. - */ - @Override - public String getQualifiedName() { - if(this.declarationContext!=null) { - if(!this.isNested()) - return this.declarationContext.getQualifiedName() + "." + this.enumName; - else - return this.declarationContext.getQualifiedName() + "$" + this.enumName; - } else { - return this.enumName; - } - } - - /** - * {@inheritDoc} - * - * Returns a class name that is unique within the package in which the class is defined. - * In case of nested classes, the names of parent classes will be included (e.g., OuterClass$InnerClass). - * @return the class name including the names of parent classes (if any) - */ - @Override - public String getName() { - if(this.declarationContext!=null) { - if(!this.isNested()) - return this.enumName; - else - return this.declarationContext.getName() + "$" + this.enumName; - } else { - return this.enumName; - } - } - - /** - * {@inheritDoc} - * - * Returns the class name without considering any context. - * @return the simple class name w/o context information - */ - @Override - public String getSimpleName() { return this.enumName; } - - /** - * {@inheritDoc} - * - * Returns the name of the Java package in which the class or nested class is defined. Returns null if a class is defined outside of a package. - * @return a Java package name - */ - @Override - public ConstructId getDefinitionContext() { return this.getJavaPackageId(); } - - /** - * {@inheritDoc} - * - * Returns the Java package in the context of which the construct is defined. - */ - @Override - public JavaPackageId getJavaPackageId() { - if(this.isNested()) - return this.declarationContext.getJavaPackageId(); - else - return (JavaPackageId)this.declarationContext; - } + + private JavaId declarationContext = null; + private String enumName = null; + + /** + * Constructor for creating the identifier of an enum. + * + * @param _declaration_ctx a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _simple_name a {@link java.lang.String} object. + */ + public JavaEnumId(JavaId _declaration_ctx, String _simple_name) { + super(JavaId.Type.ENUM); + this.declarationContext = _declaration_ctx; + this.enumName = _simple_name; + } + + /** + * Returns true if the enum is not directly declared within a package, but within another construct like a class or interface. + * + * @return a boolean. + */ + public boolean isNested() { + return this.declarationContext != null + && !this.declarationContext.getType().equals(JavaId.Type.PACKAGE); + } + + /** + * {@inheritDoc} + * + * Returns the fully qualified class name, i.e., including the name of the package in which the class is defined. + */ + @Override + public String getQualifiedName() { + if (this.declarationContext != null) { + if (!this.isNested()) return this.declarationContext.getQualifiedName() + "." + this.enumName; + else return this.declarationContext.getQualifiedName() + "$" + this.enumName; + } else { + return this.enumName; + } + } + + /** + * {@inheritDoc} + * + * Returns a class name that is unique within the package in which the class is defined. + * In case of nested classes, the names of parent classes will be included (e.g., OuterClass$InnerClass). + * @return the class name including the names of parent classes (if any) + */ + @Override + public String getName() { + if (this.declarationContext != null) { + if (!this.isNested()) return this.enumName; + else return this.declarationContext.getName() + "$" + this.enumName; + } else { + return this.enumName; + } + } + + /** + * {@inheritDoc} + * + * Returns the class name without considering any context. + * @return the simple class name w/o context information + */ + @Override + public String getSimpleName() { + return this.enumName; + } + + /** + * {@inheritDoc} + * + * Returns the name of the Java package in which the class or nested class is defined. Returns null if a class is defined outside of a package. + * @return a Java package name + */ + @Override + public ConstructId getDefinitionContext() { + return this.getJavaPackageId(); + } + + /** + * {@inheritDoc} + * + * Returns the Java package in the context of which the construct is defined. + */ + @Override + public JavaPackageId getJavaPackageId() { + if (this.isNested()) return this.declarationContext.getJavaPackageId(); + else return (JavaPackageId) this.declarationContext; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaFileAnalyzer2.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaFileAnalyzer2.java index 59e6f3826..ec815013c 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaFileAnalyzer2.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaFileAnalyzer2.java @@ -23,7 +23,6 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.io.OutputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.io.BufferedInputStream; @@ -48,7 +47,6 @@ import org.antlr.v4.runtime.tree.ParseTreeWalker; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; @@ -66,688 +64,733 @@ */ public class JavaFileAnalyzer2 extends JavaParserBaseListener implements FileAnalyzer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** - * All Java constructs found in the given Java file, created through visiting relevant nodes of the ANTLR parse tree. - * The values are return by {@link #getConstructs()}. Java enums and interfaces are ignored, as they rarely contain - * executable code. - */ - private Map constructs = null; - - private ANTLRInputStream input = null; - - /** The file to be analyzed. */ - private File file = null; - - /** - * Package, class, enum and interface declarations found while parsing a Java source file. - * The topmost element will be used as declaration context of methods and constructors. - */ - private final ContextStack contextStack = new ContextStack(); - - /** Used for the construction of nested named and anonynous classes. */ - private final ConstructIdBuilder constructIdBuilder = new ConstructIdBuilder(); - - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { - return new String[] { "java" }; - } - - /** {@inheritDoc} */ - @Override - public boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - this.setFile(_file); - } - - /** - *

Setter for the field file.

- * - * @param _file a {@link java.io.File} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void setFile(File _file) throws IllegalArgumentException { - final String ext = FileUtil.getFileExtension(_file); - if(!ext.equals("java")) - throw new IllegalArgumentException("Expected a java file but got [" + _file + "]"); - if(!FileUtil.isAccessibleFile(_file.toPath())) - throw new IllegalArgumentException("Cannot open file [" + _file + "]"); - this.file = _file; - } - - /** - * Creates and adds a new {@link Construct} to the set of constructs found in the analyzed file. - * This method is called during the various visitor methods inherited from {@link JavaBaseListener}. - * @param _id - * @param _body - */ - private void saveConstruct(ConstructId _id, String _body) { - try { - final Construct c = new Construct(_id, _body); - this.constructs.put(_id, c); - JavaFileAnalyzer2.log.debug("Added " + c.getId()); - } catch (IllegalArgumentException e) { - JavaFileAnalyzer2.log.error(e); - } - } - - /** {@inheritDoc} */ - @Override - public void enterPackageDeclaration(@NotNull JavaParser.PackageDeclarationContext ctx) { - // Create JavaId - final JavaPackageId id = new JavaPackageId(ctx.getChild(1).getText()); - - // Add to the stack - this.contextStack.push(id); - - // Create the construct - this.saveConstruct(id, ctx.getParent().getText()); - } - - /** - * {@inheritDoc} - * - * Enums are added to {@link #constructs}. - */ - @Override - public void enterEnumDeclaration(@NotNull JavaParser.EnumDeclarationContext ctx) { - // Create JavaId and push to the stack - final ContextStackEntry cse = this.contextStack.peek(); - final JavaId decl_ctx = ( cse==null ? JavaPackageId.DEFAULT_PACKAGE : (JavaId)cse.getConstructId() ); - final JavaId id = new JavaEnumId(decl_ctx, ctx.IDENTIFIER().getText()); - this.contextStack.push(id); - this.saveConstruct(id, this.getConstructContent(ctx)); - } - - /** {@inheritDoc} */ - @Override - public void exitEnumDeclaration(@NotNull JavaParser.EnumDeclarationContext ctx) { - final JavaId id = (JavaId)this.contextStack.pop().getConstructId(); - this.isOfExpectedType(id, new JavaId.Type[] { JavaId.Type.ENUM }, true); - } - - /** - * {@inheritDoc} - * - * Interfaces are not added to {@link #constructs}. - */ - @Override - public void enterInterfaceDeclaration(@NotNull JavaParser.InterfaceDeclarationContext ctx) { - // Create JavaId and push to the stack - final ContextStackEntry cse = this.contextStack.peek(); - final JavaId decl_ctx = ( cse==null ? JavaPackageId.DEFAULT_PACKAGE : (JavaId)cse.getConstructId() ); - final JavaId id = new JavaInterfaceId(decl_ctx, ctx.IDENTIFIER().getText()); - this.contextStack.push(id); - } - - /** {@inheritDoc} */ - @Override - public void exitInterfaceDeclaration(@NotNull JavaParser.InterfaceDeclarationContext ctx) { - final JavaId id = (JavaId)this.contextStack.pop().getConstructId(); - this.isOfExpectedType(id, new JavaId.Type[] { JavaId.Type.INTERFACE }, true); - } - - /** {@inheritDoc} */ - @Override - public void enterClassDeclaration(@NotNull JavaParser.ClassDeclarationContext ctx) { - // Remember the declaration context (needed for the handling of anon. classes in enterClassBody) - this.constructIdBuilder.setCurrentDeclarationContext(ctx.IDENTIFIER().getText()); - } - - /** {@inheritDoc} */ - @Override - public void exitClassDeclaration(@NotNull JavaParser.ClassDeclarationContext ctx) {} - - /** {@inheritDoc} */ - @Override - public void enterClassBody(@NotNull JavaParser.ClassBodyContext ctx) { - // Create JavaId and push to the stack - final JavaId id = (JavaClassId) this.constructIdBuilder.buildJavaClassId(); - this.contextStack.push(id); - this.saveConstruct(id, this.getConstructContent(ctx)); - - // Log anon classes - if(this.constructIdBuilder.isAnonymousClass()) - JavaFileAnalyzer2.log.debug(this.indent(this.contextStack.size()) + "Enter anon class body " + id.toString() + " " + this.printDeclarationStack()); - - this.constructIdBuilder.resetCurrentDeclarationContext(); - } - - /** {@inheritDoc} */ - @Override - public void exitClassBody(@NotNull JavaParser.ClassBodyContext ctx) { - final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); - this.isOfExpectedType(id, new JavaId.Type[] { JavaId.Type.CLASS }, true); - this.constructIdBuilder.resetCurrentDeclarationContext(); - } - - /** {@inheritDoc} */ - @Override - public void enterMethodDeclaration(@NotNull JavaParser.MethodDeclarationContext ctx) { - // Peek JavaId and ensure it is a class or enum - final JavaId class_ctx = (JavaId) this.contextStack.peek().getConstructId(); - this.isOfExpectedType(class_ctx, new JavaId.Type[] { JavaId.Type.CLASS, JavaId.Type.ENUM }, true); - - // Build the identifier - final JavaMethodId id = new JavaMethodId((JavaId) class_ctx, ctx.IDENTIFIER().getText(), - this.getParameters(ctx.formalParameters().formalParameterList())); - - this.contextStack.push(id); - this.saveConstruct(id, this.getConstructContent(ctx)); - } - - /** {@inheritDoc} */ - @Override - public void exitMethodDeclaration(com.sap.psr.vulas.java.antlr.JavaParser.MethodDeclarationContext ctx) { - final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); - } - - /** {@inheritDoc} */ - @Override - public void enterConstructorDeclaration(@NotNull JavaParser.ConstructorDeclarationContext ctx) { - // Peek JavaId and ensure it is a class or enum - final JavaId class_ctx = (JavaId) this.contextStack.peek().getConstructId(); - this.isOfExpectedType(class_ctx, new JavaId.Type[] { JavaId.Type.CLASS, JavaId.Type.ENUM }, true); - - // Build the identifier - final JavaId id = new JavaConstructorId((JavaId)class_ctx, - this.getParameters(ctx.formalParameters().formalParameterList())); - - this.contextStack.push(id); - this.saveConstruct(id, this.getConstructContent(ctx)); - } - - /** {@inheritDoc} */ - @Override - public void exitConstructorDeclaration(com.sap.psr.vulas.java.antlr.JavaParser.ConstructorDeclarationContext ctx) { - final JavaId id = (JavaId)this.contextStack.pop().getConstructId(); - } - - /** - * Retrieves content for constructs of type Method, Constructor and Class. - * @param ctx - ParseRuleContex - * @return Extracted construct Body - */ - private final String getConstructContent(ParserRuleContext ctx){ - final int a = ctx.start.getStartIndex(); - final int b = ctx.stop.getStopIndex(); - final Interval interval = new Interval(a,b); - final String text = this.input.getText(interval); - return text; - } - - private boolean isOfExpectedType(JavaId _jid, JavaId.Type[] _types, boolean _throw_exception) { - boolean is = true; - if(_jid==null || !Arrays.asList(_types).contains(_jid.getType())) { - is = false; - if(_throw_exception) { - JavaFileAnalyzer2.log.error("Expected [" + _types[0] + "], got " + _jid); - throw new IllegalStateException("Expected [" + _types[0] + "], got " + _jid); - } else { - JavaFileAnalyzer2.log.warn("Expected [" + _types[0] + "], got " + _jid); - } - is = false; - } - return is; - } - - /** - * Returns true if the construct stack only consists of classes. It allows skipping - * all declarations happening in enums and interfaces, nested or not. - */ - /*private boolean isClassDeclarationsOnly(ParserRuleContext _context) { - boolean is = true; - for(ContextStackEntry jid : this.contextStack.all()) { - if ( !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.PACKAGE) - && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.CLASS) - && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.METHOD) ) { - - // Get the name of the current declaration - String item = null; - if (_context instanceof JavaParser.ClassDeclarationContext) - item = "class [" + ((JavaParser.ClassDeclarationContext) _context).Identifier().getText() + "]"; - // else if (_context instanceof - // JavaParser.MethodDeclarationContext) - // item = "method [" + ((JavaParser.MethodDeclarationContext) - // _context).Identifier().getText() + "]"; - else if (_context instanceof JavaParser.ConstructorDeclarationContext) - item = "constructor [" - + ((JavaParser.ConstructorDeclarationContext) _context).Identifier().getText() + "]"; - else if (_context instanceof JavaParser.ClassBodyContext) - item = "classBody"; - -// if(_context instanceof JavaParser.ClassDeclarationContext) -// item = "class [" + ((JavaParser.ClassDeclarationContext)_context).Identifier().getText() + "]"; -// else if(_context instanceof JavaParser.MethodDeclarationContext) -// item = "method [" + ((JavaParser.MethodDeclarationContext)_context).Identifier().getText() + "]"; -// else if(_context instanceof JavaParser.ConstructorDeclarationContext) -// item = "constructor [" + ((JavaParser.ConstructorDeclarationContext)_context).Identifier().getText() + "]"; - - JavaFileAnalyzer2.log.info("Declaration of " + item + " will be skipped, it is inside a nested declarations including enums and/or interfaces"); - - is = false; - break; - } - } - return is; - }*/ - - /*private boolean isClassDeclarationsOnly(ParserRuleContext _context) { - boolean is = true; - for(ContextStackEntry jid : this.contextStack.all()) { - if ( !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.PACKAGE) - && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.CLASS) - && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.METHOD) ) { - - // Get the name of the current declaration - String item = null; - if (_context instanceof JavaParser.ClassDeclarationContext) - item = "class [" + ((JavaParser.ClassDeclarationContext) _context).Identifier().getText() + "]"; - // else if (_context instanceof - // JavaParser.MethodDeclarationContext) - // item = "method [" + ((JavaParser.MethodDeclarationContext) - // _context).Identifier().getText() + "]"; - else if (_context instanceof JavaParser.ConstructorDeclarationContext) - item = "constructor [" - + ((JavaParser.ConstructorDeclarationContext) _context).Identifier().getText() + "]"; - else if (_context instanceof JavaParser.ClassBodyContext) - item = "classBody"; - -// if(_context instanceof JavaParser.ClassDeclarationContext) -// item = "class [" + ((JavaParser.ClassDeclarationContext)_context).Identifier().getText() + "]"; -// else if(_context instanceof JavaParser.MethodDeclarationContext) -// item = "method [" + ((JavaParser.MethodDeclarationContext)_context).Identifier().getText() + "]"; -// else if(_context instanceof JavaParser.ConstructorDeclarationContext) -// item = "constructor [" + ((JavaParser.ConstructorDeclarationContext)_context).Identifier().getText() + "]"; - - JavaFileAnalyzer2.log.info("Declaration of " + item + " will be skipped, it is inside a nested declarations including enums and/or interfaces"); - - is = false; - break; - } - } - return is; - }*/ - private List getParameters(JavaParser.FormalParameterListContext _ctx) { - if(_ctx==null) return null; - else { - List l = new ArrayList(); - List list = _ctx.formalParameter(); - for(FormalParameterContext par_ctx: list) { - TypeTypeContext type_ctx = par_ctx.typeType(); - - String t = type_ctx.getText(); - - // Simply remove the parameterization of generic classes - // This is possible, as they do not matter in terms of method overloading - // Example: to methods foo(Set) and foo(Set) are not possible within one class - if((t.contains("<") || t.contains(">")) && t.indexOf("<") !=-1){ - t = t.substring(0, t.indexOf("<")); - } - - // Parameters of simple types (boolean, int, etc.) can be added as is - if(type_ctx.primitiveType()!=null) - l.add(t); //l.add(type_ctx.primitiveType().getText()); - // Parameters of complex types (class or interface) may or may not be specified using its qualified name (i.e., with its package). Since we cannot (easily) add the package information - // for those where the package is missing, we simply remove it for all of them (and do the same in the instrumentation). - else if(type_ctx.classOrInterfaceType()!=null) - l.add(JavaId.removePackageContext(t)); //l.add(JavaId.removePackageContext(type_ctx.classOrInterfaceType().getText())); - else - JavaFileAnalyzer2.log.error("Parameter " + par_ctx.variableDeclaratorId().getText() + " has unknown type"); - } - return l; - } - } - - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructs==null) { - try { - this.constructs = new TreeMap(); - final ByteArrayOutputStream baos = new ByteArrayOutputStream(); - try (final InputStream is2 = new BufferedInputStream(new FileInputStream(this.file))) { - int cc = -1; - while ((cc = is2.read()) >= 0) baos.write(cc); - } - baos.flush(); - this.input = new ANTLRInputStream(new ByteArrayInputStream(baos.toByteArray())); - JavaLexer lexer = new JavaLexer(input); - CommonTokenStream tokens = new CommonTokenStream(lexer); - JavaParser parser = new JavaParser(tokens); - CompilationUnitContext ctx = parser.compilationUnit(); - ParseTreeWalker walker = new ParseTreeWalker(); - walker.walk(this, ctx); - } catch (FileNotFoundException e) { - throw new FileAnalysisException(e.getMessage(), e); - } catch (RecognitionException e) { - throw new FileAnalysisException("ANTLR exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } catch (IOException e) { - throw new FileAnalysisException("I/O exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } catch (Exception e) { - throw new FileAnalysisException("Exception of type [" + e.getClass().getSimpleName() + "] while analyzing file [" + this.file.toPath().toAbsolutePath() + "]: " + e.getMessage(), e); - } - } - return this.constructs; - } - - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { return this.getConstructs().containsKey(_id); } - - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { return this.getConstructs().get(_id); } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { - return false; - } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { - return null; - } - - private final String indent(int _i) { - StringBuilder b = new StringBuilder(); - for (int i = 0; i < _i; i++) - b.append(": "); - return b.toString(); - } - - private String printDeclarationStack() { - final StringBuilder out = new StringBuilder().append("\t\t\t"); - for (ContextStackEntry jid : this.contextStack.all()) { - out.append(((JavaId) jid.getConstructId()).getType().toString() + " "); - } - return out.toString(); - } - - class ConstructIdBuilder { - - // class name as obtained from the enterClassDeclaration callback - // that callback is not called for anonymous classes, for which the - // member below stays 'null' - // (note: it's reset to null in enterClassBody) - private String declaredName = null; - - /** - * Used to give numeric names to anonymous inner classes. - */ - private Map anonymousClassCounters = new HashMap(); - - /** - * Used to prepend numeric values to named classes declared in methods. - */ - private Map> namedClassesCounter = new HashMap>(); - - public void setCurrentDeclarationContext(String name) { - this.declaredName = name; - } - - public String getDeclaredName() { - return this.declaredName; - } - - public void resetCurrentDeclarationContext() { - this.declaredName = null; - } - - /** - * Returns true if the class for which the name is about to be build is - * anonymous - * - * @return - */ - private boolean isAnonymousClass() { - return this.declaredName == null; - } - - /** - * Returns the current counter value for anonymous classes and increases the counter by one. - * @param id - * @return - */ - private Integer incrementAnonymousCounter(ConstructId id) { - Integer count = null; - - // Initialize if not done already - if(!this.anonymousClassCounters.containsKey(id)) - this.anonymousClassCounters.put(id, 1); - - // Current value - count = this.anonymousClassCounters.get(id); - - // Increase by one - this.anonymousClassCounters.put(id, count+1); - - return count; - } - - /** - * Returns the current counter value for named classes and increases the counter by one. - * @param id - * @return - */ - private Integer incrementNamedCounter(ConstructId id, String _class_name) { - Integer count = null; - Map name_counter = this.namedClassesCounter.get(id); - - // Initialize if necessary - if(name_counter==null) { - name_counter = new HashMap(); - this.namedClassesCounter.put(id, name_counter); - } - - // - if(!name_counter.containsKey(_class_name)) - name_counter.put(_class_name, 1); - - // Current value - count = name_counter.get(_class_name); - - // Increase by one - name_counter.put(_class_name, count+1); - - return count; - } - - /** - * Create a name for the construct at hand considering what containers - * are currently on the stack - * - * @param spaceId - * of the construct (the suffix to add to the container - * construct) - * @return - */ - public ConstructId buildJavaClassId() { - - final JavaId.Type[] cie = new JavaId.Type[] { JavaId.Type.CLASS, JavaId.Type.INTERFACE, JavaId.Type.ENUM }; - final JavaId.Type[] pcie = new JavaId.Type[] { JavaId.Type.PACKAGE, JavaId.Type.CLASS, JavaId.Type.INTERFACE, JavaId.Type.ENUM }; - - // Class name of the new class - final StringBuilder class_name = new StringBuilder(); - - // The context of the to-be-created class (can be PACK, CLASS, INTERFACE or ENUM), depending on the case - JavaId context = null; - final ContextStackEntry topmost_stack_entry = contextStack.peek(); - - // Named class - if(!this.isAnonymousClass()) { - - // In method - if (topmost_stack_entry!=null && ( (JavaId)topmost_stack_entry.getConstructId()).type.equals(JavaId.Type.METHOD)) { - // Get the context (class, interface or enum) - final ContextStackEntry cse = contextStack.peek(cie); - if(cse==null) { - throw new IllegalStateException("Named class [" + this.declaredName + "] w/o appropriate context"); - } - else { - // Get and increment name counter - context = (JavaId)cse.getConstructId(); - class_name.append(this.incrementNamedCounter(context, this.declaredName).toString() + this.declaredName); - } - } - - // In class - else { - // Get the context (pack, class, interface or enum) - final ContextStackEntry cse = contextStack.peek(pcie); - if(cse!=null) - context = (JavaId)cse.getConstructId(); - // Name is what we found in enterClassDeclaration - class_name.append(this.declaredName); - } - } - // Anon class - else { - // Fetch the parent (class, enum or interface) - final ContextStackEntry cse = contextStack.peek(cie); - if(cse==null) { - throw new IllegalStateException("Anonnymous class [" + this.declaredName + "] w/o appropriate context"); - } - else { - // Get and increment anon counter - context = (JavaId)cse.getConstructId(); - class_name.append(this.incrementAnonymousCounter(context).toString()); - } - } - - final ConstructId id = new JavaClassId(context, class_name.toString()); - return id; - } - } - - static class ContextStackEntry { - private ConstructId constructId = null; - private Map attributes = new HashMap(); - - public ContextStackEntry(ConstructId id) { - this.constructId = id; - } - - public ContextStackEntry(ConstructId id, Object key, Object value) { - this.constructId = id; - this.setAttribute(key, value); - } - - public ConstructId getConstructId() { - return this.constructId; - } - - public Object getAttribute(Object key) { - return this.attributes.get(key); - } - - public void setAttribute(Object key, Object value) { - this.attributes.put(key, value); - } - } - - static class ContextStack { - - /** - * Nested package, class, enum and interface declarations found while - * parsing a Java source file. The topmost element will be used as - * declaration context of methods and constructors. - */ - private Deque nestedDeclarationContexts = new ArrayDeque(); - - /** - * Return the topmost element (without removing it) - * - * @return - */ - public ContextStackEntry peek() { - return this.nestedDeclarationContexts.peek(); - } - - /** - * Gets the top-most element of a given types (without removing it). - * - * @param _t - * the type of context elements to consider - * @return - */ - public ContextStackEntry peek(JavaId.Type[] _t) { - final Iterator iterator = this.nestedDeclarationContexts.iterator(); - ContextStackEntry entry = null, result = null; - search: - while (iterator.hasNext()) { - entry = iterator.next(); - for(int i=0; i<_t.length; i++ ){ - if (((JavaId)entry.getConstructId()).getType().equals(_t[i])) { - result = entry; - break search; - } - } - } - return result; - } - - public void push(ConstructId id) { - this.nestedDeclarationContexts.push(new ContextStackEntry(id)); - } - - public void push(ContextStackEntry id) { - this.nestedDeclarationContexts.push(id); - } - - public ContextStackEntry pop() { - return this.nestedDeclarationContexts.pop(); - } - - // note: returns true if either the stack or the pattern is empty! - @Deprecated - public boolean headMatches(JavaId.Type[] pattern) { - boolean result = true; - int patternElementIndex = 0; - ContextStackEntry construct = null; - Iterator itr = this.iterator(); - - while (itr.hasNext() && patternElementIndex < pattern.length) { - - construct = itr.next(); - - if (!pattern[patternElementIndex].equals(((JavaId) construct.getConstructId()).type)) { - result = false; - break; - } else { - patternElementIndex++; - } - } - - return result; - } - - public int size() { - return this.nestedDeclarationContexts.size(); - } - - public Deque all() { - return this.nestedDeclarationContexts; - } - - public Iterator iterator() { - return this.nestedDeclarationContexts.iterator(); - } - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** + * All Java constructs found in the given Java file, created through visiting relevant nodes of the ANTLR parse tree. + * The values are return by {@link #getConstructs()}. Java enums and interfaces are ignored, as they rarely contain + * executable code. + */ + private Map constructs = null; + + private ANTLRInputStream input = null; + + /** The file to be analyzed. */ + private File file = null; + + /** + * Package, class, enum and interface declarations found while parsing a Java source file. + * The topmost element will be used as declaration context of methods and constructors. + */ + private final ContextStack contextStack = new ContextStack(); + + /** Used for the construction of nested named and anonynous classes. */ + private final ConstructIdBuilder constructIdBuilder = new ConstructIdBuilder(); + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"java"}; + } + + /** {@inheritDoc} */ + @Override + public boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + this.setFile(_file); + } + + /** + *

Setter for the field file.

+ * + * @param _file a {@link java.io.File} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void setFile(File _file) throws IllegalArgumentException { + final String ext = FileUtil.getFileExtension(_file); + if (!ext.equals("java")) + throw new IllegalArgumentException("Expected a java file but got [" + _file + "]"); + if (!FileUtil.isAccessibleFile(_file.toPath())) + throw new IllegalArgumentException("Cannot open file [" + _file + "]"); + this.file = _file; + } + + /** + * Creates and adds a new {@link Construct} to the set of constructs found in the analyzed file. + * This method is called during the various visitor methods inherited from {@link JavaBaseListener}. + * @param _id + * @param _body + */ + private void saveConstruct(ConstructId _id, String _body) { + try { + final Construct c = new Construct(_id, _body); + this.constructs.put(_id, c); + JavaFileAnalyzer2.log.debug("Added " + c.getId()); + } catch (IllegalArgumentException e) { + JavaFileAnalyzer2.log.error(e); + } + } + + /** {@inheritDoc} */ + @Override + public void enterPackageDeclaration(@NotNull JavaParser.PackageDeclarationContext ctx) { + // Create JavaId + final JavaPackageId id = new JavaPackageId(ctx.getChild(1).getText()); + + // Add to the stack + this.contextStack.push(id); + + // Create the construct + this.saveConstruct(id, ctx.getParent().getText()); + } + + /** + * {@inheritDoc} + * + * Enums are added to {@link #constructs}. + */ + @Override + public void enterEnumDeclaration(@NotNull JavaParser.EnumDeclarationContext ctx) { + // Create JavaId and push to the stack + final ContextStackEntry cse = this.contextStack.peek(); + final JavaId decl_ctx = + (cse == null ? JavaPackageId.DEFAULT_PACKAGE : (JavaId) cse.getConstructId()); + final JavaId id = new JavaEnumId(decl_ctx, ctx.IDENTIFIER().getText()); + this.contextStack.push(id); + this.saveConstruct(id, this.getConstructContent(ctx)); + } + + /** {@inheritDoc} */ + @Override + public void exitEnumDeclaration(@NotNull JavaParser.EnumDeclarationContext ctx) { + final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); + this.isOfExpectedType(id, new JavaId.Type[] {JavaId.Type.ENUM}, true); + } + + /** + * {@inheritDoc} + * + * Interfaces are not added to {@link #constructs}. + */ + @Override + public void enterInterfaceDeclaration(@NotNull JavaParser.InterfaceDeclarationContext ctx) { + // Create JavaId and push to the stack + final ContextStackEntry cse = this.contextStack.peek(); + final JavaId decl_ctx = + (cse == null ? JavaPackageId.DEFAULT_PACKAGE : (JavaId) cse.getConstructId()); + final JavaId id = new JavaInterfaceId(decl_ctx, ctx.IDENTIFIER().getText()); + this.contextStack.push(id); + } + + /** {@inheritDoc} */ + @Override + public void exitInterfaceDeclaration(@NotNull JavaParser.InterfaceDeclarationContext ctx) { + final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); + this.isOfExpectedType(id, new JavaId.Type[] {JavaId.Type.INTERFACE}, true); + } + + /** {@inheritDoc} */ + @Override + public void enterClassDeclaration(@NotNull JavaParser.ClassDeclarationContext ctx) { + // Remember the declaration context (needed for the handling of anon. classes in enterClassBody) + this.constructIdBuilder.setCurrentDeclarationContext(ctx.IDENTIFIER().getText()); + } + + /** {@inheritDoc} */ + @Override + public void exitClassDeclaration(@NotNull JavaParser.ClassDeclarationContext ctx) {} + + /** {@inheritDoc} */ + @Override + public void enterClassBody(@NotNull JavaParser.ClassBodyContext ctx) { + // Create JavaId and push to the stack + final JavaId id = (JavaClassId) this.constructIdBuilder.buildJavaClassId(); + this.contextStack.push(id); + this.saveConstruct(id, this.getConstructContent(ctx)); + + // Log anon classes + if (this.constructIdBuilder.isAnonymousClass()) + JavaFileAnalyzer2.log.debug( + this.indent(this.contextStack.size()) + + "Enter anon class body " + + id.toString() + + " " + + this.printDeclarationStack()); + + this.constructIdBuilder.resetCurrentDeclarationContext(); + } + + /** {@inheritDoc} */ + @Override + public void exitClassBody(@NotNull JavaParser.ClassBodyContext ctx) { + final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); + this.isOfExpectedType(id, new JavaId.Type[] {JavaId.Type.CLASS}, true); + this.constructIdBuilder.resetCurrentDeclarationContext(); + } + + /** {@inheritDoc} */ + @Override + public void enterMethodDeclaration(@NotNull JavaParser.MethodDeclarationContext ctx) { + // Peek JavaId and ensure it is a class or enum + final JavaId class_ctx = (JavaId) this.contextStack.peek().getConstructId(); + this.isOfExpectedType(class_ctx, new JavaId.Type[] {JavaId.Type.CLASS, JavaId.Type.ENUM}, true); + + // Build the identifier + final JavaMethodId id = + new JavaMethodId( + (JavaId) class_ctx, + ctx.IDENTIFIER().getText(), + this.getParameters(ctx.formalParameters().formalParameterList())); + + this.contextStack.push(id); + this.saveConstruct(id, this.getConstructContent(ctx)); + } + + /** {@inheritDoc} */ + @Override + public void exitMethodDeclaration( + com.sap.psr.vulas.java.antlr.JavaParser.MethodDeclarationContext ctx) { + final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); + } + + /** {@inheritDoc} */ + @Override + public void enterConstructorDeclaration(@NotNull JavaParser.ConstructorDeclarationContext ctx) { + // Peek JavaId and ensure it is a class or enum + final JavaId class_ctx = (JavaId) this.contextStack.peek().getConstructId(); + this.isOfExpectedType(class_ctx, new JavaId.Type[] {JavaId.Type.CLASS, JavaId.Type.ENUM}, true); + + // Build the identifier + final JavaId id = + new JavaConstructorId( + (JavaId) class_ctx, this.getParameters(ctx.formalParameters().formalParameterList())); + + this.contextStack.push(id); + this.saveConstruct(id, this.getConstructContent(ctx)); + } + + /** {@inheritDoc} */ + @Override + public void exitConstructorDeclaration( + com.sap.psr.vulas.java.antlr.JavaParser.ConstructorDeclarationContext ctx) { + final JavaId id = (JavaId) this.contextStack.pop().getConstructId(); + } + + /** + * Retrieves content for constructs of type Method, Constructor and Class. + * @param ctx - ParseRuleContex + * @return Extracted construct Body + */ + private final String getConstructContent(ParserRuleContext ctx) { + final int a = ctx.start.getStartIndex(); + final int b = ctx.stop.getStopIndex(); + final Interval interval = new Interval(a, b); + final String text = this.input.getText(interval); + return text; + } + + private boolean isOfExpectedType(JavaId _jid, JavaId.Type[] _types, boolean _throw_exception) { + boolean is = true; + if (_jid == null || !Arrays.asList(_types).contains(_jid.getType())) { + is = false; + if (_throw_exception) { + JavaFileAnalyzer2.log.error("Expected [" + _types[0] + "], got " + _jid); + throw new IllegalStateException("Expected [" + _types[0] + "], got " + _jid); + } else { + JavaFileAnalyzer2.log.warn("Expected [" + _types[0] + "], got " + _jid); + } + is = false; + } + return is; + } + + /** + * Returns true if the construct stack only consists of classes. It allows skipping + * all declarations happening in enums and interfaces, nested or not. + */ + /*private boolean isClassDeclarationsOnly(ParserRuleContext _context) { + boolean is = true; + for(ContextStackEntry jid : this.contextStack.all()) { + if ( !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.PACKAGE) + && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.CLASS) + && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.METHOD) ) { + + // Get the name of the current declaration + String item = null; + if (_context instanceof JavaParser.ClassDeclarationContext) + item = "class [" + ((JavaParser.ClassDeclarationContext) _context).Identifier().getText() + "]"; + // else if (_context instanceof + // JavaParser.MethodDeclarationContext) + // item = "method [" + ((JavaParser.MethodDeclarationContext) + // _context).Identifier().getText() + "]"; + else if (_context instanceof JavaParser.ConstructorDeclarationContext) + item = "constructor [" + + ((JavaParser.ConstructorDeclarationContext) _context).Identifier().getText() + "]"; + else if (_context instanceof JavaParser.ClassBodyContext) + item = "classBody"; + + // if(_context instanceof JavaParser.ClassDeclarationContext) + // item = "class [" + ((JavaParser.ClassDeclarationContext)_context).Identifier().getText() + "]"; + // else if(_context instanceof JavaParser.MethodDeclarationContext) + // item = "method [" + ((JavaParser.MethodDeclarationContext)_context).Identifier().getText() + "]"; + // else if(_context instanceof JavaParser.ConstructorDeclarationContext) + // item = "constructor [" + ((JavaParser.ConstructorDeclarationContext)_context).Identifier().getText() + "]"; + + JavaFileAnalyzer2.log.info("Declaration of " + item + " will be skipped, it is inside a nested declarations including enums and/or interfaces"); + + is = false; + break; + } + } + return is; + }*/ + + /*private boolean isClassDeclarationsOnly(ParserRuleContext _context) { + boolean is = true; + for(ContextStackEntry jid : this.contextStack.all()) { + if ( !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.PACKAGE) + && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.CLASS) + && !((JavaId)jid.getConstructId()).getType().equals(JavaId.Type.METHOD) ) { + + // Get the name of the current declaration + String item = null; + if (_context instanceof JavaParser.ClassDeclarationContext) + item = "class [" + ((JavaParser.ClassDeclarationContext) _context).Identifier().getText() + "]"; + // else if (_context instanceof + // JavaParser.MethodDeclarationContext) + // item = "method [" + ((JavaParser.MethodDeclarationContext) + // _context).Identifier().getText() + "]"; + else if (_context instanceof JavaParser.ConstructorDeclarationContext) + item = "constructor [" + + ((JavaParser.ConstructorDeclarationContext) _context).Identifier().getText() + "]"; + else if (_context instanceof JavaParser.ClassBodyContext) + item = "classBody"; + + // if(_context instanceof JavaParser.ClassDeclarationContext) + // item = "class [" + ((JavaParser.ClassDeclarationContext)_context).Identifier().getText() + "]"; + // else if(_context instanceof JavaParser.MethodDeclarationContext) + // item = "method [" + ((JavaParser.MethodDeclarationContext)_context).Identifier().getText() + "]"; + // else if(_context instanceof JavaParser.ConstructorDeclarationContext) + // item = "constructor [" + ((JavaParser.ConstructorDeclarationContext)_context).Identifier().getText() + "]"; + + JavaFileAnalyzer2.log.info("Declaration of " + item + " will be skipped, it is inside a nested declarations including enums and/or interfaces"); + + is = false; + break; + } + } + return is; + }*/ + private List getParameters(JavaParser.FormalParameterListContext _ctx) { + if (_ctx == null) return null; + else { + List l = new ArrayList(); + List list = _ctx.formalParameter(); + for (FormalParameterContext par_ctx : list) { + TypeTypeContext type_ctx = par_ctx.typeType(); + + String t = type_ctx.getText(); + + // Simply remove the parameterization of generic classes + // This is possible, as they do not matter in terms of method overloading + // Example: to methods foo(Set) and foo(Set) are not possible within one + // class + if ((t.contains("<") || t.contains(">")) && t.indexOf("<") != -1) { + t = t.substring(0, t.indexOf("<")); + } + + // Parameters of simple types (boolean, int, etc.) can be added as is + if (type_ctx.primitiveType() != null) + l.add(t); // l.add(type_ctx.primitiveType().getText()); + // Parameters of complex types (class or interface) may or may not be specified using its + // qualified name (i.e., with its package). Since we cannot (easily) add the package + // information + // for those where the package is missing, we simply remove it for all of them (and do the + // same in the instrumentation). + else if (type_ctx.classOrInterfaceType() != null) + l.add( + JavaId.removePackageContext( + t)); // l.add(JavaId.removePackageContext(type_ctx.classOrInterfaceType().getText())); + else + JavaFileAnalyzer2.log.error( + "Parameter " + par_ctx.variableDeclaratorId().getText() + " has unknown type"); + } + return l; + } + } + + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructs == null) { + try { + this.constructs = new TreeMap(); + final ByteArrayOutputStream baos = new ByteArrayOutputStream(); + try (final InputStream is2 = new BufferedInputStream(new FileInputStream(this.file))) { + int cc = -1; + while ((cc = is2.read()) >= 0) baos.write(cc); + } + baos.flush(); + this.input = new ANTLRInputStream(new ByteArrayInputStream(baos.toByteArray())); + JavaLexer lexer = new JavaLexer(input); + CommonTokenStream tokens = new CommonTokenStream(lexer); + JavaParser parser = new JavaParser(tokens); + CompilationUnitContext ctx = parser.compilationUnit(); + ParseTreeWalker walker = new ParseTreeWalker(); + walker.walk(this, ctx); + } catch (FileNotFoundException e) { + throw new FileAnalysisException(e.getMessage(), e); + } catch (RecognitionException e) { + throw new FileAnalysisException( + "ANTLR exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } catch (IOException e) { + throw new FileAnalysisException( + "I/O exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } catch (Exception e) { + throw new FileAnalysisException( + "Exception of type [" + + e.getClass().getSimpleName() + + "] while analyzing file [" + + this.file.toPath().toAbsolutePath() + + "]: " + + e.getMessage(), + e); + } + } + return this.constructs; + } + + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().containsKey(_id); + } + + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().get(_id); + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return false; + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + return null; + } + + private final String indent(int _i) { + StringBuilder b = new StringBuilder(); + for (int i = 0; i < _i; i++) b.append(": "); + return b.toString(); + } + + private String printDeclarationStack() { + final StringBuilder out = new StringBuilder().append("\t\t\t"); + for (ContextStackEntry jid : this.contextStack.all()) { + out.append(((JavaId) jid.getConstructId()).getType().toString() + " "); + } + return out.toString(); + } + + class ConstructIdBuilder { + + // class name as obtained from the enterClassDeclaration callback + // that callback is not called for anonymous classes, for which the + // member below stays 'null' + // (note: it's reset to null in enterClassBody) + private String declaredName = null; + + /** + * Used to give numeric names to anonymous inner classes. + */ + private Map anonymousClassCounters = new HashMap(); + + /** + * Used to prepend numeric values to named classes declared in methods. + */ + private Map> namedClassesCounter = + new HashMap>(); + + public void setCurrentDeclarationContext(String name) { + this.declaredName = name; + } + + public String getDeclaredName() { + return this.declaredName; + } + + public void resetCurrentDeclarationContext() { + this.declaredName = null; + } + + /** + * Returns true if the class for which the name is about to be build is + * anonymous + * + * @return + */ + private boolean isAnonymousClass() { + return this.declaredName == null; + } + + /** + * Returns the current counter value for anonymous classes and increases the counter by one. + * @param id + * @return + */ + private Integer incrementAnonymousCounter(ConstructId id) { + Integer count = null; + + // Initialize if not done already + if (!this.anonymousClassCounters.containsKey(id)) this.anonymousClassCounters.put(id, 1); + + // Current value + count = this.anonymousClassCounters.get(id); + + // Increase by one + this.anonymousClassCounters.put(id, count + 1); + + return count; + } + + /** + * Returns the current counter value for named classes and increases the counter by one. + * @param id + * @return + */ + private Integer incrementNamedCounter(ConstructId id, String _class_name) { + Integer count = null; + Map name_counter = this.namedClassesCounter.get(id); + + // Initialize if necessary + if (name_counter == null) { + name_counter = new HashMap(); + this.namedClassesCounter.put(id, name_counter); + } + + // + if (!name_counter.containsKey(_class_name)) name_counter.put(_class_name, 1); + + // Current value + count = name_counter.get(_class_name); + + // Increase by one + name_counter.put(_class_name, count + 1); + + return count; + } + + /** + * Create a name for the construct at hand considering what containers + * are currently on the stack + * + * @param spaceId + * of the construct (the suffix to add to the container + * construct) + * @return + */ + public ConstructId buildJavaClassId() { + + final JavaId.Type[] cie = + new JavaId.Type[] {JavaId.Type.CLASS, JavaId.Type.INTERFACE, JavaId.Type.ENUM}; + final JavaId.Type[] pcie = + new JavaId.Type[] { + JavaId.Type.PACKAGE, JavaId.Type.CLASS, JavaId.Type.INTERFACE, JavaId.Type.ENUM + }; + + // Class name of the new class + final StringBuilder class_name = new StringBuilder(); + + // The context of the to-be-created class (can be PACK, CLASS, INTERFACE or ENUM), depending + // on the case + JavaId context = null; + final ContextStackEntry topmost_stack_entry = contextStack.peek(); + + // Named class + if (!this.isAnonymousClass()) { + + // In method + if (topmost_stack_entry != null + && ((JavaId) topmost_stack_entry.getConstructId()).type.equals(JavaId.Type.METHOD)) { + // Get the context (class, interface or enum) + final ContextStackEntry cse = contextStack.peek(cie); + if (cse == null) { + throw new IllegalStateException( + "Named class [" + this.declaredName + "] w/o appropriate context"); + } else { + // Get and increment name counter + context = (JavaId) cse.getConstructId(); + class_name.append( + this.incrementNamedCounter(context, this.declaredName).toString() + + this.declaredName); + } + } + + // In class + else { + // Get the context (pack, class, interface or enum) + final ContextStackEntry cse = contextStack.peek(pcie); + if (cse != null) context = (JavaId) cse.getConstructId(); + // Name is what we found in enterClassDeclaration + class_name.append(this.declaredName); + } + } + // Anon class + else { + // Fetch the parent (class, enum or interface) + final ContextStackEntry cse = contextStack.peek(cie); + if (cse == null) { + throw new IllegalStateException( + "Anonnymous class [" + this.declaredName + "] w/o appropriate context"); + } else { + // Get and increment anon counter + context = (JavaId) cse.getConstructId(); + class_name.append(this.incrementAnonymousCounter(context).toString()); + } + } + + final ConstructId id = new JavaClassId(context, class_name.toString()); + return id; + } + } + + static class ContextStackEntry { + private ConstructId constructId = null; + private Map attributes = new HashMap(); + + public ContextStackEntry(ConstructId id) { + this.constructId = id; + } + + public ContextStackEntry(ConstructId id, Object key, Object value) { + this.constructId = id; + this.setAttribute(key, value); + } + + public ConstructId getConstructId() { + return this.constructId; + } + + public Object getAttribute(Object key) { + return this.attributes.get(key); + } + + public void setAttribute(Object key, Object value) { + this.attributes.put(key, value); + } + } + + static class ContextStack { + + /** + * Nested package, class, enum and interface declarations found while + * parsing a Java source file. The topmost element will be used as + * declaration context of methods and constructors. + */ + private Deque nestedDeclarationContexts = + new ArrayDeque(); + + /** + * Return the topmost element (without removing it) + * + * @return + */ + public ContextStackEntry peek() { + return this.nestedDeclarationContexts.peek(); + } + + /** + * Gets the top-most element of a given types (without removing it). + * + * @param _t + * the type of context elements to consider + * @return + */ + public ContextStackEntry peek(JavaId.Type[] _t) { + final Iterator iterator = this.nestedDeclarationContexts.iterator(); + ContextStackEntry entry = null, result = null; + search: + while (iterator.hasNext()) { + entry = iterator.next(); + for (int i = 0; i < _t.length; i++) { + if (((JavaId) entry.getConstructId()).getType().equals(_t[i])) { + result = entry; + break search; + } + } + } + return result; + } + + public void push(ConstructId id) { + this.nestedDeclarationContexts.push(new ContextStackEntry(id)); + } + + public void push(ContextStackEntry id) { + this.nestedDeclarationContexts.push(id); + } + + public ContextStackEntry pop() { + return this.nestedDeclarationContexts.pop(); + } + + // note: returns true if either the stack or the pattern is empty! + @Deprecated + public boolean headMatches(JavaId.Type[] pattern) { + boolean result = true; + int patternElementIndex = 0; + ContextStackEntry construct = null; + Iterator itr = this.iterator(); + + while (itr.hasNext() && patternElementIndex < pattern.length) { + + construct = itr.next(); + + if (!pattern[patternElementIndex].equals(((JavaId) construct.getConstructId()).type)) { + result = false; + break; + } else { + patternElementIndex++; + } + } + + return result; + } + + public int size() { + return this.nestedDeclarationContexts.size(); + } + + public Deque all() { + return this.nestedDeclarationContexts; + } + + public Iterator iterator() { + return this.nestedDeclarationContexts.iterator(); + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaId.java index edb92730d..b8ae39a5e 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaId.java @@ -33,7 +33,6 @@ import org.apache.logging.log4j.Logger; - import com.google.gson.Gson; import com.google.gson.JsonObject; import com.sap.psr.vulas.ConstructId; @@ -43,795 +42,846 @@ import com.sap.psr.vulas.shared.enums.ProgrammingLanguage; import com.sap.psr.vulas.shared.json.JsonBuilder; - /** *

Abstract JavaId class.

* */ public abstract class JavaId extends ConstructId { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** Supported Java programming constructs. */ - public static enum Type { PACKAGE, CLASS, ENUM, INTERFACE, NESTED_CLASS, CONSTRUCTOR, METHOD, CLASSINIT }; - - /** Programming language of the construct. */ - protected Type type = null; - - private Set annotations = new HashSet(); - - /** - *

Constructor for JavaId.

- * - * @param _t a {@link com.sap.psr.vulas.java.JavaId.Type} object. - */ - protected JavaId(Type _t) { - super(ProgrammingLanguage.JAVA); - this.type = _t; - } - /** - *

Getter for the field type.

- * - * @return a {@link com.sap.psr.vulas.java.JavaId.Type} object. - */ - public Type getType() { return this.type; } - - /** - *

toString.

- * - * @return a {@link java.lang.String} object. - */ - public String toString() { return this.getLanguage() + " " + JavaId.typeToString(this.type) + " [" + this.getQualifiedName() + "]"; } - - /** - *

Getter for the field annotations.

- * - * @return a {@link java.util.Set} object. - */ - public Set getAnnotations() { return this.annotations; } - - /** - *

addAnnotation.

- * - * @param _a a {@link java.lang.String} object. - */ - public void addAnnotation(String _a) { this.annotations.add(_a); } - - /** - *

hasAnnotation.

- * - * @param _a a {@link java.lang.String} object. - * @return a boolean. - */ - public boolean hasAnnotation(String _a) { return this.annotations.contains(_a); } - - /** - * Returns the Java package in the context of which the construct is defined. - * - * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. - */ - public abstract JavaPackageId getJavaPackageId(); - - /** - *

getDefinitionContext.

- * - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public abstract ConstructId getDefinitionContext(); - - /** - *

getSharedType.

- * - * @return a {@link com.sap.psr.vulas.shared.enums.ConstructType} object. - */ - public ConstructType getSharedType() { - return JavaId.toSharedType(this.getType()); - } - - /** - *

toJSON.

- * - * @return a {@link java.lang.String} object. - */ - public final String toJSON() { - final JsonBuilder jb = new JsonBuilder(); - jb.startObject(); - jb.appendObjectProperty("lang", this.getLanguage().toString()); - jb.appendObjectProperty("type", JavaId.typeToString(this.getType())); - jb.appendObjectProperty("qname", this.getQualifiedName()); - if(!this.annotations.isEmpty()) { - jb.startArrayProperty("a"); - for(String a: this.annotations) { - jb.appendToArray(a); - } - jb.endArray(); - } - jb.endObject(); - return jb.getJson(); - } - - /** {@inheritDoc} */ - @Override - public JsonObject toGSON(){ - final JsonObject jb = new JsonObject(); - jb.addProperty("lang", this.getLanguage().toString()); - jb.addProperty("type", JavaId.typeToString(this.getType())); - jb.addProperty("qname", this.getQualifiedName()); - jb.add("a", new Gson().toJsonTree(this.annotations)); - return jb; - } - - /** {@inheritDoc} */ - @Override - public final int hashCode() { - final int prime = 31; - int result = super.hashCode(); - result = prime * result + ((type == null) ? 0 : type.hashCode()); - result = prime * result + (this.getQualifiedName().hashCode()); - return result; - } - /** {@inheritDoc} */ - @Override - public final boolean equals(Object obj) { - if (this == obj) - return true; - if (!super.equals(obj)) - return false; - if (getClass() != obj.getClass()) - return false; - JavaId other = (JavaId) obj; - if (type != other.type) - return false; - if (!this.getQualifiedName().equals(other.getQualifiedName())) - return false; - return true; - } - - /** - *

parameterTypesToString.

- * - * @return Comma-separated parameter types - * @param _p a {@link java.util.List} object. - */ - protected static String parameterTypesToString(List _p) { - return JavaId.parameterTypesToString(_p, false); - } - - /** - *

parameterTypesToString.

- * - * @return Comma-separated parameter types - * @param _p a {@link java.util.List} object. - * @param _rem_qualification a boolean. - */ - protected static String parameterTypesToString(List _p, boolean _rem_qualification) { - if(_p==null || _p.isEmpty()) return "()"; - final StringBuffer str = new StringBuffer(); - str.append("("); - for(int i=0; i<_p.size(); i++) { - if(_rem_qualification) - str.append(JavaId.removePackageContext(_p.get(i))); - else - str.append(_p.get(i)); - if(i<_p.size()-1) str.append(","); - } - str.append(")"); - return str.toString(); - } - - /** - *

typeToString.

- * - * @param _t a {@link com.sap.psr.vulas.java.JavaId.Type} object. - * @return a {@link java.lang.String} object. - */ - public static String typeToString(Type _t) { - switch(_t) { - case PACKAGE: return "PACK"; - case CLASS: return "CLAS"; - case ENUM: return "ENUM"; - case INTERFACE: return "INTF"; - case NESTED_CLASS: return "NCLA"; - case CONSTRUCTOR: return "CONS"; - case METHOD: return "METH"; - case CLASSINIT: return "INIT"; - default: throw new IllegalArgumentException("Unknown type [" + _t + "]"); - } - } - - /** - *

typeFromString.

- * - * @param _t a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaId.Type} object. - */ - public static Type typeFromString(String _t) { - if("PACK".equalsIgnoreCase(_t)) - return Type.PACKAGE; - else if("CLAS".equalsIgnoreCase(_t)) - return Type.CLASS; - else if("ENUM".toString().equalsIgnoreCase(_t)) - return Type.ENUM; - else if("INTF".toString().equalsIgnoreCase(_t)) - return Type.INTERFACE; - else if("NCLA".toString().equalsIgnoreCase(_t)) - return Type.NESTED_CLASS; - else if("CONS".toString().equalsIgnoreCase(_t)) - return Type.CONSTRUCTOR; - else if("METH".toString().equalsIgnoreCase(_t)) - return Type.METHOD; - else if("INIT".toString().equalsIgnoreCase(_t)) - return Type.CLASSINIT; - else - throw new IllegalArgumentException("Unknown type [" + _t + "]"); - } - - /** - * Transforms an object with a given core type (defined in vulas-core) into - * an object having the corresponding shared type (defined in vulas-share). - * - * @param _core_type a {@link com.sap.psr.vulas.java.JavaId.Type} object. - * @return a {@link com.sap.psr.vulas.shared.enums.ConstructType} object. - */ - public static com.sap.psr.vulas.shared.enums.ConstructType toSharedType(JavaId.Type _core_type) { - switch(_core_type) { - case METHOD: return ConstructType.METH; - case CONSTRUCTOR: return ConstructType.CONS; - case PACKAGE: return ConstructType.PACK; - case CLASSINIT: return ConstructType.INIT; - case ENUM: return ConstructType.ENUM; - case CLASS: return ConstructType.CLAS; - default: throw new IllegalArgumentException("Unknown type [" + _core_type + "]"); - } - } - - /** - * Transforms an object with a given shared type (defined in vulas-share) into - * an object having the corresponding core type (defined in vulas-core). - * - * @param _cid a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public static com.sap.psr.vulas.ConstructId toCoreType(com.sap.psr.vulas.shared.json.model.ConstructId _cid) { - switch(_cid.getType()) { - case METH: return JavaId.parseMethodQName(_cid.getQname()); - case CONS: return JavaId.parseConstructorQName(_cid.getQname()); - case PACK: return new JavaPackageId(_cid.getQname()); - case INIT: return JavaId.parseClassInitQName(_cid.getQname()); - case ENUM: return JavaId.parseEnumQName(_cid.getQname()); - case CLAS: return JavaId.parseClassQName(_cid.getQname()); - default: throw new IllegalArgumentException("Unknown type [" + _cid.getType() + "]"); - } - } - - /** - * Transforms a collection of objects with a given shared type (defined in vulas-share) into - * a {@link HashSet} of objects having the corresponding core type (defined in vulas-core). - * - * @param _cids a {@link java.util.Collection} object. - * @return a {@link java.util.Set} object. - */ - public static Set toCoreType(Collection _cids) { - final Set cids = new HashSet(); - for(com.sap.psr.vulas.shared.json.model.ConstructId cid: _cids) - cids.add(JavaId.toCoreType(cid)); - return cids; - } - - /** - * Returns a {@link JavaClassId} for the given {@link Class}. - * - * @param _c a {@link java.lang.Class} object. - * @return a {@link com.sap.psr.vulas.java.JavaClassId} object. - */ - public static JavaClassId getClassId(@NotNull Class _c) { - return JavaId.parseClassQName(_c.getName()); - } - - /** - *

parseEnumQName.

- * - * @param _s a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaEnumId} object. - */ - public static JavaEnumId parseEnumQName(@NotNull String _s) { - if(_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); - - final int i = _s.lastIndexOf('.'); - String class_name = null; - JavaPackageId pid = null; - JavaEnumId cid = null; - - // Create Java package id - if(i!=-1) { - pid = new JavaPackageId(_s.substring(0, i)); - class_name = _s.substring(i+1); - } - else { - pid = JavaPackageId.DEFAULT_PACKAGE; - class_name = _s.substring(i+1); - } - - // Create Java class id (for regular or nested class) - int j=0, k=0; - do { - //HP, 12.09.2015: $ is also permitted in class names, i.e., it can also exist w/o a class context - j=class_name.indexOf("$", k); - if(j!=-1) { - if(cid==null) - cid = new JavaEnumId(pid, class_name.substring(k, j)); - else - cid = new JavaEnumId(cid, class_name.substring(k, j)); - k = j+1; - } - else { - if(cid==null) - cid = new JavaEnumId(pid, class_name.substring(k)); - else - cid = new JavaEnumId(cid, class_name.substring(k)); - k = j+1; - } - } - while(j!=-1); - // if(j!=-1) - // cid = new JavaClassId(new JavaClassId(pid, class_name.substring(0, j)), class_name.substring(j+1)); - // else - // cid = new JavaClassId(pid, class_name); - return cid; - } - - /** - *

parseClassQName.

- * - * @param _s a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaClassId} object. - */ - public static JavaClassId parseClassQName(@NotNull String _s) { - if(_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); - - final int i = _s.lastIndexOf('.'); - String class_name = null; - JavaPackageId pid = null; - JavaClassId cid = null; - - // Create Java package id - if(i!=-1) { - pid = new JavaPackageId(_s.substring(0, i)); - class_name = _s.substring(i+1); - } - else { - pid = JavaPackageId.DEFAULT_PACKAGE; - class_name = _s.substring(i+1); - } - - // Create Java class id (for regular or nested class) - int j=0, k=0; - do { - //HP, 12.09.2015: $ is also permitted in class names, i.e., it can also exist w/o a class context - j=class_name.indexOf("$", k); - if(j!=-1) { - if(cid==null) - cid = new JavaClassId(pid, class_name.substring(k, j)); - else - cid = new JavaClassId(cid, class_name.substring(k, j)); - k = j+1; - } - else { - if(cid==null) - cid = new JavaClassId(pid, class_name.substring(k)); - else - cid = new JavaClassId(cid, class_name.substring(k)); - k = j+1; - } - } - while(j!=-1); - // if(j!=-1) - // cid = new JavaClassId(new JavaClassId(pid, class_name.substring(0, j)), class_name.substring(j+1)); - // else - // cid = new JavaClassId(pid, class_name); - return cid; - } - - /** - * Creates a {@link JavaMethodId} from the given string, whereby the definition context is defaulted to - * type {@link JavaId.Type#CLASS}. - * - * @param _s a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaMethodId} object. - */ - public static JavaMethodId parseMethodQName(String _s) { return JavaId.parseMethodQName(JavaId.Type.CLASS, _s); } - - /** - * Creates a {@link JavaMethodId} from the given string, with a definition context of the given type. - * Accepted types are {@link JavaId.Type#CLASS} and {@link JavaId.Type#ENUM}. - * - * @param _s a {@link java.lang.String} object. - * @param _ctx_type a {@link com.sap.psr.vulas.java.JavaId.Type} object. - * @return a {@link com.sap.psr.vulas.java.JavaMethodId} object. - */ - public static JavaMethodId parseMethodQName(JavaId.Type _ctx_type, String _s) { - - if(_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); - if(_ctx_type==null || (!_ctx_type.equals(JavaId.Type.CLASS) && !_ctx_type.equals(JavaId.Type.ENUM))) throw new IllegalArgumentException("Accepts context types CLASS or ENUM, got [" + _ctx_type + "]"); - - final int i = _s.indexOf('('); - if(i==-1 || !_s.endsWith(")")) throw new IllegalArgumentException("String does not contain brackets (), as required for qualified names for Java methods"); - final int j = _s.lastIndexOf('.', i); - if(j==-1) throw new IllegalArgumentException("String does not contain dot (.), as required for qualified names for Java methods (as to separate class and method name)"); - - JavaId def_ctx = null; - JavaMethodId mid = null; - try { - if(_ctx_type.equals(JavaId.Type.CLASS)) - def_ctx = JavaId.parseClassQName(_s.substring(0, j)); - else if(_ctx_type.equals(JavaId.Type.ENUM)) - def_ctx = JavaId.parseEnumQName(_s.substring(0, j)); - - mid = new JavaMethodId(def_ctx, _s.substring(j+1, i), JavaId.parseParameterTypes(_s.substring(i+1, _s.length()-1))); - } - catch(StringIndexOutOfBoundsException e) { - JavaId.log.error("Exception while parsing the string '" + _s + "'"); - } - return mid; - } - - /** - * Creates a {@link JavaConstructorId} from the given string, whereby the definition context is defaulted to - * type {@link JavaId.Type#CLASS}. - * - * @param _s a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaConstructorId} object. - */ - public static JavaConstructorId parseConstructorQName(String _s) { - return JavaId.parseConstructorQName(JavaId.Type.CLASS, _s, null); - } - - /** - * Creates a {@link JavaConstructorId} from the given string, with a definition context of the given type. - * Accepted types are {@link JavaId.Type#CLASS} and {@link JavaId.Type#ENUM}. - * - * If the boolean argument is true, the first constructor parameter will be ignored. This functionality is useful for non-static - * inner classes, to which the compiler adds the outer class as first parameter. - * - * @param _s a {@link java.lang.String} object. - * @param _ctx_type a {@link com.sap.psr.vulas.java.JavaId.Type} object. - * @param _param_to_skip a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaConstructorId} object. - */ - public static JavaConstructorId parseConstructorQName(JavaId.Type _ctx_type, String _s, String _param_to_skip) { - - if(_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); - if(_ctx_type==null || (!_ctx_type.equals(JavaId.Type.CLASS) && !_ctx_type.equals(JavaId.Type.ENUM))) throw new IllegalArgumentException("Accepts context types CLASS or ENUM, got [" + _ctx_type + "]"); - - final int i = _s.indexOf('('); - if(i==-1 || !_s.endsWith(")")) throw new IllegalArgumentException("String does not contain brackets (), as required for qualified names for Java constructors"); - - JavaId def_ctx = null; - JavaConstructorId coid = null; - try { - if(_ctx_type.equals(JavaId.Type.CLASS)) - def_ctx = JavaId.parseClassQName(_s.substring(0, i)); - else if(_ctx_type.equals(JavaId.Type.ENUM)) - def_ctx = JavaId.parseEnumQName(_s.substring(0, i)); - - List params = JavaId.parseParameterTypes(_s.substring(i+1, _s.length()-1)); - if(_param_to_skip!=null) { - if(params.size()==0) { - JavaId.log.warn("No parameter to skip in argument [" + _s + "]"); - } - else if(!params.get(0).endsWith(_param_to_skip)) { - JavaId.log.warn("First parameter in argument [" + _s + "] does not match the to be skipped parameter [" + _param_to_skip + "]"); - } - else { - params.remove(0); - } - } - coid = new JavaConstructorId(def_ctx, params); - } - catch(StringIndexOutOfBoundsException e) { - JavaId.log.error("Exception while parsing the string '" + _s + "'"); - } - return coid; - } - - /** - *

parseClassInitQName.

- * - * @param _s a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JavaClassInit} object. - */ - public static JavaClassInit parseClassInitQName(String _s) { - if(_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); - - final int i = _s.indexOf(JavaClassInit.NAME); - if(i==-1) throw new IllegalArgumentException("String does not contain brackets " + JavaClassInit.NAME + ", as required for qualified names for Java class initializers"); - - JavaClassInit clinit = null; - try { - final JavaClassId cid = JavaId.parseClassQName(_s.substring(0, i-1)); - clinit = cid.getClassInit(); - } - catch(StringIndexOutOfBoundsException e) { - JavaId.log.error("Exception while parsing the string '" + _s + "'"); - } - return clinit; - } - - private static List parseParameterTypes(String _s) { - // The list of parameters and a single parameter added one by one - final List params = new ArrayList(); - StringBuilder param = new StringBuilder(); - - // Loop and distinguish the chars - final char[] chars = _s.toCharArray(); - int counter = 0; - for(int i=0; i') { - param.append(chars[i]); - counter--; - } else if(chars[i]==',') { - // Next parameter - if(counter==0) { - params.add(param.toString()); - param = new StringBuilder(); - } - // Same parameter, e.g., as in Map - else { - param.append(chars[i]); - } - } else if(chars[i]==' ') { - // Don't append spaces - } else { - - param.append(chars[i]); - } - } - - // Last param (if any) - if(param.length()>0) - params.add(param.toString()); - - return params; - } - - - /** - * Removes package information (if any) from a fully qualified name, and returns the resulting class (or interface) name. - * - * @param _qname a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public static String removePackageContext(String _qname) { - return ClassVisitor.removePackageContext(_qname); - // Old implementation - /*String class_name = _qname; - int i = class_name.lastIndexOf('$'); - if(i!=-1) class_name = class_name.substring(i+1); - i = class_name.lastIndexOf('.'); - if(i!=-1) class_name = class_name.substring(i+1); - return class_name;*/ - } - - /** - * Returns all {@link JavaId}s whose qualified name starts with any of the given strings. - * - * @param _set a {@link java.util.Set} object. - * @param _filter an array of {@link java.lang.String} objects. - * @return a {@link java.util.Set} object. - */ - public static Set filter(Set _set, String[] _filter) { - final Set set = new HashSet(); - for(String f: _filter) { - set.addAll(JavaId.filter(_set, f)); - } - return set; - } - - /** - * Returns all {@link JavaId}s whose qualified name starts with the given string. - * - * @param _set a {@link java.util.Set} object. - * @param _filter a {@link java.lang.String} object. - * @return a {@link java.util.Set} object. - */ - public static Set filter(Set _set, String _filter) { - final Set set = new HashSet(); - for(ConstructId c: _set) { - if(c.getQualifiedName().startsWith(_filter)) { - set.add(c); - } - } - return set; - } - - /** - * Returns all {@link JavaId}s of the given type(s). - * - * @param _set a {@link java.util.Set} object. - * @param _filter an array of {@link com.sap.psr.vulas.java.JavaId.Type} objects. - * @return a {@link java.util.Set} object. - */ - public static Set filter(Set _set, JavaId.Type[] _filter) { - final Set set = new HashSet(); - JavaId jid = null; - for(ConstructId c: _set) { - if(c instanceof com.sap.psr.vulas.java.JavaId) { - jid = (JavaId)c; - for(JavaId.Type t: _filter) { - if(jid.getType()==t) { - set.add(jid); - break; - } - } - } - } - return set; - } - - /** - * Returns all {@link JavaMethodId}s and {@link JavaConstructorId}s belonging to the given class. - * - * @param _set a {@link java.util.Set} object. - * @param _context a {@link com.sap.psr.vulas.java.JavaId} object. - * @return a {@link java.util.Set} object. - */ - public static Set filterWithContext(Set _set, JavaId _context) { - final Set set = new HashSet(); - JavaId jid = null; - for(ConstructId c: _set) { - if(c instanceof JavaMethodId) { - if( ((JavaMethodId)c).getDefinitionContext().equals(_context) ) - set.add(c); - } - else if(c instanceof JavaConstructorId) { - if( ((JavaConstructorId)c).getDefinitionContext().equals(_context) ) - set.add(c); - } - } - return set; - } - - /** - * Returns the URL of the JAR from which the construct was loaded, or null if it is a package or has not been loaded from a JAR. - * The URL has the form "file:/.../foo.jar", hence, it can be transformed into a {@link URI} and {@link File}. - * - * First, it uses {@link ClassPoolUpdater#getJarResourcePath(ConstructId)} to search for the JAR URL, hence, {@link ClassPoolUpdater} - * should contain all the needed resources. If that fails, it uses {@link Class#forName(String)} and {@link Class#getResource(String)} to search - * for the JAR URL. - * - * @return the URL from which the construct was loaded - */ - public URL getJarUrl() { - // The JAR URL will be searched for the following construct (could be JavaClassId, JavaEnumId or JavaInterfaceId) - ConstructId cid = this; - - // For methods, constructors, etc., take its definition context - if(cid instanceof JavaConstructorId || - cid instanceof JavaMethodId || - cid instanceof JavaClassInit){ - cid = cid.getDefinitionContext(); - } - // Not possible, we cannot get the JAR URL for a package - else if(cid instanceof JavaPackageId) - return null; - - // Use Javassist - URL url = ClassPoolUpdater.getInstance().getJarResourcePath(cid); - - // Use Class.forName (if Javassist did not work) - if(url==null || !url.toString().startsWith("jar:")) { - try { - url = Class.forName(this.getQualifiedName()).getResource('/' + this.getQualifiedName().replace('.', '/') + ".class"); - } catch (ClassNotFoundException e) { - JavaId.log.error("Class [" + this.getQualifiedName() + "] not found: " + e.getMessage()); - } catch (NoClassDefFoundError ex) { - JavaId.log.error("No class definition found for [" + this.getQualifiedName() + "]"); - } catch(UnsatisfiedLinkError e){ - JavaId.log.error("UnsatisfiedLinkError for [" + this.getQualifiedName() + "]"); - } - } - - // Transform "jar:file:/.../foo.jar!bar.class" into "file:/.../foo.jar" - if(url!=null && url.toString().startsWith("jar:")) { - try { - return JavaId.getJarUrl(url); - } catch (MalformedURLException e) { - JavaId.log.error("Cannot create URL from [" + url.toString() + "]: " + e.getMessage()); - } - } - - // Return null - return null; - } - - /** - * Transform URLs like "jar:file:/.../foo.jar!bar.class" into "file:/.../foo.jar". - * - * @param _url a {@link java.net.URL} object. - * @return a {@link java.net.URL} object. - * @throws java.net.MalformedURLException if any. - */ - public final static URL getJarUrl(URL _url) throws MalformedURLException { - if(_url!=null && _url.toString().startsWith("jar:")) { - - // The following creates problem in cases such as org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar, where ".jar" occurs two times - //final String url_string = url.toString().substring(4, url.toString().indexOf(".jar")+4); - - String url_string = _url.toString(); - final int last_excl = url_string.lastIndexOf("!"); - url_string = url_string.substring(4, url_string.lastIndexOf(".jar", (last_excl==-1 ? url_string.length() : last_excl)) + 4); - try { - return new URL(url_string); - } catch (MalformedURLException e) { - throw new MalformedURLException("Cannot create URL from [" + _url.toString() + "]: " + e.getMessage()); - } - } - return null; - } - - /** - * Returns the {@link JavaId} corresponding to the compilation unit of the construct. - * - * If the construct is an interface, class or enum, the object is returned as is. - * If the construct is a method, constructor or static initializer, its definition context will be returned (hence, an interface, class or enum). - * If the construct is a package, null will be returned. - * - * @return a {@link com.sap.psr.vulas.java.JavaId} object. - */ - public JavaId getCompilationUnit () { - JavaId comp_unit = null; - if(this instanceof com.sap.psr.vulas.java.JavaConstructorId || - this instanceof com.sap.psr.vulas.java.JavaClassInit || - this instanceof com.sap.psr.vulas.java.JavaMethodId) { - comp_unit = (JavaId)this.getDefinitionContext(); - } - else if(this instanceof com.sap.psr.vulas.java.JavaClassId || - this instanceof com.sap.psr.vulas.java.JavaInterfaceId || - this instanceof com.sap.psr.vulas.java.JavaEnumId) { - comp_unit = (JavaId)this; - } - else if(this instanceof com.sap.psr.vulas.java.JavaPackageId) { - JavaId.log.warn("[" + this.getQualifiedName() + "] is a package, thus, has no compilation unit"); - } - else { - JavaId.log.error("[" + this.getQualifiedName() + "] is of unknown type (class [" + this.getClass().getName() + "]"); - } - return comp_unit; - } - - /** - * - * @param _jid - * @return - */ - public static JavaId getCompilationUnit(JavaId _jid) { - // Got it --> return provided object - if( (_jid.getType().equals(JavaId.Type.CLASS) && !((JavaClassId)_jid).isNestedClass()) || - (_jid.getType().equals(JavaId.Type.INTERFACE) && !((JavaInterfaceId)_jid).isNested()) || - (_jid.getType().equals(JavaId.Type.ENUM) && !((JavaEnumId)_jid).isNested()) ) { - return _jid; - } else { - return getCompilationUnit((JavaId)_jid.getDefinitionContext()); - } - } - - public static JavaId getJavaId(String _type, String _qname) { - JavaId.Type type = JavaId.typeFromString(_type); - - // Check params - if(JavaId.Type.METHOD!=type && JavaId.Type.CONSTRUCTOR!=type) - throw new IllegalArgumentException("Only types METH and CONS are supported, got [" + type + "]"); - - // Parse JavaId - JavaId jid = null; - if(JavaId.Type.CONSTRUCTOR==type) - jid = JavaId.parseConstructorQName(_qname); - else if(JavaId.Type.METHOD==type) - jid = JavaId.parseMethodQName(_qname); - - return jid; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** Supported Java programming constructs. */ + public static enum Type { + PACKAGE, + CLASS, + ENUM, + INTERFACE, + NESTED_CLASS, + CONSTRUCTOR, + METHOD, + CLASSINIT + }; + + /** Programming language of the construct. */ + protected Type type = null; + + private Set annotations = new HashSet(); + + /** + *

Constructor for JavaId.

+ * + * @param _t a {@link com.sap.psr.vulas.java.JavaId.Type} object. + */ + protected JavaId(Type _t) { + super(ProgrammingLanguage.JAVA); + this.type = _t; + } + /** + *

Getter for the field type.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaId.Type} object. + */ + public Type getType() { + return this.type; + } + + /** + *

toString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toString() { + return this.getLanguage() + + " " + + JavaId.typeToString(this.type) + + " [" + + this.getQualifiedName() + + "]"; + } + + /** + *

Getter for the field annotations.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getAnnotations() { + return this.annotations; + } + + /** + *

addAnnotation.

+ * + * @param _a a {@link java.lang.String} object. + */ + public void addAnnotation(String _a) { + this.annotations.add(_a); + } + + /** + *

hasAnnotation.

+ * + * @param _a a {@link java.lang.String} object. + * @return a boolean. + */ + public boolean hasAnnotation(String _a) { + return this.annotations.contains(_a); + } + + /** + * Returns the Java package in the context of which the construct is defined. + * + * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. + */ + public abstract JavaPackageId getJavaPackageId(); + + /** + *

getDefinitionContext.

+ * + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public abstract ConstructId getDefinitionContext(); + + /** + *

getSharedType.

+ * + * @return a {@link com.sap.psr.vulas.shared.enums.ConstructType} object. + */ + public ConstructType getSharedType() { + return JavaId.toSharedType(this.getType()); + } + + /** + *

toJSON.

+ * + * @return a {@link java.lang.String} object. + */ + public final String toJSON() { + final JsonBuilder jb = new JsonBuilder(); + jb.startObject(); + jb.appendObjectProperty("lang", this.getLanguage().toString()); + jb.appendObjectProperty("type", JavaId.typeToString(this.getType())); + jb.appendObjectProperty("qname", this.getQualifiedName()); + if (!this.annotations.isEmpty()) { + jb.startArrayProperty("a"); + for (String a : this.annotations) { + jb.appendToArray(a); + } + jb.endArray(); + } + jb.endObject(); + return jb.getJson(); + } + + /** {@inheritDoc} */ + @Override + public JsonObject toGSON() { + final JsonObject jb = new JsonObject(); + jb.addProperty("lang", this.getLanguage().toString()); + jb.addProperty("type", JavaId.typeToString(this.getType())); + jb.addProperty("qname", this.getQualifiedName()); + jb.add("a", new Gson().toJsonTree(this.annotations)); + return jb; + } + + /** {@inheritDoc} */ + @Override + public final int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + (this.getQualifiedName().hashCode()); + return result; + } + /** {@inheritDoc} */ + @Override + public final boolean equals(Object obj) { + if (this == obj) return true; + if (!super.equals(obj)) return false; + if (getClass() != obj.getClass()) return false; + JavaId other = (JavaId) obj; + if (type != other.type) return false; + if (!this.getQualifiedName().equals(other.getQualifiedName())) return false; + return true; + } + + /** + *

parameterTypesToString.

+ * + * @return Comma-separated parameter types + * @param _p a {@link java.util.List} object. + */ + protected static String parameterTypesToString(List _p) { + return JavaId.parameterTypesToString(_p, false); + } + + /** + *

parameterTypesToString.

+ * + * @return Comma-separated parameter types + * @param _p a {@link java.util.List} object. + * @param _rem_qualification a boolean. + */ + protected static String parameterTypesToString(List _p, boolean _rem_qualification) { + if (_p == null || _p.isEmpty()) return "()"; + final StringBuffer str = new StringBuffer(); + str.append("("); + for (int i = 0; i < _p.size(); i++) { + if (_rem_qualification) str.append(JavaId.removePackageContext(_p.get(i))); + else str.append(_p.get(i)); + if (i < _p.size() - 1) str.append(","); + } + str.append(")"); + return str.toString(); + } + + /** + *

typeToString.

+ * + * @param _t a {@link com.sap.psr.vulas.java.JavaId.Type} object. + * @return a {@link java.lang.String} object. + */ + public static String typeToString(Type _t) { + switch (_t) { + case PACKAGE: + return "PACK"; + case CLASS: + return "CLAS"; + case ENUM: + return "ENUM"; + case INTERFACE: + return "INTF"; + case NESTED_CLASS: + return "NCLA"; + case CONSTRUCTOR: + return "CONS"; + case METHOD: + return "METH"; + case CLASSINIT: + return "INIT"; + default: + throw new IllegalArgumentException("Unknown type [" + _t + "]"); + } + } + + /** + *

typeFromString.

+ * + * @param _t a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaId.Type} object. + */ + public static Type typeFromString(String _t) { + if ("PACK".equalsIgnoreCase(_t)) return Type.PACKAGE; + else if ("CLAS".equalsIgnoreCase(_t)) return Type.CLASS; + else if ("ENUM".toString().equalsIgnoreCase(_t)) return Type.ENUM; + else if ("INTF".toString().equalsIgnoreCase(_t)) return Type.INTERFACE; + else if ("NCLA".toString().equalsIgnoreCase(_t)) return Type.NESTED_CLASS; + else if ("CONS".toString().equalsIgnoreCase(_t)) return Type.CONSTRUCTOR; + else if ("METH".toString().equalsIgnoreCase(_t)) return Type.METHOD; + else if ("INIT".toString().equalsIgnoreCase(_t)) return Type.CLASSINIT; + else throw new IllegalArgumentException("Unknown type [" + _t + "]"); + } + + /** + * Transforms an object with a given core type (defined in vulas-core) into + * an object having the corresponding shared type (defined in vulas-share). + * + * @param _core_type a {@link com.sap.psr.vulas.java.JavaId.Type} object. + * @return a {@link com.sap.psr.vulas.shared.enums.ConstructType} object. + */ + public static com.sap.psr.vulas.shared.enums.ConstructType toSharedType(JavaId.Type _core_type) { + switch (_core_type) { + case METHOD: + return ConstructType.METH; + case CONSTRUCTOR: + return ConstructType.CONS; + case PACKAGE: + return ConstructType.PACK; + case CLASSINIT: + return ConstructType.INIT; + case ENUM: + return ConstructType.ENUM; + case CLASS: + return ConstructType.CLAS; + default: + throw new IllegalArgumentException("Unknown type [" + _core_type + "]"); + } + } + + /** + * Transforms an object with a given shared type (defined in vulas-share) into + * an object having the corresponding core type (defined in vulas-core). + * + * @param _cid a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public static com.sap.psr.vulas.ConstructId toCoreType( + com.sap.psr.vulas.shared.json.model.ConstructId _cid) { + switch (_cid.getType()) { + case METH: + return JavaId.parseMethodQName(_cid.getQname()); + case CONS: + return JavaId.parseConstructorQName(_cid.getQname()); + case PACK: + return new JavaPackageId(_cid.getQname()); + case INIT: + return JavaId.parseClassInitQName(_cid.getQname()); + case ENUM: + return JavaId.parseEnumQName(_cid.getQname()); + case CLAS: + return JavaId.parseClassQName(_cid.getQname()); + default: + throw new IllegalArgumentException("Unknown type [" + _cid.getType() + "]"); + } + } + + /** + * Transforms a collection of objects with a given shared type (defined in vulas-share) into + * a {@link HashSet} of objects having the corresponding core type (defined in vulas-core). + * + * @param _cids a {@link java.util.Collection} object. + * @return a {@link java.util.Set} object. + */ + public static Set toCoreType( + Collection _cids) { + final Set cids = new HashSet(); + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : _cids) + cids.add(JavaId.toCoreType(cid)); + return cids; + } + + /** + * Returns a {@link JavaClassId} for the given {@link Class}. + * + * @param _c a {@link java.lang.Class} object. + * @return a {@link com.sap.psr.vulas.java.JavaClassId} object. + */ + public static JavaClassId getClassId(@NotNull Class _c) { + return JavaId.parseClassQName(_c.getName()); + } + + /** + *

parseEnumQName.

+ * + * @param _s a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaEnumId} object. + */ + public static JavaEnumId parseEnumQName(@NotNull String _s) { + if (_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); + + final int i = _s.lastIndexOf('.'); + String class_name = null; + JavaPackageId pid = null; + JavaEnumId cid = null; + + // Create Java package id + if (i != -1) { + pid = new JavaPackageId(_s.substring(0, i)); + class_name = _s.substring(i + 1); + } else { + pid = JavaPackageId.DEFAULT_PACKAGE; + class_name = _s.substring(i + 1); + } + + // Create Java class id (for regular or nested class) + int j = 0, k = 0; + do { + // HP, 12.09.2015: $ is also permitted in class names, i.e., it can also exist w/o a class + // context + j = class_name.indexOf("$", k); + if (j != -1) { + if (cid == null) cid = new JavaEnumId(pid, class_name.substring(k, j)); + else cid = new JavaEnumId(cid, class_name.substring(k, j)); + k = j + 1; + } else { + if (cid == null) cid = new JavaEnumId(pid, class_name.substring(k)); + else cid = new JavaEnumId(cid, class_name.substring(k)); + k = j + 1; + } + } while (j != -1); + // if(j!=-1) + // cid = new JavaClassId(new JavaClassId(pid, class_name.substring(0, j)), + // class_name.substring(j+1)); + // else + // cid = new JavaClassId(pid, class_name); + return cid; + } + + /** + *

parseClassQName.

+ * + * @param _s a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaClassId} object. + */ + public static JavaClassId parseClassQName(@NotNull String _s) { + if (_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); + + final int i = _s.lastIndexOf('.'); + String class_name = null; + JavaPackageId pid = null; + JavaClassId cid = null; + + // Create Java package id + if (i != -1) { + pid = new JavaPackageId(_s.substring(0, i)); + class_name = _s.substring(i + 1); + } else { + pid = JavaPackageId.DEFAULT_PACKAGE; + class_name = _s.substring(i + 1); + } + + // Create Java class id (for regular or nested class) + int j = 0, k = 0; + do { + // HP, 12.09.2015: $ is also permitted in class names, i.e., it can also exist w/o a class + // context + j = class_name.indexOf("$", k); + if (j != -1) { + if (cid == null) cid = new JavaClassId(pid, class_name.substring(k, j)); + else cid = new JavaClassId(cid, class_name.substring(k, j)); + k = j + 1; + } else { + if (cid == null) cid = new JavaClassId(pid, class_name.substring(k)); + else cid = new JavaClassId(cid, class_name.substring(k)); + k = j + 1; + } + } while (j != -1); + // if(j!=-1) + // cid = new JavaClassId(new JavaClassId(pid, class_name.substring(0, j)), + // class_name.substring(j+1)); + // else + // cid = new JavaClassId(pid, class_name); + return cid; + } + + /** + * Creates a {@link JavaMethodId} from the given string, whereby the definition context is defaulted to + * type {@link JavaId.Type#CLASS}. + * + * @param _s a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaMethodId} object. + */ + public static JavaMethodId parseMethodQName(String _s) { + return JavaId.parseMethodQName(JavaId.Type.CLASS, _s); + } + + /** + * Creates a {@link JavaMethodId} from the given string, with a definition context of the given type. + * Accepted types are {@link JavaId.Type#CLASS} and {@link JavaId.Type#ENUM}. + * + * @param _s a {@link java.lang.String} object. + * @param _ctx_type a {@link com.sap.psr.vulas.java.JavaId.Type} object. + * @return a {@link com.sap.psr.vulas.java.JavaMethodId} object. + */ + public static JavaMethodId parseMethodQName(JavaId.Type _ctx_type, String _s) { + + if (_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); + if (_ctx_type == null + || (!_ctx_type.equals(JavaId.Type.CLASS) && !_ctx_type.equals(JavaId.Type.ENUM))) + throw new IllegalArgumentException( + "Accepts context types CLASS or ENUM, got [" + _ctx_type + "]"); + + final int i = _s.indexOf('('); + if (i == -1 || !_s.endsWith(")")) + throw new IllegalArgumentException( + "String does not contain brackets (), as required for qualified names for Java methods"); + final int j = _s.lastIndexOf('.', i); + if (j == -1) + throw new IllegalArgumentException( + "String does not contain dot (.), as required for qualified names for Java methods (as" + + " to separate class and method name)"); + + JavaId def_ctx = null; + JavaMethodId mid = null; + try { + if (_ctx_type.equals(JavaId.Type.CLASS)) def_ctx = JavaId.parseClassQName(_s.substring(0, j)); + else if (_ctx_type.equals(JavaId.Type.ENUM)) + def_ctx = JavaId.parseEnumQName(_s.substring(0, j)); + + mid = + new JavaMethodId( + def_ctx, + _s.substring(j + 1, i), + JavaId.parseParameterTypes(_s.substring(i + 1, _s.length() - 1))); + } catch (StringIndexOutOfBoundsException e) { + JavaId.log.error("Exception while parsing the string '" + _s + "'"); + } + return mid; + } + + /** + * Creates a {@link JavaConstructorId} from the given string, whereby the definition context is defaulted to + * type {@link JavaId.Type#CLASS}. + * + * @param _s a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaConstructorId} object. + */ + public static JavaConstructorId parseConstructorQName(String _s) { + return JavaId.parseConstructorQName(JavaId.Type.CLASS, _s, null); + } + + /** + * Creates a {@link JavaConstructorId} from the given string, with a definition context of the given type. + * Accepted types are {@link JavaId.Type#CLASS} and {@link JavaId.Type#ENUM}. + * + * If the boolean argument is true, the first constructor parameter will be ignored. This functionality is useful for non-static + * inner classes, to which the compiler adds the outer class as first parameter. + * + * @param _s a {@link java.lang.String} object. + * @param _ctx_type a {@link com.sap.psr.vulas.java.JavaId.Type} object. + * @param _param_to_skip a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaConstructorId} object. + */ + public static JavaConstructorId parseConstructorQName( + JavaId.Type _ctx_type, String _s, String _param_to_skip) { + + if (_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); + if (_ctx_type == null + || (!_ctx_type.equals(JavaId.Type.CLASS) && !_ctx_type.equals(JavaId.Type.ENUM))) + throw new IllegalArgumentException( + "Accepts context types CLASS or ENUM, got [" + _ctx_type + "]"); + + final int i = _s.indexOf('('); + if (i == -1 || !_s.endsWith(")")) + throw new IllegalArgumentException( + "String does not contain brackets (), as required for qualified names for Java" + + " constructors"); + + JavaId def_ctx = null; + JavaConstructorId coid = null; + try { + if (_ctx_type.equals(JavaId.Type.CLASS)) def_ctx = JavaId.parseClassQName(_s.substring(0, i)); + else if (_ctx_type.equals(JavaId.Type.ENUM)) + def_ctx = JavaId.parseEnumQName(_s.substring(0, i)); + + List params = JavaId.parseParameterTypes(_s.substring(i + 1, _s.length() - 1)); + if (_param_to_skip != null) { + if (params.size() == 0) { + JavaId.log.warn("No parameter to skip in argument [" + _s + "]"); + } else if (!params.get(0).endsWith(_param_to_skip)) { + JavaId.log.warn( + "First parameter in argument [" + + _s + + "] does not match the to be skipped parameter [" + + _param_to_skip + + "]"); + } else { + params.remove(0); + } + } + coid = new JavaConstructorId(def_ctx, params); + } catch (StringIndexOutOfBoundsException e) { + JavaId.log.error("Exception while parsing the string '" + _s + "'"); + } + return coid; + } + + /** + *

parseClassInitQName.

+ * + * @param _s a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JavaClassInit} object. + */ + public static JavaClassInit parseClassInitQName(String _s) { + if (_s == null || _s.equals("")) throw new IllegalArgumentException("String null or empty"); + + final int i = _s.indexOf(JavaClassInit.NAME); + if (i == -1) + throw new IllegalArgumentException( + "String does not contain brackets " + + JavaClassInit.NAME + + ", as required for qualified names for Java class initializers"); + + JavaClassInit clinit = null; + try { + final JavaClassId cid = JavaId.parseClassQName(_s.substring(0, i - 1)); + clinit = cid.getClassInit(); + } catch (StringIndexOutOfBoundsException e) { + JavaId.log.error("Exception while parsing the string '" + _s + "'"); + } + return clinit; + } + + private static List parseParameterTypes(String _s) { + // The list of parameters and a single parameter added one by one + final List params = new ArrayList(); + StringBuilder param = new StringBuilder(); + + // Loop and distinguish the chars + final char[] chars = _s.toCharArray(); + int counter = 0; + for (int i = 0; i < chars.length; i++) { + if (chars[i] == '<') { + param.append(chars[i]); + counter++; + } else if (chars[i] == '>') { + param.append(chars[i]); + counter--; + } else if (chars[i] == ',') { + // Next parameter + if (counter == 0) { + params.add(param.toString()); + param = new StringBuilder(); + } + // Same parameter, e.g., as in Map + else { + param.append(chars[i]); + } + } else if (chars[i] == ' ') { + // Don't append spaces + } else { + + param.append(chars[i]); + } + } + + // Last param (if any) + if (param.length() > 0) params.add(param.toString()); + + return params; + } + + /** + * Removes package information (if any) from a fully qualified name, and returns the resulting class (or interface) name. + * + * @param _qname a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public static String removePackageContext(String _qname) { + return ClassVisitor.removePackageContext(_qname); + // Old implementation + /*String class_name = _qname; + int i = class_name.lastIndexOf('$'); + if(i!=-1) class_name = class_name.substring(i+1); + i = class_name.lastIndexOf('.'); + if(i!=-1) class_name = class_name.substring(i+1); + return class_name;*/ + } + + /** + * Returns all {@link JavaId}s whose qualified name starts with any of the given strings. + * + * @param _set a {@link java.util.Set} object. + * @param _filter an array of {@link java.lang.String} objects. + * @return a {@link java.util.Set} object. + */ + public static Set filter(Set _set, String[] _filter) { + final Set set = new HashSet(); + for (String f : _filter) { + set.addAll(JavaId.filter(_set, f)); + } + return set; + } + + /** + * Returns all {@link JavaId}s whose qualified name starts with the given string. + * + * @param _set a {@link java.util.Set} object. + * @param _filter a {@link java.lang.String} object. + * @return a {@link java.util.Set} object. + */ + public static Set filter(Set _set, String _filter) { + final Set set = new HashSet(); + for (ConstructId c : _set) { + if (c.getQualifiedName().startsWith(_filter)) { + set.add(c); + } + } + return set; + } + + /** + * Returns all {@link JavaId}s of the given type(s). + * + * @param _set a {@link java.util.Set} object. + * @param _filter an array of {@link com.sap.psr.vulas.java.JavaId.Type} objects. + * @return a {@link java.util.Set} object. + */ + public static Set filter(Set _set, JavaId.Type[] _filter) { + final Set set = new HashSet(); + JavaId jid = null; + for (ConstructId c : _set) { + if (c instanceof com.sap.psr.vulas.java.JavaId) { + jid = (JavaId) c; + for (JavaId.Type t : _filter) { + if (jid.getType() == t) { + set.add(jid); + break; + } + } + } + } + return set; + } + + /** + * Returns all {@link JavaMethodId}s and {@link JavaConstructorId}s belonging to the given class. + * + * @param _set a {@link java.util.Set} object. + * @param _context a {@link com.sap.psr.vulas.java.JavaId} object. + * @return a {@link java.util.Set} object. + */ + public static Set filterWithContext(Set _set, JavaId _context) { + final Set set = new HashSet(); + JavaId jid = null; + for (ConstructId c : _set) { + if (c instanceof JavaMethodId) { + if (((JavaMethodId) c).getDefinitionContext().equals(_context)) set.add(c); + } else if (c instanceof JavaConstructorId) { + if (((JavaConstructorId) c).getDefinitionContext().equals(_context)) set.add(c); + } + } + return set; + } + + /** + * Returns the URL of the JAR from which the construct was loaded, or null if it is a package or has not been loaded from a JAR. + * The URL has the form "file:/.../foo.jar", hence, it can be transformed into a {@link URI} and {@link File}. + * + * First, it uses {@link ClassPoolUpdater#getJarResourcePath(ConstructId)} to search for the JAR URL, hence, {@link ClassPoolUpdater} + * should contain all the needed resources. If that fails, it uses {@link Class#forName(String)} and {@link Class#getResource(String)} to search + * for the JAR URL. + * + * @return the URL from which the construct was loaded + */ + public URL getJarUrl() { + // The JAR URL will be searched for the following construct (could be JavaClassId, JavaEnumId or + // JavaInterfaceId) + ConstructId cid = this; + + // For methods, constructors, etc., take its definition context + if (cid instanceof JavaConstructorId + || cid instanceof JavaMethodId + || cid instanceof JavaClassInit) { + cid = cid.getDefinitionContext(); + } + // Not possible, we cannot get the JAR URL for a package + else if (cid instanceof JavaPackageId) return null; + + // Use Javassist + URL url = ClassPoolUpdater.getInstance().getJarResourcePath(cid); + + // Use Class.forName (if Javassist did not work) + if (url == null || !url.toString().startsWith("jar:")) { + try { + url = + Class.forName(this.getQualifiedName()) + .getResource('/' + this.getQualifiedName().replace('.', '/') + ".class"); + } catch (ClassNotFoundException e) { + JavaId.log.error("Class [" + this.getQualifiedName() + "] not found: " + e.getMessage()); + } catch (NoClassDefFoundError ex) { + JavaId.log.error("No class definition found for [" + this.getQualifiedName() + "]"); + } catch (UnsatisfiedLinkError e) { + JavaId.log.error("UnsatisfiedLinkError for [" + this.getQualifiedName() + "]"); + } + } + + // Transform "jar:file:/.../foo.jar!bar.class" into "file:/.../foo.jar" + if (url != null && url.toString().startsWith("jar:")) { + try { + return JavaId.getJarUrl(url); + } catch (MalformedURLException e) { + JavaId.log.error("Cannot create URL from [" + url.toString() + "]: " + e.getMessage()); + } + } + + // Return null + return null; + } + + /** + * Transform URLs like "jar:file:/.../foo.jar!bar.class" into "file:/.../foo.jar". + * + * @param _url a {@link java.net.URL} object. + * @return a {@link java.net.URL} object. + * @throws java.net.MalformedURLException if any. + */ + public static final URL getJarUrl(URL _url) throws MalformedURLException { + if (_url != null && _url.toString().startsWith("jar:")) { + + // The following creates problem in cases such as + // org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar, where ".jar" occurs two + // times + // final String url_string = url.toString().substring(4, url.toString().indexOf(".jar")+4); + + String url_string = _url.toString(); + final int last_excl = url_string.lastIndexOf("!"); + url_string = + url_string.substring( + 4, + url_string.lastIndexOf(".jar", (last_excl == -1 ? url_string.length() : last_excl)) + + 4); + try { + return new URL(url_string); + } catch (MalformedURLException e) { + throw new MalformedURLException( + "Cannot create URL from [" + _url.toString() + "]: " + e.getMessage()); + } + } + return null; + } + + /** + * Returns the {@link JavaId} corresponding to the compilation unit of the construct. + * + * If the construct is an interface, class or enum, the object is returned as is. + * If the construct is a method, constructor or static initializer, its definition context will be returned (hence, an interface, class or enum). + * If the construct is a package, null will be returned. + * + * @return a {@link com.sap.psr.vulas.java.JavaId} object. + */ + public JavaId getCompilationUnit() { + JavaId comp_unit = null; + if (this instanceof com.sap.psr.vulas.java.JavaConstructorId + || this instanceof com.sap.psr.vulas.java.JavaClassInit + || this instanceof com.sap.psr.vulas.java.JavaMethodId) { + comp_unit = (JavaId) this.getDefinitionContext(); + } else if (this instanceof com.sap.psr.vulas.java.JavaClassId + || this instanceof com.sap.psr.vulas.java.JavaInterfaceId + || this instanceof com.sap.psr.vulas.java.JavaEnumId) { + comp_unit = (JavaId) this; + } else if (this instanceof com.sap.psr.vulas.java.JavaPackageId) { + JavaId.log.warn( + "[" + this.getQualifiedName() + "] is a package, thus, has no compilation unit"); + } else { + JavaId.log.error( + "[" + + this.getQualifiedName() + + "] is of unknown type (class [" + + this.getClass().getName() + + "]"); + } + return comp_unit; + } + + /** + * + * @param _jid + * @return + */ + public static JavaId getCompilationUnit(JavaId _jid) { + // Got it --> return provided object + if ((_jid.getType().equals(JavaId.Type.CLASS) && !((JavaClassId) _jid).isNestedClass()) + || (_jid.getType().equals(JavaId.Type.INTERFACE) && !((JavaInterfaceId) _jid).isNested()) + || (_jid.getType().equals(JavaId.Type.ENUM) && !((JavaEnumId) _jid).isNested())) { + return _jid; + } else { + return getCompilationUnit((JavaId) _jid.getDefinitionContext()); + } + } + + public static JavaId getJavaId(String _type, String _qname) { + JavaId.Type type = JavaId.typeFromString(_type); + + // Check params + if (JavaId.Type.METHOD != type && JavaId.Type.CONSTRUCTOR != type) + throw new IllegalArgumentException( + "Only types METH and CONS are supported, got [" + type + "]"); + + // Parse JavaId + JavaId jid = null; + if (JavaId.Type.CONSTRUCTOR == type) jid = JavaId.parseConstructorQName(_qname); + else if (JavaId.Type.METHOD == type) jid = JavaId.parseMethodQName(_qname); + + return jid; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaInterfaceId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaInterfaceId.java index 8c45f2503..5ceddfae4 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaInterfaceId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaInterfaceId.java @@ -21,100 +21,99 @@ import com.sap.psr.vulas.ConstructId; - /** * Identifies a Java interface. */ public class JavaInterfaceId extends JavaId { - - private JavaId declarationContext = null; - private String interfaceName = null; - - /** - * Constructor for creating the identifier of an enum. - * - * @param _declaration_ctx a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _simple_name a {@link java.lang.String} object. - */ - public JavaInterfaceId(JavaId _declaration_ctx, String _simple_name) { - super(JavaId.Type.INTERFACE); - this.declarationContext = _declaration_ctx; - this.interfaceName = _simple_name; - } - - /** - * Returns true if the interface is not directly declared within a package, but within another construct like a class or interface. - * - * @return a boolean. - */ - public boolean isNested() { - return this.declarationContext!=null && !this.declarationContext.getType().equals(JavaId.Type.PACKAGE); - } - - /** - * {@inheritDoc} - * - * Returns the fully qualified interface name, i.e., including the name of the package in which it is defined. - */ - @Override - public String getQualifiedName() { - if(this.declarationContext!=null) { - if(!this.isNested()) - return this.declarationContext.getQualifiedName() + "." + this.interfaceName; - else - return this.declarationContext.getQualifiedName() + "$" + this.interfaceName; - } else { - return this.interfaceName; - } - } - - /** - * {@inheritDoc} - * - * Returns a class name that is unique within the package in which the class is defined. - * In case of nested classes, the names of parent classes will be included (e.g., OuterClass$InnerClass). - * @return the class name including the names of parent classes (if any) - */ - @Override - public String getName() { - if(this.declarationContext!=null) { - if(!this.isNested()) - return this.interfaceName; - else - return this.declarationContext.getName() + "$" + this.interfaceName; - } else { - return this.interfaceName; - } - } - - /** - * {@inheritDoc} - * - * Returns the class name without considering any context. - * @return the simple class name w/o context information - */ - @Override - public String getSimpleName() { return this.interfaceName; } - - /** - * {@inheritDoc} - * - * Returns the name of the Java package in which the class or nested class is defined. Returns null if a class is defined outside of a package. - * @return a Java package name - */ - @Override - public ConstructId getDefinitionContext() { return this.getJavaPackageId(); } - - /** - * {@inheritDoc} - * - * Returns the Java package in the context of which the construct is defined. - */ - @Override - public JavaPackageId getJavaPackageId() { - if(this.isNested()) - return this.declarationContext.getJavaPackageId(); - else - return (JavaPackageId)this.declarationContext; - } + + private JavaId declarationContext = null; + private String interfaceName = null; + + /** + * Constructor for creating the identifier of an enum. + * + * @param _declaration_ctx a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _simple_name a {@link java.lang.String} object. + */ + public JavaInterfaceId(JavaId _declaration_ctx, String _simple_name) { + super(JavaId.Type.INTERFACE); + this.declarationContext = _declaration_ctx; + this.interfaceName = _simple_name; + } + + /** + * Returns true if the interface is not directly declared within a package, but within another construct like a class or interface. + * + * @return a boolean. + */ + public boolean isNested() { + return this.declarationContext != null + && !this.declarationContext.getType().equals(JavaId.Type.PACKAGE); + } + + /** + * {@inheritDoc} + * + * Returns the fully qualified interface name, i.e., including the name of the package in which it is defined. + */ + @Override + public String getQualifiedName() { + if (this.declarationContext != null) { + if (!this.isNested()) + return this.declarationContext.getQualifiedName() + "." + this.interfaceName; + else return this.declarationContext.getQualifiedName() + "$" + this.interfaceName; + } else { + return this.interfaceName; + } + } + + /** + * {@inheritDoc} + * + * Returns a class name that is unique within the package in which the class is defined. + * In case of nested classes, the names of parent classes will be included (e.g., OuterClass$InnerClass). + * @return the class name including the names of parent classes (if any) + */ + @Override + public String getName() { + if (this.declarationContext != null) { + if (!this.isNested()) return this.interfaceName; + else return this.declarationContext.getName() + "$" + this.interfaceName; + } else { + return this.interfaceName; + } + } + + /** + * {@inheritDoc} + * + * Returns the class name without considering any context. + * @return the simple class name w/o context information + */ + @Override + public String getSimpleName() { + return this.interfaceName; + } + + /** + * {@inheritDoc} + * + * Returns the name of the Java package in which the class or nested class is defined. Returns null if a class is defined outside of a package. + * @return a Java package name + */ + @Override + public ConstructId getDefinitionContext() { + return this.getJavaPackageId(); + } + + /** + * {@inheritDoc} + * + * Returns the Java package in the context of which the construct is defined. + */ + @Override + public JavaPackageId getJavaPackageId() { + if (this.isNested()) return this.declarationContext.getJavaPackageId(); + else return (JavaPackageId) this.declarationContext; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaMethodId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaMethodId.java index 2e464bc4e..04604fbb2 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaMethodId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaMethodId.java @@ -23,78 +23,94 @@ import com.sap.psr.vulas.ConstructId; - /** * Identifies a method relative to its class (normal or nested). */ public class JavaMethodId extends JavaId { - private JavaId context = null; - private String methodId = null; - private List parameterTypes = null; + private JavaId context = null; + private String methodId = null; + private List parameterTypes = null; + + /** + *

Constructor for JavaMethodId.

+ * + * @param _c a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _simple_name a {@link java.lang.String} object. + * @param _parameter_types a {@link java.util.List} object. + */ + public JavaMethodId(JavaId _c, String _simple_name, List _parameter_types) { + super(JavaId.Type.METHOD); + this.context = _c; + this.methodId = _simple_name; + this.parameterTypes = _parameter_types; + } + + /** + * Returns the fully qualified name, i.e., with parameter types and the surrounding class. + * + * @return a {@link java.lang.String} object. + */ + public String getQualifiedName() { + return context.getQualifiedName() + + "." + + this.methodId + + JavaId.parameterTypesToString(this.parameterTypes, true); + } + + /** + * Returns the method name, including parameter types in brackets. + * + * @return a {@link java.lang.String} object. + */ + public String getName() { + return this.methodId + JavaId.parameterTypesToString(this.parameterTypes, true); + } + + /** + * Returns the method name, excluding parameter types and brackets. + * + * @return a {@link java.lang.String} object. + */ + public String getSimpleName() { + return this.methodId; + } + + /** + *

getDefinitionContext.

+ * + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getDefinitionContext() { + return this.context; + } + + /** + *

getJavaPackageId.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. + */ + public JavaPackageId getJavaPackageId() { + return this.context.getJavaPackageId(); + } - /** - *

Constructor for JavaMethodId.

- * - * @param _c a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _simple_name a {@link java.lang.String} object. - * @param _parameter_types a {@link java.util.List} object. - */ - public JavaMethodId(JavaId _c, String _simple_name, List _parameter_types) { - super(JavaId.Type.METHOD); - this.context = _c; - this.methodId = _simple_name; - this.parameterTypes = _parameter_types; - } - - /** - * Returns the fully qualified name, i.e., with parameter types and the surrounding class. - * - * @return a {@link java.lang.String} object. - */ - public String getQualifiedName() { return context.getQualifiedName() + "." + this.methodId + JavaId.parameterTypesToString(this.parameterTypes, true); } + /** + * Returns true if the method has the @Test annotation or both the method name and its class name have the postfix or suffix 'test'. + * + * @return a boolean. + */ + public boolean isTestMethod() { + boolean is_test = this.hasAnnotation("Test"); - /** - * Returns the method name, including parameter types in brackets. - * - * @return a {@link java.lang.String} object. - */ - public String getName() { return this.methodId + JavaId.parameterTypesToString(this.parameterTypes, true); } + // @Test annotation not found, let's check the qualified names of the class context and the + // method itself + if (!is_test && this.context.getType().equals(JavaId.Type.CLASS)) { + is_test = + ((JavaClassId) this.context).isTestClass() + && (this.methodId.toLowerCase().startsWith("test") + || this.methodId.toLowerCase().endsWith("test")); + } - /** - * Returns the method name, excluding parameter types and brackets. - * - * @return a {@link java.lang.String} object. - */ - public String getSimpleName() { return this.methodId; } - - /** - *

getDefinitionContext.

- * - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getDefinitionContext() { return this.context; } - - /** - *

getJavaPackageId.

- * - * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. - */ - public JavaPackageId getJavaPackageId() { return this.context.getJavaPackageId(); } - - /** - * Returns true if the method has the @Test annotation or both the method name and its class name have the postfix or suffix 'test'. - * - * @return a boolean. - */ - public boolean isTestMethod() { - boolean is_test = this.hasAnnotation("Test"); - - // @Test annotation not found, let's check the qualified names of the class context and the method itself - if(!is_test && this.context.getType().equals(JavaId.Type.CLASS)) { - is_test = ((JavaClassId)this.context).isTestClass() && (this.methodId.toLowerCase().startsWith("test") || this.methodId.toLowerCase().endsWith("test")); - } - - return is_test; - } + return is_test; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaPackageId.java b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaPackageId.java index 122be0631..82732efae 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/JavaPackageId.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/JavaPackageId.java @@ -25,66 +25,78 @@ * Identifies a Java package by its fully qualified name. */ public class JavaPackageId extends JavaId { - - /** - * The default package has an empty string as qualified name. It is used - * when working with classes, interfaces or enums that do not belong to - * a package. - */ - public final static JavaPackageId DEFAULT_PACKAGE = new JavaPackageId(null); - /** Fully qualified package identifier. */ - protected String packageId = null; - /** - *

Constructor for JavaPackageId.

- * - * @param _qualified_name a {@link java.lang.String} object. - */ - public JavaPackageId(String _qualified_name) { - super(JavaId.Type.PACKAGE); - this.packageId = (_qualified_name==null ? "" : _qualified_name); - } - - /** - * Returns the complete package name, including parent packages. - * - * @return a {@link java.lang.String} object. - */ - public String getQualifiedName() { return this.packageId; } - - /** - * For packages, the method returns the qualified name. - * - * @return a {@link java.lang.String} object. - */ - public String getName() { return this.getQualifiedName(); } - - /** - * For packages, the method returns the qualified name. - * - * @return a {@link java.lang.String} object. - */ - public String getSimpleName() { return this.getQualifiedName(); } - - /** - * For packages, this method always returns null. - * - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getDefinitionContext() { return null; } - - /** - * For packages, this method always returns null. - * - * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. - */ - public JavaPackageId getJavaPackageId() { return null; } - - /** - * Returns true if the given {@link JavaPackageId} corresponds to the {@link JavaPackageId#DEFAULT_PACKAGE}, false otherwise. - * - * @param _pid a {@link com.sap.psr.vulas.java.JavaPackageId} object. - * @return a boolean. - */ - public static final boolean isDefaultPackage(JavaPackageId _pid) { return DEFAULT_PACKAGE.equals(_pid); } + /** + * The default package has an empty string as qualified name. It is used + * when working with classes, interfaces or enums that do not belong to + * a package. + */ + public static final JavaPackageId DEFAULT_PACKAGE = new JavaPackageId(null); + + /** Fully qualified package identifier. */ + protected String packageId = null; + /** + *

Constructor for JavaPackageId.

+ * + * @param _qualified_name a {@link java.lang.String} object. + */ + public JavaPackageId(String _qualified_name) { + super(JavaId.Type.PACKAGE); + this.packageId = (_qualified_name == null ? "" : _qualified_name); + } + + /** + * Returns the complete package name, including parent packages. + * + * @return a {@link java.lang.String} object. + */ + public String getQualifiedName() { + return this.packageId; + } + + /** + * For packages, the method returns the qualified name. + * + * @return a {@link java.lang.String} object. + */ + public String getName() { + return this.getQualifiedName(); + } + + /** + * For packages, the method returns the qualified name. + * + * @return a {@link java.lang.String} object. + */ + public String getSimpleName() { + return this.getQualifiedName(); + } + + /** + * For packages, this method always returns null. + * + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getDefinitionContext() { + return null; + } + + /** + * For packages, this method always returns null. + * + * @return a {@link com.sap.psr.vulas.java.JavaPackageId} object. + */ + public JavaPackageId getJavaPackageId() { + return null; + } + + /** + * Returns true if the given {@link JavaPackageId} corresponds to the {@link JavaPackageId#DEFAULT_PACKAGE}, false otherwise. + * + * @param _pid a {@link com.sap.psr.vulas.java.JavaPackageId} object. + * @return a boolean. + */ + public static final boolean isDefaultPackage(JavaPackageId _pid) { + return DEFAULT_PACKAGE.equals(_pid); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/PomParser.java b/lang-java/src/main/java/com/sap/psr/vulas/java/PomParser.java index 30da712af..00d35acb7 100755 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/PomParser.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/PomParser.java @@ -35,53 +35,52 @@ */ public class PomParser extends DefaultHandler { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final String[] pg = new String[] {"project", "parent", "groupId"}; - private static final String[] pa = new String[] {"project", "parent", "artifactId"}; - private static final String[] pv = new String[] {"project", "parent", "version"}; - - private static final String[] g = new String[] {"project", "groupId"}; - private static final String[] a = new String[] {"project", "artifactId"}; - private static final String[] v = new String[] {"project", "version"}; + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - private Stack stack = new Stack(); - - private LibraryId libid = new LibraryId(); - - /** {@inheritDoc} */ - public void startElement(String namespaceURI, String localName, String qName, Attributes atts) throws SAXException { - this.stack.push(localName); - } - - /** {@inheritDoc} */ - public void characters (char ch[], int start, int length) throws SAXException { - //log.info(stack.toString()); - if(Arrays.equals(stack.toArray(), pg) || Arrays.equals(stack.toArray(), g)) { - if(libid.getMvnGroup()==null || Arrays.equals(stack.toArray(), g)) - libid.setMvnGroup(new String(Arrays.copyOfRange(ch, start, start+length))); - } - else if(Arrays.equals(stack.toArray(), pa) || Arrays.equals(stack.toArray(), a)) { - if(libid.getArtifact()==null || Arrays.equals(stack.toArray(), a)) - libid.setArtifact(new String(Arrays.copyOfRange(ch, start, start+length))); - } - else if(Arrays.equals(stack.toArray(), pv) || Arrays.equals(stack.toArray(), v)) { - if(libid.getVersion()==null || Arrays.equals(stack.toArray(), v)) - libid.setVersion(new String(Arrays.copyOfRange(ch, start, start+length))); - } - } + private static final String[] pg = new String[] {"project", "parent", "groupId"}; + private static final String[] pa = new String[] {"project", "parent", "artifactId"}; + private static final String[] pv = new String[] {"project", "parent", "version"}; - /** {@inheritDoc} */ - public void endElement(String namespaceURI, String localName, String qName) throws SAXException { - this.stack.pop(); - } - - /** - *

getLibraryId.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - */ - public LibraryId getLibraryId() { - return this.libid; - } + private static final String[] g = new String[] {"project", "groupId"}; + private static final String[] a = new String[] {"project", "artifactId"}; + private static final String[] v = new String[] {"project", "version"}; + + private Stack stack = new Stack(); + + private LibraryId libid = new LibraryId(); + + /** {@inheritDoc} */ + public void startElement(String namespaceURI, String localName, String qName, Attributes atts) + throws SAXException { + this.stack.push(localName); + } + + /** {@inheritDoc} */ + public void characters(char ch[], int start, int length) throws SAXException { + // log.info(stack.toString()); + if (Arrays.equals(stack.toArray(), pg) || Arrays.equals(stack.toArray(), g)) { + if (libid.getMvnGroup() == null || Arrays.equals(stack.toArray(), g)) + libid.setMvnGroup(new String(Arrays.copyOfRange(ch, start, start + length))); + } else if (Arrays.equals(stack.toArray(), pa) || Arrays.equals(stack.toArray(), a)) { + if (libid.getArtifact() == null || Arrays.equals(stack.toArray(), a)) + libid.setArtifact(new String(Arrays.copyOfRange(ch, start, start + length))); + } else if (Arrays.equals(stack.toArray(), pv) || Arrays.equals(stack.toArray(), v)) { + if (libid.getVersion() == null || Arrays.equals(stack.toArray(), v)) + libid.setVersion(new String(Arrays.copyOfRange(ch, start, start + length))); + } + } + + /** {@inheritDoc} */ + public void endElement(String namespaceURI, String localName, String qName) throws SAXException { + this.stack.pop(); + } + + /** + *

getLibraryId.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + */ + public LibraryId getLibraryId() { + return this.libid; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/WarAnalyzer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/WarAnalyzer.java index f6b67a5b4..eb3d8f432 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/WarAnalyzer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/WarAnalyzer.java @@ -38,7 +38,6 @@ import org.apache.commons.configuration.PropertiesConfiguration; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; import com.sap.psr.vulas.FileAnalyzer; @@ -52,396 +51,500 @@ import javassist.CtClass; import javassist.NotFoundException; - /** * Analyzes a single Web app archive (WAR) as to identify (and potentially instrument) all its classes (in directory WEB-INF/classes), * as well as its JARs (in directory WEB-INF/lib). */ public class WarAnalyzer extends JarAnalyzer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final String INCL_SPACE = "vulas.core.instr.static.inclSpace"; - private static final String INCL_BACKEND_URL = "vulas.core.instr.static.inclBackendUrl"; - - // private static final ClassPool CLASSPOOL = ClassPool.getDefault(); - // /** - // * Adds a given URL to the classpath of the class pool. This allows maintaining dependencies needed for the compilation of instrumented classes. - // * @param _url - // * @throws NotFoundException - // */ - // public static void insertClasspath(String _url) throws NotFoundException { CLASSPOOL.insertClassPath(_url); } - // private static ClassPool getClassPool() { return WarAnalyzer.CLASSPOOL; } - - // private static boolean OVERWRITE_ENABLED = false; - // public static void enableOverwrite(boolean _b) { WarAnalyzer.OVERWRITE_ENABLED = _b; } - // public static boolean isOverwriteEnabled() { return WarAnalyzer.OVERWRITE_ENABLED; } - - private MapinstrumentedClasses = new HashMap(); - private Path tmpDir = null; // To where the WAR is extracted - private Path inclDir = null; - - private ArchiveAnalysisManager mgr = null; - private Set nestedAnalyzers = null; - - /** The Vulas archive in incl/ will be rewritten as to contain a proper vulas configuration file. The original will - * then need to be skipped, i.e., not included in the instrumented WAR. */ - private Set ignoredIncludes = new HashSet(); - - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { return new String[] { "war" }; } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - try { - super.analyze(_file); - - // Extract the WAR - if(this.workDir!=null) - this.tmpDir = Paths.get(this.workDir.toString(), "war_analysis"); - else { - try { - this.tmpDir = java.nio.file.Files.createTempDirectory("war_analysis_"); - } catch (IOException e) { - throw new IllegalStateException("Unable to create temp directory", e); - } - } - this.jarWriter.extract(this.tmpDir); - - // Add WEB-INF/classes to the classpath - try { - JarAnalyzer.insertClasspath(Paths.get(this.tmpDir.toString(), "WEB-INF", "classes").toString()); - } catch (Exception e) { - // No problem at all if instrumentation is not requested. - // If instrumentation is requested, however, some classes may not compile - WarAnalyzer.log.error(this.toString() + ": Error while updating the classpath: " + e.getMessage()); - } - } catch (IllegalStateException e) { - log.error("IllegalStateException when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } catch (IOException e) { - log.error("IOException when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } catch (Exception e) { - log.error("Exception when analyzing file [" + _file + "]: " + e.getMessage()); - throw new FileAnalysisException("Error when analyzing file [" + _file + "]: " + e.getMessage(), e); - } - } - - /** - * Sets the directory containing JARs to be included in the rewritten WAR. - * All JARs contained therein will be modified as well in order to set the application scope in the Vulas configuration file. - * - * @param _p a {@link java.nio.file.Path} object. - */ - public void setIncludeDir(Path _p) { - this.inclDir = _p; - - // If the WAR is to be instrumented, rewrite all JARs in the inclDir in order to include the current artifact coordinates in the Vulas configuration file - if(this.inclDir!=null && this.instrument) { - final FileSearch vis = new FileSearch(new String[] {"jar"}); - final Set libs = vis.search(this.inclDir); - JarWriter writer = null; - for(Path lib: libs) { - try { - writer = new JarWriter(lib); - if(writer.hasEntry("vulas-core.properties") && !writer.isRewrittenByVulas()) { - - // Rewrite the configuration file - writer.setClassifier("and-config"); - writer.register("vulas-core.properties", this); - writer.rewrite(this.inclDir); - - // If we reach this point, the rewriting worked and the original file can be ignored later on - this.ignoredIncludes.add(lib); - //Files.move(..., lib, java.nio.file.StandardCopyOption.REPLACE_EXISTING); - } - } catch (IOException ioe) { - WarAnalyzer.log.error("Error when rewriting the JARs: " + ioe.getMessage()); - } catch (JarAnalysisException jae) { - WarAnalyzer.log.error("Error when rewriting the JARs: " + jae.getMessage()); - } - } - } - } - - /** - * {@inheritDoc} - * - * Determines whether the instrumented JAR is renamed or not. If yes, the new file name follows the following format: - * - If app context is provided: [originalJarName]-vulas-[appGroupId]-[appArtifactId]-[appVersion].jar - * - Otherwise: [originalJarName]-vulas.jar - */ - public void setRename(boolean _b) { this.rename = _b; } - - /** - * {@inheritDoc} - * - * See here: http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html - */ - @Override - protected void createInstrumentedArchive() throws JarAnalysisException { - - // Additional manifest file entries - this.jarWriter.addManifestEntry("VULAS-classInstrStats", "[" + this.classCount + " total, " + this.instrControl.countClassesInstrumentedAlready() + " existed, " + this.instrControl.countClassesInstrumentedSuccess() + " ok, " + this.instrControl.countClassesInstrumentedFailure() + " err]"); - this.jarWriter.addManifestEntry("VULAS-constructStats", "[" + constructs.size() + " constructs]"); - if(JarAnalyzer.getAppContext()!=null) - this.jarWriter.addManifestEntry("VULAS-appContext", JarAnalyzer.getAppContext().getMvnGroup() + ":" + - JarAnalyzer.getAppContext().getArtifact() + ":" + - JarAnalyzer.getAppContext().getVersion()); - - // Register this WarAnalyzer for callbacks - this.jarWriter.register("^WEB-INF/classes/.*.class$", this); - this.jarWriter.register("^WEB-INF/lib/.*.jar$", this); - - // Additional files to be added to the WAR - if(this.inclDir!=null && this.inclDir.toFile().exists()) { - - // Include all JARs in inclDir in WEB-INF/lib - final FileSearch vis = new FileSearch(new String[] {"jar"}); - final Set libs = vis.search(this.inclDir); - WarAnalyzer.log.info(this + ": Dir [" + this.inclDir + "] includes another [" + libs.size() + "] JARs, to be included in WEB-INF/lib"); - - // Add all files in incl (except the one(s) rewritten to contain a proper vulas-cfg.properties) - //this.jarWriter.addFiles("WEB-INF/lib", libs, true); - for(Path l: libs) { - if(this.ignoredIncludes.contains(l)) - continue; - else - this.jarWriter.addFile("WEB-INF/lib", l, true); - } - - // Add configuration files - this.jarWriter.addFile("WEB-INF/classes/", Paths.get(this.inclDir.toString(), "vulas-cfg.properties"), true); - this.jarWriter.addFile("WEB-INF/classes/", Paths.get(this.inclDir.toString(), "vulas-cfg.xml"), true); - this.jarWriter.addFile("WEB-INF/classes/", Paths.get(this.inclDir.toString(), "log4j.properties"), false); - } - - // Rename - if(this.rename) - this.jarWriter.setClassifier("vulas-instr"); - - // Rewrite - this.jarWriter.rewrite(this.workDir); - - // Stats - this.instrControl.logStatistics(); - } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { - return this.getChilds(true)!=null && !this.getChilds(true).isEmpty(); - } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { - if(this.mgr==null) { - this.mgr = new ArchiveAnalysisManager(4, -1, this.instrument, JarAnalyzer.getAppContext()); - - // Create a lib_mod folder for instrumented JARs of the WAR - if(this.instrument) { - final Path lib_mod = Paths.get(this.tmpDir.toString(), "WEB-INF", "lib_mod"); - if(!lib_mod.toFile().exists()) { - try { - Files.createDirectory(lib_mod); - } catch (IOException e) { - log.error("Cannot create directory [" + lib_mod.toAbsolutePath() + "]: " + e.getMessage(), e); - } - } - - if(lib_mod.toFile().exists()) { - mgr.setWorkDir(lib_mod); - } - else { - log.warn("Instrumentation disabled"); - mgr.setInstrument(false); - } - } - - // Find and analyze all JARs - final Set jars = new FileSearch(new String[] {"jar"}).search(Paths.get(this.tmpDir.toString(), "WEB-INF", "lib")); - mgr.startAnalysis(jars, this); - this.nestedAnalyzers = new HashSet(); - this.nestedAnalyzers.addAll(mgr.getAnalyzers()); - } - return this.nestedAnalyzers; - } - - /** - * {@inheritDoc} - * - * Identifies all {@link ConstructId}s of all methods and constructors contained in the WAR file. - * Returns true if the WAR has classes in WEB-INF/classes, false otherwise. Note that classes in libraries contained in WEB-INF/lib are ignored. - */ - @Override - public synchronized Set getConstructIds() { - if(this.constructs==null) { - this.constructs = new TreeSet(); - // Loop all *.class files in WEB-INF/classes - final Set class_names = new HashSet(); - String class_name = null; - final Set class_files = new FileSearch(new String[] {"class"}).search(Paths.get(this.tmpDir.toString(), "WEB-INF", "classes")); - for(Path p: class_files) { - class_name = p.toString(); - class_name = class_name.substring(0, class_name.length()-6); // ".class" - class_name = class_name.substring(class_name.indexOf("WEB-INF")+16); // "WEB-INF/classes/" - class_name = class_name.replace(File.separatorChar, '.'); - class_names.add(class_name); - WarAnalyzer.log.debug("Found [" + class_name + "]"); - } - - // Visit all classes using Javassist (and instrument as many as possible - if requested) - CtClass ctclass = null; - ClassVisitor cv = null; - - for(String cn: class_names) { - try { - ctclass = JarAnalyzer.getClassPool().get(cn); - - // Ignore interfaces (no executable code) and enums (rarely containing executable code, perhaps to be included later on) - if(ctclass.isInterface()) { - this.interfaceCount++; - } - else { - - if(ctclass.isEnum()) - this.enumCount++; - else - this.classCount++; - - // Create ClassVisitor for the current Java class - cv = new ClassVisitor(ctclass); - this.constructs.addAll(cv.getConstructs()); - - // Instrument (if requested and not blacklisted) - if(this.instrument && !this.instrControl.isBlacklistedClass(cn)) { - cv.setOriginalArchiveDigest(this.getSHA1()); - cv.setAppContext(WarAnalyzer.getAppContext()); - if(cv.isInstrumented()) - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); - else { - try { - cv.visitMethods(true); - cv.visitConstructors(true); - cv.finalizeInstrumentation(); - this.instrumentedClasses.put(cv.getJavaId(), cv); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(true)); - } catch (IOException ioe) { - WarAnalyzer.log.error("I/O exception while instrumenting class [" + cv.getJavaId().getQualifiedName() + "]: " + ioe.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } catch (CannotCompileException cce) { - WarAnalyzer.log.warn("Cannot compile instrumented class [" + cv.getJavaId().getQualifiedName() + "]: " + cce.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } catch (Exception e) { - WarAnalyzer.log.error(e.getClass().getName() + " occured while instrumenting class [" + cv.getJavaId().getQualifiedName() + "]: " + e.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } - } - } - } - if(!this.instrument){ - //only detach if no static instrumentation (otherwise it will fail because the class was modified) - // in case the instrumentation is performed the detach is done in ClassVisitor.finalizeInstrumentation - ctclass.detach(); - } - } catch (NotFoundException nfe) { - WarAnalyzer.log.error("Error while analyzing class [" + cv.getJavaId().getQualifiedName() + "]: " + nfe.getMessage()); - continue; - } catch (RuntimeException re) { - WarAnalyzer.log.error("Error while analyzing class [" + ctclass.getName() + "]: " + re.getMessage()); - continue; - } - } - if(this.instrument) - WarAnalyzer.log.info(this.toString() + ": classes comprised/already-instr/instr/not-instr [" + this.classCount + "/" + this.instrControl.countClassesInstrumentedAlready() + "/" + this.instrControl.countClassesInstrumentedSuccess() + "/" + this.instrControl.countClassesInstrumentedFailure() + "], constructs comprised [" + constructs.size() + "]"); - else - WarAnalyzer.log.info(this.toString() + ": constructs comprised [" + constructs.size() + "], classes [" + this.classCount + "], enums [" + enumCount + "], interfaces (ignored) [" + interfaceCount + "]"); - } - return this.constructs; - } - - /** - * {@inheritDoc} - * - * In case the archive is rewritten, this method is used to rewrite certain {@link JarEntry}s - * (rather than taking the file from the original archive). - * The callback registration takes place in {@link #createInstrumentedArchive()}. - */ - @Override - public InputStream getInputStream(String _regex, JarEntry _entry) { - InputStream is = null; - - // Called during rewrite of classes - if(_regex.equals("^WEB-INF/classes/.*.class$")) { - JavaId jid = null; - // Create JavaId from entry name - try { - String class_name = _entry.getName(); - class_name = class_name.substring(0, class_name.length()-6); // ".class" - class_name = class_name.substring(16); // "WEB-INF/classes/" - class_name = class_name.replace('/', '.'); - jid = JavaId.parseClassQName(class_name); - } catch (Exception e) { - WarAnalyzer.log.error("Cannot parse Java Id from Jar Entry [" + _entry.getName() + "]: " + e.getMessage()); - jid = null; - } - - // Create input stream - if(jid!=null && this.instrumentedClasses.get(jid)!=null) { - //new_entry.setSize(this.instrumentedClasses.get(jid).getBytecode().length); - is = new ByteArrayInputStream(this.instrumentedClasses.get(jid).getBytecode()); - } - } - // Called during rewrite of WAR - else if(_regex.equals("^WEB-INF/lib/.*.jar$")) { - JarAnalyzer ja = null; - try { - final String[] path_elements = _entry.getName().split("/"); - final Path p = Paths.get(path_elements[0], path_elements[1], path_elements[2]); // Assumming: WEB-INF/lib/xyz.jar - ja = mgr.getAnalyzerForSubpath(p); - if(ja!=null) { - final File f = ja.getInstrumentedArchive(); - is = new FileInputStream(f); - } else { - WarAnalyzer.log.warn("Cannot find JarAnalyzer for path [" + p + "]"); - } - } catch (Exception e) { - WarAnalyzer.log.error("Cannot find rewritten JAR file from [" + ja + "]: " + e.getMessage()); - } - } - // Called during the rewrite of the JARs in inclDir - else if(_regex.equals("vulas-core.properties")) { - Path tmp_file = null; - try { - final PropertiesConfiguration cfg = new PropertiesConfiguration("vulas-core.properties"); - cfg.setProperty(CoreConfiguration.APP_CTX_GROUP, JarAnalyzer.getAppContext().getMvnGroup()); - cfg.setProperty(CoreConfiguration.APP_CTX_ARTIF, JarAnalyzer.getAppContext().getArtifact()); - cfg.setProperty(CoreConfiguration.APP_CTX_VERSI, JarAnalyzer.getAppContext().getVersion()); - - // Include space - if(VulasConfiguration.getGlobal().getConfiguration().getBoolean(INCL_SPACE, true) && VulasConfiguration.getGlobal().getConfiguration().containsKey(CoreConfiguration.SPACE_TOKEN)) - cfg.setProperty(CoreConfiguration.SPACE_TOKEN, VulasConfiguration.getGlobal().getConfiguration().getString(CoreConfiguration.SPACE_TOKEN)); - - // Include backend URL - if(VulasConfiguration.getGlobal().getConfiguration().getBoolean(INCL_BACKEND_URL, true) && VulasConfiguration.getGlobal().getConfiguration().containsKey(VulasConfiguration.getServiceUrlKey(Service.BACKEND))) - cfg.setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), VulasConfiguration.getGlobal().getConfiguration().getString(VulasConfiguration.getServiceUrlKey(Service.BACKEND))); - - tmp_file = Files.createTempFile("vulas-core-", ".properties"); - cfg.save(tmp_file.toFile()); - is = new FileInputStream(tmp_file.toFile()); - } - catch(ConfigurationException ce) { - WarAnalyzer.log.error("Error when loading configuration from 'vulas-core.properties': " + ce.getMessage()); - } - catch(IOException ioe) { - WarAnalyzer.log.error("Error when creating/reading temporary configuration file [" + tmp_file + "]: " + ioe.getMessage()); - } - } - - return is; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static final String INCL_SPACE = "vulas.core.instr.static.inclSpace"; + private static final String INCL_BACKEND_URL = "vulas.core.instr.static.inclBackendUrl"; + + // private static final ClassPool CLASSPOOL = ClassPool.getDefault(); + // /** + // * Adds a given URL to the classpath of the class pool. This allows maintaining dependencies + // needed for the compilation of instrumented classes. + // * @param _url + // * @throws NotFoundException + // */ + // public static void insertClasspath(String _url) throws NotFoundException { + // CLASSPOOL.insertClassPath(_url); } + // private static ClassPool getClassPool() { return WarAnalyzer.CLASSPOOL; } + + // private static boolean OVERWRITE_ENABLED = false; + // public static void enableOverwrite(boolean _b) { WarAnalyzer.OVERWRITE_ENABLED = _b; } + // public static boolean isOverwriteEnabled() { return WarAnalyzer.OVERWRITE_ENABLED; } + + private Map instrumentedClasses = new HashMap(); + private Path tmpDir = null; // To where the WAR is extracted + private Path inclDir = null; + + private ArchiveAnalysisManager mgr = null; + private Set nestedAnalyzers = null; + + /** The Vulas archive in incl/ will be rewritten as to contain a proper vulas configuration file. The original will + * then need to be skipped, i.e., not included in the instrumented WAR. */ + private Set ignoredIncludes = new HashSet(); + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"war"}; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + try { + super.analyze(_file); + + // Extract the WAR + if (this.workDir != null) this.tmpDir = Paths.get(this.workDir.toString(), "war_analysis"); + else { + try { + this.tmpDir = java.nio.file.Files.createTempDirectory("war_analysis_"); + } catch (IOException e) { + throw new IllegalStateException("Unable to create temp directory", e); + } + } + this.jarWriter.extract(this.tmpDir); + + // Add WEB-INF/classes to the classpath + try { + JarAnalyzer.insertClasspath( + Paths.get(this.tmpDir.toString(), "WEB-INF", "classes").toString()); + } catch (Exception e) { + // No problem at all if instrumentation is not requested. + // If instrumentation is requested, however, some classes may not compile + WarAnalyzer.log.error( + this.toString() + ": Error while updating the classpath: " + e.getMessage()); + } + } catch (IllegalStateException e) { + log.error("IllegalStateException when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } catch (IOException e) { + log.error("IOException when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } catch (Exception e) { + log.error("Exception when analyzing file [" + _file + "]: " + e.getMessage()); + throw new FileAnalysisException( + "Error when analyzing file [" + _file + "]: " + e.getMessage(), e); + } + } + + /** + * Sets the directory containing JARs to be included in the rewritten WAR. + * All JARs contained therein will be modified as well in order to set the application scope in the Vulas configuration file. + * + * @param _p a {@link java.nio.file.Path} object. + */ + public void setIncludeDir(Path _p) { + this.inclDir = _p; + + // If the WAR is to be instrumented, rewrite all JARs in the inclDir in order to include the + // current artifact coordinates in the Vulas configuration file + if (this.inclDir != null && this.instrument) { + final FileSearch vis = new FileSearch(new String[] {"jar"}); + final Set libs = vis.search(this.inclDir); + JarWriter writer = null; + for (Path lib : libs) { + try { + writer = new JarWriter(lib); + if (writer.hasEntry("vulas-core.properties") && !writer.isRewrittenByVulas()) { + + // Rewrite the configuration file + writer.setClassifier("and-config"); + writer.register("vulas-core.properties", this); + writer.rewrite(this.inclDir); + + // If we reach this point, the rewriting worked and the original file can be ignored + // later on + this.ignoredIncludes.add(lib); + // Files.move(..., lib, java.nio.file.StandardCopyOption.REPLACE_EXISTING); + } + } catch (IOException ioe) { + WarAnalyzer.log.error("Error when rewriting the JARs: " + ioe.getMessage()); + } catch (JarAnalysisException jae) { + WarAnalyzer.log.error("Error when rewriting the JARs: " + jae.getMessage()); + } + } + } + } + + /** + * {@inheritDoc} + * + * Determines whether the instrumented JAR is renamed or not. If yes, the new file name follows the following format: + * - If app context is provided: [originalJarName]-vulas-[appGroupId]-[appArtifactId]-[appVersion].jar + * - Otherwise: [originalJarName]-vulas.jar + */ + public void setRename(boolean _b) { + this.rename = _b; + } + + /** + * {@inheritDoc} + * + * See here: http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html + */ + @Override + protected void createInstrumentedArchive() throws JarAnalysisException { + + // Additional manifest file entries + this.jarWriter.addManifestEntry( + "VULAS-classInstrStats", + "[" + + this.classCount + + " total, " + + this.instrControl.countClassesInstrumentedAlready() + + " existed, " + + this.instrControl.countClassesInstrumentedSuccess() + + " ok, " + + this.instrControl.countClassesInstrumentedFailure() + + " err]"); + this.jarWriter.addManifestEntry( + "VULAS-constructStats", "[" + constructs.size() + " constructs]"); + if (JarAnalyzer.getAppContext() != null) + this.jarWriter.addManifestEntry( + "VULAS-appContext", + JarAnalyzer.getAppContext().getMvnGroup() + + ":" + + JarAnalyzer.getAppContext().getArtifact() + + ":" + + JarAnalyzer.getAppContext().getVersion()); + + // Register this WarAnalyzer for callbacks + this.jarWriter.register("^WEB-INF/classes/.*.class$", this); + this.jarWriter.register("^WEB-INF/lib/.*.jar$", this); + + // Additional files to be added to the WAR + if (this.inclDir != null && this.inclDir.toFile().exists()) { + + // Include all JARs in inclDir in WEB-INF/lib + final FileSearch vis = new FileSearch(new String[] {"jar"}); + final Set libs = vis.search(this.inclDir); + WarAnalyzer.log.info( + this + + ": Dir [" + + this.inclDir + + "] includes another [" + + libs.size() + + "] JARs, to be included in WEB-INF/lib"); + + // Add all files in incl (except the one(s) rewritten to contain a proper + // vulas-cfg.properties) + // this.jarWriter.addFiles("WEB-INF/lib", libs, true); + for (Path l : libs) { + if (this.ignoredIncludes.contains(l)) continue; + else this.jarWriter.addFile("WEB-INF/lib", l, true); + } + + // Add configuration files + this.jarWriter.addFile( + "WEB-INF/classes/", Paths.get(this.inclDir.toString(), "vulas-cfg.properties"), true); + this.jarWriter.addFile( + "WEB-INF/classes/", Paths.get(this.inclDir.toString(), "vulas-cfg.xml"), true); + this.jarWriter.addFile( + "WEB-INF/classes/", Paths.get(this.inclDir.toString(), "log4j.properties"), false); + } + + // Rename + if (this.rename) this.jarWriter.setClassifier("vulas-instr"); + + // Rewrite + this.jarWriter.rewrite(this.workDir); + + // Stats + this.instrControl.logStatistics(); + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return this.getChilds(true) != null && !this.getChilds(true).isEmpty(); + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + if (this.mgr == null) { + this.mgr = new ArchiveAnalysisManager(4, -1, this.instrument, JarAnalyzer.getAppContext()); + + // Create a lib_mod folder for instrumented JARs of the WAR + if (this.instrument) { + final Path lib_mod = Paths.get(this.tmpDir.toString(), "WEB-INF", "lib_mod"); + if (!lib_mod.toFile().exists()) { + try { + Files.createDirectory(lib_mod); + } catch (IOException e) { + log.error( + "Cannot create directory [" + lib_mod.toAbsolutePath() + "]: " + e.getMessage(), e); + } + } + + if (lib_mod.toFile().exists()) { + mgr.setWorkDir(lib_mod); + } else { + log.warn("Instrumentation disabled"); + mgr.setInstrument(false); + } + } + + // Find and analyze all JARs + final Set jars = + new FileSearch(new String[] {"jar"}) + .search(Paths.get(this.tmpDir.toString(), "WEB-INF", "lib")); + mgr.startAnalysis(jars, this); + this.nestedAnalyzers = new HashSet(); + this.nestedAnalyzers.addAll(mgr.getAnalyzers()); + } + return this.nestedAnalyzers; + } + + /** + * {@inheritDoc} + * + * Identifies all {@link ConstructId}s of all methods and constructors contained in the WAR file. + * Returns true if the WAR has classes in WEB-INF/classes, false otherwise. Note that classes in libraries contained in WEB-INF/lib are ignored. + */ + @Override + public synchronized Set getConstructIds() { + if (this.constructs == null) { + this.constructs = new TreeSet(); + // Loop all *.class files in WEB-INF/classes + final Set class_names = new HashSet(); + String class_name = null; + final Set class_files = + new FileSearch(new String[] {"class"}) + .search(Paths.get(this.tmpDir.toString(), "WEB-INF", "classes")); + for (Path p : class_files) { + class_name = p.toString(); + class_name = class_name.substring(0, class_name.length() - 6); // ".class" + class_name = class_name.substring(class_name.indexOf("WEB-INF") + 16); // "WEB-INF/classes/" + class_name = class_name.replace(File.separatorChar, '.'); + class_names.add(class_name); + WarAnalyzer.log.debug("Found [" + class_name + "]"); + } + + // Visit all classes using Javassist (and instrument as many as possible - if requested) + CtClass ctclass = null; + ClassVisitor cv = null; + + for (String cn : class_names) { + try { + ctclass = JarAnalyzer.getClassPool().get(cn); + + // Ignore interfaces (no executable code) and enums (rarely containing executable code, + // perhaps to be included later on) + if (ctclass.isInterface()) { + this.interfaceCount++; + } else { + + if (ctclass.isEnum()) this.enumCount++; + else this.classCount++; + + // Create ClassVisitor for the current Java class + cv = new ClassVisitor(ctclass); + this.constructs.addAll(cv.getConstructs()); + + // Instrument (if requested and not blacklisted) + if (this.instrument && !this.instrControl.isBlacklistedClass(cn)) { + cv.setOriginalArchiveDigest(this.getSHA1()); + cv.setAppContext(WarAnalyzer.getAppContext()); + if (cv.isInstrumented()) + this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); + else { + try { + cv.visitMethods(true); + cv.visitConstructors(true); + cv.finalizeInstrumentation(); + this.instrumentedClasses.put(cv.getJavaId(), cv); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(true)); + } catch (IOException ioe) { + WarAnalyzer.log.error( + "I/O exception while instrumenting class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + ioe.getMessage()); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(false)); + } catch (CannotCompileException cce) { + WarAnalyzer.log.warn( + "Cannot compile instrumented class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + cce.getMessage()); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(false)); + } catch (Exception e) { + WarAnalyzer.log.error( + e.getClass().getName() + + " occured while instrumenting class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + e.getMessage()); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(false)); + } + } + } + } + if (!this.instrument) { + // only detach if no static instrumentation (otherwise it will fail because the class + // was modified) + // in case the instrumentation is performed the detach is done in + // ClassVisitor.finalizeInstrumentation + ctclass.detach(); + } + } catch (NotFoundException nfe) { + WarAnalyzer.log.error( + "Error while analyzing class [" + + cv.getJavaId().getQualifiedName() + + "]: " + + nfe.getMessage()); + continue; + } catch (RuntimeException re) { + WarAnalyzer.log.error( + "Error while analyzing class [" + ctclass.getName() + "]: " + re.getMessage()); + continue; + } + } + if (this.instrument) + WarAnalyzer.log.info( + this.toString() + + ": classes comprised/already-instr/instr/not-instr [" + + this.classCount + + "/" + + this.instrControl.countClassesInstrumentedAlready() + + "/" + + this.instrControl.countClassesInstrumentedSuccess() + + "/" + + this.instrControl.countClassesInstrumentedFailure() + + "], constructs comprised [" + + constructs.size() + + "]"); + else + WarAnalyzer.log.info( + this.toString() + + ": constructs comprised [" + + constructs.size() + + "], classes [" + + this.classCount + + "], enums [" + + enumCount + + "], interfaces (ignored) [" + + interfaceCount + + "]"); + } + return this.constructs; + } + + /** + * {@inheritDoc} + * + * In case the archive is rewritten, this method is used to rewrite certain {@link JarEntry}s + * (rather than taking the file from the original archive). + * The callback registration takes place in {@link #createInstrumentedArchive()}. + */ + @Override + public InputStream getInputStream(String _regex, JarEntry _entry) { + InputStream is = null; + + // Called during rewrite of classes + if (_regex.equals("^WEB-INF/classes/.*.class$")) { + JavaId jid = null; + // Create JavaId from entry name + try { + String class_name = _entry.getName(); + class_name = class_name.substring(0, class_name.length() - 6); // ".class" + class_name = class_name.substring(16); // "WEB-INF/classes/" + class_name = class_name.replace('/', '.'); + jid = JavaId.parseClassQName(class_name); + } catch (Exception e) { + WarAnalyzer.log.error( + "Cannot parse Java Id from Jar Entry [" + _entry.getName() + "]: " + e.getMessage()); + jid = null; + } + + // Create input stream + if (jid != null && this.instrumentedClasses.get(jid) != null) { + // new_entry.setSize(this.instrumentedClasses.get(jid).getBytecode().length); + is = new ByteArrayInputStream(this.instrumentedClasses.get(jid).getBytecode()); + } + } + // Called during rewrite of WAR + else if (_regex.equals("^WEB-INF/lib/.*.jar$")) { + JarAnalyzer ja = null; + try { + final String[] path_elements = _entry.getName().split("/"); + final Path p = + Paths.get( + path_elements[0], + path_elements[1], + path_elements[2]); // Assumming: WEB-INF/lib/xyz.jar + ja = mgr.getAnalyzerForSubpath(p); + if (ja != null) { + final File f = ja.getInstrumentedArchive(); + is = new FileInputStream(f); + } else { + WarAnalyzer.log.warn("Cannot find JarAnalyzer for path [" + p + "]"); + } + } catch (Exception e) { + WarAnalyzer.log.error( + "Cannot find rewritten JAR file from [" + ja + "]: " + e.getMessage()); + } + } + // Called during the rewrite of the JARs in inclDir + else if (_regex.equals("vulas-core.properties")) { + Path tmp_file = null; + try { + final PropertiesConfiguration cfg = new PropertiesConfiguration("vulas-core.properties"); + cfg.setProperty(CoreConfiguration.APP_CTX_GROUP, JarAnalyzer.getAppContext().getMvnGroup()); + cfg.setProperty(CoreConfiguration.APP_CTX_ARTIF, JarAnalyzer.getAppContext().getArtifact()); + cfg.setProperty(CoreConfiguration.APP_CTX_VERSI, JarAnalyzer.getAppContext().getVersion()); + + // Include space + if (VulasConfiguration.getGlobal().getConfiguration().getBoolean(INCL_SPACE, true) + && VulasConfiguration.getGlobal() + .getConfiguration() + .containsKey(CoreConfiguration.SPACE_TOKEN)) + cfg.setProperty( + CoreConfiguration.SPACE_TOKEN, + VulasConfiguration.getGlobal() + .getConfiguration() + .getString(CoreConfiguration.SPACE_TOKEN)); + + // Include backend URL + if (VulasConfiguration.getGlobal().getConfiguration().getBoolean(INCL_BACKEND_URL, true) + && VulasConfiguration.getGlobal() + .getConfiguration() + .containsKey(VulasConfiguration.getServiceUrlKey(Service.BACKEND))) + cfg.setProperty( + VulasConfiguration.getServiceUrlKey(Service.BACKEND), + VulasConfiguration.getGlobal() + .getConfiguration() + .getString(VulasConfiguration.getServiceUrlKey(Service.BACKEND))); + + tmp_file = Files.createTempFile("vulas-core-", ".properties"); + cfg.save(tmp_file.toFile()); + is = new FileInputStream(tmp_file.toFile()); + } catch (ConfigurationException ce) { + WarAnalyzer.log.error( + "Error when loading configuration from 'vulas-core.properties': " + ce.getMessage()); + } catch (IOException ioe) { + WarAnalyzer.log.error( + "Error when creating/reading temporary configuration file [" + + tmp_file + + "]: " + + ioe.getMessage()); + } + } + + return is; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/IDecompiler.java b/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/IDecompiler.java index 0d50afd06..743ff9084 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/IDecompiler.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/IDecompiler.java @@ -30,11 +30,11 @@ */ public interface IDecompiler { - /** - *

decompileClassFile.

- * - * @param _classFile - the *.class file to be decompiled containing bytecode - * @return the corresponding decompiled _javaFile - */ - public File decompileClassFile(File _classFile); + /** + *

decompileClassFile.

+ * + * @param _classFile - the *.class file to be decompiled containing bytecode + * @return the corresponding decompiled _javaFile + */ + public File decompileClassFile(File _classFile); } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/ProcyonDecompiler.java b/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/ProcyonDecompiler.java index 5a05df3f3..ad0294ae3 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/ProcyonDecompiler.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/decompiler/ProcyonDecompiler.java @@ -38,44 +38,37 @@ */ public class ProcyonDecompiler implements IDecompiler { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** {@inheritDoc} */ - @Override - public File decompileClassFile(File inputClassFile) { + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - //Default settings for the decompilers - final DecompilerSettings settings = new DecompilerSettings(); - settings.setShowSyntheticMembers(true); - settings.setSimplifyMemberReferences(true); - settings.setExcludeNestedTypes(true); + /** {@inheritDoc} */ + @Override + public File decompileClassFile(File inputClassFile) { - String classFilePath = inputClassFile.getPath(); - String fileNameWithOutExt = FilenameUtils.removeExtension(inputClassFile.getName()); - File outFile = new File(inputClassFile.getParent(), fileNameWithOutExt + ".java"); + // Default settings for the decompilers + final DecompilerSettings settings = new DecompilerSettings(); + settings.setShowSyntheticMembers(true); + settings.setSimplifyMemberReferences(true); + settings.setExcludeNestedTypes(true); - try { + String classFilePath = inputClassFile.getPath(); + String fileNameWithOutExt = FilenameUtils.removeExtension(inputClassFile.getName()); + File outFile = new File(inputClassFile.getParent(), fileNameWithOutExt + ".java"); - final FileOutputStream stream = new FileOutputStream(outFile.toString()); - final OutputStreamWriter writer = new OutputStreamWriter(stream, FileUtil.getCharset()); + try { - try { - Decompiler.decompile( - classFilePath, - new PlainTextOutput(writer), - settings - ); - } - finally { - writer.close(); - stream.close(); - } - } - catch (final IOException e) { - log.debug(e.getMessage()); - } + final FileOutputStream stream = new FileOutputStream(outFile.toString()); + final OutputStreamWriter writer = new OutputStreamWriter(stream, FileUtil.getCharset()); - return outFile; - } + try { + Decompiler.decompile(classFilePath, new PlainTextOutput(writer), settings); + } finally { + writer.close(); + stream.close(); + } + } catch (final IOException e) { + log.debug(e.getMessage()); + } + return outFile; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/goals/CheckBytecodeGoal.java b/lang-java/src/main/java/com/sap/psr/vulas/java/goals/CheckBytecodeGoal.java index 08799be7f..69971aafc 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/goals/CheckBytecodeGoal.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/goals/CheckBytecodeGoal.java @@ -27,18 +27,13 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.backend.BackendConnector; import com.sap.psr.vulas.bytecode.BytecodeComparator; -import com.sap.psr.vulas.core.util.CoreConfiguration; import com.sap.psr.vulas.goals.AbstractAppGoal; -import com.sap.psr.vulas.goals.GoalConfigurationException; -import com.sap.psr.vulas.shared.enums.DigestAlgorithm; import com.sap.psr.vulas.shared.enums.GoalType; import com.sap.psr.vulas.shared.json.model.Application; import com.sap.psr.vulas.shared.json.model.Dependency; import com.sap.psr.vulas.shared.json.model.VulnerableDependency; -import com.sap.psr.vulas.shared.util.FileUtil; /** * For all non-assessed tuples (library,bug), the code of modified methods and constructors is compared with the @@ -50,61 +45,78 @@ */ public class CheckBytecodeGoal extends AbstractAppGoal { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** - *

- * Constructor for CheckBytecodeGoal. - *

- */ - public CheckBytecodeGoal() { - super(GoalType.CHECKCODE); - } - - /** {@inheritDoc} */ - @Override - protected void executeTasks() throws Exception { - final Application app = this.getApplicationContext(); - - final Map deps = this.getKnownDependencies(); - - final BytecodeComparator comparator = new BytecodeComparator(this.getGoalContext()); - - // Loop over all vulnerable dependencies that are NOT assessed (orange hour glasses) - final Set vulndeps = BackendConnector.getInstance().getAppVulnDeps(this.getGoalContext(), app, false, false, true); - - for (VulnerableDependency vulndep : vulndeps) { - if(vulndep.getAffectedVersionConfirmed()==0) { // Redundant check due to the flags used in the GET request of getAppVulnDeps - - Path p = null; - - // Find the path of the vulndep among the dependencies or use the path returned - // from the backend by default (which is always present). In case the path from - // the backend is used, the goal only works when it runs on the same system that - // run goal APP. This is currently the only supported working mode for the cli - for(Entry e : deps.entrySet()) { - - // Here we retrieve the library path based solely on the digest even though the - // same library may originate multiple dependencies whose uniqueness is given by - // the triple library, parent, relativePath. The idea is that if we have the - // same digest we have the same code - if(e.getValue().getLib().getDigest().equals(vulndep.getDep().getLib().getDigest())) { - p = e.getKey(); - break; - } - } - - if(p==null) { - p = Paths.get(vulndep.getDep().getPath()); - if(p==null || !p.toFile().exists()) { - log.error("Path [" + p +"] for vulnerability [" + vulndep.getBug().getBugId() + "] in dependency [" + vulndep.getDep().getFilename() + "] does not exist"); - continue; - } - } - - log.info("Using path [" + p + "] to analyze vulnerability ["+vulndep.getBug().getBugId() + "] in dependency [" + vulndep.getDep().getFilename() + "]"); - comparator.compareLibForBug(vulndep.getDep().getLib(), vulndep.getBug().getBugId(), p); - } - } - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** + *

+ * Constructor for CheckBytecodeGoal. + *

+ */ + public CheckBytecodeGoal() { + super(GoalType.CHECKCODE); + } + + /** {@inheritDoc} */ + @Override + protected void executeTasks() throws Exception { + final Application app = this.getApplicationContext(); + + final Map deps = this.getKnownDependencies(); + + final BytecodeComparator comparator = new BytecodeComparator(this.getGoalContext()); + + // Loop over all vulnerable dependencies that are NOT assessed (orange hour glasses) + final Set vulndeps = + BackendConnector.getInstance() + .getAppVulnDeps(this.getGoalContext(), app, false, false, true); + + for (VulnerableDependency vulndep : vulndeps) { + if (vulndep.getAffectedVersionConfirmed() + == 0) { // Redundant check due to the flags used in the GET request of getAppVulnDeps + + Path p = null; + + // Find the path of the vulndep among the dependencies or use the path returned + // from the backend by default (which is always present). In case the path from + // the backend is used, the goal only works when it runs on the same system that + // run goal APP. This is currently the only supported working mode for the cli + for (Entry e : deps.entrySet()) { + + // Here we retrieve the library path based solely on the digest even though the + // same library may originate multiple dependencies whose uniqueness is given by + // the triple library, parent, relativePath. The idea is that if we have the + // same digest we have the same code + if (e.getValue().getLib().getDigest().equals(vulndep.getDep().getLib().getDigest())) { + p = e.getKey(); + break; + } + } + + if (p == null) { + p = Paths.get(vulndep.getDep().getPath()); + if (p == null || !p.toFile().exists()) { + log.error( + "Path [" + + p + + "] for vulnerability [" + + vulndep.getBug().getBugId() + + "] in dependency [" + + vulndep.getDep().getFilename() + + "] does not exist"); + continue; + } + } + + log.info( + "Using path [" + + p + + "] to analyze vulnerability [" + + vulndep.getBug().getBugId() + + "] in dependency [" + + vulndep.getDep().getFilename() + + "]"); + comparator.compareLibForBug(vulndep.getDep().getLib(), vulndep.getBug().getBugId(), p); + } + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/goals/InstrGoal.java b/lang-java/src/main/java/com/sap/psr/vulas/java/goals/InstrGoal.java index 4f7176d15..9c5c155e5 100755 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/goals/InstrGoal.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/goals/InstrGoal.java @@ -26,7 +26,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.core.util.CoreConfiguration; import com.sap.psr.vulas.goals.AbstractAppGoal; import com.sap.psr.vulas.goals.AbstractGoal; @@ -37,7 +36,6 @@ import com.sap.psr.vulas.shared.util.FileSearch; import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.shared.util.ThreadUtil; -import com.sap.psr.vulas.shared.util.VulasConfiguration; /** *

InstrGoal class.

@@ -45,234 +43,268 @@ */ public class InstrGoal extends AbstractAppGoal { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private Path libPath = null; - - private Path inclPath = null; - - private Path targetPath = null; - - private Set instrPaths = new HashSet(); - - /** - *

Constructor for InstrGoal.

- */ - public InstrGoal() { super(GoalType.INSTR); } - - /** - *

Getter for the field libPath.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getLibPath() { return this.libPath; } - - /** - *

Setter for the field libPath.

- * - * @param _p a {@link java.nio.file.Path} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void setLibPath(Path _p) throws IllegalArgumentException { - if(FileUtil.isAccessibleDirectory(_p) || FileUtil.isAccessibleFile(_p)) - this.libPath = _p; - } - - /** - *

hasLibPath.

- * - * @return a boolean. - */ - public boolean hasLibPath() { return this.getLibPath()!=null; } - - /** - *

Getter for the field inclPath.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getInclPath() { return this.inclPath; } - - /** - *

Setter for the field inclPath.

- * - * @param _p a {@link java.nio.file.Path} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void setInclPath(Path _p) throws IllegalArgumentException { - if(FileUtil.isAccessibleDirectory(_p) || FileUtil.isAccessibleFile(_p)) - this.inclPath = _p; - } - - /** - *

hasInclPath.

- * - * @return a boolean. - */ - public boolean hasInclPath() { return this.getInclPath()!=null; } - - /** - *

Getter for the field targetPath.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getTargetPath() { return this.targetPath; } - - /** - *

Setter for the field targetPath.

- * - * @param _p a {@link java.nio.file.Path} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void setTargetPath(Path _p) throws IllegalArgumentException { - this.targetPath = _p; - } - - /** - *

hasTargetPath.

- * - * @return a boolean. - */ - public boolean hasTargetPath() { return this.getTargetPath()!=null; } - - /** - *

Getter for the field instrPaths.

- * - * @return a {@link java.util.Set} object. - */ - public Set getInstrPaths() { return this.instrPaths; } - - /** - *

addInstrPath.

- * - * @param _p a {@link java.nio.file.Path} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void addInstrPath(Path _p) throws IllegalArgumentException { - if(!FileUtil.isAccessibleDirectory(_p) && !FileUtil.isAccessibleFile(_p)) - log.warn("[" + _p + "] is not an accessible file or directory"); - else if(this.getInstrPaths().contains(_p)) - log.debug("[" + _p + "] is already part of intrumentation paths, and will not be added another time"); - else - this.instrPaths.add(_p); - - } - - /** - *

addInstrPaths.

- * - * @param _paths a {@link java.util.Set} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public void addInstrPaths(Set _paths) throws IllegalArgumentException { - for(Path p: _paths) - this.addInstrPath(p); - } - - /** - *

hasInstrPaths.

- * - * @return a boolean. - */ - public boolean hasInstrPaths() { return this.getInstrPaths()!=null && !this.getInstrPaths().isEmpty(); } - - /** - * {@inheritDoc} - * - * Checks whether one or more {@link Path}s with application constructs, and one or more {@link Path}s - * with dependencies are available. - */ - @Override - protected void prepareExecution() throws GoalConfigurationException { - - super.prepareExecution(); - - try { - // Lib path - this.setLibPath(FileUtil.getPath(this.getConfiguration().getConfiguration().getString(CoreConfiguration.INSTR_LIB_DIR, null))); - - // Warn if there's no lib path - if(!this.hasLibPath()) - log.warn("No library path"); - - // Include path - this.setInclPath(FileUtil.getPath(this.getConfiguration().getConfiguration().getString(CoreConfiguration.INSTR_INCLUDE_DIR, null))); - - // Warn if there's no include path - if(!this.hasInclPath()) - log.warn("No path with to-be-included JAR files"); - - // Where the instrumented archives will be written to - this.setTargetPath(FileUtil.getPath(this.getConfiguration().getConfiguration().getString(CoreConfiguration.INSTR_TARGET_DIR, null), true)); - - // Warn if there's no target path - if(!this.hasTargetPath()) { - this.setTargetPath(FileUtil.createTmpDir("instr")); - log.warn("No target path specified, using [" + this.getTargetPath() + "]"); - } - - // Instrumentation paths? - this.addInstrPaths(FileUtil.getPaths(this.getConfiguration().getStringArray(CoreConfiguration.INSTR_SRC_DIR, null))); - - // Warn if there's no app path - if(!this.hasInstrPaths()) { - log.warn("No path(s) with instrumentation sources, take application paths instead"); - final Set paths = new HashSet(); - paths.addAll(this.getAppPaths()); - this.addInstrPaths(paths); - } - } - // Thrown by all methods related to updating/adding paths - catch (IllegalArgumentException e) { - throw new GoalConfigurationException(e.getMessage()); - } - catch (IOException ioe) { - throw new GoalConfigurationException(ioe.getMessage()); - } - } - - /** {@inheritDoc} */ - @Override - protected void executeTasks() throws Exception { - final Application app = this.getApplicationContext(); - - //TODO: Check how to use packaging information from the Maven plugin - - final long timeout = this.getConfiguration().getConfiguration().getLong(CoreConfiguration.JAR_TIMEOUT, -1); - final int no_threads = ThreadUtil.getNoThreads(this.getConfiguration(), 2); - - final ArchiveAnalysisManager mgr = new ArchiveAnalysisManager(no_threads, timeout, true, app); - mgr.setRename(true); - - // Set the lib, include and work directories (if any) - //if(this.inclPathsFileUtil.isAccessibleDirectory(includeDir) && this.app.getPackaging().toLowerCase().equals("war")) - if(this.hasInclPath()) - mgr.setIncludeDir(this.inclPath); - - if(this.hasLibPath()) - mgr.setLibDir(this.getLibPath()); - - mgr.setWorkDir(this.getTargetPath(), true); - - // Search source archives and go - final FileSearch vis = new FileSearch(AbstractGoal.JAR_WAR_EXT); - final int search_depth = this.getConfiguration().getConfiguration().getBoolean(CoreConfiguration.INSTR_SEARCH_RECURSIVE, false) ? Integer.MAX_VALUE : 1; - mgr.startAnalysis(vis.search(getInstrPaths(), search_depth), null); - - // Add goal stats - //this.addGoalStats("instr.archivesAnalyzed", mgr.countArchivesAnalyzed()); - //this.addGoalStats("instr.archivesOriginalFileSizeTotal", mgr.getFileSize()); - //this.addGoalStats("instr.archivesInstrumentedFileSizeTotal", mgr.getInstrumentedFileSize()); - // The following probably makes no sense, since we always instrument one JAR or WAR in the context of this Maven goal - // this.addGoalStats("instr.archivesFileSizeMax", ...); - // this.addGoalStats("instr.archivesFileSizeAvg", ...); - - // Number of classes in the JAR or WAR. For WARs, also the libs in WB/INF/lib are considered. - //this.addGoalStats("instr.classesInstrumentedTotal", mgr.countClassesTotal()); - //this.addGoalStats("instr.classesInstrumentedAlready", mgr.countClassesInstrumentedAlready()); - //this.addGoalStats("instr.classesInstrumentedSuccess", mgr.countClassesInstrumentedSuccess()); - //this.addGoalStats("instr.classesInstrumentedFailure", mgr.countClassesInstrumentedFailure()); - - //TODO: Keep track of single constructs instrumented - //exe.addGoalStats("instr.noDepConstructs", mgr.countConstructsIdentified());*/ - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private Path libPath = null; + + private Path inclPath = null; + + private Path targetPath = null; + + private Set instrPaths = new HashSet(); + + /** + *

Constructor for InstrGoal.

+ */ + public InstrGoal() { + super(GoalType.INSTR); + } + + /** + *

Getter for the field libPath.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getLibPath() { + return this.libPath; + } + + /** + *

Setter for the field libPath.

+ * + * @param _p a {@link java.nio.file.Path} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void setLibPath(Path _p) throws IllegalArgumentException { + if (FileUtil.isAccessibleDirectory(_p) || FileUtil.isAccessibleFile(_p)) this.libPath = _p; + } + + /** + *

hasLibPath.

+ * + * @return a boolean. + */ + public boolean hasLibPath() { + return this.getLibPath() != null; + } + + /** + *

Getter for the field inclPath.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getInclPath() { + return this.inclPath; + } + + /** + *

Setter for the field inclPath.

+ * + * @param _p a {@link java.nio.file.Path} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void setInclPath(Path _p) throws IllegalArgumentException { + if (FileUtil.isAccessibleDirectory(_p) || FileUtil.isAccessibleFile(_p)) this.inclPath = _p; + } + + /** + *

hasInclPath.

+ * + * @return a boolean. + */ + public boolean hasInclPath() { + return this.getInclPath() != null; + } + + /** + *

Getter for the field targetPath.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getTargetPath() { + return this.targetPath; + } + + /** + *

Setter for the field targetPath.

+ * + * @param _p a {@link java.nio.file.Path} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void setTargetPath(Path _p) throws IllegalArgumentException { + this.targetPath = _p; + } + + /** + *

hasTargetPath.

+ * + * @return a boolean. + */ + public boolean hasTargetPath() { + return this.getTargetPath() != null; + } + + /** + *

Getter for the field instrPaths.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getInstrPaths() { + return this.instrPaths; + } + + /** + *

addInstrPath.

+ * + * @param _p a {@link java.nio.file.Path} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void addInstrPath(Path _p) throws IllegalArgumentException { + if (!FileUtil.isAccessibleDirectory(_p) && !FileUtil.isAccessibleFile(_p)) + log.warn("[" + _p + "] is not an accessible file or directory"); + else if (this.getInstrPaths().contains(_p)) + log.debug( + "[" + + _p + + "] is already part of intrumentation paths, and will not be added another time"); + else this.instrPaths.add(_p); + } + + /** + *

addInstrPaths.

+ * + * @param _paths a {@link java.util.Set} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public void addInstrPaths(Set _paths) throws IllegalArgumentException { + for (Path p : _paths) this.addInstrPath(p); + } + + /** + *

hasInstrPaths.

+ * + * @return a boolean. + */ + public boolean hasInstrPaths() { + return this.getInstrPaths() != null && !this.getInstrPaths().isEmpty(); + } + + /** + * {@inheritDoc} + * + * Checks whether one or more {@link Path}s with application constructs, and one or more {@link Path}s + * with dependencies are available. + */ + @Override + protected void prepareExecution() throws GoalConfigurationException { + + super.prepareExecution(); + + try { + // Lib path + this.setLibPath( + FileUtil.getPath( + this.getConfiguration() + .getConfiguration() + .getString(CoreConfiguration.INSTR_LIB_DIR, null))); + + // Warn if there's no lib path + if (!this.hasLibPath()) log.warn("No library path"); + + // Include path + this.setInclPath( + FileUtil.getPath( + this.getConfiguration() + .getConfiguration() + .getString(CoreConfiguration.INSTR_INCLUDE_DIR, null))); + + // Warn if there's no include path + if (!this.hasInclPath()) log.warn("No path with to-be-included JAR files"); + + // Where the instrumented archives will be written to + this.setTargetPath( + FileUtil.getPath( + this.getConfiguration() + .getConfiguration() + .getString(CoreConfiguration.INSTR_TARGET_DIR, null), + true)); + + // Warn if there's no target path + if (!this.hasTargetPath()) { + this.setTargetPath(FileUtil.createTmpDir("instr")); + log.warn("No target path specified, using [" + this.getTargetPath() + "]"); + } + + // Instrumentation paths? + this.addInstrPaths( + FileUtil.getPaths( + this.getConfiguration().getStringArray(CoreConfiguration.INSTR_SRC_DIR, null))); + + // Warn if there's no app path + if (!this.hasInstrPaths()) { + log.warn("No path(s) with instrumentation sources, take application paths instead"); + final Set paths = new HashSet(); + paths.addAll(this.getAppPaths()); + this.addInstrPaths(paths); + } + } + // Thrown by all methods related to updating/adding paths + catch (IllegalArgumentException e) { + throw new GoalConfigurationException(e.getMessage()); + } catch (IOException ioe) { + throw new GoalConfigurationException(ioe.getMessage()); + } + } + + /** {@inheritDoc} */ + @Override + protected void executeTasks() throws Exception { + final Application app = this.getApplicationContext(); + + // TODO: Check how to use packaging information from the Maven plugin + + final long timeout = + this.getConfiguration().getConfiguration().getLong(CoreConfiguration.JAR_TIMEOUT, -1); + final int no_threads = ThreadUtil.getNoThreads(this.getConfiguration(), 2); + + final ArchiveAnalysisManager mgr = new ArchiveAnalysisManager(no_threads, timeout, true, app); + mgr.setRename(true); + + // Set the lib, include and work directories (if any) + // if(this.inclPathsFileUtil.isAccessibleDirectory(includeDir) && + // this.app.getPackaging().toLowerCase().equals("war")) + if (this.hasInclPath()) mgr.setIncludeDir(this.inclPath); + + if (this.hasLibPath()) mgr.setLibDir(this.getLibPath()); + + mgr.setWorkDir(this.getTargetPath(), true); + + // Search source archives and go + final FileSearch vis = new FileSearch(AbstractGoal.JAR_WAR_EXT); + final int search_depth = + this.getConfiguration() + .getConfiguration() + .getBoolean(CoreConfiguration.INSTR_SEARCH_RECURSIVE, false) + ? Integer.MAX_VALUE + : 1; + mgr.startAnalysis(vis.search(getInstrPaths(), search_depth), null); + + // Add goal stats + // this.addGoalStats("instr.archivesAnalyzed", mgr.countArchivesAnalyzed()); + // this.addGoalStats("instr.archivesOriginalFileSizeTotal", mgr.getFileSize()); + // this.addGoalStats("instr.archivesInstrumentedFileSizeTotal", mgr.getInstrumentedFileSize()); + // The following probably makes no sense, since we always instrument one JAR or WAR in the + // context of this Maven goal + // this.addGoalStats("instr.archivesFileSizeMax", ...); + // this.addGoalStats("instr.archivesFileSizeAvg", ...); + + // Number of classes in the JAR or WAR. For WARs, also the libs in WB/INF/lib are considered. + // this.addGoalStats("instr.classesInstrumentedTotal", mgr.countClassesTotal()); + // this.addGoalStats("instr.classesInstrumentedAlready", mgr.countClassesInstrumentedAlready()); + // this.addGoalStats("instr.classesInstrumentedSuccess", mgr.countClassesInstrumentedSuccess()); + // this.addGoalStats("instr.classesInstrumentedFailure", mgr.countClassesInstrumentedFailure()); + + // TODO: Keep track of single constructs instrumented + // exe.addGoalStats("instr.noDepConstructs", mgr.countConstructsIdentified());*/ + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTConstructBodySignature.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTConstructBodySignature.java index 199deda29..f3700bb09 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTConstructBodySignature.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTConstructBodySignature.java @@ -45,230 +45,226 @@ */ public class ASTConstructBodySignature extends ASTSignature { - private static final long serialVersionUID = 2722815156114326441L; - - /** - *

Constructor for ASTConstructBodySignature.

- * - * @param _construct a {@link com.sap.psr.vulas.Construct} object. - */ - public ASTConstructBodySignature(Construct _construct){ - super(JavaEntityType.METHOD, _construct.getId().getSimpleName()); - sMethodBodyConverter = sInjector.getInstance(JavaMethodBodyConverter.class); - this._construct = _construct; - fCompilation = CompilationUtils.compileSource(getSourceCodeWithSnippets(_construct.getContent())); - } - - //A Copy constructor : - //To make a copy of the defective construct, the "Node" object is mutable as implemented in changedistiller - /** - *

Constructor for ASTConstructBodySignature.

- * - * @param copy a {@link com.sap.psr.vulas.java.sign.ASTConstructBodySignature} object. - */ - public ASTConstructBodySignature(ASTConstructBodySignature copy){ - this(copy._construct); - } - - - /** - *

Constructor for ASTConstructBodySignature.

- * - * @param fLabel a {@link ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType} object. - * @param fValue a {@link java.lang.String} object. - */ - public ASTConstructBodySignature(EntityType fLabel, String fValue) { - super(fLabel,fValue); - // TODO Auto-generated constructor stub - } - - /** - * Returns the generated {@link JavaCompilation} from the file identified by the given filename. - * - * @param _file a {@link java.lang.String} object. - */ - public void prepareCompilationFromFile(String _file) { - fCompilation = CompilationUtils.compileFile(_file); - } - - /** - *

prepareCompilationFromSource.

- * - * @param src a {@link java.lang.String} object. - */ - public void prepareCompilationFromSource(String src){ - fCompilation = CompilationUtils.compileSource(getSourceCodeWithSnippets(src)); - } - - - /** {@inheritDoc} */ - @Override - protected String getSourceCodeWithSnippets(String... snippets) { - StringBuilder src = new StringBuilder("public class Foo { "); - for (String statement : snippets) { - src.append(statement).append(' '); - } - src.append("} "); - return src.toString(); - } - - - /** - *

convertConstructBody.

- * - * @param methodName a {@link java.lang.String} object. - * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - */ - public Node convertConstructBody(String methodName) { - AbstractMethodDeclaration method = CompilationUtils.findMethod(fCompilation.getCompilationUnit(), methodName); - fRoot = new Node(JavaEntityType.METHOD, methodName); - fRoot.setEntity(new SourceCodeEntity(methodName, JavaEntityType.METHOD, new SourceRange( - method.declarationSourceStart, - method.declarationSourceEnd))); - - //List comments = CompilationUtils.extractComments(fCompilation); - - //Here initialize the visitor with parameters - //sMethodBodyConverter.initialize(fRoot, method, comments, fCompilation.getScanner()); - - //Removed the <> argument from the previous statement - sMethodBodyConverter.initialize(fRoot, method, null, fCompilation.getScanner()); - - //AbstractMethodDeclaration.traverse(ASTVisitor,ClassScope) - method.traverse(sMethodBodyConverter, (ClassScope) null); - return fRoot; - } - - - -/** - * @param n - The Root Node - * @return - JSON representation of the AST - * NB : An ast as an array of Nodes - * A Node {"name" : "Value of Node", "parent" : "value of parent Node", "children" : [{"name" : "value of node", "parent" : "value of parent Node"},......,{}]} - */ - - /*private String JSON(Node n, StringBuilder buffer){ - - if(n.isLeaf()){ - buffer.append("{"); - buildJsonElement(n,buffer); - buffer.append("}"); - } - - else{ - int y = n.getChildCount(); - int x = 0; - for(int i=0; i < n.getChildCount(); i++) - { - Node node = (Node)n.getChildAt(i); - buffer.append("{"); - buildJsonElement(node,buffer); - - - if(!node.isLeaf()){ - buffer.append(","); - buffer.append("\"C\" : [" ); //Children - JSON(node,buffer); - buffer.append("]"); //close off the children object - } - buffer.append("}"); - if(++x < y){ - buffer.append(","); - } - //else{buffer.append("]}");} - } - } - return buffer.toString(); - }*/ - - /** - * Helper method for building a JSON element of a Node in the AST - * - * @param json a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.sign.Signature} object. - */ - /*private void buildJsonElement(Node n ,StringBuilder buffer){ - buffer.append("\"Value\" : " ).append(JsonBuilder.escape(n.getValue().toString())).append(","); - buffer.append("\"SourceCodeEntity\" :{ " ) ; //open SourceCodeEntity json element - // The unique name has the same information as Node.Value - //buffer.append("\"UniqueName\" : " ).append(JsonBuilder.escape(n.getEntity().getUniqueName().toString())).append(","); ; - buffer.append("\"Modifiers\" : \"" ).append(n.getEntity().getModifiers()).append("\","); //DO I really need this, seems to be always zero for every Element - buffer.append("\"SourceRange\" : {" ); - buffer.append("\"Start\" : " ).append(n.getEntity().getSourceRange().getStart()).append(","); ; - buffer.append("\"End\" : " ).append(n.getEntity().getSourceRange().getEnd()); ; - buffer.append("}"); - buffer.append("},");//close off SourceCodeEntity json element - buffer.append("\"EntityType\" : " ).append(JsonBuilder.escape(n.getEntity().getType().toString())); //Entity Type - }*/ - public Signature toASTSignature(String json){ - return null; - } - - - /** {@inheritDoc} */ - @Override - public String toJson(){ - final Map, StdSerializer> custom_serializers = new HashMap, StdSerializer>(); - custom_serializers.put(ASTConstructBodySignature.class, new ASTConstructBodySignatureSerializer()); - return JacksonUtil.asJsonString(this, custom_serializers); - - /*StringBuilder buffer = new StringBuilder(); - buffer.append("{\"ast\":[ "); - if(fRoot.isRoot()){ - buffer.append("{"); - buildJsonElement(fRoot,buffer); - if(fRoot.isLeaf()) - buffer.append("}"); - else{ - buffer.append(",\"C\" : [" ); - JSON(fRoot,buffer); - buffer.append("]}"); - } - } - - buffer.append("]}"); //close off the ast array opened above - return buffer.toString();*/ - } - - - /** - * Returns an AST Representation suited for using the RTED, Robust Tree Edit Distance Algorithm - * (http://www.inf.unibz.it/dis/projects/tree-edit-distance/documentation.php) - * Format of Tree Structure : {root{node{node}}{node}...} - */ - private String treeRTED(Node n, StringBuffer buffer){ - - if(n!= null){ - - //Root Node - if(n.isRoot()){ - buffer.append("{" +n.getValue().toString().replaceAll("\\s+", "")); - } - - for (int i=0; i < n.getChildCount(); i++){ - Node node = (Node)n.getChildAt(i); - //Remove the spaces from the name of node labels - buffer.append("{" +node.getValue().toString().replaceAll("\\s+", "")); - if(!node.isLeaf()){ - treeRTED(node,buffer); - buffer.append("}"); - } - else - buffer.append("}}"); - } - - } - return buffer.toString(); - } - - - /** - *

toRTEDString.

- * - * @return a {@link java.lang.String} object. - */ - public String toRTEDString(){ - return treeRTED(fRoot, new StringBuffer()); - } + private static final long serialVersionUID = 2722815156114326441L; + + /** + *

Constructor for ASTConstructBodySignature.

+ * + * @param _construct a {@link com.sap.psr.vulas.Construct} object. + */ + public ASTConstructBodySignature(Construct _construct) { + super(JavaEntityType.METHOD, _construct.getId().getSimpleName()); + sMethodBodyConverter = sInjector.getInstance(JavaMethodBodyConverter.class); + this._construct = _construct; + fCompilation = + CompilationUtils.compileSource(getSourceCodeWithSnippets(_construct.getContent())); + } + + // A Copy constructor : + // To make a copy of the defective construct, the "Node" object is mutable as implemented in + // changedistiller + /** + *

Constructor for ASTConstructBodySignature.

+ * + * @param copy a {@link com.sap.psr.vulas.java.sign.ASTConstructBodySignature} object. + */ + public ASTConstructBodySignature(ASTConstructBodySignature copy) { + this(copy._construct); + } + + /** + *

Constructor for ASTConstructBodySignature.

+ * + * @param fLabel a {@link ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType} object. + * @param fValue a {@link java.lang.String} object. + */ + public ASTConstructBodySignature(EntityType fLabel, String fValue) { + super(fLabel, fValue); + // TODO Auto-generated constructor stub + } + + /** + * Returns the generated {@link JavaCompilation} from the file identified by the given filename. + * + * @param _file a {@link java.lang.String} object. + */ + public void prepareCompilationFromFile(String _file) { + fCompilation = CompilationUtils.compileFile(_file); + } + + /** + *

prepareCompilationFromSource.

+ * + * @param src a {@link java.lang.String} object. + */ + public void prepareCompilationFromSource(String src) { + fCompilation = CompilationUtils.compileSource(getSourceCodeWithSnippets(src)); + } + + /** {@inheritDoc} */ + @Override + protected String getSourceCodeWithSnippets(String... snippets) { + StringBuilder src = new StringBuilder("public class Foo { "); + for (String statement : snippets) { + src.append(statement).append(' '); + } + src.append("} "); + return src.toString(); + } + + /** + *

convertConstructBody.

+ * + * @param methodName a {@link java.lang.String} object. + * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + */ + public Node convertConstructBody(String methodName) { + AbstractMethodDeclaration method = + CompilationUtils.findMethod(fCompilation.getCompilationUnit(), methodName); + fRoot = new Node(JavaEntityType.METHOD, methodName); + fRoot.setEntity( + new SourceCodeEntity( + methodName, + JavaEntityType.METHOD, + new SourceRange(method.declarationSourceStart, method.declarationSourceEnd))); + + // List comments = CompilationUtils.extractComments(fCompilation); + + // Here initialize the visitor with parameters + // sMethodBodyConverter.initialize(fRoot, method, comments, fCompilation.getScanner()); + + // Removed the <> argument from the previous statement + sMethodBodyConverter.initialize(fRoot, method, null, fCompilation.getScanner()); + + // AbstractMethodDeclaration.traverse(ASTVisitor,ClassScope) + method.traverse(sMethodBodyConverter, (ClassScope) null); + return fRoot; + } + + /** + * @param n - The Root Node + * @return - JSON representation of the AST + * NB : An ast as an array of Nodes + * A Node {"name" : "Value of Node", "parent" : "value of parent Node", "children" : [{"name" : "value of node", "parent" : "value of parent Node"},......,{}]} + */ + + /*private String JSON(Node n, StringBuilder buffer){ + + if(n.isLeaf()){ + buffer.append("{"); + buildJsonElement(n,buffer); + buffer.append("}"); + } + + else{ + int y = n.getChildCount(); + int x = 0; + for(int i=0; i < n.getChildCount(); i++) + { + Node node = (Node)n.getChildAt(i); + buffer.append("{"); + buildJsonElement(node,buffer); + + + if(!node.isLeaf()){ + buffer.append(","); + buffer.append("\"C\" : [" ); //Children + JSON(node,buffer); + buffer.append("]"); //close off the children object + } + buffer.append("}"); + if(++x < y){ + buffer.append(","); + } + //else{buffer.append("]}");} + } + } + return buffer.toString(); + }*/ + + /** + * Helper method for building a JSON element of a Node in the AST + * + * @param json a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.sign.Signature} object. + */ + /*private void buildJsonElement(Node n ,StringBuilder buffer){ + buffer.append("\"Value\" : " ).append(JsonBuilder.escape(n.getValue().toString())).append(","); + buffer.append("\"SourceCodeEntity\" :{ " ) ; //open SourceCodeEntity json element + // The unique name has the same information as Node.Value + //buffer.append("\"UniqueName\" : " ).append(JsonBuilder.escape(n.getEntity().getUniqueName().toString())).append(","); ; + buffer.append("\"Modifiers\" : \"" ).append(n.getEntity().getModifiers()).append("\","); //DO I really need this, seems to be always zero for every Element + buffer.append("\"SourceRange\" : {" ); + buffer.append("\"Start\" : " ).append(n.getEntity().getSourceRange().getStart()).append(","); ; + buffer.append("\"End\" : " ).append(n.getEntity().getSourceRange().getEnd()); ; + buffer.append("}"); + buffer.append("},");//close off SourceCodeEntity json element + buffer.append("\"EntityType\" : " ).append(JsonBuilder.escape(n.getEntity().getType().toString())); //Entity Type + }*/ + public Signature toASTSignature(String json) { + return null; + } + + /** {@inheritDoc} */ + @Override + public String toJson() { + final Map, StdSerializer> custom_serializers = + new HashMap, StdSerializer>(); + custom_serializers.put( + ASTConstructBodySignature.class, new ASTConstructBodySignatureSerializer()); + return JacksonUtil.asJsonString(this, custom_serializers); + + /*StringBuilder buffer = new StringBuilder(); + buffer.append("{\"ast\":[ "); + if(fRoot.isRoot()){ + buffer.append("{"); + buildJsonElement(fRoot,buffer); + if(fRoot.isLeaf()) + buffer.append("}"); + else{ + buffer.append(",\"C\" : [" ); + JSON(fRoot,buffer); + buffer.append("]}"); + } + } + + buffer.append("]}"); //close off the ast array opened above + return buffer.toString();*/ + } + + /** + * Returns an AST Representation suited for using the RTED, Robust Tree Edit Distance Algorithm + * (http://www.inf.unibz.it/dis/projects/tree-edit-distance/documentation.php) + * Format of Tree Structure : {root{node{node}}{node}...} + */ + private String treeRTED(Node n, StringBuffer buffer) { + + if (n != null) { + + // Root Node + if (n.isRoot()) { + buffer.append("{" + n.getValue().toString().replaceAll("\\s+", "")); + } + + for (int i = 0; i < n.getChildCount(); i++) { + Node node = (Node) n.getChildAt(i); + // Remove the spaces from the name of node labels + buffer.append("{" + node.getValue().toString().replaceAll("\\s+", "")); + if (!node.isLeaf()) { + treeRTED(node, buffer); + buffer.append("}"); + } else buffer.append("}}"); + } + } + return buffer.toString(); + } + + /** + *

toRTEDString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toRTEDString() { + return treeRTED(fRoot, new StringBuffer()); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignature.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignature.java index 68ecf6dad..7c68db937 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignature.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignature.java @@ -39,98 +39,100 @@ */ public abstract class ASTSignature extends Node implements Signature { - /** - *

Constructor for ASTSignature.

- * - * @param label a {@link ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType} object. - * @param value a {@link java.lang.String} object. - */ - public ASTSignature(EntityType label, String value) { - super(label, value); - // TODO Auto-generated constructor stub - } + /** + *

Constructor for ASTSignature.

+ * + * @param label a {@link ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType} object. + * @param value a {@link java.lang.String} object. + */ + public ASTSignature(EntityType label, String value) { + super(label, value); + // TODO Auto-generated constructor stub + } - private static final long serialVersionUID = -3802437501302095999L; - /** Constant sDeclarationConverter */ - protected static JavaDeclarationConverter sDeclarationConverter; - /** Constant sMethodBodyConverter */ - protected static JavaMethodBodyConverter sMethodBodyConverter; //Visitor for generation of the AST of construct bodies - /** Constant sInjector */ - protected static final Injector sInjector = Guice.createInjector(new JavaChangeDistillerModule()); - protected JavaCompilation fCompilation; - protected Node fRoot; - protected Construct _construct; + private static final long serialVersionUID = -3802437501302095999L; + /** Constant sDeclarationConverter */ + protected static JavaDeclarationConverter sDeclarationConverter; + /** Constant sMethodBodyConverter */ + protected static JavaMethodBodyConverter + sMethodBodyConverter; // Visitor for generation of the AST of construct bodies + /** Constant sInjector */ + protected static final Injector sInjector = Guice.createInjector(new JavaChangeDistillerModule()); - /** - * Prints this Node and its children with value ['{' child [, child]* '}']. - * - * @return a {@link java.lang.String} object. - */ - protected String getTreeString() { - return fRoot.print(new StringBuilder()).toString(); - } + protected JavaCompilation fCompilation; + protected Node fRoot; + protected Construct _construct; - /** - *

getFirstLeaf.

- * - * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - */ - public Node getFirstLeaf() { - return ((Node) fRoot.getFirstLeaf()); - } + /** + * Prints this Node and its children with value ['{' child [, child]* '}']. + * + * @return a {@link java.lang.String} object. + */ + protected String getTreeString() { + return fRoot.print(new StringBuilder()).toString(); + } - /** - *

getFirstChild.

- * - * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - */ - public Node getFirstChild() { - return (Node) fRoot.getFirstChild(); - } + /** + *

getFirstLeaf.

+ * + * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + */ + public Node getFirstLeaf() { + return ((Node) fRoot.getFirstLeaf()); + } - /** - *

getLastChild.

- * - * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - */ - public Node getLastChild() { - return (Node) fRoot.getLastChild(); - } + /** + *

getFirstChild.

+ * + * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + */ + public Node getFirstChild() { + return (Node) fRoot.getFirstChild(); + } - /** - *

createRootNode.

- * - * @param label a {@link ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType} object. - * @param value a {@link java.lang.String} object. - */ - public void createRootNode(EntityType label, String value) { - fRoot = new Node(label, value); - fRoot.setEntity(new SourceCodeEntity(value, label, new SourceRange())); - } + /** + *

getLastChild.

+ * + * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + */ + public Node getLastChild() { + return (Node) fRoot.getLastChild(); + } - /** - *

getSourceCodeWithSnippets.

- * - * @param snippets a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - protected abstract String getSourceCodeWithSnippets(String... snippets); + /** + *

createRootNode.

+ * + * @param label a {@link ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType} object. + * @param value a {@link java.lang.String} object. + */ + public void createRootNode(EntityType label, String value) { + fRoot = new Node(label, value); + fRoot.setEntity(new SourceCodeEntity(value, label, new SourceRange())); + } - /** - *

getRoot.

- * - * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - */ - public Node getRoot(){ - return (Node) this.fRoot; - } + /** + *

getSourceCodeWithSnippets.

+ * + * @param snippets a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + protected abstract String getSourceCodeWithSnippets(String... snippets); - /** - *

setRoot.

- * - * @param n a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - */ - public void setRoot(Node n){ - fRoot = n; - } + /** + *

getRoot.

+ * + * @return a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + */ + public Node getRoot() { + return (Node) this.fRoot; + } + + /** + *

setRoot.

+ * + * @param n a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + */ + public void setRoot(Node n) { + fRoot = n; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureChange.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureChange.java index ab92331cb..14ba42133 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureChange.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureChange.java @@ -45,368 +45,387 @@ *

ASTSignatureChange class.

* */ -public class ASTSignatureChange extends DistillerUtil implements SignatureChange,Serializable { - - public static enum OperationType { Insert, Update, Move, Delete }; - - private Signature mDefSignature = null; - - private Signature mFixSignature = null; - - private Set listOfChanges = null; - - private String mMethodName; - - //TODO : (Something fishy here, needs an improvement - see the sourcecode of changedistiller) - //A StructureEntityVersion has all the SourceCodeChange's - private StructureEntityVersion structureEntity = null; - - /** - *

addChange.

- * - * @param scc a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. - */ - public void addChange(SourceCodeChange scc) { - this.listOfChanges.add(scc); - } - - /** - *

removeChange.

- * - * @param scc a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. - */ - public void removeChange(SourceCodeChange scc){ - this.listOfChanges.remove(scc); - } - - /** - *

toSourceCodeChanges.

- * - * @param _objects a {@link java.util.Set} object. - * @return a {@link java.util.Set} object. - */ - public static Set toSourceCodeChanges(Set _objects) { - final Set changes = new HashSet(); - for(Object o: _objects) { - changes.add((SourceCodeChange)o); - } - return changes; - } - - /** - * Used to create instance of ASTSignatureChange during deserialization of - * JSON object, when deserializing a ASTSignatureChange, we only have the list of - * SourceCodeChanges - * read from the DB. - * - * @param srcCodeChanges - List of SourceCodeChanges - */ - public ASTSignatureChange(Set srcCodeChanges){ - this(null,null); - this.setListOfChanges(srcCodeChanges); - List srcCodeChgs = new ArrayList(srcCodeChanges); - this.structureEntity.setSourceCodeChanges(srcCodeChgs); - } - - /** - *

Constructor for ASTSignatureChange.

- * - * @param strEntityVersion a {@link ch.uzh.ifi.seal.changedistiller.model.entities.StructureEntityVersion} object. - */ - public ASTSignatureChange(StructureEntityVersion strEntityVersion){ - //this(null,null); - this.setStructureEntity(strEntityVersion); - this.listOfChanges = new HashSet(this.getStructureEntity().getSourceCodeChanges()); - } - - /** - *

Getter for the field structureEntity.

- * - * @return a {@link ch.uzh.ifi.seal.changedistiller.model.entities.StructureEntityVersion} object. - */ - public StructureEntityVersion getStructureEntity() { - return structureEntity; - } - - - /** - *

Setter for the field structureEntity.

- * - * @param structureEntity a {@link ch.uzh.ifi.seal.changedistiller.model.entities.StructureEntityVersion} object. - */ - public void setStructureEntity(StructureEntityVersion structureEntity) { - this.structureEntity = structureEntity; - } - - - /** - *

Constructor for ASTSignatureChange.

- * - */ - public ASTSignatureChange(){ - super(); - } - - /** - *

Constructor for ASTSignatureChange.

- * - * @param defSignature a {@link com.sap.psr.vulas.sign.Signature} object. - * @param fixSignature a {@link com.sap.psr.vulas.sign.Signature} object. - */ - public ASTSignatureChange(Signature defSignature, Signature fixSignature){ - super(); - this.mDefSignature = defSignature; - this.mFixSignature = fixSignature; - //Name of the root of the AST for either the fixed or for the defective AST - mMethodName = ((ASTSignature)mFixSignature).getValue(); - } - - /** {@inheritDoc} */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((listOfChanges == null) ? 0 : listOfChanges.hashCode()); - return result; - } - - /** {@inheritDoc} */ - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - ASTSignatureChange other = (ASTSignatureChange) obj; - if (listOfChanges == null) { - if (other.listOfChanges != null) - return false; - } else { - final boolean is_equal = ASTSignatureChange.isSameElements((Collection)this.listOfChanges, (Collection)other.listOfChanges); - return is_equal; - } - return true; - } - - /** - *

isSameElements.

- * - * @param _a a {@link java.util.Collection} object. - * @param _b a {@link java.util.Collection} object. - * @return a boolean. - */ - public static boolean isSameElements(Collection _a, Collection _b) { - if(_a.size()!=_b.size()) - return false; - for(SourceCodeChange this_scc: _a) { - boolean scc_found = false; - for(SourceCodeChange other_scc: _b) { - if(this_scc.equals(other_scc)) { - scc_found = true; - break; - } - } - if(!scc_found) - return false; - } - return true; - } - - /** - *

Getter for the field mDefSignature.

- * - * @return a {@link com.sap.psr.vulas.sign.Signature} object. - */ - public Signature getmDefSignature() { - return mDefSignature; - } - - - /** - *

Setter for the field mDefSignature.

- * - * @param mDefSignature a {@link com.sap.psr.vulas.sign.Signature} object. - */ - public void setmDefSignature(Signature mDefSignature) { - this.mDefSignature = mDefSignature; - } - - - /** - *

Getter for the field mFixSignature.

- * - * @return a {@link com.sap.psr.vulas.sign.Signature} object. - */ - public Signature getmFixSignature() { - return mFixSignature; - } - - - /** - *

Setter for the field mFixSignature.

- * - * @param mFixSignature a {@link com.sap.psr.vulas.sign.Signature} object. - */ - public void setmFixSignature(Signature mFixSignature) { - this.mFixSignature = mFixSignature; - } - - /** - *

Getter for the field listOfChanges.

- * - * @return a {@link java.util.Set} object. - */ - public Set getListOfChanges() { - return listOfChanges; - } - - /** - *

Setter for the field listOfChanges.

- * - * @param listOfChanges a {@link java.util.Set} object. - */ - public void setListOfChanges(Set listOfChanges) { - this.listOfChanges = listOfChanges; - } - - /** - *

Getter for the field mMethodName.

- * - * @return a {@link java.lang.String} object. - */ - public String getmMethodName() { - return mMethodName; - } - - /** - *

Setter for the field mMethodName.

- * - * @param mMethodName a {@link java.lang.String} object. - */ - public void setmMethodName(String mMethodName) { - this.mMethodName = mMethodName; - } - - /** - *

operationTypetoJSON.

- * - * @param t a {@link com.sap.psr.vulas.java.sign.ASTSignatureChange.OperationType} object. - * @return a {@link java.lang.String} object. - */ - public String operationTypetoJSON(OperationType t){ - final StringBuilder b = new StringBuilder(); - b.append("\"operationType\" : \""); - switch(t) { - case Insert: b.append("INSERT\""); break; - case Update: b.append("UPDATE\""); break; - case Move: b.append("MOVE\""); break; - case Delete: b.append("DELETE\""); break; - default: b.append("???\""); break; - } - return b.toString(); - } - - - private String operationTypeToString(OperationType t){ - switch(t) { - case Insert: return "I"; - case Update: return "U"; - case Move: return "M"; - case Delete: return "D"; - default: return "?"; - } - } - - /** - * {@inheritDoc} - * - * Returns the set of edit operations required to change the defective AST int the fixed one. - * Attention: This method will change the defective signature passed as argument to the constructor. - */ - @Override - public Set getModifications() { - - if(this.listOfChanges==null) { - structureEntity = new StructureEntityVersion(JavaEntityType.METHOD, this.mMethodName, 0); - Distiller mDistiller = mInjector.getInstance(DistillerFactory.class).create(structureEntity); - - if(this.mDefSignature != null && this.mFixSignature != null) - { - Node defSignatureNode = ((ASTSignature)this.mDefSignature).getRoot(); - Node fixSignatureNode = ((ASTSignature)this.mFixSignature).getRoot(); - - //This call modifies the "Defective" Version, basically it converts it into the Fixed Version - // (I don't know why , nothing is mentioned in the API documentation) - // TODO : Read the the changedistiller paper for a better understanding (http://www.merlin.uzh.ch/publication/show/2531) - mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode); - Listchange = structureEntity.getSourceCodeChanges(); //Extract the set of sourceCodeChanges from the StructureEntityVersion - - //Debug - if(change != null) - this.listOfChanges = new HashSet(change); - - /* if(change != null) - { - for(SourceCodeChange ch : change){ - listOfChanges.add(ch); - } - }*/ - } - } - - //Good to know : http://stackoverflow.com/questions/905964/how-to-cast-generic-list-types-in-java?answertab=active#tab-top - final Set set = new HashSet(); - for (SourceCodeChange e : this.listOfChanges) { - set.add( e); // need to cast each object specifically - } - return set; - } - - /** {@inheritDoc} */ - @Override - public String toJSON() { - final Map, StdSerializer> custom_serializers = new HashMap, StdSerializer>(); - custom_serializers.put(ASTSignatureChange.class, new ASTSignatureChangeSerializer()); - return JacksonUtil.asJsonString(this, custom_serializers); - } - - /** - * Returns a formatted 'SourceCodeChange' elements - * - * @return a {@link java.lang.String} object. - */ - public String toString() { - int count = 0; - final StringBuffer buffer = new StringBuffer(); - - if(listOfChanges != null) { - buffer.append("Test - Everything SourceCodeChange Offers :\n"); - - for(SourceCodeChange change :listOfChanges) { - buffer.append("\n CHANGE" + ++count + "\n"); - buffer.append("\n ChangedEntity = " + change.getChangedEntity()); - buffer.append("\n ChangedEntity Source Range= " + change.getChangedEntity().getSourceRange()); - buffer.append("\n UniqueName = " + change.getChangedEntity().getUniqueName()); - buffer.append("\n Entity Label = " + change.getChangedEntity().getLabel()); - buffer.append("\n Entity Type = " + change.getChangedEntity().getType().toString()); - buffer.append("\n Change Type Label = " +change.getLabel()); - buffer.append("\n Parent = " + change.getParentEntity()); - buffer.append("\n Parent Source Range = " + change.getParentEntity().getSourceRange()); - buffer.append("\n Simple Name = " +change.getClass().getSimpleName()); - buffer.append("\n " +change.toString() +"\n"); - //buffer.append("\n SignificanceLevel(CRUCIAL, HIGH, MEDIMU, LOW) :" + change.getSignificanceLevel().toString()); - //buffer.append("\n ChangedEntity, StartPosition : " + change.getChangedEntity().getStartPosition()); - } - } - return buffer.toString(); - } - - /** {@inheritDoc} */ - @Override - public boolean isEmpty() { - return this.getListOfChanges().size()==0; - } +public class ASTSignatureChange extends DistillerUtil implements SignatureChange, Serializable { + + public static enum OperationType { + Insert, + Update, + Move, + Delete + }; + + private Signature mDefSignature = null; + + private Signature mFixSignature = null; + + private Set listOfChanges = null; + + private String mMethodName; + + // TODO : (Something fishy here, needs an improvement - see the sourcecode of changedistiller) + // A StructureEntityVersion has all the SourceCodeChange's + private StructureEntityVersion structureEntity = null; + + /** + *

addChange.

+ * + * @param scc a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. + */ + public void addChange(SourceCodeChange scc) { + this.listOfChanges.add(scc); + } + + /** + *

removeChange.

+ * + * @param scc a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. + */ + public void removeChange(SourceCodeChange scc) { + this.listOfChanges.remove(scc); + } + + /** + *

toSourceCodeChanges.

+ * + * @param _objects a {@link java.util.Set} object. + * @return a {@link java.util.Set} object. + */ + public static Set toSourceCodeChanges(Set _objects) { + final Set changes = new HashSet(); + for (Object o : _objects) { + changes.add((SourceCodeChange) o); + } + return changes; + } + + /** + * Used to create instance of ASTSignatureChange during deserialization of + * JSON object, when deserializing a ASTSignatureChange, we only have the list of + * SourceCodeChanges + * read from the DB. + * + * @param srcCodeChanges - List of SourceCodeChanges + */ + public ASTSignatureChange(Set srcCodeChanges) { + this(null, null); + this.setListOfChanges(srcCodeChanges); + List srcCodeChgs = new ArrayList(srcCodeChanges); + this.structureEntity.setSourceCodeChanges(srcCodeChgs); + } + + /** + *

Constructor for ASTSignatureChange.

+ * + * @param strEntityVersion a {@link ch.uzh.ifi.seal.changedistiller.model.entities.StructureEntityVersion} object. + */ + public ASTSignatureChange(StructureEntityVersion strEntityVersion) { + // this(null,null); + this.setStructureEntity(strEntityVersion); + this.listOfChanges = + new HashSet(this.getStructureEntity().getSourceCodeChanges()); + } + + /** + *

Getter for the field structureEntity.

+ * + * @return a {@link ch.uzh.ifi.seal.changedistiller.model.entities.StructureEntityVersion} object. + */ + public StructureEntityVersion getStructureEntity() { + return structureEntity; + } + + /** + *

Setter for the field structureEntity.

+ * + * @param structureEntity a {@link ch.uzh.ifi.seal.changedistiller.model.entities.StructureEntityVersion} object. + */ + public void setStructureEntity(StructureEntityVersion structureEntity) { + this.structureEntity = structureEntity; + } + + /** + *

Constructor for ASTSignatureChange.

+ * + */ + public ASTSignatureChange() { + super(); + } + + /** + *

Constructor for ASTSignatureChange.

+ * + * @param defSignature a {@link com.sap.psr.vulas.sign.Signature} object. + * @param fixSignature a {@link com.sap.psr.vulas.sign.Signature} object. + */ + public ASTSignatureChange(Signature defSignature, Signature fixSignature) { + super(); + this.mDefSignature = defSignature; + this.mFixSignature = fixSignature; + // Name of the root of the AST for either the fixed or for the defective AST + mMethodName = ((ASTSignature) mFixSignature).getValue(); + } + + /** {@inheritDoc} */ + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((listOfChanges == null) ? 0 : listOfChanges.hashCode()); + return result; + } + + /** {@inheritDoc} */ + @Override + public boolean equals(Object obj) { + if (this == obj) return true; + if (obj == null) return false; + if (getClass() != obj.getClass()) return false; + ASTSignatureChange other = (ASTSignatureChange) obj; + if (listOfChanges == null) { + if (other.listOfChanges != null) return false; + } else { + final boolean is_equal = + ASTSignatureChange.isSameElements( + (Collection) this.listOfChanges, + (Collection) other.listOfChanges); + return is_equal; + } + return true; + } + + /** + *

isSameElements.

+ * + * @param _a a {@link java.util.Collection} object. + * @param _b a {@link java.util.Collection} object. + * @return a boolean. + */ + public static boolean isSameElements( + Collection _a, Collection _b) { + if (_a.size() != _b.size()) return false; + for (SourceCodeChange this_scc : _a) { + boolean scc_found = false; + for (SourceCodeChange other_scc : _b) { + if (this_scc.equals(other_scc)) { + scc_found = true; + break; + } + } + if (!scc_found) return false; + } + return true; + } + + /** + *

Getter for the field mDefSignature.

+ * + * @return a {@link com.sap.psr.vulas.sign.Signature} object. + */ + public Signature getmDefSignature() { + return mDefSignature; + } + + /** + *

Setter for the field mDefSignature.

+ * + * @param mDefSignature a {@link com.sap.psr.vulas.sign.Signature} object. + */ + public void setmDefSignature(Signature mDefSignature) { + this.mDefSignature = mDefSignature; + } + + /** + *

Getter for the field mFixSignature.

+ * + * @return a {@link com.sap.psr.vulas.sign.Signature} object. + */ + public Signature getmFixSignature() { + return mFixSignature; + } + + /** + *

Setter for the field mFixSignature.

+ * + * @param mFixSignature a {@link com.sap.psr.vulas.sign.Signature} object. + */ + public void setmFixSignature(Signature mFixSignature) { + this.mFixSignature = mFixSignature; + } + + /** + *

Getter for the field listOfChanges.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getListOfChanges() { + return listOfChanges; + } + + /** + *

Setter for the field listOfChanges.

+ * + * @param listOfChanges a {@link java.util.Set} object. + */ + public void setListOfChanges(Set listOfChanges) { + this.listOfChanges = listOfChanges; + } + + /** + *

Getter for the field mMethodName.

+ * + * @return a {@link java.lang.String} object. + */ + public String getmMethodName() { + return mMethodName; + } + + /** + *

Setter for the field mMethodName.

+ * + * @param mMethodName a {@link java.lang.String} object. + */ + public void setmMethodName(String mMethodName) { + this.mMethodName = mMethodName; + } + + /** + *

operationTypetoJSON.

+ * + * @param t a {@link com.sap.psr.vulas.java.sign.ASTSignatureChange.OperationType} object. + * @return a {@link java.lang.String} object. + */ + public String operationTypetoJSON(OperationType t) { + final StringBuilder b = new StringBuilder(); + b.append("\"operationType\" : \""); + switch (t) { + case Insert: + b.append("INSERT\""); + break; + case Update: + b.append("UPDATE\""); + break; + case Move: + b.append("MOVE\""); + break; + case Delete: + b.append("DELETE\""); + break; + default: + b.append("???\""); + break; + } + return b.toString(); + } + + private String operationTypeToString(OperationType t) { + switch (t) { + case Insert: + return "I"; + case Update: + return "U"; + case Move: + return "M"; + case Delete: + return "D"; + default: + return "?"; + } + } + + /** + * {@inheritDoc} + * + * Returns the set of edit operations required to change the defective AST int the fixed one. + * Attention: This method will change the defective signature passed as argument to the constructor. + */ + @Override + public Set getModifications() { + + if (this.listOfChanges == null) { + structureEntity = new StructureEntityVersion(JavaEntityType.METHOD, this.mMethodName, 0); + Distiller mDistiller = mInjector.getInstance(DistillerFactory.class).create(structureEntity); + + if (this.mDefSignature != null && this.mFixSignature != null) { + Node defSignatureNode = ((ASTSignature) this.mDefSignature).getRoot(); + Node fixSignatureNode = ((ASTSignature) this.mFixSignature).getRoot(); + + // This call modifies the "Defective" Version, basically it converts it into the Fixed + // Version + // (I don't know why , nothing is mentioned in the API documentation) + // TODO : Read the the changedistiller paper for a better understanding + // (http://www.merlin.uzh.ch/publication/show/2531) + mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode); + List change = + structureEntity.getSourceCodeChanges(); // Extract the set of sourceCodeChanges from the + // StructureEntityVersion + + // Debug + if (change != null) this.listOfChanges = new HashSet(change); + + /* if(change != null) + { + for(SourceCodeChange ch : change){ + listOfChanges.add(ch); + } + }*/ + } + } + + // Good to know : + // http://stackoverflow.com/questions/905964/how-to-cast-generic-list-types-in-java?answertab=active#tab-top + final Set set = new HashSet(); + for (SourceCodeChange e : this.listOfChanges) { + set.add(e); // need to cast each object specifically + } + return set; + } + + /** {@inheritDoc} */ + @Override + public String toJSON() { + final Map, StdSerializer> custom_serializers = + new HashMap, StdSerializer>(); + custom_serializers.put(ASTSignatureChange.class, new ASTSignatureChangeSerializer()); + return JacksonUtil.asJsonString(this, custom_serializers); + } + + /** + * Returns a formatted 'SourceCodeChange' elements + * + * @return a {@link java.lang.String} object. + */ + public String toString() { + int count = 0; + final StringBuffer buffer = new StringBuffer(); + + if (listOfChanges != null) { + buffer.append("Test - Everything SourceCodeChange Offers :\n"); + + for (SourceCodeChange change : listOfChanges) { + buffer.append("\n CHANGE" + ++count + "\n"); + buffer.append("\n ChangedEntity = " + change.getChangedEntity()); + buffer.append( + "\n ChangedEntity Source Range= " + change.getChangedEntity().getSourceRange()); + buffer.append("\n UniqueName = " + change.getChangedEntity().getUniqueName()); + buffer.append("\n Entity Label = " + change.getChangedEntity().getLabel()); + buffer.append("\n Entity Type = " + change.getChangedEntity().getType().toString()); + buffer.append("\n Change Type Label = " + change.getLabel()); + buffer.append("\n Parent = " + change.getParentEntity()); + buffer.append("\n Parent Source Range = " + change.getParentEntity().getSourceRange()); + buffer.append("\n Simple Name = " + change.getClass().getSimpleName()); + buffer.append("\n " + change.toString() + "\n"); + // buffer.append("\n SignificanceLevel(CRUCIAL, HIGH, MEDIMU, LOW) :" + + // change.getSignificanceLevel().toString()); + // buffer.append("\n ChangedEntity, StartPosition : " + + // change.getChangedEntity().getStartPosition()); + } + } + return buffer.toString(); + } + + /** {@inheritDoc} */ + @Override + public boolean isEmpty() { + return this.getListOfChanges().size() == 0; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureComparator.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureComparator.java index 7c27f41e5..0547ecda7 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureComparator.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTSignatureComparator.java @@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.sign.Signature; import com.sap.psr.vulas.sign.SignatureChange; import com.sap.psr.vulas.sign.SignatureComparator; @@ -55,638 +54,633 @@ */ public class ASTSignatureComparator implements SignatureComparator { + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + // If a construct under test contains 50% of the fixes, it is said to contain the Security Fixes + // TODO : (A more robust scheme than a simple percentage might be better) + private static final double NUM_OF_FIXES_THRESHOLD = 100.0; + + private int totalNumFixes; + private int matchedNumFixes; + + // String Similarity Schemes for comparing Node Values + private LevenshteinSimilarityCalculator fLevenshtein = new LevenshteinSimilarityCalculator(); + private TokenBasedCalculator fTokenBased = new TokenBasedCalculator(); + private NGramsCalculator fNgrams = new NGramsCalculator(2); // Using bi-grams, n = 2 + + // Different (Dynamic) string similarity threshold for the different size of SourceCode Changes + private static final double STRING_SIMILARITY_THRESHOLD_LESS_THAN_TWO_CHANGES = 0.7; + private static final double STRING_SIMILARITY_THRESHOLD_BETWEEN_TWO_AND_FIVE_CHANGES = 0.6; + private static final double STRING_SIMILARITY_THRESHOLD_MORE_THAN__FIVE_CHANGES = 0.5; + + private Map matchingNodes = new HashMap(); + private Node bestMatchNode = null; + private Signature mSignVuln = null; + private Signature mSignFixed = null; + private SignatureChange mSignChange = null; + private double mStringSimilarity; + + /** + *

Constructor for ASTSignatureComparator.

+ */ + public ASTSignatureComparator() {} + + /** + *

Constructor for ASTSignatureComparator.

+ * + * @param stringSimilarity a double. + */ + public ASTSignatureComparator(double stringSimilarity) { + this.mStringSimilarity = stringSimilarity; + } + + /** + *

Constructor for ASTSignatureComparator.

+ * + * @param _sign a {@link com.sap.psr.vulas.sign.Signature} object. + * @param _signChg a {@link com.sap.psr.vulas.sign.SignatureChange} object. + */ + public ASTSignatureComparator(Signature _sign, SignatureChange _signChg) { + this.mSignFixed = _sign; + this.mSignChange = _signChg; + } + + /** + *

Constructor for ASTSignatureComparator.

+ * + * @param _vuln a {@link com.sap.psr.vulas.sign.Signature} object. + * @param _fixed a {@link com.sap.psr.vulas.sign.Signature} object. + * @param _signChg a {@link com.sap.psr.vulas.sign.SignatureChange} object. + */ + public ASTSignatureComparator(Signature _vuln, Signature _fixed, SignatureChange _signChg) { + this.mSignVuln = _vuln; + this.mSignFixed = _fixed; + this.mSignChange = _signChg; + } + + /* + * @see com.sap.psr.vulas.sign.SignatureComparator#computeSimilarity(com.sap.psr.vulas.sign.Signature, com.sap.psr.vulas.sign.Signature) + */ + /** {@inheritDoc} */ + @Override + public float computeSimilarity(Signature _a, Signature _b) { + Node _vulnerableConstruct = ((ASTSignature) _a).getRoot(); + Node _fixedConstruct = ((ASTSignature) _b).getRoot(); + float similarity = computeSimilarity(_vulnerableConstruct, _fixedConstruct); + return similarity; + } + + /** + * Compute the similarity of two ASTs + * @param _vulnerable + * @param _fixed + * @return similarity value + */ + private float computeSimilarity(Node _vulnerable, Node _fixed) { + float similarity = 0; + // Baxter Scheme of AST similarity + return similarity; + } + + /* + * @see com.sap.psr.vulas.sign.SignatureComparator#computeChange(com.sap.psr.vulas.sign.Signature, com.sap.psr.vulas.sign.Signature) + * _a is the defective construct ( this is used for the patch analyzer) + * _b is the fixed construct + */ + /** {@inheritDoc} */ + @Override + public SignatureChange computeChange(Signature _a, Signature _b) { + SignatureChange astChange = new ASTSignatureChange(_a, _b); + astChange.getModifications(); + return astChange; + } + + /** + *

getTotalNumChanges.

+ * + * @return a int. + */ + public int getTotalNumChanges() { + return this.totalNumFixes; + } + + /** + *

getMatchedNumChanges.

+ * + * @return a int. + */ + public int getMatchedNumChanges() { + return this.matchedNumFixes; + } + + /** + * {@inheritDoc} + * + * Returns true of the given signature contains the given change, false otherwise. + */ + @Override + public boolean containsChange(Signature _s, SignatureChange _change) { + // Do a couple of casts before calling the worker method + final Node root_of_signature_under_test = ((ASTSignature) _s).getRoot(); + final ASTSignatureChange sign_change = (ASTSignatureChange) _change; + final Set list_of_modifications = sign_change.getListOfChanges(); + + // Return the result of the worker method + return containsChange(root_of_signature_under_test, list_of_modifications); + } + + /** + *

getStringSimilarityThreshold.

+ * + * @return a double. + */ + public double getStringSimilarityThreshold() { + return this.mStringSimilarity; + } + + /** + *

setStringSimilarityThreshold.

+ * + * @param _threshold a double. + */ + public void setStringSimilarityThreshold(double _threshold) { + this.mStringSimilarity = _threshold; + } + + /** + * Depending on the number of source code changes, the method sets a suitable threshold for string similarity. + * @param sizeOfSourceCodeChange + * @return Similarity Threshold + * + */ + private void assignSimlarityScheme(int _change_count) { + if (_change_count <= 2) + this.setStringSimilarityThreshold(STRING_SIMILARITY_THRESHOLD_LESS_THAN_TWO_CHANGES); + else if (_change_count <= 5) + this.setStringSimilarityThreshold(STRING_SIMILARITY_THRESHOLD_BETWEEN_TWO_AND_FIVE_CHANGES); + else this.setStringSimilarityThreshold(STRING_SIMILARITY_THRESHOLD_MORE_THAN__FIVE_CHANGES); + } + + /** + * Returns the class name of the given SourceCodeChange (Delete, Insert, Move or Update). + * @param _change + * @return + */ + private String getSimpleChangeName(SourceCodeChange _change) { + return _change.getClass().getSimpleName(); + } + + /** + * Returns true if the tree given by _root contains the entity changed by _change. + * @param _root + * @param _change + * @return + */ + private Node getBestMatch(Node _root, SourceCodeChange _change) { + Node best_match = null; + + final Set fMatch = new HashSet(); + final TreeMatcher dnm = MatchingFactory.getMatcher(fMatch); + + final EntityType change_type = _change.getChangedEntity().getType(); + final String change_value = _change.getChangedEntity().getUniqueName(); + final Node changed_node = new Node(change_type, change_value); + + dnm.match(_root, changed_node); + + // ASTSignatureComparator.log.info(""); + for (NodePair pair : fMatch) { + if (pair.getRight().equals(changed_node)) { + best_match = pair.getLeft(); + } + } + + return best_match; + } + + /** + * + * @param _root_node + * @param _changes + * @return + */ + private boolean containsChange(Node _root_node, Set _changes) { + + totalNumFixes = _changes.size(); + matchedNumFixes = 0; + this.assignSimlarityScheme(totalNumFixes); + boolean contains_change = false; + + // Maintains the containment status per change + final Map change_containment = + new HashMap(); + + int i = 1; + + // Loop over all changes and check each of them + if (_changes != null && _changes.size() > 0) { + + EntityType change_type = null; + String change_value = null; + + Node changed_node = null; // The node to search for + Node matched_node = null; // The node matching best (if any) + + for (SourceCodeChange change : _changes) { + + // Build the node that results from the change (same type and value) + change_type = change.getChangedEntity().getType(); + change_value = change.getChangedEntity().getUniqueName(); + changed_node = new Node(change_type, change_value); + + // Case 1: INSERT + // - The New Inserted Entity : change.getChangedEntity() + // - Parent Entity : change.getParentEntity() + if (change instanceof Insert) { + + // Set the parent of the changed node + EntityType changedParentEntityType = ((Insert) change).getParentEntity().getType(); + String changedParentValue = ((Insert) change).getParentEntity().getUniqueName(); + Node parentNode = new Node(changedParentEntityType, changedParentValue); + changed_node.setParent(parentNode); + + // Look if the changed entity if found in the AST under test + // matched_node = searchForBestMatchingNode(changed_node, _root_node); + matched_node = getBestMatch(_root_node, change); + contains_change = matched_node != null; - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - //If a construct under test contains 50% of the fixes, it is said to contain the Security Fixes - // TODO : (A more robust scheme than a simple percentage might be better) - private static final double NUM_OF_FIXES_THRESHOLD = 100.0; - - private int totalNumFixes; - private int matchedNumFixes; - - //String Similarity Schemes for comparing Node Values - private LevenshteinSimilarityCalculator fLevenshtein = new LevenshteinSimilarityCalculator(); - private TokenBasedCalculator fTokenBased = new TokenBasedCalculator(); - private NGramsCalculator fNgrams = new NGramsCalculator(2); //Using bi-grams, n = 2 - - //Different (Dynamic) string similarity threshold for the different size of SourceCode Changes - private static final double STRING_SIMILARITY_THRESHOLD_LESS_THAN_TWO_CHANGES = 0.7; - private static final double STRING_SIMILARITY_THRESHOLD_BETWEEN_TWO_AND_FIVE_CHANGES = 0.6; - private static final double STRING_SIMILARITY_THRESHOLD_MORE_THAN__FIVE_CHANGES = 0.5; - - private Map matchingNodes = new HashMap(); - private Node bestMatchNode = null; - private Signature mSignVuln = null; - private Signature mSignFixed = null; - private SignatureChange mSignChange = null; - private double mStringSimilarity; - - /** - *

Constructor for ASTSignatureComparator.

- */ - public ASTSignatureComparator() {} - - /** - *

Constructor for ASTSignatureComparator.

- * - * @param stringSimilarity a double. - */ - public ASTSignatureComparator(double stringSimilarity){ - this.mStringSimilarity = stringSimilarity; - } - - /** - *

Constructor for ASTSignatureComparator.

- * - * @param _sign a {@link com.sap.psr.vulas.sign.Signature} object. - * @param _signChg a {@link com.sap.psr.vulas.sign.SignatureChange} object. - */ - public ASTSignatureComparator(Signature _sign, SignatureChange _signChg){ - this.mSignFixed = _sign; - this.mSignChange = _signChg; - } - - /** - *

Constructor for ASTSignatureComparator.

- * - * @param _vuln a {@link com.sap.psr.vulas.sign.Signature} object. - * @param _fixed a {@link com.sap.psr.vulas.sign.Signature} object. - * @param _signChg a {@link com.sap.psr.vulas.sign.SignatureChange} object. - */ - public ASTSignatureComparator(Signature _vuln, Signature _fixed, SignatureChange _signChg){ - this.mSignVuln = _vuln; - this.mSignFixed = _fixed; - this.mSignChange = _signChg; - } - - - /* - * @see com.sap.psr.vulas.sign.SignatureComparator#computeSimilarity(com.sap.psr.vulas.sign.Signature, com.sap.psr.vulas.sign.Signature) - */ - /** {@inheritDoc} */ - @Override - public float computeSimilarity(Signature _a, Signature _b) { - Node _vulnerableConstruct = ((ASTSignature)_a).getRoot(); - Node _fixedConstruct = ((ASTSignature)_b).getRoot(); - float similarity = computeSimilarity(_vulnerableConstruct, _fixedConstruct); - return similarity; - } - - /** - * Compute the similarity of two ASTs - * @param _vulnerable - * @param _fixed - * @return similarity value - */ - private float computeSimilarity(Node _vulnerable, Node _fixed){ - float similarity = 0; - //Baxter Scheme of AST similarity - return similarity; - } - - - /* - * @see com.sap.psr.vulas.sign.SignatureComparator#computeChange(com.sap.psr.vulas.sign.Signature, com.sap.psr.vulas.sign.Signature) - * _a is the defective construct ( this is used for the patch analyzer) - * _b is the fixed construct - */ - /** {@inheritDoc} */ - @Override - public SignatureChange computeChange(Signature _a, Signature _b) { - SignatureChange astChange = new ASTSignatureChange(_a, _b); - astChange.getModifications(); - return astChange; - } - - - /** - *

getTotalNumChanges.

- * - * @return a int. - */ - public int getTotalNumChanges(){ - return this.totalNumFixes; - } - - /** - *

getMatchedNumChanges.

- * - * @return a int. - */ - public int getMatchedNumChanges(){ - return this.matchedNumFixes; - } - - /** - * {@inheritDoc} - * - * Returns true of the given signature contains the given change, false otherwise. - */ - @Override - public boolean containsChange(Signature _s, SignatureChange _change) { - // Do a couple of casts before calling the worker method - final Node root_of_signature_under_test = ((ASTSignature)_s).getRoot(); - final ASTSignatureChange sign_change = (ASTSignatureChange)_change; - final Set list_of_modifications = sign_change.getListOfChanges(); - - // Return the result of the worker method - return containsChange(root_of_signature_under_test, list_of_modifications); - } - - /** - *

getStringSimilarityThreshold.

- * - * @return a double. - */ - public double getStringSimilarityThreshold() { - return this.mStringSimilarity; - } - - /** - *

setStringSimilarityThreshold.

- * - * @param _threshold a double. - */ - public void setStringSimilarityThreshold(double _threshold) { - this.mStringSimilarity = _threshold; - } - - /** - * Depending on the number of source code changes, the method sets a suitable threshold for string similarity. - * @param sizeOfSourceCodeChange - * @return Similarity Threshold - * - */ - private void assignSimlarityScheme(int _change_count){ - if(_change_count <= 2) - this.setStringSimilarityThreshold(STRING_SIMILARITY_THRESHOLD_LESS_THAN_TWO_CHANGES); - else if(_change_count <= 5) - this.setStringSimilarityThreshold(STRING_SIMILARITY_THRESHOLD_BETWEEN_TWO_AND_FIVE_CHANGES); - else - this.setStringSimilarityThreshold(STRING_SIMILARITY_THRESHOLD_MORE_THAN__FIVE_CHANGES); - } - - /** - * Returns the class name of the given SourceCodeChange (Delete, Insert, Move or Update). - * @param _change - * @return - */ - private String getSimpleChangeName(SourceCodeChange _change) { return _change.getClass().getSimpleName(); } - - /** - * Returns true if the tree given by _root contains the entity changed by _change. - * @param _root - * @param _change - * @return - */ - private Node getBestMatch(Node _root, SourceCodeChange _change) { - Node best_match = null; - - final Set fMatch = new HashSet(); - final TreeMatcher dnm = MatchingFactory.getMatcher(fMatch); - - final EntityType change_type = _change.getChangedEntity().getType(); - final String change_value = _change.getChangedEntity().getUniqueName(); - final Node changed_node = new Node(change_type, change_value); - - dnm.match(_root, changed_node); - - //ASTSignatureComparator.log.info(""); - for(NodePair pair: fMatch) { - if(pair.getRight().equals(changed_node)) { - best_match = pair.getLeft(); - } } - - return best_match; - } - - /** - * - * @param _root_node - * @param _changes - * @return - */ - private boolean containsChange(Node _root_node, Set _changes) { - - totalNumFixes= _changes.size(); - matchedNumFixes = 0; - this.assignSimlarityScheme(totalNumFixes); - boolean contains_change = false; - - // Maintains the containment status per change - final Map change_containment = new HashMap(); - - int i = 1; - - // Loop over all changes and check each of them - if(_changes!= null && _changes.size() > 0) { - - EntityType change_type = null; - String change_value = null; - - Node changed_node = null; // The node to search for - Node matched_node = null; // The node matching best (if any) - - for(SourceCodeChange change : _changes) { - - // Build the node that results from the change (same type and value) - change_type = change.getChangedEntity().getType(); - change_value = change.getChangedEntity().getUniqueName(); - changed_node = new Node(change_type, change_value); - - // Case 1: INSERT - // - The New Inserted Entity : change.getChangedEntity() - // - Parent Entity : change.getParentEntity() - if(change instanceof Insert) { - - //Set the parent of the changed node - EntityType changedParentEntityType = ((Insert)change).getParentEntity().getType(); - String changedParentValue = ((Insert)change).getParentEntity().getUniqueName(); - Node parentNode = new Node(changedParentEntityType, changedParentValue); - changed_node.setParent(parentNode); - - // Look if the changed entity if found in the AST under test - //matched_node = searchForBestMatchingNode(changed_node, _root_node); - matched_node = getBestMatch(_root_node, change); - contains_change = matched_node!=null; - - - } - // Case 2: DELETE - // 1. The Deleted Entity : change.getChangedEntity() - // 2. Parent Entity : change.getParentEntity() - else if(change instanceof Delete) { - - //Set the parent of the changed node - EntityType changedParentEntityType = ((Delete)change).getParentEntity().getType(); - String changedParentValue = ((Delete)change).getParentEntity().getUniqueName(); - Node parentNode = new Node(changedParentEntityType, changedParentValue); - changed_node.setParent(parentNode); - - // Look if the changed entity if found in the AST under test - //matched_node = searchForBestMatchingNode(changed_node, _root_node); - matched_node = getBestMatch(_root_node, change); - contains_change = matched_node==null; - } - /** - * A Update Change Type has - * 1. The New Entity : ((Update) change).getNewEntity() - * 2. The (old) Updated Entity : ((Update) change).getChangedEntity() - * 3. Parent Entity : change.getParentEntity() - */ - else if(change.getClass().getSimpleName().equals("Update")) { - - SourceCodeEntity srcCodeEntity = ((Update)change).getNewEntity(); - Node updateChangedNode = new Node(srcCodeEntity.getType(),srcCodeEntity.getUniqueName()); - - EntityType changedParentEntityType = ((Update)change).getParentEntity().getType(); - String changedParentValue = ((Update)change).getParentEntity().getUniqueName(); - Node parentNode = new Node(changedParentEntityType, changedParentValue); - updateChangedNode.setParent(parentNode); - - //Look if the changed entity if found in the AST under test - matched_node = searchForBestMatchingNode(updateChangedNode, _root_node); - - contains_change = matched_node!=null; - } - /** - * A Move change type has - * 1. The Old Parent Entity : change.getParentEntity() - * 2. The Moved Entity Entity : change.getChangedEntity() - * 3. New Parent Entity : ((Move) change).getNewParentEntity() - * 4. New Entity : ((Move) change).getNewEntity() - */ - //Check first if the fix is present, then look for the appropriate place - else if(change.getClass().getSimpleName().equals("Move")) { - - SourceCodeEntity srcCodeEntity = ((Move)change).getNewEntity(); - Node moveChangedNode = new Node(srcCodeEntity.getType(),srcCodeEntity.getUniqueName()); - - EntityType changedNewParentEntityType = ((Move)change).getNewParentEntity().getType(); - String changedNewParentValue = ((Move)change).getNewParentEntity().getUniqueName(); - Node parentNode = new Node(changedNewParentEntityType, changedNewParentValue); - moveChangedNode.setParent(parentNode); - - //Look if the changed entity if found in the AST under test - matched_node = searchForBestMatchingNode(moveChangedNode, _root_node); - - contains_change = matched_node!=null; - } - - // Maintain the status for the current change - ASTSignatureComparator.log.info(" " + i++ + " Change type [" + change.getClass().getSimpleName() + "], changed node [" + change_type + ", \"" + change_value + "\"], change contained: [" + contains_change + "]"); - if(matched_node!=null) - ASTSignatureComparator.log.info(" Matching node: [" + matched_node.getEntity().getType() + ", \"" + matched_node.getValue() + "\"]"); - change_containment.put(change, contains_change); - } - } - - // Make the Decision at the end reading through all the content of the map - boolean unMatchedFlag = false; - for (SourceCodeChange change : change_containment.keySet()) { - Boolean status = change_containment.get(change); - if(!status) { - unMatchedFlag = true; - } - else { - matchedNumFixes++; - } - } - - //If there is one security-fix change which is not contained, the "unMatchedFlag" will be set - if(unMatchedFlag) - return false; - else - return true; - } - - private boolean hasSameParent(Node _n1, Node _n2){ - boolean same_parent = false; - - Node p1 = (Node)_n1.getParent(); - String p1_type = p1.getLabel().name(); - String p1_value = p1.getValue(); - - Node p2 = (Node)_n2.getParent(); - String p2_type = p2.getLabel().name(); - String p2_value = p2.getValue(); - - if(p1_type.equals(p2_type)) { - double similarityScheme = fLevenshtein.calculateSimilarity(p1_value, p2_value); - same_parent = (similarityScheme > getStringSimilarityThreshold()); - } - return same_parent; - } - - /** - * Search for the best matching node; having the same label and with a similarity measure of the changedNode's string value above the given THRESHOLD - * - * @param changedNode - The changed node to be searched for - * @param astRoot - The signature of the construct under analysis - * @return The best matched node/ The first matched node - */ - private Node searchForBestMatchingNode(Node changedNode, Node astRoot){ - - // Nodes in the AST under test - EntityType astRootNodeLabel = astRoot.getLabel(); - String astRootNodeValue = astRoot.getValue(); - - // Both Nodes have the same "Label", for instance both are IF_STATEMENTs - if(astRootNodeLabel.equals(changedNode.getLabel())) { - - // Both have an empty Value, for instance ==== > return; (Label : RETURN_STATEMENT, Value : "") - if(astRootNodeValue.isEmpty() && changedNode.getValue().isEmpty()) { - - //Check if they have the same parent, otherwise resume searching - if(this.hasSameParent(changedNode,astRoot)) { - return astRoot; - } - } - else { - //Check the similarity of the string values - //double similarityScheme = fLevenshtein.calculateSimilarity(astRootNodeValue, changedNode.getValue()); - //double similarityScheme = fTokenBased.calculateSimilarity(astRootNodeValue, changedNode.getValue()); - - //N-Grams : - //STRING_1 : (value: String tok = st.nextToken().trim();)(label: VARIABLE_DECLARATION_STATEMENT), - //STRING_2 : (value: final String tok = st.nextToken();)(label: VARIABLE_DECLARATION_STATEMENT), - // N-Grams Similarity Value : 0.6285714285714286 - double similarityScheme = fNgrams.calculateSimilarity(astRootNodeValue, changedNode.getValue()); - - //if(similarityScheme > STRING_SIMILARITY_THRESHOLD) - if(similarityScheme > this.getStringSimilarityThreshold()) { - /*matchingNodes.put(astRoot, similarityScheme); //or we use the "Best Match" Algorithm - Node currentBestMatchedNode = astRoot; - Node previousBestMatchedNode = astRoot; - - if (matchingNodes.get(currentBestMatchedNode) > matchingNodes.get(previousBestMatchedNode)) - { - bestMatchNode = currentBestMatchedNode; //Found a New best Match - } - */ - - //Check if they have the same parent, otherwise resume searching - if(this.hasSameParent(changedNode,astRoot)) { - return astRoot; - } - } - } - } - - Node [] children = new Node[astRoot.getChildCount()]; - for (int i =0; i < astRoot.getChildCount(); i++){ - children[i] = (Node)astRoot.getChildAt(i); - } - - Node firstMatchedNode = null; - //Breadth First Search - for (int i= 0 ; (firstMatchedNode == null )&& (i < children.length);i++) - { - //Node node = (Node)astRoot.getChildAt(i); - firstMatchedNode = searchForBestMatchingNode(changedNode, children[i]); - } - - //return tmpNode; - //return bestMatchNode; - return firstMatchedNode; //Returning the first Match that we have found, might be a good approach - } - - /** - * Search the SourceCode Entity Using it name - * @param _uniqueName - * @param n - * @return - */ - private SourceCodeEntity searchSourceCodeEntityByUniqueName(String _entityUniqueName, Node astRoot){ - - //The SourceCodeEntity to be returned - SourceCodeEntity srcCodeEntity = null; - - String nodeValue = astRoot.getValue().toString(); - if(nodeValue.equals( _entityUniqueName)){ - //Return SourceCodeEntity - return astRoot.getEntity(); - } - - //Breadth First Search - for (int i= 0 ; (srcCodeEntity == null )&& (i < astRoot.getChildCount());i++) - { - Node node = (Node)astRoot.getChildAt(i); - srcCodeEntity = searchSourceCodeEntityByUniqueName(_entityUniqueName, node); - if(srcCodeEntity != null) - break; - } - - return srcCodeEntity; - } - - - - /** - * - * @param _entityUniqueName ; UniqueName of 'Node' to be searched for - * @param _s The AST to be searched - * @return A Node in _s which has the same name as the parameter, UniqueName , return null is NOT found - */ - private Node search(String _entityUniqueName, Node _s){ - - if(_s.getValue().toString().equals(_entityUniqueName)) - return _s; - Node resultNode = null; - for (int i=0; resultNode==null && i < _s.getChildCount();i++){ - resultNode = search(_entityUniqueName, (Node)_s.getChildAt(i)); - } - return resultNode; - } - - - /** - * TODO : Enclose this functionality in a generic class, "SignatureSimilarity" - * ALSO, this simple percentage would fail if we have a small number of changes in the change list - * (Say if we have only one FIX in the change list , this could be problematic), hence a need for a more robust "Closeness" scheme - * - * CVE-2012-2098 - * Case in Point : - * 1. org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream,int) - * 2. org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream.init() , Revision : 1332552 - * - * @param numFoundFixes - Number of found fixes found in - * @param numTotalFixes - - * @return - */ - private boolean simplePercentageClosenessScheme(double numFoundFixes, double numTotalFixes){ - boolean flag = false; - double percentage = 0.0; - try{ - percentage = ( numFoundFixes/numTotalFixes) * 100; - } - catch(Exception e) - { - log.info(e.getMessage()); - } - - log.info("Percentage of Fixes : " + percentage + "%"); - if(percentage >= NUM_OF_FIXES_THRESHOLD) - flag = true; - - return flag; - } - - - - /** - * Search for the specified change element inside Signature (Search using the Node Label) - * - * @param astRoot The AST to be searched - * @return the Node matching the change elements EntityType and Value - * - * public : for testing purpose, switch to private once done testing - * @param change a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. - */ - public Node searchForNode(SourceCodeChange change, Node astRoot){ - - //This is what we are trying to match - String changeValue = change.getChangedEntity().getUniqueName(); - EntityType changeLabel = change.getChangedEntity().getType(); - - //The Node we are looking for, with EntityType and Value - Node nodeRoot = new Node(changeLabel, changeValue); - - String nodeValue = astRoot.getValue().toString(); - EntityType nodeLabel = astRoot.getLabel(); - - if(nodeValue.equals(changeValue) && nodeLabel.equals(changeLabel)){ - return astRoot; - } - - Node tmpNode = null; - - //Breadth First Search - for (int i= 0 ; (tmpNode == null)&& (i < astRoot.getChildCount());i++) - { - Node node = (Node)astRoot.getChildAt(i); - - //Recursive call - tmpNode = searchForNode(change, node); - if(tmpNode != null) - break; - } - - return tmpNode; - } - - - - - /** - * Search for the _entityUniqueName inside Signature (Search using the Node Label) - * - * @param astRoot The AST to be searched - * @return true if entity is within the AST - * - * public : for testing purpose, switch to private once done testing - * @param change a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. - */ - public boolean searchForEntity(SourceCodeChange change, Node astRoot){ - - SourceCodeEntity parentEntity = change.getParentEntity(); - - String _entityUniqueName = change.getChangedEntity().getUniqueName(); - String nodeValue = astRoot.getValue().toString(); - if(nodeValue.equals( _entityUniqueName)){ - return true; - } - - boolean found = false; - //Breadth First Search - for (int i= 0 ; (found ==false )&& (i < astRoot.getChildCount());i++) - { - Node node = (Node)astRoot.getChildAt(i); - /*if(_entityUniqueName.equals(node.getValue().toString())) - return true;*/ - //else - String nodeLbl = node.getValue().toString(); - found = searchForEntity(_entityUniqueName, node); - if(found) - break; - } - - return found; - } - - - /** - * Search for the _entityUniqueName inside Signature (Search using the Node Label) - * - * @param _entityUniqueName a {@link java.lang.String} object. - * @param astRoot The AST to be searched - * @return true if entity is within the AST - * - * public : for testing purpose, switch to private once done testing - */ - public boolean searchForEntity(String _entityUniqueName, Node astRoot){ - - String nodeValue = astRoot.getValue().toString(); - if(nodeValue.equals( _entityUniqueName)){ - return true; - } - - boolean found = false; - //Breadth First Search - for (int i= 0 ; (found ==false )&& (i < astRoot.getChildCount());i++) - { - Node node = (Node)astRoot.getChildAt(i); - /*if(_entityUniqueName.equals(node.getValue().toString())) - return true;*/ - //else - String nodeLbl = node.getValue().toString(); - found = searchForEntity(_entityUniqueName, node); - if(found) - break; - } - - return found; - } + // Case 2: DELETE + // 1. The Deleted Entity : change.getChangedEntity() + // 2. Parent Entity : change.getParentEntity() + else if (change instanceof Delete) { + + // Set the parent of the changed node + EntityType changedParentEntityType = ((Delete) change).getParentEntity().getType(); + String changedParentValue = ((Delete) change).getParentEntity().getUniqueName(); + Node parentNode = new Node(changedParentEntityType, changedParentValue); + changed_node.setParent(parentNode); + + // Look if the changed entity if found in the AST under test + // matched_node = searchForBestMatchingNode(changed_node, _root_node); + matched_node = getBestMatch(_root_node, change); + contains_change = matched_node == null; + } + /** + * A Update Change Type has + * 1. The New Entity : ((Update) change).getNewEntity() + * 2. The (old) Updated Entity : ((Update) change).getChangedEntity() + * 3. Parent Entity : change.getParentEntity() + */ + else if (change.getClass().getSimpleName().equals("Update")) { + + SourceCodeEntity srcCodeEntity = ((Update) change).getNewEntity(); + Node updateChangedNode = new Node(srcCodeEntity.getType(), srcCodeEntity.getUniqueName()); + + EntityType changedParentEntityType = ((Update) change).getParentEntity().getType(); + String changedParentValue = ((Update) change).getParentEntity().getUniqueName(); + Node parentNode = new Node(changedParentEntityType, changedParentValue); + updateChangedNode.setParent(parentNode); + + // Look if the changed entity if found in the AST under test + matched_node = searchForBestMatchingNode(updateChangedNode, _root_node); + + contains_change = matched_node != null; + } + /** + * A Move change type has + * 1. The Old Parent Entity : change.getParentEntity() + * 2. The Moved Entity Entity : change.getChangedEntity() + * 3. New Parent Entity : ((Move) change).getNewParentEntity() + * 4. New Entity : ((Move) change).getNewEntity() + */ + // Check first if the fix is present, then look for the appropriate place + else if (change.getClass().getSimpleName().equals("Move")) { + + SourceCodeEntity srcCodeEntity = ((Move) change).getNewEntity(); + Node moveChangedNode = new Node(srcCodeEntity.getType(), srcCodeEntity.getUniqueName()); + + EntityType changedNewParentEntityType = ((Move) change).getNewParentEntity().getType(); + String changedNewParentValue = ((Move) change).getNewParentEntity().getUniqueName(); + Node parentNode = new Node(changedNewParentEntityType, changedNewParentValue); + moveChangedNode.setParent(parentNode); + + // Look if the changed entity if found in the AST under test + matched_node = searchForBestMatchingNode(moveChangedNode, _root_node); + + contains_change = matched_node != null; + } + + // Maintain the status for the current change + ASTSignatureComparator.log.info( + " " + + i++ + + " Change type [" + + change.getClass().getSimpleName() + + "], changed node [" + + change_type + + ", \"" + + change_value + + "\"], change contained: [" + + contains_change + + "]"); + if (matched_node != null) + ASTSignatureComparator.log.info( + " Matching node: [" + + matched_node.getEntity().getType() + + ", \"" + + matched_node.getValue() + + "\"]"); + change_containment.put(change, contains_change); + } + } + + // Make the Decision at the end reading through all the content of the map + boolean unMatchedFlag = false; + for (SourceCodeChange change : change_containment.keySet()) { + Boolean status = change_containment.get(change); + if (!status) { + unMatchedFlag = true; + } else { + matchedNumFixes++; + } + } + + // If there is one security-fix change which is not contained, the "unMatchedFlag" will be set + if (unMatchedFlag) return false; + else return true; + } + + private boolean hasSameParent(Node _n1, Node _n2) { + boolean same_parent = false; + + Node p1 = (Node) _n1.getParent(); + String p1_type = p1.getLabel().name(); + String p1_value = p1.getValue(); + + Node p2 = (Node) _n2.getParent(); + String p2_type = p2.getLabel().name(); + String p2_value = p2.getValue(); + + if (p1_type.equals(p2_type)) { + double similarityScheme = fLevenshtein.calculateSimilarity(p1_value, p2_value); + same_parent = (similarityScheme > getStringSimilarityThreshold()); + } + return same_parent; + } + + /** + * Search for the best matching node; having the same label and with a similarity measure of the changedNode's string value above the given THRESHOLD + * + * @param changedNode - The changed node to be searched for + * @param astRoot - The signature of the construct under analysis + * @return The best matched node/ The first matched node + */ + private Node searchForBestMatchingNode(Node changedNode, Node astRoot) { + + // Nodes in the AST under test + EntityType astRootNodeLabel = astRoot.getLabel(); + String astRootNodeValue = astRoot.getValue(); + + // Both Nodes have the same "Label", for instance both are IF_STATEMENTs + if (astRootNodeLabel.equals(changedNode.getLabel())) { + + // Both have an empty Value, for instance ==== > return; (Label : RETURN_STATEMENT, Value : + // "") + if (astRootNodeValue.isEmpty() && changedNode.getValue().isEmpty()) { + + // Check if they have the same parent, otherwise resume searching + if (this.hasSameParent(changedNode, astRoot)) { + return astRoot; + } + } else { + // Check the similarity of the string values + // double similarityScheme = fLevenshtein.calculateSimilarity(astRootNodeValue, + // changedNode.getValue()); + // double similarityScheme = fTokenBased.calculateSimilarity(astRootNodeValue, + // changedNode.getValue()); + + // N-Grams : + // STRING_1 : (value: String tok = st.nextToken().trim();)(label: + // VARIABLE_DECLARATION_STATEMENT), + // STRING_2 : (value: final String tok = st.nextToken();)(label: + // VARIABLE_DECLARATION_STATEMENT), + // N-Grams Similarity Value : 0.6285714285714286 + double similarityScheme = + fNgrams.calculateSimilarity(astRootNodeValue, changedNode.getValue()); + + // if(similarityScheme > STRING_SIMILARITY_THRESHOLD) + if (similarityScheme > this.getStringSimilarityThreshold()) { + /*matchingNodes.put(astRoot, similarityScheme); //or we use the "Best Match" Algorithm + Node currentBestMatchedNode = astRoot; + Node previousBestMatchedNode = astRoot; + + if (matchingNodes.get(currentBestMatchedNode) > matchingNodes.get(previousBestMatchedNode)) + { + bestMatchNode = currentBestMatchedNode; //Found a New best Match + } + */ + + // Check if they have the same parent, otherwise resume searching + if (this.hasSameParent(changedNode, astRoot)) { + return astRoot; + } + } + } + } + + Node[] children = new Node[astRoot.getChildCount()]; + for (int i = 0; i < astRoot.getChildCount(); i++) { + children[i] = (Node) astRoot.getChildAt(i); + } + + Node firstMatchedNode = null; + // Breadth First Search + for (int i = 0; (firstMatchedNode == null) && (i < children.length); i++) { + // Node node = (Node)astRoot.getChildAt(i); + firstMatchedNode = searchForBestMatchingNode(changedNode, children[i]); + } + + // return tmpNode; + // return bestMatchNode; + return firstMatchedNode; // Returning the first Match that we have found, might be a good + // approach + } + + /** + * Search the SourceCode Entity Using it name + * @param _uniqueName + * @param n + * @return + */ + private SourceCodeEntity searchSourceCodeEntityByUniqueName( + String _entityUniqueName, Node astRoot) { + + // The SourceCodeEntity to be returned + SourceCodeEntity srcCodeEntity = null; + + String nodeValue = astRoot.getValue().toString(); + if (nodeValue.equals(_entityUniqueName)) { + // Return SourceCodeEntity + return astRoot.getEntity(); + } + + // Breadth First Search + for (int i = 0; (srcCodeEntity == null) && (i < astRoot.getChildCount()); i++) { + Node node = (Node) astRoot.getChildAt(i); + srcCodeEntity = searchSourceCodeEntityByUniqueName(_entityUniqueName, node); + if (srcCodeEntity != null) break; + } + + return srcCodeEntity; + } + + /** + * + * @param _entityUniqueName ; UniqueName of 'Node' to be searched for + * @param _s The AST to be searched + * @return A Node in _s which has the same name as the parameter, UniqueName , return null is NOT found + */ + private Node search(String _entityUniqueName, Node _s) { + + if (_s.getValue().toString().equals(_entityUniqueName)) return _s; + Node resultNode = null; + for (int i = 0; resultNode == null && i < _s.getChildCount(); i++) { + resultNode = search(_entityUniqueName, (Node) _s.getChildAt(i)); + } + return resultNode; + } + + /** + * TODO : Enclose this functionality in a generic class, "SignatureSimilarity" + * ALSO, this simple percentage would fail if we have a small number of changes in the change list + * (Say if we have only one FIX in the change list , this could be problematic), hence a need for a more robust "Closeness" scheme + * + * CVE-2012-2098 + * Case in Point : + * 1. org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream,int) + * 2. org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream.init() , Revision : 1332552 + * + * @param numFoundFixes - Number of found fixes found in + * @param numTotalFixes - + * @return + */ + private boolean simplePercentageClosenessScheme(double numFoundFixes, double numTotalFixes) { + boolean flag = false; + double percentage = 0.0; + try { + percentage = (numFoundFixes / numTotalFixes) * 100; + } catch (Exception e) { + log.info(e.getMessage()); + } + + log.info("Percentage of Fixes : " + percentage + "%"); + if (percentage >= NUM_OF_FIXES_THRESHOLD) flag = true; + + return flag; + } + + /** + * Search for the specified change element inside Signature (Search using the Node Label) + * + * @param astRoot The AST to be searched + * @return the Node matching the change elements EntityType and Value + * + * public : for testing purpose, switch to private once done testing + * @param change a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. + */ + public Node searchForNode(SourceCodeChange change, Node astRoot) { + + // This is what we are trying to match + String changeValue = change.getChangedEntity().getUniqueName(); + EntityType changeLabel = change.getChangedEntity().getType(); + + // The Node we are looking for, with EntityType and Value + Node nodeRoot = new Node(changeLabel, changeValue); + + String nodeValue = astRoot.getValue().toString(); + EntityType nodeLabel = astRoot.getLabel(); + + if (nodeValue.equals(changeValue) && nodeLabel.equals(changeLabel)) { + return astRoot; + } + + Node tmpNode = null; + + // Breadth First Search + for (int i = 0; (tmpNode == null) && (i < astRoot.getChildCount()); i++) { + Node node = (Node) astRoot.getChildAt(i); + + // Recursive call + tmpNode = searchForNode(change, node); + if (tmpNode != null) break; + } + + return tmpNode; + } + + /** + * Search for the _entityUniqueName inside Signature (Search using the Node Label) + * + * @param astRoot The AST to be searched + * @return true if entity is within the AST + * + * public : for testing purpose, switch to private once done testing + * @param change a {@link ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeChange} object. + */ + public boolean searchForEntity(SourceCodeChange change, Node astRoot) { + + SourceCodeEntity parentEntity = change.getParentEntity(); + + String _entityUniqueName = change.getChangedEntity().getUniqueName(); + String nodeValue = astRoot.getValue().toString(); + if (nodeValue.equals(_entityUniqueName)) { + return true; + } + + boolean found = false; + // Breadth First Search + for (int i = 0; (found == false) && (i < astRoot.getChildCount()); i++) { + Node node = (Node) astRoot.getChildAt(i); + /*if(_entityUniqueName.equals(node.getValue().toString())) + return true;*/ + // else + String nodeLbl = node.getValue().toString(); + found = searchForEntity(_entityUniqueName, node); + if (found) break; + } + + return found; + } + + /** + * Search for the _entityUniqueName inside Signature (Search using the Node Label) + * + * @param _entityUniqueName a {@link java.lang.String} object. + * @param astRoot The AST to be searched + * @return true if entity is within the AST + * + * public : for testing purpose, switch to private once done testing + */ + public boolean searchForEntity(String _entityUniqueName, Node astRoot) { + + String nodeValue = astRoot.getValue().toString(); + if (nodeValue.equals(_entityUniqueName)) { + return true; + } + + boolean found = false; + // Breadth First Search + for (int i = 0; (found == false) && (i < astRoot.getChildCount()); i++) { + Node node = (Node) astRoot.getChildAt(i); + /*if(_entityUniqueName.equals(node.getValue().toString())) + return true;*/ + // else + String nodeLbl = node.getValue().toString(); + found = searchForEntity(_entityUniqueName, node); + if (found) break; + } + + return found; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTUtil.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTUtil.java index 5b135057d..34b8d2d38 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTUtil.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/ASTUtil.java @@ -28,7 +28,6 @@ import org.apache.logging.log4j.Logger; - import ch.uzh.ifi.seal.changedistiller.model.classifiers.ChangeType; import ch.uzh.ifi.seal.changedistiller.model.classifiers.EntityType; import ch.uzh.ifi.seal.changedistiller.model.classifiers.java.JavaEntityType; @@ -40,651 +39,409 @@ */ public class ASTUtil { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - public static enum NODE_COMPARE_MODE { ENTITY_TYPE, VALUE }; - - /** - * Returns true if the nodes are equal with regard to parameter mode. - * - * @param _mode a {@link com.sap.psr.vulas.java.sign.ASTUtil.NODE_COMPARE_MODE} object. - * @param _left a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - * @param _right a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. - * @return a boolean. - * @throws java.lang.IllegalArgumentException if any. - */ - public static final boolean isEqual(@NotNull Node _left, @NotNull Node _right, @NotNull NODE_COMPARE_MODE _mode) throws IllegalArgumentException { - boolean is_equal = true; - final Enumeration enum_left = _left.depthFirstEnumeration(); - final Enumeration enum_right = _right.depthFirstEnumeration(); - Node node_left = null, node_right = null; - - // Traverse left tree and compare one by one - while(enum_left.hasMoreElements()) { - node_left = (Node)enum_left.nextElement(); - - // Compare the nodes - if(enum_right.hasMoreElements()) { - node_right = (Node)enum_right.nextElement(); - - if(_mode.equals(NODE_COMPARE_MODE.ENTITY_TYPE)) { - if(!node_left.getLabel().equals(node_right.getLabel())) { - is_equal = false; - } - } - else if(_mode.equals(NODE_COMPARE_MODE.VALUE)) { - if(!node_left.getValue().equals(node_right.getValue())) { - is_equal = false; - } - } - else { - throw new IllegalArgumentException("Illegal comparison mode: [" + _mode + "]"); - } - } - // Right tree has less elements - else { - is_equal = false; - } - - // Stop comparison upon first difference - if(!is_equal) break; - } - - // Equal until now but right tree has more nodes? - if(is_equal && enum_right.hasMoreElements()) { - is_equal = false; - } - - return is_equal; - } - - /** - *

intersectSourceCodeChanges.

- * - * @param _a a {@link java.util.Collection} object. - * @param _b a {@link java.util.Collection} object. - * @param _relaxed a boolean. - * @return a {@link java.util.Set} object. - */ - public static final Set intersectSourceCodeChanges(Collection _a, Collection _b, boolean _relaxed) { - SourceCodeEntity.setIgnoreSourceRange(true); - if(_relaxed) - SourceCodeEntity.setUniqueNamePreprocessor(UniqueNameNormalizer.getInstance()); - else - SourceCodeEntity.setUniqueNamePreprocessor(null); - - final Set intersection = new HashSet(); - outer: - for(Object o1: _b) { - int i = 0; - for(Object o2: _a) { - if(o1.equals(o2)) { - ASTUtil.log.info(" Added change [" + o1 + "]"); - intersection.add(o1); - continue outer; - } - } - } - SourceCodeEntity.setIgnoreSourceRange(false); - return intersection; - } - - /** - *

intersectSourceCodeChanges.

- * - * @param _a a {@link java.util.Collection} object. - * @param _b a {@link java.util.Collection} object. - * @param _relaxed a boolean. - * @param _cn ClassName - * @return a {@link java.util.Set} object. - */ - public static final Set intersectSourceCodeChanges(Collection _a, Collection _b, boolean _relaxed, String _cn) { - UniqueNameNormalizer uniqueNN = UniqueNameNormalizer.getInstance(); - uniqueNN.setClassUnderAnalysisName(_cn); - SourceCodeEntity.setIgnoreSourceRange(true); - if(_relaxed) - SourceCodeEntity.setUniqueNamePreprocessor(uniqueNN); - else - SourceCodeEntity.setUniqueNamePreprocessor(null); - - final Set intersection = new HashSet(); - outer: - for(Object o1: _b) { - int i = 0; - for(Object o2: _a) { - if(o1.equals(o2)) { - ASTUtil.log.info(" Added change [" + o1 + "]"); - intersection.add(o1); - continue outer; - } - } - } - SourceCodeEntity.setIgnoreSourceRange(false); - return intersection; - } - - /** - * Maps string representation of {@link ChangeType} to the corresponding enumeration value. - * - * @param changeType - String representation of changeType - * @return instance of ChangeType corresponding to the SourceCodeChange EntityType - */ - public static ChangeType getChangeType(String changeType){ - - ChangeType type = null; - - if(changeType.equals("ADDING_ATTRIBUTE_MODIFIABILITY")){ - type = ChangeType.ADDING_ATTRIBUTE_MODIFIABILITY; - } - - else if(changeType.equals("ADDING_CLASS_DERIVABILITY")){ - type = ChangeType.ADDING_CLASS_DERIVABILITY; - } - - else if(changeType.equals("ADDING_METHOD_OVERRIDABILITY")){ - type = ChangeType.ADDING_METHOD_OVERRIDABILITY; - } - - else if(changeType.equals("ADDITIONAL_CLASS")){ - type = ChangeType.ADDITIONAL_CLASS; - } - - else if(changeType.equals("ADDITIONAL_FUNCTIONALITY")){ - type = ChangeType.ADDITIONAL_FUNCTIONALITY; - } - - else if(changeType.equals("ADDITIONAL_OBJECT_STATE")){ - type = ChangeType.ADDITIONAL_OBJECT_STATE; - } - - else if(changeType.equals("ALTERNATIVE_PART_DELETE")){ - type = ChangeType.ALTERNATIVE_PART_DELETE; - } - - else if(changeType.equals("ALTERNATIVE_PART_INSERT")){ - type = ChangeType.ALTERNATIVE_PART_INSERT; - } - - else if(changeType.equals("ATTRIBUTE_RENAMING")){ - type = ChangeType.ATTRIBUTE_RENAMING; - } - - else if(changeType.equals("ATTRIBUTE_TYPE_CHANGE")){ - type = ChangeType.ATTRIBUTE_TYPE_CHANGE; - } - - else if(changeType.equals("CLASS_RENAMING")){ - type = ChangeType.CLASS_RENAMING; - } - - else if(changeType.equals("COMMENT_DELETE")){ - type = ChangeType.COMMENT_DELETE; - } - - else if(changeType.equals("COMMENT_INSERT")){ - type = ChangeType.COMMENT_INSERT; - } - - else if(changeType.equals("COMMENT_MOVE")){ - type = ChangeType.COMMENT_MOVE; - } - - else if(changeType.equals("COMMENT_UPDATE")){ - type = ChangeType.COMMENT_UPDATE; - } - - else if(changeType.equals("CONDITION_EXPRESSION_CHANGE")){ - type = ChangeType.CONDITION_EXPRESSION_CHANGE; - } - - else if(changeType.equals("DECREASING_ACCESSIBILITY_CHANGE")){ - type = ChangeType.DECREASING_ACCESSIBILITY_CHANGE; - } - - else if(changeType.equals("DOC_DELETE")){ - type = ChangeType.DOC_DELETE; - } - - else if(changeType.equals( "DOC_INSERT")){ - type = ChangeType.DOC_INSERT; - } - - else if(changeType.equals("DOC_UPDATE")){ - type = ChangeType.DOC_UPDATE; - } - - else if(changeType.equals("INCREASING_ACCESSIBILITY_CHANGE")){ - type = ChangeType.INCREASING_ACCESSIBILITY_CHANGE; - } - - else if(changeType.equals("METHOD_RENAMING")){ - type = ChangeType.METHOD_RENAMING; - } - - else if(changeType.equals("PARAMETER_DELETE")){ - type = ChangeType.PARAMETER_DELETE; - } - - else if(changeType.equals("PARAMETER_INSERT")){ - type = ChangeType.PARAMETER_INSERT; - } - - else if(changeType.equals("PARAMETER_ORDERING_CHANGE")){ - type = ChangeType.PARAMETER_ORDERING_CHANGE; - } - - else if(changeType.equals("PARAMETER_RENAMING")){ - type = ChangeType.PARAMETER_RENAMING; - } - - else if(changeType.equals("PARAMETER_TYPE_CHANGE")){ - type = ChangeType.PARAMETER_TYPE_CHANGE; - } - - else if(changeType.equals("PARENT_CLASS_CHANGE")){ - type = ChangeType.PARENT_CLASS_CHANGE; - } - - else if(changeType.equals("PARENT_CLASS_DELETE")){ - type = ChangeType.PARENT_CLASS_DELETE; - } - - else if(changeType.equals("PARENT_CLASS_INSERT")){ - type = ChangeType.PARENT_CLASS_INSERT; - } - - else if(changeType.equals("PARENT_INTERFACE_CHANGE")){ - type = ChangeType.PARENT_INTERFACE_CHANGE; - } - - else if(changeType.equals("PARENT_INTERFACE_DELETE")){ - type = ChangeType.PARENT_INTERFACE_DELETE; - } - - else if(changeType.equals("PARENT_INTERFACE_INSERT")){ - type = ChangeType.PARENT_INTERFACE_INSERT; - } - - else if(changeType.equals("REMOVED_CLASS")){ - type = ChangeType.REMOVED_CLASS; - } - - else if(changeType.equals("REMOVED_FUNCTIONALITY")){ - type = ChangeType.REMOVED_FUNCTIONALITY; - } - - else if(changeType.equals("REMOVED_OBJECT_STATE")){ - type = ChangeType.REMOVED_OBJECT_STATE; - } - - else if(changeType.equals("REMOVING_ATTRIBUTE_MODIFIABILITY")){ - type = ChangeType.REMOVING_ATTRIBUTE_MODIFIABILITY; - } - - else if(changeType.equals("REMOVING_CLASS_DERIVABILITY")){ - type = ChangeType.REMOVING_CLASS_DERIVABILITY; - } - - else if(changeType.equals( "REMOVING_METHOD_OVERRIDABILITY")){ - type = ChangeType.REMOVING_METHOD_OVERRIDABILITY; - } - - else if(changeType.equals("RETURN_TYPE_CHANGE")){ - type = ChangeType.RETURN_TYPE_CHANGE; - } - - else if(changeType.equals("RETURN_TYPE_DELETE")){ - type = ChangeType.RETURN_TYPE_DELETE; - } - - else if(changeType.equals("RETURN_TYPE_INSERT")){ - type = ChangeType.RETURN_TYPE_INSERT; - } - - else if(changeType.equals("STATEMENT_DELETE")){ - type = ChangeType.STATEMENT_DELETE; - } - - else if(changeType.equals("STATEMENT_INSERT")){ - type = ChangeType.STATEMENT_INSERT; - } - - else if(changeType.equals("STATEMENT_ORDERING_CHANGE")){ - type = ChangeType.STATEMENT_ORDERING_CHANGE; - } - - else if(changeType.equals("STATEMENT_PARENT_CHANGE")){ - type = ChangeType.STATEMENT_PARENT_CHANGE; - } - - else if(changeType.equals("STATEMENT_UPDATE")){ - type = ChangeType.STATEMENT_UPDATE; - } - - else if(changeType.equals( "UNCLASSIFIED_CHANGE")){ - type = ChangeType.UNCLASSIFIED_CHANGE; - } - else{ - //Default - type = ChangeType.UNCLASSIFIED_CHANGE; - } - - return type; - - } - - /** - * Helper method for mapping the JaveEntityTypes for source code entities to string name of EntityType in the JSON - * TODO : It might be better to move this into a BaseClass, might also be used for deserializing SourceCodeChange - * - * @return Corresponding EntityType - * - * Number of SourceCodeEntityTypes - * @param type a {@link java.lang.String} object. - */ - public static EntityType getJavaEntityType (String type){ - EntityType entityType = null; - - if(type.equals("METHOD")){ - entityType =JavaEntityType.METHOD ; - } - - else if(type.equals("ARGUMENTS")){ - entityType =JavaEntityType.ARGUMENTS; - } - - else if(type.equals("ARRAY_ACCESS")){ - entityType =JavaEntityType.ARRAY_ACCESS; - } - - else if(type.equals("ARRAY_CREATION")){ - entityType =JavaEntityType.ARRAY_CREATION; - } - - else if(type.equals("ARRAY_INITIALIZER")){ - entityType =JavaEntityType.ARRAY_INITIALIZER; - } - - else if(type .equals("ARRAY_TYPE")){ - entityType =JavaEntityType.ARRAY_TYPE; - } - - else if(type.equals( "ASSERT_STATEMENT")){ - entityType =JavaEntityType.ASSERT_STATEMENT; - } - - else if(type.equals( "ASSIGNMENT")){ - entityType =JavaEntityType.ASSIGNMENT; - } - - else if(type.equals( "FIELD")){ - entityType =JavaEntityType.FIELD; - } - - - else if(type.equals( "BLOCK")){ - entityType =JavaEntityType.BLOCK; - } - - else if(type.equals( "BLOCK_COMMENT")){ - entityType =JavaEntityType.BLOCK_COMMENT; - } - - else if(type.equals( "BODY")){ - entityType =JavaEntityType.BODY; - } - - else if(type.equals( "BOOLEAN_LITERAL")){ - entityType =JavaEntityType.BOOLEAN_LITERAL; - } - - else if(type.equals( "BREAK_STATEMENT")){ - entityType =JavaEntityType.BREAK_STATEMENT; - } - - else if(type.equals( "CAST_EXPRESSION")){ - entityType =JavaEntityType.CAST_EXPRESSION; - } - - else if(type.equals( "CATCH_CLAUSE")){ - entityType =JavaEntityType.CATCH_CLAUSE; - } - - else if(type.equals( "CATCH_CLAUSES")){ - entityType =JavaEntityType.CATCH_CLAUSES; - } - - else if(type.equals( "CHARACTER_LITERAL")){ - entityType =JavaEntityType.CHARACTER_LITERAL; - } - - else if(type.equals( "CLASS")){ - entityType =JavaEntityType.CLASS; - } - - else if(type.equals( "CLASS_INSTANCE_CREATION")){ - entityType =JavaEntityType.CLASS_INSTANCE_CREATION; - } - - else if(type.equals( "COMPILATION_UNIT")){ - entityType =JavaEntityType.COMPILATION_UNIT; - } - - else if(type.equals( "CONDITIONAL_EXPRESSION")){ - entityType =JavaEntityType.CONDITIONAL_EXPRESSION; - } - - else if(type.equals( "CONSTRUCTOR_INVOCATION")){ - entityType =JavaEntityType.CONSTRUCTOR_INVOCATION; - } - - else if(type.equals( "CONTINUE_STATEMENT")){ - entityType =JavaEntityType.CONTINUE_STATEMENT; - } - - else if(type.equals( "DO_STATEMENT")){ - entityType =JavaEntityType.DO_STATEMENT; - } - - else if(type.equals( "ELSE_STATEMENT")){ - entityType =JavaEntityType.ELSE_STATEMENT; - } - - else if(type.equals( "EMPTY_STATEMENT")){ - entityType =JavaEntityType.EMPTY_STATEMENT; - } - - else if(type.equals( "FOREACH_STATEMENT")){ - entityType =JavaEntityType.FOREACH_STATEMENT; - } - - else if(type.equals( "FIELD_ACCESS")){ - entityType =JavaEntityType.FIELD_ACCESS; - } - - else if(type.equals( "FIELD_DECLARATION")){ - entityType =JavaEntityType.FIELD_DECLARATION; - } - - else if(type.equals( "FINALLY")){ - entityType =JavaEntityType.FINALLY; - } - - else if(type.equals( "FOR_STATEMENT")){ - entityType =JavaEntityType.FOR_STATEMENT; - } - - else if(type.equals( "IF_STATEMENT")){ - entityType =JavaEntityType.IF_STATEMENT; - } - - else if(type.equals( "INFIX_EXPRESSION")){ - entityType =JavaEntityType.INFIX_EXPRESSION; - } - - else if(type.equals( "INSTANCEOF_EXPRESSION")){ - entityType =JavaEntityType.INSTANCEOF_EXPRESSION; - } - - else if(type.equals( "JAVADOC")){ - entityType =JavaEntityType.JAVADOC; - } - - else if(type.equals( "LABELED_STATEMENT")){ - entityType =JavaEntityType.LABELED_STATEMENT; - } - - else if(type.equals( "LINE_COMMENT")){ - entityType =JavaEntityType.LINE_COMMENT; - } - - else if(type.equals( "METHOD_DECLARATION")){ - entityType =JavaEntityType.METHOD_DECLARATION; - } - - else if(type.equals( "METHOD_INVOCATION")){ - entityType =JavaEntityType.METHOD_INVOCATION; - } - - else if(type.equals( "MODIFIER")){ - entityType =JavaEntityType.MODIFIER; - } - - else if(type.equals( "MODIFIERS")){ - entityType =JavaEntityType.MODIFIERS; - } - - else if(type.equals( "NULL_LITERAL")){ - entityType =JavaEntityType.NULL_LITERAL; - } - - else if(type.equals( "NUMBER_LITERAL")){ - entityType =JavaEntityType.NUMBER_LITERAL; - } - - else if(type.equals( "PARAMETERIZED_TYPE")){ - entityType =JavaEntityType.PARAMETERIZED_TYPE; - } - - else if(type.equals( "PARAMETERS")){ - entityType =JavaEntityType.PARAMETERS; - } - - else if(type.equals( "PARAMETER")){ - entityType =JavaEntityType.PARAMETER; - } - - else if(type.equals( "POSTFIX_EXPRESSION")){ - entityType =JavaEntityType.POSTFIX_EXPRESSION; - } - - else if(type.equals( "PREFIX_EXPRESSION")){ - entityType =JavaEntityType.PREFIX_EXPRESSION; - } - - else if(type.equals( "PRIMITIVE_TYPE")){ - entityType =JavaEntityType.PRIMITIVE_TYPE; - } - - else if(type.equals( "QUALIFIED_NAME")){ - entityType =JavaEntityType.QUALIFIED_NAME; - } - - else if(type.equals( "QUALIFIED_TYPE")){ - entityType =JavaEntityType.QUALIFIED_TYPE; - } - - else if(type.equals( "RETURN_STATEMENT")){ - entityType =JavaEntityType.RETURN_STATEMENT; - } - - else if(type.equals( "ROOT_NODE")){ - entityType =JavaEntityType.ROOT_NODE; - } - - else if(type.equals( "SIMPLE_NAME")){ - entityType =JavaEntityType.SIMPLE_NAME; - } - - else if(type.equals( " SINGLE_TYPE")){ - entityType =JavaEntityType.SINGLE_TYPE; - } - - else if(type.equals( "STRING_LITERAL")){ - entityType =JavaEntityType.STRING_LITERAL; - } - - else if(type.equals( "SUPER_INTERFACE_TYPES")){ - entityType =JavaEntityType.SUPER_INTERFACE_TYPES; - } - else if(type.equals( "SWITCH_STATEMENT")){ - entityType =JavaEntityType.SWITCH_STATEMENT; - } - - else if(type.equals( "SWITCH_STATEMENT")){ - entityType =JavaEntityType.SWITCH_STATEMENT; - } - - else if(type.equals( "SYNCHRONIZED_STATEMENT")){ - entityType =JavaEntityType.SYNCHRONIZED_STATEMENT; - } - - else if(type.equals( "THEN_STATEMENT")){ - entityType =JavaEntityType.THEN_STATEMENT; - } - - else if(type.equals( "THROW")){ - entityType =JavaEntityType.THROW; - } - - else if(type.equals( "THROW_STATEMENT")){ - entityType =JavaEntityType.THROW_STATEMENT; - } - - else if(type.equals( "TRY_STATEMENT")){ - entityType =JavaEntityType.TRY_STATEMENT; - } - - else if(type.equals( "TYPE_PARAMETERS")){ - entityType =JavaEntityType.TYPE_PARAMETERS; - } - - else if(type.equals( "TYPE_DECLARATION")){ - entityType =JavaEntityType.TYPE_DECLARATION; - } - - else if(type.equals( "TYPE_LITERAL")){ - entityType =JavaEntityType.TYPE_LITERAL; - } - - else if(type.equals( "TYPE_PARAMETER")){ - entityType =JavaEntityType.TYPE_PARAMETER; - } - - else if(type.equals( "VARIABLE_DECLARATION_STATEMENT")){ - entityType =JavaEntityType.VARIABLE_DECLARATION_STATEMENT; - } - - else if(type.equals( "WHILE_STATEMENT")){ - entityType =JavaEntityType.WHILE_STATEMENT; - } - - else if(type.equals( "WILDCARD_TYPE")){ - entityType =JavaEntityType.WILDCARD_TYPE; - } - - else if(type.equals( "FOR_INIT")){ - entityType =JavaEntityType.FOR_INIT; - } - - else if(type.equals( "FOR_INCR")){ - entityType =JavaEntityType.FOR_INCR; - } - else{ - //Default Entity Type - entityType =JavaEntityType.METHOD ; - } - - return entityType; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + public static enum NODE_COMPARE_MODE { + ENTITY_TYPE, + VALUE + }; + + /** + * Returns true if the nodes are equal with regard to parameter mode. + * + * @param _mode a {@link com.sap.psr.vulas.java.sign.ASTUtil.NODE_COMPARE_MODE} object. + * @param _left a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + * @param _right a {@link ch.uzh.ifi.seal.changedistiller.treedifferencing.Node} object. + * @return a boolean. + * @throws java.lang.IllegalArgumentException if any. + */ + public static final boolean isEqual( + @NotNull Node _left, @NotNull Node _right, @NotNull NODE_COMPARE_MODE _mode) + throws IllegalArgumentException { + boolean is_equal = true; + final Enumeration enum_left = _left.depthFirstEnumeration(); + final Enumeration enum_right = _right.depthFirstEnumeration(); + Node node_left = null, node_right = null; + + // Traverse left tree and compare one by one + while (enum_left.hasMoreElements()) { + node_left = (Node) enum_left.nextElement(); + + // Compare the nodes + if (enum_right.hasMoreElements()) { + node_right = (Node) enum_right.nextElement(); + + if (_mode.equals(NODE_COMPARE_MODE.ENTITY_TYPE)) { + if (!node_left.getLabel().equals(node_right.getLabel())) { + is_equal = false; + } + } else if (_mode.equals(NODE_COMPARE_MODE.VALUE)) { + if (!node_left.getValue().equals(node_right.getValue())) { + is_equal = false; + } + } else { + throw new IllegalArgumentException("Illegal comparison mode: [" + _mode + "]"); + } + } + // Right tree has less elements + else { + is_equal = false; + } + + // Stop comparison upon first difference + if (!is_equal) break; + } + + // Equal until now but right tree has more nodes? + if (is_equal && enum_right.hasMoreElements()) { + is_equal = false; + } + + return is_equal; + } + + /** + *

intersectSourceCodeChanges.

+ * + * @param _a a {@link java.util.Collection} object. + * @param _b a {@link java.util.Collection} object. + * @param _relaxed a boolean. + * @return a {@link java.util.Set} object. + */ + public static final Set intersectSourceCodeChanges( + Collection _a, Collection _b, boolean _relaxed) { + SourceCodeEntity.setIgnoreSourceRange(true); + if (_relaxed) SourceCodeEntity.setUniqueNamePreprocessor(UniqueNameNormalizer.getInstance()); + else SourceCodeEntity.setUniqueNamePreprocessor(null); + + final Set intersection = new HashSet(); + outer: + for (Object o1 : _b) { + int i = 0; + for (Object o2 : _a) { + if (o1.equals(o2)) { + ASTUtil.log.info(" Added change [" + o1 + "]"); + intersection.add(o1); + continue outer; + } + } + } + SourceCodeEntity.setIgnoreSourceRange(false); + return intersection; + } + + /** + *

intersectSourceCodeChanges.

+ * + * @param _a a {@link java.util.Collection} object. + * @param _b a {@link java.util.Collection} object. + * @param _relaxed a boolean. + * @param _cn ClassName + * @return a {@link java.util.Set} object. + */ + public static final Set intersectSourceCodeChanges( + Collection _a, Collection _b, boolean _relaxed, String _cn) { + UniqueNameNormalizer uniqueNN = UniqueNameNormalizer.getInstance(); + uniqueNN.setClassUnderAnalysisName(_cn); + SourceCodeEntity.setIgnoreSourceRange(true); + if (_relaxed) SourceCodeEntity.setUniqueNamePreprocessor(uniqueNN); + else SourceCodeEntity.setUniqueNamePreprocessor(null); + + final Set intersection = new HashSet(); + outer: + for (Object o1 : _b) { + int i = 0; + for (Object o2 : _a) { + if (o1.equals(o2)) { + ASTUtil.log.info(" Added change [" + o1 + "]"); + intersection.add(o1); + continue outer; + } + } + } + SourceCodeEntity.setIgnoreSourceRange(false); + return intersection; + } + + /** + * Maps string representation of {@link ChangeType} to the corresponding enumeration value. + * + * @param changeType - String representation of changeType + * @return instance of ChangeType corresponding to the SourceCodeChange EntityType + */ + public static ChangeType getChangeType(String changeType) { + + ChangeType type = null; + + if (changeType.equals("ADDING_ATTRIBUTE_MODIFIABILITY")) { + type = ChangeType.ADDING_ATTRIBUTE_MODIFIABILITY; + } else if (changeType.equals("ADDING_CLASS_DERIVABILITY")) { + type = ChangeType.ADDING_CLASS_DERIVABILITY; + } else if (changeType.equals("ADDING_METHOD_OVERRIDABILITY")) { + type = ChangeType.ADDING_METHOD_OVERRIDABILITY; + } else if (changeType.equals("ADDITIONAL_CLASS")) { + type = ChangeType.ADDITIONAL_CLASS; + } else if (changeType.equals("ADDITIONAL_FUNCTIONALITY")) { + type = ChangeType.ADDITIONAL_FUNCTIONALITY; + } else if (changeType.equals("ADDITIONAL_OBJECT_STATE")) { + type = ChangeType.ADDITIONAL_OBJECT_STATE; + } else if (changeType.equals("ALTERNATIVE_PART_DELETE")) { + type = ChangeType.ALTERNATIVE_PART_DELETE; + } else if (changeType.equals("ALTERNATIVE_PART_INSERT")) { + type = ChangeType.ALTERNATIVE_PART_INSERT; + } else if (changeType.equals("ATTRIBUTE_RENAMING")) { + type = ChangeType.ATTRIBUTE_RENAMING; + } else if (changeType.equals("ATTRIBUTE_TYPE_CHANGE")) { + type = ChangeType.ATTRIBUTE_TYPE_CHANGE; + } else if (changeType.equals("CLASS_RENAMING")) { + type = ChangeType.CLASS_RENAMING; + } else if (changeType.equals("COMMENT_DELETE")) { + type = ChangeType.COMMENT_DELETE; + } else if (changeType.equals("COMMENT_INSERT")) { + type = ChangeType.COMMENT_INSERT; + } else if (changeType.equals("COMMENT_MOVE")) { + type = ChangeType.COMMENT_MOVE; + } else if (changeType.equals("COMMENT_UPDATE")) { + type = ChangeType.COMMENT_UPDATE; + } else if (changeType.equals("CONDITION_EXPRESSION_CHANGE")) { + type = ChangeType.CONDITION_EXPRESSION_CHANGE; + } else if (changeType.equals("DECREASING_ACCESSIBILITY_CHANGE")) { + type = ChangeType.DECREASING_ACCESSIBILITY_CHANGE; + } else if (changeType.equals("DOC_DELETE")) { + type = ChangeType.DOC_DELETE; + } else if (changeType.equals("DOC_INSERT")) { + type = ChangeType.DOC_INSERT; + } else if (changeType.equals("DOC_UPDATE")) { + type = ChangeType.DOC_UPDATE; + } else if (changeType.equals("INCREASING_ACCESSIBILITY_CHANGE")) { + type = ChangeType.INCREASING_ACCESSIBILITY_CHANGE; + } else if (changeType.equals("METHOD_RENAMING")) { + type = ChangeType.METHOD_RENAMING; + } else if (changeType.equals("PARAMETER_DELETE")) { + type = ChangeType.PARAMETER_DELETE; + } else if (changeType.equals("PARAMETER_INSERT")) { + type = ChangeType.PARAMETER_INSERT; + } else if (changeType.equals("PARAMETER_ORDERING_CHANGE")) { + type = ChangeType.PARAMETER_ORDERING_CHANGE; + } else if (changeType.equals("PARAMETER_RENAMING")) { + type = ChangeType.PARAMETER_RENAMING; + } else if (changeType.equals("PARAMETER_TYPE_CHANGE")) { + type = ChangeType.PARAMETER_TYPE_CHANGE; + } else if (changeType.equals("PARENT_CLASS_CHANGE")) { + type = ChangeType.PARENT_CLASS_CHANGE; + } else if (changeType.equals("PARENT_CLASS_DELETE")) { + type = ChangeType.PARENT_CLASS_DELETE; + } else if (changeType.equals("PARENT_CLASS_INSERT")) { + type = ChangeType.PARENT_CLASS_INSERT; + } else if (changeType.equals("PARENT_INTERFACE_CHANGE")) { + type = ChangeType.PARENT_INTERFACE_CHANGE; + } else if (changeType.equals("PARENT_INTERFACE_DELETE")) { + type = ChangeType.PARENT_INTERFACE_DELETE; + } else if (changeType.equals("PARENT_INTERFACE_INSERT")) { + type = ChangeType.PARENT_INTERFACE_INSERT; + } else if (changeType.equals("REMOVED_CLASS")) { + type = ChangeType.REMOVED_CLASS; + } else if (changeType.equals("REMOVED_FUNCTIONALITY")) { + type = ChangeType.REMOVED_FUNCTIONALITY; + } else if (changeType.equals("REMOVED_OBJECT_STATE")) { + type = ChangeType.REMOVED_OBJECT_STATE; + } else if (changeType.equals("REMOVING_ATTRIBUTE_MODIFIABILITY")) { + type = ChangeType.REMOVING_ATTRIBUTE_MODIFIABILITY; + } else if (changeType.equals("REMOVING_CLASS_DERIVABILITY")) { + type = ChangeType.REMOVING_CLASS_DERIVABILITY; + } else if (changeType.equals("REMOVING_METHOD_OVERRIDABILITY")) { + type = ChangeType.REMOVING_METHOD_OVERRIDABILITY; + } else if (changeType.equals("RETURN_TYPE_CHANGE")) { + type = ChangeType.RETURN_TYPE_CHANGE; + } else if (changeType.equals("RETURN_TYPE_DELETE")) { + type = ChangeType.RETURN_TYPE_DELETE; + } else if (changeType.equals("RETURN_TYPE_INSERT")) { + type = ChangeType.RETURN_TYPE_INSERT; + } else if (changeType.equals("STATEMENT_DELETE")) { + type = ChangeType.STATEMENT_DELETE; + } else if (changeType.equals("STATEMENT_INSERT")) { + type = ChangeType.STATEMENT_INSERT; + } else if (changeType.equals("STATEMENT_ORDERING_CHANGE")) { + type = ChangeType.STATEMENT_ORDERING_CHANGE; + } else if (changeType.equals("STATEMENT_PARENT_CHANGE")) { + type = ChangeType.STATEMENT_PARENT_CHANGE; + } else if (changeType.equals("STATEMENT_UPDATE")) { + type = ChangeType.STATEMENT_UPDATE; + } else if (changeType.equals("UNCLASSIFIED_CHANGE")) { + type = ChangeType.UNCLASSIFIED_CHANGE; + } else { + // Default + type = ChangeType.UNCLASSIFIED_CHANGE; + } + + return type; + } + + /** + * Helper method for mapping the JaveEntityTypes for source code entities to string name of EntityType in the JSON + * TODO : It might be better to move this into a BaseClass, might also be used for deserializing SourceCodeChange + * + * @return Corresponding EntityType + * + * Number of SourceCodeEntityTypes + * @param type a {@link java.lang.String} object. + */ + public static EntityType getJavaEntityType(String type) { + EntityType entityType = null; + + if (type.equals("METHOD")) { + entityType = JavaEntityType.METHOD; + } else if (type.equals("ARGUMENTS")) { + entityType = JavaEntityType.ARGUMENTS; + } else if (type.equals("ARRAY_ACCESS")) { + entityType = JavaEntityType.ARRAY_ACCESS; + } else if (type.equals("ARRAY_CREATION")) { + entityType = JavaEntityType.ARRAY_CREATION; + } else if (type.equals("ARRAY_INITIALIZER")) { + entityType = JavaEntityType.ARRAY_INITIALIZER; + } else if (type.equals("ARRAY_TYPE")) { + entityType = JavaEntityType.ARRAY_TYPE; + } else if (type.equals("ASSERT_STATEMENT")) { + entityType = JavaEntityType.ASSERT_STATEMENT; + } else if (type.equals("ASSIGNMENT")) { + entityType = JavaEntityType.ASSIGNMENT; + } else if (type.equals("FIELD")) { + entityType = JavaEntityType.FIELD; + } else if (type.equals("BLOCK")) { + entityType = JavaEntityType.BLOCK; + } else if (type.equals("BLOCK_COMMENT")) { + entityType = JavaEntityType.BLOCK_COMMENT; + } else if (type.equals("BODY")) { + entityType = JavaEntityType.BODY; + } else if (type.equals("BOOLEAN_LITERAL")) { + entityType = JavaEntityType.BOOLEAN_LITERAL; + } else if (type.equals("BREAK_STATEMENT")) { + entityType = JavaEntityType.BREAK_STATEMENT; + } else if (type.equals("CAST_EXPRESSION")) { + entityType = JavaEntityType.CAST_EXPRESSION; + } else if (type.equals("CATCH_CLAUSE")) { + entityType = JavaEntityType.CATCH_CLAUSE; + } else if (type.equals("CATCH_CLAUSES")) { + entityType = JavaEntityType.CATCH_CLAUSES; + } else if (type.equals("CHARACTER_LITERAL")) { + entityType = JavaEntityType.CHARACTER_LITERAL; + } else if (type.equals("CLASS")) { + entityType = JavaEntityType.CLASS; + } else if (type.equals("CLASS_INSTANCE_CREATION")) { + entityType = JavaEntityType.CLASS_INSTANCE_CREATION; + } else if (type.equals("COMPILATION_UNIT")) { + entityType = JavaEntityType.COMPILATION_UNIT; + } else if (type.equals("CONDITIONAL_EXPRESSION")) { + entityType = JavaEntityType.CONDITIONAL_EXPRESSION; + } else if (type.equals("CONSTRUCTOR_INVOCATION")) { + entityType = JavaEntityType.CONSTRUCTOR_INVOCATION; + } else if (type.equals("CONTINUE_STATEMENT")) { + entityType = JavaEntityType.CONTINUE_STATEMENT; + } else if (type.equals("DO_STATEMENT")) { + entityType = JavaEntityType.DO_STATEMENT; + } else if (type.equals("ELSE_STATEMENT")) { + entityType = JavaEntityType.ELSE_STATEMENT; + } else if (type.equals("EMPTY_STATEMENT")) { + entityType = JavaEntityType.EMPTY_STATEMENT; + } else if (type.equals("FOREACH_STATEMENT")) { + entityType = JavaEntityType.FOREACH_STATEMENT; + } else if (type.equals("FIELD_ACCESS")) { + entityType = JavaEntityType.FIELD_ACCESS; + } else if (type.equals("FIELD_DECLARATION")) { + entityType = JavaEntityType.FIELD_DECLARATION; + } else if (type.equals("FINALLY")) { + entityType = JavaEntityType.FINALLY; + } else if (type.equals("FOR_STATEMENT")) { + entityType = JavaEntityType.FOR_STATEMENT; + } else if (type.equals("IF_STATEMENT")) { + entityType = JavaEntityType.IF_STATEMENT; + } else if (type.equals("INFIX_EXPRESSION")) { + entityType = JavaEntityType.INFIX_EXPRESSION; + } else if (type.equals("INSTANCEOF_EXPRESSION")) { + entityType = JavaEntityType.INSTANCEOF_EXPRESSION; + } else if (type.equals("JAVADOC")) { + entityType = JavaEntityType.JAVADOC; + } else if (type.equals("LABELED_STATEMENT")) { + entityType = JavaEntityType.LABELED_STATEMENT; + } else if (type.equals("LINE_COMMENT")) { + entityType = JavaEntityType.LINE_COMMENT; + } else if (type.equals("METHOD_DECLARATION")) { + entityType = JavaEntityType.METHOD_DECLARATION; + } else if (type.equals("METHOD_INVOCATION")) { + entityType = JavaEntityType.METHOD_INVOCATION; + } else if (type.equals("MODIFIER")) { + entityType = JavaEntityType.MODIFIER; + } else if (type.equals("MODIFIERS")) { + entityType = JavaEntityType.MODIFIERS; + } else if (type.equals("NULL_LITERAL")) { + entityType = JavaEntityType.NULL_LITERAL; + } else if (type.equals("NUMBER_LITERAL")) { + entityType = JavaEntityType.NUMBER_LITERAL; + } else if (type.equals("PARAMETERIZED_TYPE")) { + entityType = JavaEntityType.PARAMETERIZED_TYPE; + } else if (type.equals("PARAMETERS")) { + entityType = JavaEntityType.PARAMETERS; + } else if (type.equals("PARAMETER")) { + entityType = JavaEntityType.PARAMETER; + } else if (type.equals("POSTFIX_EXPRESSION")) { + entityType = JavaEntityType.POSTFIX_EXPRESSION; + } else if (type.equals("PREFIX_EXPRESSION")) { + entityType = JavaEntityType.PREFIX_EXPRESSION; + } else if (type.equals("PRIMITIVE_TYPE")) { + entityType = JavaEntityType.PRIMITIVE_TYPE; + } else if (type.equals("QUALIFIED_NAME")) { + entityType = JavaEntityType.QUALIFIED_NAME; + } else if (type.equals("QUALIFIED_TYPE")) { + entityType = JavaEntityType.QUALIFIED_TYPE; + } else if (type.equals("RETURN_STATEMENT")) { + entityType = JavaEntityType.RETURN_STATEMENT; + } else if (type.equals("ROOT_NODE")) { + entityType = JavaEntityType.ROOT_NODE; + } else if (type.equals("SIMPLE_NAME")) { + entityType = JavaEntityType.SIMPLE_NAME; + } else if (type.equals(" SINGLE_TYPE")) { + entityType = JavaEntityType.SINGLE_TYPE; + } else if (type.equals("STRING_LITERAL")) { + entityType = JavaEntityType.STRING_LITERAL; + } else if (type.equals("SUPER_INTERFACE_TYPES")) { + entityType = JavaEntityType.SUPER_INTERFACE_TYPES; + } else if (type.equals("SWITCH_STATEMENT")) { + entityType = JavaEntityType.SWITCH_STATEMENT; + } else if (type.equals("SWITCH_STATEMENT")) { + entityType = JavaEntityType.SWITCH_STATEMENT; + } else if (type.equals("SYNCHRONIZED_STATEMENT")) { + entityType = JavaEntityType.SYNCHRONIZED_STATEMENT; + } else if (type.equals("THEN_STATEMENT")) { + entityType = JavaEntityType.THEN_STATEMENT; + } else if (type.equals("THROW")) { + entityType = JavaEntityType.THROW; + } else if (type.equals("THROW_STATEMENT")) { + entityType = JavaEntityType.THROW_STATEMENT; + } else if (type.equals("TRY_STATEMENT")) { + entityType = JavaEntityType.TRY_STATEMENT; + } else if (type.equals("TYPE_PARAMETERS")) { + entityType = JavaEntityType.TYPE_PARAMETERS; + } else if (type.equals("TYPE_DECLARATION")) { + entityType = JavaEntityType.TYPE_DECLARATION; + } else if (type.equals("TYPE_LITERAL")) { + entityType = JavaEntityType.TYPE_LITERAL; + } else if (type.equals("TYPE_PARAMETER")) { + entityType = JavaEntityType.TYPE_PARAMETER; + } else if (type.equals("VARIABLE_DECLARATION_STATEMENT")) { + entityType = JavaEntityType.VARIABLE_DECLARATION_STATEMENT; + } else if (type.equals("WHILE_STATEMENT")) { + entityType = JavaEntityType.WHILE_STATEMENT; + } else if (type.equals("WILDCARD_TYPE")) { + entityType = JavaEntityType.WILDCARD_TYPE; + } else if (type.equals("FOR_INIT")) { + entityType = JavaEntityType.FOR_INIT; + } else if (type.equals("FOR_INCR")) { + entityType = JavaEntityType.FOR_INCR; + } else { + // Default Entity Type + entityType = JavaEntityType.METHOD; + } + + return entityType; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/CompilationUtils.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/CompilationUtils.java index 53ac5a299..515d51aef 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/CompilationUtils.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/CompilationUtils.java @@ -50,172 +50,169 @@ * Helper class to create the ASTSignature instances using ChangeDistiller. */ public final class CompilationUtils { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - private CompilationUtils() {} - - /** - *

compileSource.

- * - * @param source a {@link java.lang.String} object. - * @return a {@link ch.uzh.ifi.seal.changedistiller.ast.java.JavaCompilation} object. - */ - public static JavaCompilation compileSource(String source) { - - //Compiler Options - CompilerOptions options = getDefaultCompilerOptions(); - - //CommentRecorder - Parser parser = createCommentRecorderParser(options); - - //Create Compilation Unit from Source - ICompilationUnit cu = createCompilationunit(source, ""); - - //Compilation Result - CompilationResult compilationResult = createDefaultCompilationResult(cu, options); - - return new JavaCompilation(parser.parse(cu, compilationResult), parser.scanner); - } - - - private static CompilerOptions getDefaultCompilerOptions() { - CompilerOptions options = new CompilerOptions(); - options.docCommentSupport = true; - options.complianceLevel = ClassFileConstants.JDK1_7; - options.sourceLevel = ClassFileConstants.JDK1_7; - options.targetJDK = ClassFileConstants.JDK1_7; - return options; - } - - - private static ICompilationUnit createCompilationunit(String _source_code, String filename) { - char[] source_code = _source_code.toCharArray(); - ICompilationUnit cu = new CompilationUnit(source_code, filename, null); - return cu; - } - - - - /** - * Returns the generated {@link JavaCompilation} from the file identified by the given filename. - * - * @param _filename - * of the file to compile - * @return the compilation of the file - */ - public static JavaCompilation compileFile(String _filename) { - JavaCompilation jc = null; - try { - final String src = FileUtil.readFile(_filename); - final CompilerOptions options = getDefaultCompilerOptions(); - final Parser parser = createCommentRecorderParser(options); - final ICompilationUnit cu = createCompilationunit(src, _filename); - final CompilationResult compilationResult = createDefaultCompilationResult(cu, options); - jc = new JavaCompilation(parser.parse(cu, compilationResult), parser.scanner); - } catch (IOException e) { - log.error(e); - } - return jc; + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private CompilationUtils() {} + + /** + *

compileSource.

+ * + * @param source a {@link java.lang.String} object. + * @return a {@link ch.uzh.ifi.seal.changedistiller.ast.java.JavaCompilation} object. + */ + public static JavaCompilation compileSource(String source) { + + // Compiler Options + CompilerOptions options = getDefaultCompilerOptions(); + + // CommentRecorder + Parser parser = createCommentRecorderParser(options); + + // Create Compilation Unit from Source + ICompilationUnit cu = createCompilationunit(source, ""); + + // Compilation Result + CompilationResult compilationResult = createDefaultCompilationResult(cu, options); + + return new JavaCompilation(parser.parse(cu, compilationResult), parser.scanner); + } + + private static CompilerOptions getDefaultCompilerOptions() { + CompilerOptions options = new CompilerOptions(); + options.docCommentSupport = true; + options.complianceLevel = ClassFileConstants.JDK1_7; + options.sourceLevel = ClassFileConstants.JDK1_7; + options.targetJDK = ClassFileConstants.JDK1_7; + return options; + } + + private static ICompilationUnit createCompilationunit(String _source_code, String filename) { + char[] source_code = _source_code.toCharArray(); + ICompilationUnit cu = new CompilationUnit(source_code, filename, null); + return cu; + } + + /** + * Returns the generated {@link JavaCompilation} from the file identified by the given filename. + * + * @param _filename + * of the file to compile + * @return the compilation of the file + */ + public static JavaCompilation compileFile(String _filename) { + JavaCompilation jc = null; + try { + final String src = FileUtil.readFile(_filename); + final CompilerOptions options = getDefaultCompilerOptions(); + final Parser parser = createCommentRecorderParser(options); + final ICompilationUnit cu = createCompilationunit(src, _filename); + final CompilationResult compilationResult = createDefaultCompilationResult(cu, options); + jc = new JavaCompilation(parser.parse(cu, compilationResult), parser.scanner); + } catch (IOException e) { + log.error(e); } - - /** - * Create a CommentRecorderParser - * @param options - compiler options - * @return - */ - private static Parser createCommentRecorderParser(CompilerOptions options) { - Parser parser = - new CommentRecorderParser(new ProblemReporter( - DefaultErrorHandlingPolicies.proceedWithAllProblems(), - options, - new DefaultProblemFactory()), false); - return parser; - } - - - private static CompilationResult createDefaultCompilationResult(ICompilationUnit cu, CompilerOptions options) { - CompilationResult compilationResult = new CompilationResult(cu, 0, 0, options.maxProblemsPerUnit); - return compilationResult; - } - - - /** - *

extractComments.

- * - * @param sCompilationUnit a {@link ch.uzh.ifi.seal.changedistiller.ast.java.JavaCompilation} object. - * @return a {@link java.util.List} object. - */ - public static List extractComments(JavaCompilation sCompilationUnit) { - CommentCollector collector = - new CommentCollector(sCompilationUnit.getCompilationUnit(), sCompilationUnit.getSource()); - collector.collect(); - return collector.getComments(); - } - - /** - *

findMethod.

- * - * @param cu a {@link org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration} object. - * @param methodName a {@link java.lang.String} object. - * @return a {@link org.eclipse.jdt.internal.compiler.ast.AbstractMethodDeclaration} object. - */ - public static AbstractMethodDeclaration findMethod(CompilationUnitDeclaration cu, String methodName) { - for (TypeDeclaration type : cu.types) { - for (AbstractMethodDeclaration method : type.methods) { - if (String.valueOf(method.selector).equals(methodName)) { - return method; - } - } + return jc; + } + + /** + * Create a CommentRecorderParser + * @param options - compiler options + * @return + */ + private static Parser createCommentRecorderParser(CompilerOptions options) { + Parser parser = + new CommentRecorderParser( + new ProblemReporter( + DefaultErrorHandlingPolicies.proceedWithAllProblems(), + options, + new DefaultProblemFactory()), + false); + return parser; + } + + private static CompilationResult createDefaultCompilationResult( + ICompilationUnit cu, CompilerOptions options) { + CompilationResult compilationResult = + new CompilationResult(cu, 0, 0, options.maxProblemsPerUnit); + return compilationResult; + } + + /** + *

extractComments.

+ * + * @param sCompilationUnit a {@link ch.uzh.ifi.seal.changedistiller.ast.java.JavaCompilation} object. + * @return a {@link java.util.List} object. + */ + public static List extractComments(JavaCompilation sCompilationUnit) { + CommentCollector collector = + new CommentCollector(sCompilationUnit.getCompilationUnit(), sCompilationUnit.getSource()); + collector.collect(); + return collector.getComments(); + } + + /** + *

findMethod.

+ * + * @param cu a {@link org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration} object. + * @param methodName a {@link java.lang.String} object. + * @return a {@link org.eclipse.jdt.internal.compiler.ast.AbstractMethodDeclaration} object. + */ + public static AbstractMethodDeclaration findMethod( + CompilationUnitDeclaration cu, String methodName) { + for (TypeDeclaration type : cu.types) { + for (AbstractMethodDeclaration method : type.methods) { + if (String.valueOf(method.selector).equals(methodName)) { + return method; } - return null; + } } - - /** - *

findField.

- * - * @param cu a {@link org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration} object. - * @param fieldName a {@link java.lang.String} object. - * @return a {@link org.eclipse.jdt.internal.compiler.ast.FieldDeclaration} object. - */ - public static FieldDeclaration findField(CompilationUnitDeclaration cu, String fieldName) { - for (TypeDeclaration type : cu.types) { - for (FieldDeclaration field : type.fields) { - if (String.valueOf(field.name).equals(fieldName)) { - return field; - } - } + return null; + } + + /** + *

findField.

+ * + * @param cu a {@link org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration} object. + * @param fieldName a {@link java.lang.String} object. + * @return a {@link org.eclipse.jdt.internal.compiler.ast.FieldDeclaration} object. + */ + public static FieldDeclaration findField(CompilationUnitDeclaration cu, String fieldName) { + for (TypeDeclaration type : cu.types) { + for (FieldDeclaration field : type.fields) { + if (String.valueOf(field.name).equals(fieldName)) { + return field; } - return null; + } } - - /** - *

findType.

- * - * @param cu a {@link org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration} object. - * @param typeName a {@link java.lang.String} object. - * @return a {@link org.eclipse.jdt.internal.compiler.ast.TypeDeclaration} object. - */ - public static TypeDeclaration findType(CompilationUnitDeclaration cu, String typeName) { - for (TypeDeclaration type : cu.types) { - for (TypeDeclaration memberType : type.memberTypes) { - if (String.valueOf(memberType.name).equals(typeName)) { - return memberType; - } - } + return null; + } + + /** + *

findType.

+ * + * @param cu a {@link org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration} object. + * @param typeName a {@link java.lang.String} object. + * @return a {@link org.eclipse.jdt.internal.compiler.ast.TypeDeclaration} object. + */ + public static TypeDeclaration findType(CompilationUnitDeclaration cu, String typeName) { + for (TypeDeclaration type : cu.types) { + for (TypeDeclaration memberType : type.memberTypes) { + if (String.valueOf(memberType.name).equals(typeName)) { + return memberType; } - return null; + } } - - /** - *

getFile.

- * - * @param filename a {@link java.lang.String} object. - * @return a {@link java.io.File} object. - */ - public static File getFile(String filename) { - return new File(filename); - } - - + return null; + } + + /** + *

getFile.

+ * + * @param filename a {@link java.lang.String} object. + * @return a {@link java.io.File} object. + */ + public static File getFile(String filename) { + return new File(filename); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/DistillerUtil.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/DistillerUtil.java index 94d18fde8..f27f6f55f 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/DistillerUtil.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/DistillerUtil.java @@ -32,10 +32,12 @@ * Required to invoke the Eclipse JDT plugin. */ public class DistillerUtil { - /** Constant mInjector */ - protected static final Injector mInjector = Guice.createInjector(new JavaChangeDistillerModule()); - /** Constant structureEntity */ - protected static final StructureEntityVersion structureEntity = new StructureEntityVersion(JavaEntityType.METHOD, "", 0); - /** Constant mDistiller */ - protected static final Distiller mDistiller = mInjector.getInstance(DistillerFactory.class).create(structureEntity); + /** Constant mInjector */ + protected static final Injector mInjector = Guice.createInjector(new JavaChangeDistillerModule()); + /** Constant structureEntity */ + protected static final StructureEntityVersion structureEntity = + new StructureEntityVersion(JavaEntityType.METHOD, "", 0); + /** Constant mDistiller */ + protected static final Distiller mDistiller = + mInjector.getInstance(DistillerFactory.class).create(structureEntity); } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/JavaSignatureFactory.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/JavaSignatureFactory.java index 2f2835968..b61a8263c 100755 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/JavaSignatureFactory.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/JavaSignatureFactory.java @@ -32,7 +32,6 @@ import org.apache.commons.io.FilenameUtils; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.FileAnalysisException; import com.sap.psr.vulas.FileAnalyzer; @@ -61,237 +60,254 @@ */ public class JavaSignatureFactory implements SignatureFactory { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** - * Cache of contructs, so that the decompilation and parsing must not be done over and over again. - */ - final Map sourceCache = new HashMap(); - - /** - * Cache of contructs, so that the decompilation and parsing must not be done over and over again. - */ - final Map compiledCache = new HashMap(); - - /** - * Java Decompiler, e.g., {@link ProcyonDecompiler}. - */ - final IDecompiler decompiler = new ProcyonDecompiler(); - - /** - * {@inheritDoc} - * - * Returns true if the given {@link ConstructId} is of type Java method or Java constructor. - */ - @Override - public boolean isSupportedConstructId(ConstructId _id) { - return _id!=null && - ProgrammingLanguage.JAVA.equals(_id.getLang()) && - ( ConstructType.METH.equals(_id.getType()) || ConstructType.CONS.equals(_id.getType())); - } - - /** - * {@inheritDoc} - * - * Creates the construct signature on the basis of the source code provided by {@link Construct#getContent()}. - */ - @Override - public Signature createSignature(Construct _c) { - if(_c==null) return null; - - ASTConstructBodySignature ast_signature = null; - try { - ast_signature = new ASTConstructBodySignature(_c); - final String construct_name = ((JavaId)_c.getId()).getSimpleName(); //this.extractConstructName(_c.getId()); - if(construct_name!=null && !construct_name.equals("")) //!=" ") - ast_signature.convertConstructBody(construct_name); - } - catch(Exception e){ - JavaSignatureFactory.log.error(e.getMessage().toString()); - } - return ast_signature; - } - - /** - * {@inheritDoc} - * - * Creates the construct signature on the basis of a given Java source file. - * - * @see JavaSignatureFactory#createFromSourceCache(ConstructId) - */ - @Override - public Signature createSignature(ConstructId _cid, File _java_file) { - Signature signature = null; - - if(_java_file.getName().endsWith(".java")) { - // Is the construct body cached? - signature = this.createFromSourceCache(_cid); - - // No, it is not cached - if(signature==null) { - - try { - // Parse the Java file in order to identify all its constructs - final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(_java_file); - - // Get the construct we're interested at - final Construct c = fa.getConstruct(JavaId.toCoreType(_cid)); - - // Create the signature - if(c!=null) { - // Fill cache - this.sourceCache.put(_cid, c); - signature = this.createSignature(c); - } - else - JavaSignatureFactory.log.error("Construct [" + _cid + "] not found in Java source file [" + _java_file + "]"); - } catch (IllegalArgumentException e) { - JavaSignatureFactory.log.error(e.getMessage()); - } catch (FileAnalysisException e) { - JavaSignatureFactory.log.error(e.getMessage()); - } - } - } - else if(_java_file.getName().endsWith(".class")) { - // Is the construct body cached? - signature = this.createFromCompiledCache(_cid); - - // No, it is not cached - if(signature==null) { - - try { - final String filename_without_extension = FilenameUtils.removeExtension(_java_file.getName()); - File java_source_file = new File(_java_file.getParent(), filename_without_extension + ".java"); - - //Check if the java File already exists before decompiling - if(!java_source_file.exists()) - java_source_file = decompiler.decompileClassFile(_java_file); - - // Now the same as for java files - - // Parse the Java file in order to identify all its constructs - final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(java_source_file); - - // Get the construct we're interested at - final Construct c = fa.getConstruct(JavaId.toCoreType(_cid)); - - // Create the signature - if(c!=null) { - // Fill cache - this.compiledCache.put(_cid, c); - signature = this.createSignature(c); - } - else - JavaSignatureFactory.log.error("Construct [" + _cid + "] not found in Java source file [" + _java_file + "]"); - } catch (IllegalArgumentException e) { - JavaSignatureFactory.log.error(e.getMessage()); - } catch (FileAnalysisException e) { - JavaSignatureFactory.log.error(e.getMessage()); - } - } - } - else { - JavaSignatureFactory.log.error("File extension of [" + _java_file.getName() + "] not supported"); - } - - return signature; - } - - /** - * Returns true if the signature creation is supported for the given {@link ConstructId}. This depends - * on whether the ID's definition context can be obtained, and whether the latter is a nested class. - * @param _cid - */ - static final boolean isSupported(ConstructId _cid, boolean _throw_exception) throws IllegalArgumentException { - boolean supported = true; - - // Get and check the definition context of the construct whose signature we're about to create - final JavaClassId class_id = (JavaClassId)JavaId.toCoreType(_cid).getDefinitionContext(); - - // Cannot get the def context - if(class_id==null) { - supported = false; - if(_throw_exception) - throw new IllegalArgumentException("No definition context for construct [" + _cid.getQname() + "]"); - } - // Nested class - else if(class_id.isNestedClass()) { - supported = false; - JavaSignatureFactory.log.error("Nested classes are not yet supported, cannot create signature for [" + _cid.getQname() + "]"); - if(_throw_exception) - throw new IllegalArgumentException("Nested classes are not yet supported, cannot create signature for [" + _cid.getQname() + "]"); - } - - return supported; - } - - /** - * Reads the construct from cache and creates the signature. - */ - private Signature createFromSourceCache(ConstructId _cid) { - Signature signature = null; - if(this.sourceCache.containsKey(_cid)) - signature = this.createSignature(this.sourceCache.get(_cid)); - return signature; - } - - /** - * Reads the construct from cache and creates the signature. - */ - private Signature createFromCompiledCache(ConstructId _cid) { - Signature signature = null; - if(this.compiledCache.containsKey(_cid)) - signature = this.createSignature(this.compiledCache.get(_cid)); - return signature; - } - - /** - * Reads the bytecode of the given {@link CtClass} and writes it to a temporary file. - * @param _cid - * @param _class - * @return the temporary file to which the byte code has been written - * @throws IOException - */ - private Path writeBytesToTmpFile(JavaClassId _cid, CtClass _class) throws IOException { - final Path class_file = Files.createTempFile(VulasConfiguration.getGlobal().getTmpDir(), _cid.getQualifiedName(), ".class", new FileAttribute[] {}); - FileUtil.writeToFile(class_file.toFile(), this.readBytes(_class)); - return class_file; - } - - /** - * Reads the byte code of the given {@link CtClass}. - * @param _class - * @return - * @throws IOException - */ - private byte[] readBytes(CtClass _class) throws IOException { - final ByteArrayOutputStream bos = new ByteArrayOutputStream(); - final DataOutputStream dos = new DataOutputStream(bos); - final ClassFile cf = _class.getClassFile(); - cf.write(dos); - dos.flush(); - return bos.toByteArray(); - } - - /** - * {@inheritDoc} - * - * Computes a so-called signature change, i.e., changes required to transform the signature of the first given {@link Construct} into the signature of the second. - */ - @Override - public SignatureChange computeChange(Construct _from, Construct _to) { - ASTSignatureChange change = null; - if(_from!=null && _to!=null) { - final ASTConstructBodySignature from_sign = (ASTConstructBodySignature)this.createSignature(_from); - final ASTConstructBodySignature to_sign = (ASTConstructBodySignature)this.createSignature(_to); - - // Note: The call in class ASTSignatureChange.getModifications() { mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode);} - // changes the from version into the to version, i.e., afterwards both will look the same - if(from_sign!=null && to_sign!=null) { - change = new ASTSignatureChange(from_sign, to_sign); - change.getModifications(); - } - } - return change; - } -} \ No newline at end of file + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** + * Cache of contructs, so that the decompilation and parsing must not be done over and over again. + */ + final Map sourceCache = new HashMap(); + + /** + * Cache of contructs, so that the decompilation and parsing must not be done over and over again. + */ + final Map compiledCache = new HashMap(); + + /** + * Java Decompiler, e.g., {@link ProcyonDecompiler}. + */ + final IDecompiler decompiler = new ProcyonDecompiler(); + + /** + * {@inheritDoc} + * + * Returns true if the given {@link ConstructId} is of type Java method or Java constructor. + */ + @Override + public boolean isSupportedConstructId(ConstructId _id) { + return _id != null + && ProgrammingLanguage.JAVA.equals(_id.getLang()) + && (ConstructType.METH.equals(_id.getType()) || ConstructType.CONS.equals(_id.getType())); + } + + /** + * {@inheritDoc} + * + * Creates the construct signature on the basis of the source code provided by {@link Construct#getContent()}. + */ + @Override + public Signature createSignature(Construct _c) { + if (_c == null) return null; + + ASTConstructBodySignature ast_signature = null; + try { + ast_signature = new ASTConstructBodySignature(_c); + final String construct_name = + ((JavaId) _c.getId()).getSimpleName(); // this.extractConstructName(_c.getId()); + if (construct_name != null && !construct_name.equals("")) // !=" ") + ast_signature.convertConstructBody(construct_name); + } catch (Exception e) { + JavaSignatureFactory.log.error(e.getMessage().toString()); + } + return ast_signature; + } + + /** + * {@inheritDoc} + * + * Creates the construct signature on the basis of a given Java source file. + * + * @see JavaSignatureFactory#createFromSourceCache(ConstructId) + */ + @Override + public Signature createSignature(ConstructId _cid, File _java_file) { + Signature signature = null; + + if (_java_file.getName().endsWith(".java")) { + // Is the construct body cached? + signature = this.createFromSourceCache(_cid); + + // No, it is not cached + if (signature == null) { + + try { + // Parse the Java file in order to identify all its constructs + final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(_java_file); + + // Get the construct we're interested at + final Construct c = fa.getConstruct(JavaId.toCoreType(_cid)); + + // Create the signature + if (c != null) { + // Fill cache + this.sourceCache.put(_cid, c); + signature = this.createSignature(c); + } else + JavaSignatureFactory.log.error( + "Construct [" + _cid + "] not found in Java source file [" + _java_file + "]"); + } catch (IllegalArgumentException e) { + JavaSignatureFactory.log.error(e.getMessage()); + } catch (FileAnalysisException e) { + JavaSignatureFactory.log.error(e.getMessage()); + } + } + } else if (_java_file.getName().endsWith(".class")) { + // Is the construct body cached? + signature = this.createFromCompiledCache(_cid); + + // No, it is not cached + if (signature == null) { + + try { + final String filename_without_extension = + FilenameUtils.removeExtension(_java_file.getName()); + File java_source_file = + new File(_java_file.getParent(), filename_without_extension + ".java"); + + // Check if the java File already exists before decompiling + if (!java_source_file.exists()) + java_source_file = decompiler.decompileClassFile(_java_file); + + // Now the same as for java files + + // Parse the Java file in order to identify all its constructs + final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(java_source_file); + + // Get the construct we're interested at + final Construct c = fa.getConstruct(JavaId.toCoreType(_cid)); + + // Create the signature + if (c != null) { + // Fill cache + this.compiledCache.put(_cid, c); + signature = this.createSignature(c); + } else + JavaSignatureFactory.log.error( + "Construct [" + _cid + "] not found in Java source file [" + _java_file + "]"); + } catch (IllegalArgumentException e) { + JavaSignatureFactory.log.error(e.getMessage()); + } catch (FileAnalysisException e) { + JavaSignatureFactory.log.error(e.getMessage()); + } + } + } else { + JavaSignatureFactory.log.error( + "File extension of [" + _java_file.getName() + "] not supported"); + } + + return signature; + } + + /** + * Returns true if the signature creation is supported for the given {@link ConstructId}. This depends + * on whether the ID's definition context can be obtained, and whether the latter is a nested class. + * @param _cid + */ + static final boolean isSupported(ConstructId _cid, boolean _throw_exception) + throws IllegalArgumentException { + boolean supported = true; + + // Get and check the definition context of the construct whose signature we're about to create + final JavaClassId class_id = (JavaClassId) JavaId.toCoreType(_cid).getDefinitionContext(); + + // Cannot get the def context + if (class_id == null) { + supported = false; + if (_throw_exception) + throw new IllegalArgumentException( + "No definition context for construct [" + _cid.getQname() + "]"); + } + // Nested class + else if (class_id.isNestedClass()) { + supported = false; + JavaSignatureFactory.log.error( + "Nested classes are not yet supported, cannot create signature for [" + + _cid.getQname() + + "]"); + if (_throw_exception) + throw new IllegalArgumentException( + "Nested classes are not yet supported, cannot create signature for [" + + _cid.getQname() + + "]"); + } + + return supported; + } + + /** + * Reads the construct from cache and creates the signature. + */ + private Signature createFromSourceCache(ConstructId _cid) { + Signature signature = null; + if (this.sourceCache.containsKey(_cid)) + signature = this.createSignature(this.sourceCache.get(_cid)); + return signature; + } + + /** + * Reads the construct from cache and creates the signature. + */ + private Signature createFromCompiledCache(ConstructId _cid) { + Signature signature = null; + if (this.compiledCache.containsKey(_cid)) + signature = this.createSignature(this.compiledCache.get(_cid)); + return signature; + } + + /** + * Reads the bytecode of the given {@link CtClass} and writes it to a temporary file. + * @param _cid + * @param _class + * @return the temporary file to which the byte code has been written + * @throws IOException + */ + private Path writeBytesToTmpFile(JavaClassId _cid, CtClass _class) throws IOException { + final Path class_file = + Files.createTempFile( + VulasConfiguration.getGlobal().getTmpDir(), + _cid.getQualifiedName(), + ".class", + new FileAttribute[] {}); + FileUtil.writeToFile(class_file.toFile(), this.readBytes(_class)); + return class_file; + } + + /** + * Reads the byte code of the given {@link CtClass}. + * @param _class + * @return + * @throws IOException + */ + private byte[] readBytes(CtClass _class) throws IOException { + final ByteArrayOutputStream bos = new ByteArrayOutputStream(); + final DataOutputStream dos = new DataOutputStream(bos); + final ClassFile cf = _class.getClassFile(); + cf.write(dos); + dos.flush(); + return bos.toByteArray(); + } + + /** + * {@inheritDoc} + * + * Computes a so-called signature change, i.e., changes required to transform the signature of the first given {@link Construct} into the signature of the second. + */ + @Override + public SignatureChange computeChange(Construct _from, Construct _to) { + ASTSignatureChange change = null; + if (_from != null && _to != null) { + final ASTConstructBodySignature from_sign = + (ASTConstructBodySignature) this.createSignature(_from); + final ASTConstructBodySignature to_sign = + (ASTConstructBodySignature) this.createSignature(_to); + + // Note: The call in class ASTSignatureChange.getModifications() { + // mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode);} + // changes the from version into the to version, i.e., afterwards both will look the same + if (from_sign != null && to_sign != null) { + change = new ASTSignatureChange(from_sign, to_sign); + change.getModifications(); + } + } + return change; + } +} diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/UniqueNameNormalizer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/UniqueNameNormalizer.java index 2625917a7..357abe06e 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/UniqueNameNormalizer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/UniqueNameNormalizer.java @@ -30,7 +30,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.core.util.SignatureConfiguration; import com.sap.psr.vulas.shared.util.VulasConfiguration; @@ -45,308 +44,332 @@ */ public class UniqueNameNormalizer implements IUniqueNameNormalizer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final Pattern CONSTANT_PATTERN = Pattern.compile("([0-9a-zA-Z_\\.]+)\\.([0-9A-Z_]+)"); - - private static UniqueNameNormalizer instance = null; - - private ClassLoader classLoader = null; - - private static String cua = null; // class under analysis - - private UniqueNameNormalizer() {} - - /** - *

Getter for the field instance.

- * - * @return a {@link com.sap.psr.vulas.java.sign.UniqueNameNormalizer} object. - */ - public static synchronized UniqueNameNormalizer getInstance() { - if(instance==null) - instance = new UniqueNameNormalizer(); - return instance; - } - - /** - * Fully qualified class names to be searched for class names found in strings. - */ - private final Set classNames = new HashSet(); - /** - *

addStrings.

- * - * @param _class_names a {@link java.util.Collection} object. - */ - public final void addStrings(Collection _class_names) { classNames.addAll(_class_names); } - /** - *

addStrings.

- * - * @param _class_names an array of {@link java.lang.String} objects. - */ - public final void addStrings(String[] _class_names) { classNames.addAll(Arrays.asList(_class_names)); } - /** - *

addConstructIds.

- * - * @param _classes a {@link java.util.Collection} object. - */ - public final void addConstructIds(Collection _classes) { - for(ConstructId cid: _classes) { - classNames.add(cid.getQualifiedName()); - } - } - - /** - * Sets the class loader used for inlining constants, see {@link UniqueNameNormalizer#findConstants(String, String)}. - * - * @param _cl a {@link java.lang.ClassLoader} object. - */ - public void setClassLoader(ClassLoader _cl) { this.classLoader = _cl; } - - /** {@inheritDoc} */ - @Override - public boolean haveEqualUniqueName(SourceCodeEntity _e1, SourceCodeEntity _e2) { - // Equality before normalization - final boolean eq_before_norm = _e1.getUniqueName().equals(_e2.getUniqueName()); - - // Equality after normalization - final String p1 = this.normalizeUniqueName(_e1); - final String p2 = this.normalizeUniqueName(_e2); - final boolean eq_after_norm = p1.equals(p2); - - // Print log message in case the pre-processing realized a match that did not exist before - if(!eq_before_norm && eq_after_norm) { // && !_e1.equals(_e2)) { - UniqueNameNormalizer.log.info("Preprocessor match: Old [" + _e1 + "] and [" + _e2 + "]"); - UniqueNameNormalizer.log.info(" New [" + p1 + "] and [" + p2 + "]"); - } - return eq_after_norm; - } - - /** - * Applies changes that are independent of a given {@link EntityType} to the given {@link String}. - * In more detail, the string is trimmed, occurrences of "this." are removed and constants are inlined. - * - * @param _string a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public String normalizeUniqueName(String _string) { - String tmp = _string.trim(); - tmp = tmp.replaceAll("this\\.", ""); - tmp = tmp.replaceAll("(Object)", ""); - if( VulasConfiguration.getGlobal().getConfiguration().getBoolean(SignatureConfiguration.RELAX_STRIP_FINALS) ) { - tmp = tmp.replaceAll("final ", ""); - } - //TODO: Replace single characters 'x' by ASCII codes (cf. CVE-2009-2625) as done by some compilers - tmp = this.inlineConstants(tmp); - return tmp; - } - - /** - * {@inheritDoc} - * - * Applies changes to the unique name of the given {@link SourceCodeEntity}, potentially dependent - * on its specific {@link EntityType}. - */ - @Override - public String normalizeUniqueName(SourceCodeEntity _entity) { - String toFix = _entity.getUniqueName(); - // get rid of class name for static methods - if ( _entity.getType().isStatement() && cua != null ){ - toFix = removeLeadingClassName(toFix); - } - // Normalizations applicable to all entities - String tmp = this.normalizeUniqueName(toFix); - tmp = this.removeNumberCasts(tmp); - // Normalizations specific to entity types - - // Variable declaration: Remove leading "final" - - return tmp; - } - - /** - *

removeLeadingClassName.

- * - * @param _string a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public String removeLeadingClassName(String _string ){ - String tmp = _string.trim(); - tmp = tmp.replaceAll(cua+"\\.", ""); - return tmp; + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static final Pattern CONSTANT_PATTERN = + Pattern.compile("([0-9a-zA-Z_\\.]+)\\.([0-9A-Z_]+)"); + + private static UniqueNameNormalizer instance = null; + + private ClassLoader classLoader = null; + + private static String cua = null; // class under analysis + + private UniqueNameNormalizer() {} + + /** + *

Getter for the field instance.

+ * + * @return a {@link com.sap.psr.vulas.java.sign.UniqueNameNormalizer} object. + */ + public static synchronized UniqueNameNormalizer getInstance() { + if (instance == null) instance = new UniqueNameNormalizer(); + return instance; + } + + /** + * Fully qualified class names to be searched for class names found in strings. + */ + private final Set classNames = new HashSet(); + /** + *

addStrings.

+ * + * @param _class_names a {@link java.util.Collection} object. + */ + public final void addStrings(Collection _class_names) { + classNames.addAll(_class_names); + } + /** + *

addStrings.

+ * + * @param _class_names an array of {@link java.lang.String} objects. + */ + public final void addStrings(String[] _class_names) { + classNames.addAll(Arrays.asList(_class_names)); + } + /** + *

addConstructIds.

+ * + * @param _classes a {@link java.util.Collection} object. + */ + public final void addConstructIds(Collection _classes) { + for (ConstructId cid : _classes) { + classNames.add(cid.getQualifiedName()); + } + } + + /** + * Sets the class loader used for inlining constants, see {@link UniqueNameNormalizer#findConstants(String, String)}. + * + * @param _cl a {@link java.lang.ClassLoader} object. + */ + public void setClassLoader(ClassLoader _cl) { + this.classLoader = _cl; + } + + /** {@inheritDoc} */ + @Override + public boolean haveEqualUniqueName(SourceCodeEntity _e1, SourceCodeEntity _e2) { + // Equality before normalization + final boolean eq_before_norm = _e1.getUniqueName().equals(_e2.getUniqueName()); + + // Equality after normalization + final String p1 = this.normalizeUniqueName(_e1); + final String p2 = this.normalizeUniqueName(_e2); + final boolean eq_after_norm = p1.equals(p2); + + // Print log message in case the pre-processing realized a match that did not exist before + if (!eq_before_norm && eq_after_norm) { // && !_e1.equals(_e2)) { + UniqueNameNormalizer.log.info("Preprocessor match: Old [" + _e1 + "] and [" + _e2 + "]"); + UniqueNameNormalizer.log.info(" New [" + p1 + "] and [" + p2 + "]"); + } + return eq_after_norm; + } + + /** + * Applies changes that are independent of a given {@link EntityType} to the given {@link String}. + * In more detail, the string is trimmed, occurrences of "this." are removed and constants are inlined. + * + * @param _string a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public String normalizeUniqueName(String _string) { + String tmp = _string.trim(); + tmp = tmp.replaceAll("this\\.", ""); + tmp = tmp.replaceAll("(Object)", ""); + if (VulasConfiguration.getGlobal() + .getConfiguration() + .getBoolean(SignatureConfiguration.RELAX_STRIP_FINALS)) { + tmp = tmp.replaceAll("final ", ""); + } + // TODO: Replace single characters 'x' by ASCII codes (cf. CVE-2009-2625) as done by some + // compilers + tmp = this.inlineConstants(tmp); + return tmp; + } + + /** + * {@inheritDoc} + * + * Applies changes to the unique name of the given {@link SourceCodeEntity}, potentially dependent + * on its specific {@link EntityType}. + */ + @Override + public String normalizeUniqueName(SourceCodeEntity _entity) { + String toFix = _entity.getUniqueName(); + // get rid of class name for static methods + if (_entity.getType().isStatement() && cua != null) { + toFix = removeLeadingClassName(toFix); + } + // Normalizations applicable to all entities + String tmp = this.normalizeUniqueName(toFix); + tmp = this.removeNumberCasts(tmp); + // Normalizations specific to entity types + + // Variable declaration: Remove leading "final" + + return tmp; + } + + /** + *

removeLeadingClassName.

+ * + * @param _string a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public String removeLeadingClassName(String _string) { + String tmp = _string.trim(); + tmp = tmp.replaceAll(cua + "\\.", ""); + return tmp; + } + + /** + *

removeNumberCasts.

+ * + * @param _string a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public String removeNumberCasts(String _string) { + String regex_string = "[^\"]*\"[^\"]*\""; + Pattern pattern_string = Pattern.compile(regex_string); + Matcher matcher_string = pattern_string.matcher(_string); + // do not substitute when is a user defined string + if (!matcher_string.matches()) { + String regex = "([^0-9]*)([0-9]+)([BDFL])(.*)"; + Pattern pattern = Pattern.compile(regex); + Matcher matcher = pattern.matcher(_string); + String tmp = ""; + int i = 0; + while (matcher.find()) { + String tmp2 = matcher.group(1); + tmp2 += matcher.group(2); + tmp2 += matcher.group(4); + tmp += tmp2; + i = matcher.end(); + } + return tmp; + } else { + return _string; + } + } + + /** + *

inlineConstants.

+ * + * @param _string a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public String inlineConstants(String _string) { + final StringBuilder b = new StringBuilder(); + final Matcher m = CONSTANT_PATTERN.matcher(_string); + int idx = 0; + String constant_name = null, constant_value = null; + Set fields = null; + while (m.find()) { + constant_name = _string.substring(m.start(), m.end()); + + // Find fields and take value + fields = this.findConstants(m.group(1), m.group(2)); + if (fields.size() == 1) constant_value = this.getConstantValue(fields.iterator().next()); + else if (fields.size() > 1) { + UniqueNameNormalizer.log.warn( + fields.size() + " constants [" + constant_name + "] found, take first"); + constant_value = this.getConstantValue(fields.iterator().next()); + } else constant_value = null; + + b.append(_string.substring(idx, m.start())); + if (constant_value == null) b.append(_string.substring(m.start(), m.end())); + else b.append(constant_value); + idx = m.end(); + } + b.append(_string.substring(idx)); + return b.toString(); + } + + /** + * Returns the value of the given {@link Field} as {@link String}. + * + * Todo: Until now, the method only distinguishes primitive types and + * everything else. In both cases, the value is obtained by calling + * toString. In the latter case, the value is additionally wrapped in quotes. + * One must probably distinguish further cases, e.g., chars wrapper by single quotes. + * + * @param _field + * @return + */ + private String getConstantValue(Field _field) { + final StringBuilder value = new StringBuilder(); + try { + final Class type = _field.getType(); + _field.setAccessible(true); + if (type.isPrimitive()) { + value.append(_field.get(null).toString()); + } else { + value.append("\"").append(_field.get(null).toString()).append("\""); + } + } catch (IllegalArgumentException e) { + UniqueNameNormalizer.log.error( + "Error while obtaining value of field [" + _field + "]: " + e.getMessage(), e); + } catch (IllegalAccessException e) { + UniqueNameNormalizer.log.error( + "Error while accessing value of field [" + _field + "]: " + e.getMessage(), e); + } catch (NoClassDefFoundError e2) { + } + return value.toString(); + } + + /** + * Searches for classes or interfaces of the given name (w/o package qualifier) and which have a constant of the given name. + * + * Considers all classes before passed to {@link UniqueNameNormalizer#addStrings(Collection)} or the other two methods. + * At the same time, the classes must be in the class path so that they can be loaded. + * + * @param _class_name + * @param _field_name + * @return + */ + private Set findConstants(String _class_name, String _field_name) { + + // Find all classes + final Set classes = new HashSet(); + // Replace . in class names by $ + final String class_name = _class_name.replaceAll("\\.", "\\$"); + Class cl = null; + for (String qn : this.classNames) { + if (qn.indexOf(class_name) != -1) { + + // If existing, try the member class loader (e.g., set by the Maven plugin) + if (this.classLoader != null) { + try { + cl = this.classLoader.loadClass(qn); + } catch (ClassNotFoundException e) { + } catch (NoClassDefFoundError e2) { + } } - - /** - *

removeNumberCasts.

- * - * @param _string a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public String removeNumberCasts(String _string){ - String regex_string = "[^\"]*\"[^\"]*\""; - Pattern pattern_string = Pattern.compile(regex_string); - Matcher matcher_string = pattern_string.matcher(_string); - // do not substitute when is a user defined string - if ( ! matcher_string.matches() ) { - String regex = "([^0-9]*)([0-9]+)([BDFL])(.*)"; - Pattern pattern = Pattern.compile(regex); - Matcher matcher = pattern.matcher(_string); - String tmp = ""; - int i =0; - while ( matcher.find() ){ - String tmp2 = matcher.group(1); - tmp2 += matcher.group(2); - tmp2 += matcher.group(4); - tmp+=tmp2; - i = matcher.end(); - } - return tmp; - } else { - return _string; - } + + // If not existing or unsuccessful, try the system class loader + if (cl == null) { + try { + cl = Class.forName(qn); + } catch (ClassNotFoundException e) { + } catch (NoClassDefFoundError e2) { + } } - /** - *

inlineConstants.

- * - * @param _string a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public String inlineConstants(String _string) { - final StringBuilder b = new StringBuilder(); - final Matcher m = CONSTANT_PATTERN.matcher(_string); - int idx = 0; - String constant_name = null, constant_value = null; - Set fields = null; - while(m.find()) { - constant_name = _string.substring(m.start(), m.end()); - - // Find fields and take value - fields = this.findConstants(m.group(1), m.group(2)); - if(fields.size()==1) - constant_value = this.getConstantValue(fields.iterator().next()); - else if(fields.size()>1) { - UniqueNameNormalizer.log.warn(fields.size() + " constants [" + constant_name + "] found, take first"); - constant_value = this.getConstantValue(fields.iterator().next()); - } - else - constant_value = null; - - b.append(_string.substring(idx, m.start())); - if(constant_value==null) - b.append(_string.substring(m.start(), m.end())); - else - b.append(constant_value); - idx = m.end(); - } - b.append(_string.substring(idx)); - return b.toString(); - } - - /** - * Returns the value of the given {@link Field} as {@link String}. - * - * Todo: Until now, the method only distinguishes primitive types and - * everything else. In both cases, the value is obtained by calling - * toString. In the latter case, the value is additionally wrapped in quotes. - * One must probably distinguish further cases, e.g., chars wrapper by single quotes. - * - * @param _field - * @return - */ - private String getConstantValue(Field _field) { - final StringBuilder value = new StringBuilder(); - try { - final Class type = _field.getType(); - _field.setAccessible(true); - if(type.isPrimitive()) { - value.append(_field.get(null).toString()); - } - else { - value.append("\"").append(_field.get(null).toString()).append("\""); - } - } catch (IllegalArgumentException e) { - UniqueNameNormalizer.log.error("Error while obtaining value of field [" + _field + "]: " + e.getMessage(), e); - } catch (IllegalAccessException e) { - UniqueNameNormalizer.log.error("Error while accessing value of field [" + _field + "]: " + e.getMessage(), e); - } catch (NoClassDefFoundError e2) {} - return value.toString(); - } - - /** - * Searches for classes or interfaces of the given name (w/o package qualifier) and which have a constant of the given name. - * - * Considers all classes before passed to {@link UniqueNameNormalizer#addStrings(Collection)} or the other two methods. - * At the same time, the classes must be in the class path so that they can be loaded. - * - * @param _class_name - * @param _field_name - * @return - */ - private Set findConstants(String _class_name, String _field_name) { - - // Find all classes - final Set classes = new HashSet(); - // Replace . in class names by $ - final String class_name = _class_name.replaceAll("\\.", "\\$"); - Class cl = null; - for(String qn : this.classNames) { - if(qn.indexOf(class_name)!=-1) { - - // If existing, try the member class loader (e.g., set by the Maven plugin) - if(this.classLoader!=null) { - try { - cl = this.classLoader.loadClass(qn); - } - catch(ClassNotFoundException e) {} - catch (NoClassDefFoundError e2){} - } - - // If not existing or unsuccessful, try the system class loader - if(cl==null) { - try { - cl = Class.forName(qn); - } - catch(ClassNotFoundException e) {} - catch( NoClassDefFoundError e2) {} - } - - // Add if found, otherwise write error message - if(cl==null) - UniqueNameNormalizer.log.error("Error instantiating class or interface [" + qn + "], needed for constant [" + _class_name + "." + _field_name + "]"); - else - classes.add(cl); - } - } - - // For each class, try to find a constant with the given name - final Set fields = new HashSet(); - Field f = null; - int mod = -1; - for(Class c: classes) { - try { - f = c.getDeclaredField(_field_name); - mod = f.getModifiers(); - if(Modifier.isStatic(mod) && Modifier.isFinal(mod)) { - fields.add(f); - } - } - catch (NoSuchFieldException e) {} - catch (NoClassDefFoundError e) { - UniqueNameNormalizer.log.error("Class definition not found when searching for constant [" + _field_name + "] in class or interface [" + c.getName() + "]: " + e.getMessage()); - } - catch (SecurityException e) { - UniqueNameNormalizer.log.error("Security exception when searching for constant [" + _field_name + "] in class or interface [" + c.getName() + "]: " + e.getMessage(), e); - } - } - return fields; - } - - /** - *

setClassUnderAnalysisName.

- * - * @param _name a {@link java.lang.String} object. - */ - public void setClassUnderAnalysisName(String _name){ - cua = _name; + // Add if found, otherwise write error message + if (cl == null) + UniqueNameNormalizer.log.error( + "Error instantiating class or interface [" + + qn + + "], needed for constant [" + + _class_name + + "." + + _field_name + + "]"); + else classes.add(cl); + } + } + + // For each class, try to find a constant with the given name + final Set fields = new HashSet(); + Field f = null; + int mod = -1; + for (Class c : classes) { + try { + f = c.getDeclaredField(_field_name); + mod = f.getModifiers(); + if (Modifier.isStatic(mod) && Modifier.isFinal(mod)) { + fields.add(f); } + } catch (NoSuchFieldException e) { + } catch (NoClassDefFoundError e) { + UniqueNameNormalizer.log.error( + "Class definition not found when searching for constant [" + + _field_name + + "] in class or interface [" + + c.getName() + + "]: " + + e.getMessage()); + } catch (SecurityException e) { + UniqueNameNormalizer.log.error( + "Security exception when searching for constant [" + + _field_name + + "] in class or interface [" + + c.getName() + + "]: " + + e.getMessage(), + e); + } + } + return fields; + } + + /** + *

setClassUnderAnalysisName.

+ * + * @param _name a {@link java.lang.String} object. + */ + public void setClassUnderAnalysisName(String _name) { + cua = _name; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureDeserializer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureDeserializer.java index a38e3d01e..ce2726f20 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureDeserializer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureDeserializer.java @@ -19,7 +19,6 @@ */ package com.sap.psr.vulas.java.sign.gson; -import ch.uzh.ifi.seal.changedistiller.distilling.Distiller; import java.io.IOException; import java.util.List; @@ -36,123 +35,125 @@ import ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeEntity; import ch.uzh.ifi.seal.changedistiller.treedifferencing.Node; - import org.apache.logging.log4j.Logger; - /** *

ASTConstructBodySignatureDeserializer class.

* */ -public class ASTConstructBodySignatureDeserializer extends StdDeserializer { -private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - /** - *

Constructor for ASTConstructBodySignatureDeserializer.

- */ - public ASTConstructBodySignatureDeserializer() { - this(null); - } - - /** - *

Constructor for ASTConstructBodySignatureDeserializer.

- * - * @param t a {@link java.lang.Class} object. - */ - public ASTConstructBodySignatureDeserializer(Class t) { - super(t); - } - - private Node getAstNode(JsonNode _json_node){ - - final String value = _json_node.findValue("Value").asText(); - final String type_str = _json_node.findValue("EntityType").asText(); - final EntityType type = ASTUtil.getJavaEntityType(type_str); - - // Instantiate the Node object here - Node ast_node = new Node(type, value); - - // Retrieve the SourceCodeEntity - final JsonNode src_code_entity = _json_node.findValue("SourceCodeEntity"); - final int modifiers = src_code_entity.findValue("Modifiers").asInt(); - - // SourceRange JsonObject - final JsonNode src_range_json = src_code_entity.findValue("SourceRange"); - final int src_start = src_range_json.findValue("Start").asInt(); - final int src_end = src_range_json.findValue("End").asInt(); - final SourceRange src_range = new SourceRange(src_start, src_end); - - final SourceCodeEntity srcCodeEntity = new SourceCodeEntity(value, type, modifiers, src_range); - ast_node.setEntity(srcCodeEntity); - - // Loop the children - List children = _json_node.findValues("C"); - - for(JsonNode json_child: children) { - if ( json_child.isArray() ){ - for ( int i=0; i ast_nodes = json_root.findValues("ast"); - final JsonNode ast_root = ast_nodes.get(0); - final String value = ast_root.findValue("Value").asText(); - final String type_str = ast_root.findValue("EntityType").asText(); - final EntityType type = ASTUtil.getJavaEntityType(type_str); - - // To be returned - ASTConstructBodySignature astConstructSign = new ASTConstructBodySignature(type, value); - - //Create the Root Node - astConstructSign.setRoot(astConstructSign); - - //TODO : Check if these setting are really necessary to compute the "diff" as an input to changedistiller - //Settings for order and matching - //astConstructSign.enableInOrder(); - //astConstructSign.enableMatched(); - - // Loop the children - List children = ast_root.findValues("C"); - // from jackson documentation: - // findValues(String fieldName) - // Method for finding JSON Object fields with specified name, and returning found ones as a List. - for(JsonNode json_child: children) { - if ( json_child.isArray() ){ - for ( int i=0; i { + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + /** + *

Constructor for ASTConstructBodySignatureDeserializer.

+ */ + public ASTConstructBodySignatureDeserializer() { + this(null); + } + + /** + *

Constructor for ASTConstructBodySignatureDeserializer.

+ * + * @param t a {@link java.lang.Class} object. + */ + public ASTConstructBodySignatureDeserializer(Class t) { + super(t); + } + + private Node getAstNode(JsonNode _json_node) { + + final String value = _json_node.findValue("Value").asText(); + final String type_str = _json_node.findValue("EntityType").asText(); + final EntityType type = ASTUtil.getJavaEntityType(type_str); + + // Instantiate the Node object here + Node ast_node = new Node(type, value); + + // Retrieve the SourceCodeEntity + final JsonNode src_code_entity = _json_node.findValue("SourceCodeEntity"); + final int modifiers = src_code_entity.findValue("Modifiers").asInt(); + + // SourceRange JsonObject + final JsonNode src_range_json = src_code_entity.findValue("SourceRange"); + final int src_start = src_range_json.findValue("Start").asInt(); + final int src_end = src_range_json.findValue("End").asInt(); + final SourceRange src_range = new SourceRange(src_start, src_end); + + final SourceCodeEntity srcCodeEntity = new SourceCodeEntity(value, type, modifiers, src_range); + ast_node.setEntity(srcCodeEntity); + + // Loop the children + List children = _json_node.findValues("C"); + + for (JsonNode json_child : children) { + if (json_child.isArray()) { + for (int i = 0; i < json_child.size(); i++) { + Node ast_child = getAstNode(json_child.get(i)); + ast_node.add(ast_child); + } + } else { + Node ast_child = getAstNode(json_child); + ast_node.add(ast_child); + } + } + + return ast_node; + } + + /** {@inheritDoc} */ + @Override + public ASTConstructBodySignature deserialize(JsonParser jp, DeserializationContext ctx) + throws IOException, JsonProcessingException { + final JsonNode json_root = jp.getCodec().readTree(jp); + final List ast_nodes = json_root.findValues("ast"); + final JsonNode ast_root = ast_nodes.get(0); + final String value = ast_root.findValue("Value").asText(); + final String type_str = ast_root.findValue("EntityType").asText(); + final EntityType type = ASTUtil.getJavaEntityType(type_str); + + // To be returned + ASTConstructBodySignature astConstructSign = new ASTConstructBodySignature(type, value); + + // Create the Root Node + astConstructSign.setRoot(astConstructSign); + + // TODO : Check if these setting are really necessary to compute the "diff" as an input to + // changedistiller + // Settings for order and matching + // astConstructSign.enableInOrder(); + // astConstructSign.enableMatched(); + + // Loop the children + List children = ast_root.findValues("C"); + // from jackson documentation: + // findValues(String fieldName) + // Method for finding JSON Object fields with specified name, and returning found ones as a + // List. + for (JsonNode json_child : children) { + if (json_child.isArray()) { + for (int i = 0; i < json_child.size(); i++) { + Node ast_child = getAstNode(json_child.get(i)); + astConstructSign.add(ast_child); + } + } else { + Node ast_child = getAstNode(json_child); + astConstructSign.add(ast_child); + } + } + + // Retrieve the SourceCodeEntity + final JsonNode src_code_entity = ast_root.findValue("SourceCodeEntity"); + final int modifiers = src_code_entity.findValue("Modifiers").asInt(); + + // SourceRange JsonObject + final JsonNode src_range_json = src_code_entity.findValue("SourceRange"); + final int src_start = src_range_json.findValue("Start").asInt(); + final int src_end = src_range_json.findValue("End").asInt(); + final SourceRange src_range = new SourceRange(src_start, src_end); + + final SourceCodeEntity srcCodeEntity = new SourceCodeEntity(value, type, modifiers, src_range); + astConstructSign.setEntity(srcCodeEntity); + + return astConstructSign; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureSerializer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureSerializer.java index 3e6601268..53876185f 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureSerializer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTConstructBodySignatureSerializer.java @@ -26,7 +26,6 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.sap.psr.vulas.java.sign.ASTConstructBodySignature; -import com.sap.psr.vulas.shared.json.JsonBuilder; import ch.uzh.ifi.seal.changedistiller.treedifferencing.Node; @@ -36,87 +35,90 @@ */ public class ASTConstructBodySignatureSerializer extends StdSerializer { - /** - *

Constructor for ASTConstructBodySignatureSerializer.

- */ - public ASTConstructBodySignatureSerializer() { - this(null); - } + /** + *

Constructor for ASTConstructBodySignatureSerializer.

+ */ + public ASTConstructBodySignatureSerializer() { + this(null); + } - /** - *

Constructor for ASTConstructBodySignatureSerializer.

- * - * @param t a {@link java.lang.Class} object. - */ - public ASTConstructBodySignatureSerializer(Class t) { - super(t); - } + /** + *

Constructor for ASTConstructBodySignatureSerializer.

+ * + * @param t a {@link java.lang.Class} object. + */ + public ASTConstructBodySignatureSerializer(Class t) { + super(t); + } - /** - * @param n - The Root Node - * @return - JSON representation of the AST - * NB : An ast as an array of Nodes - * A Node {"name" : "Value of Node", "parent" : "value of parent Node", "children" : [{"name" : "value of node", "parent" : "value of parent Node"},......,{}]} - */ - private void writeComplexNode(JsonGenerator jgen, Node n) throws IOException { - if(n.isLeaf()){ - jgen.writeStartObject(); - this.writeNodeProperties(jgen, n); - jgen.writeEndObject(); - } - else{ - for(int i=0; i < n.getChildCount(); i++) { - final Node node = (Node)n.getChildAt(i); - jgen.writeStartObject(); - this.writeNodeProperties(jgen, node); - if(!node.isLeaf()) { - jgen.writeArrayFieldStart("C"); - this.writeComplexNode(jgen, node); - jgen.writeEndArray(); - } - jgen.writeEndObject(); - } - } - } + /** + * @param n - The Root Node + * @return - JSON representation of the AST + * NB : An ast as an array of Nodes + * A Node {"name" : "Value of Node", "parent" : "value of parent Node", "children" : [{"name" : "value of node", "parent" : "value of parent Node"},......,{}]} + */ + private void writeComplexNode(JsonGenerator jgen, Node n) throws IOException { + if (n.isLeaf()) { + jgen.writeStartObject(); + this.writeNodeProperties(jgen, n); + jgen.writeEndObject(); + } else { + for (int i = 0; i < n.getChildCount(); i++) { + final Node node = (Node) n.getChildAt(i); + jgen.writeStartObject(); + this.writeNodeProperties(jgen, node); + if (!node.isLeaf()) { + jgen.writeArrayFieldStart("C"); + this.writeComplexNode(jgen, node); + jgen.writeEndArray(); + } + jgen.writeEndObject(); + } + } + } - /** - * Writes various properties of the given {@link Node}. - * @param n the node whose properties are written - */ - private void writeNodeProperties(JsonGenerator jgen, Node n) throws IOException { - jgen.writeStringField("Value", n.getValue().toString()); - // The unique name has the same information as Node.Value - //buffer.append("\"UniqueName\" : " ).append(JsonBuilder.escape(n.getEntity().getUniqueName().toString())).append(","); ; + /** + * Writes various properties of the given {@link Node}. + * @param n the node whose properties are written + */ + private void writeNodeProperties(JsonGenerator jgen, Node n) throws IOException { + jgen.writeStringField("Value", n.getValue().toString()); + // The unique name has the same information as Node.Value + // buffer.append("\"UniqueName\" : " + // ).append(JsonBuilder.escape(n.getEntity().getUniqueName().toString())).append(","); ; - jgen.writeObjectFieldStart("SourceCodeEntity"); - jgen.writeStringField("Modifiers", new Integer(n.getEntity().getModifiers()).toString()); + jgen.writeObjectFieldStart("SourceCodeEntity"); + jgen.writeStringField("Modifiers", new Integer(n.getEntity().getModifiers()).toString()); - jgen.writeObjectFieldStart("SourceRange"); - jgen.writeStringField("Start", new Integer(n.getEntity().getSourceRange().getStart()).toString()); - jgen.writeStringField("End", new Integer(n.getEntity().getSourceRange().getEnd()).toString()); - jgen.writeEndObject(); // SourceRange + jgen.writeObjectFieldStart("SourceRange"); + jgen.writeStringField( + "Start", new Integer(n.getEntity().getSourceRange().getStart()).toString()); + jgen.writeStringField("End", new Integer(n.getEntity().getSourceRange().getEnd()).toString()); + jgen.writeEndObject(); // SourceRange - jgen.writeEndObject(); // SourceCodeEntity - jgen.writeStringField("EntityType", n.getEntity().getType().toString()); - } + jgen.writeEndObject(); // SourceCodeEntity + jgen.writeStringField("EntityType", n.getEntity().getType().toString()); + } - /** {@inheritDoc} */ - @Override - public void serialize(ASTConstructBodySignature value, JsonGenerator jgen, SerializerProvider provider) throws IOException, JsonProcessingException { - jgen.writeStartObject(); - jgen.writeArrayFieldStart("ast"); - final Node n = value.getRoot(); - if(n.isRoot()){ - jgen.writeStartObject(); - this.writeNodeProperties(jgen, n); - if(!n.isLeaf()) { - jgen.writeArrayFieldStart("C"); - this.writeComplexNode(jgen, n); - jgen.writeEndArray(); - } - jgen.writeEndObject(); - } - jgen.writeEndArray(); - jgen.writeEndObject(); - } + /** {@inheritDoc} */ + @Override + public void serialize( + ASTConstructBodySignature value, JsonGenerator jgen, SerializerProvider provider) + throws IOException, JsonProcessingException { + jgen.writeStartObject(); + jgen.writeArrayFieldStart("ast"); + final Node n = value.getRoot(); + if (n.isRoot()) { + jgen.writeStartObject(); + this.writeNodeProperties(jgen, n); + if (!n.isLeaf()) { + jgen.writeArrayFieldStart("C"); + this.writeComplexNode(jgen, n); + jgen.writeEndArray(); + } + jgen.writeEndObject(); + } + jgen.writeEndArray(); + jgen.writeEndObject(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeDeserializer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeDeserializer.java index 74c9ced4c..6d1ac666c 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeDeserializer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeDeserializer.java @@ -25,7 +25,6 @@ import org.apache.logging.log4j.Logger; - import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationContext; @@ -53,7 +52,7 @@ */ /** - * + * * /** * * JSON representation of ASTSignatureChange: @@ -104,227 +103,231 @@ */ public class ASTSignatureChangeDeserializer extends StdDeserializer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - // Values for JsonElement Names, used as a member name during deserialization - // We need only to change these value if the name/value pair of a JsonElement - // changes in the json representation of the ASTSignatureChange - // For instance, if we want to compress the json object - not to store a large - // amount data in the DB. - private static String SIGN_CHANGE = "vulasChange"; - private static String CHANGE_TYPE = "changeType"; - - // StructureEntity, ROOT Entity - private static String STRUCTURE_ENTITY = "StructureEntity"; - private static String STRUCTURE_ENTITY_UNIQUE_NAME = "UniqueName"; - private static String STRUCTURE_ENTITY_ENTITY_TYPE = "EntityType"; - private static String STRUCTURE_ENTITY_MODIFIERS = "Modifiers"; - private static String STRUCTURE_ENTITY_CHANGES = "changes"; - - // ChagedEntity - private static String SOURCE_CODE_ENTITY = "SourceCodeEntity"; - private static String SRC_ENTITY_UNIQUE_NAME = "UniqueName"; - private static String SRC_ENTITY_TYPE = "EntityType"; - private static String SRC_ENTITY_MODIFIERS = "Modifiers"; - private static String SRC_ENTITY_SOURCE_RANGE = "SourceCodeRange"; - private static String SRC_ENTITY_SOURCE_RANGE_END = "End"; - private static String SRC_ENTITY_SOURCE_RANGE_START = "Start"; - - // parentEntity - private static String PARENT_SOURCE_CODE_ENTITY = "parentEntity"; - private static String PARENT_SRC_ENTITY_UNIQUE_NAME = "UniqueName"; - private static String PARENT_SRC_ENTITY_TYPE = "EntityType"; - private static String PARENT_SRC_ENTITY_MODIFIERS = "Modifiers"; - private static String PARENT_SRC_ENTITY_SOURCE_RANGE = "SourceRange"; - private static String PARENT_SRC_ENTITY_SOURCE_RANGE_END = "End"; - private static String PARENT_SRC_ENTITY_SOURCE_RANGE_START = "Start"; - - // private Set srcCodeChanges; - // private SourceCodeChange srcCodeChange; - // private StructureEntityVersion rootEntity = null; - // List of SourceCodeChange modifications - // private List srcCodeChangeList= new - // ArrayList(); - - // ASTSignatureChange - // private ASTSignatureChange astSignChange = null; - - // Signature - // private SignatureChange signChange = null; - // private ChangeType changeType = null; - - /** - *

- * Constructor for ASTSignatureChangeDeserializer. - *

- */ - public ASTSignatureChangeDeserializer() { - this(null); - } - - /** - *

- * Constructor for ASTSignatureChangeDeserializer. - *

- * - * @param t a {@link java.lang.Class} object. - */ - public ASTSignatureChangeDeserializer(Class t) { - super(t); - } - - - /** - * Helper method for retrieving a SourceCodeEntity element - */ - private SourceCodeEntity getSourceCodeEntityElement(JsonNode srcCodeEntityJsonObject) { - - // Retrieve the SourceCodeEntity - SourceCodeEntity srcCodeEntity = null; - String fValue = srcCodeEntityJsonObject.get("UniqueName").asText(); // Retrieve the Value - String strLabel = srcCodeEntityJsonObject.get("EntityType").asText(); - EntityType fLabel = ASTUtil.getJavaEntityType(strLabel); // Retrieve the EntityType - int modifiers = srcCodeEntityJsonObject.get(SRC_ENTITY_MODIFIERS).asInt(); - - // SourceRange JsonObject - JsonNode srcCodeEntitySrcRangeJsonObject = srcCodeEntityJsonObject.get(SRC_ENTITY_SOURCE_RANGE); - int srcRangeStart = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_START).asInt(); - int srcRangeEnd = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_END).asInt(); - SourceRange srcRange = new SourceRange(srcRangeStart, srcRangeEnd); - srcCodeEntity = new SourceCodeEntity(fValue, fLabel, modifiers, srcRange); - - srcCodeEntity = new SourceCodeEntity(fValue, fLabel, modifiers, srcRange); - return srcCodeEntity; - } - - @Override - public SignatureChange deserialize(JsonParser p, DeserializationContext ctxt) - throws IOException, JsonProcessingException { - // HP, 10.12.2015, the following were members, now moved into method - SourceCodeChange srcCodeChange; - StructureEntityVersion rootEntity = null; - List srcCodeChangeList = new ArrayList(); - ChangeType changeType = null; - - // The deserialization logic goes here - - final JsonNode json_root = p.getCodec().readTree(p); - final List strEntity_nodes = json_root.findValues(STRUCTURE_ENTITY); - final JsonNode strEntity_root = strEntity_nodes.get(0); - String uniqueName = strEntity_root.findValue(STRUCTURE_ENTITY_UNIQUE_NAME).asText(); - EntityType type = ASTUtil.getJavaEntityType(strEntity_root.findValue(STRUCTURE_ENTITY_ENTITY_TYPE).asText()); - int modifiers = strEntity_root.findValue(SRC_ENTITY_MODIFIERS).asInt(); - - - rootEntity = new StructureEntityVersion(type, uniqueName, modifiers); - - - JsonNode changesJsonArray = strEntity_root.get("changes"); - SourceCodeChange[] srcCodeChanges = new SourceCodeChange[changesJsonArray.size()]; - //Read in the Value the array from the "changes" element - if (changesJsonArray.isArray()) { - for (final JsonNode change : changesJsonArray) { - //Depending on the "OperationType" of the "changes" element, initialize the appropriate sourceCodeChange element (Insert, Update, Move, Delete) - String operationType = change.findValue("OperationType").asText(); - /* - * switch(operationType) { - */ - // case "Insert": - if (operationType.equals("Insert")) { - - changeType = ASTUtil.getChangeType(change.findValue("changeType").asText()); - SourceCodeEntity insertedEntity = this - .getSourceCodeEntityElement(change.findValue("InsertedEntity")); - SourceCodeEntity parentEntity = this - .getSourceCodeEntityElement(change.findValue("ParentEntity")); - - srcCodeChange = new Insert(changeType, rootEntity, // StructureEntityVersion - insertedEntity, // New Inserted Entity - parentEntity); // ParentEntity for the New Inserted Node - - // Add it to the List - srcCodeChangeList.add(srcCodeChange); - // break; - - } - - else if (operationType.equals("Move")) { -// case "Move": - changeType = ASTUtil.getChangeType(change.get("changeType").asText()); - SourceCodeEntity movedEntity = this - .getSourceCodeEntityElement(change.get("MovedEntity")); - SourceCodeEntity newEntity = this - .getSourceCodeEntityElement(change.get("NewEntity")); - SourceCodeEntity oldParentEntity = this - .getSourceCodeEntityElement(change.get("OldParentEntity")); - SourceCodeEntity newParentEntity = this.getSourceCodeEntityElement( - change.get("NewParentEntity")); - - // srcCodeChange.setRootEntity(rootEntity); //StructureEntityVersion - srcCodeChange = new Move(changeType, rootEntity, movedEntity, newEntity, oldParentEntity, - newParentEntity); - - // Add it to the List - srcCodeChangeList.add(srcCodeChange); - // break; - } - - // case "Update": - else if (operationType.equals("Update")) { - changeType = ASTUtil.getChangeType(change.get("changeType").asText()); - - SourceCodeEntity updatedEntity = this - .getSourceCodeEntityElement(change.get("UpdatedEntity")); - SourceCodeEntity newEntityUpdate = this - .getSourceCodeEntityElement(change.get("NewEntity")); - SourceCodeEntity parentEntityUpdate = this - .getSourceCodeEntityElement(change.get("ParentEntity")); - - srcCodeChange = new Update(changeType, rootEntity, updatedEntity, // Old Updated Entity - newEntityUpdate, // New Updated Entity - parentEntityUpdate); // Same Parent Entity - - // Add it to the Set - srcCodeChangeList.add(srcCodeChange); - - // break; - } - - // case "Delete": - - else if (operationType.equals("Delete")) { - changeType = ASTUtil.getChangeType(change.get("changeType").asText()); - SourceCodeEntity deletedEntity = this - .getSourceCodeEntityElement(change.get("DeletedEntity")); - SourceCodeEntity parentEntityDelete = this - .getSourceCodeEntityElement(change.get("ParentEntity")); - - srcCodeChange = new Delete(changeType, rootEntity, // StructureEntityVersion; - deletedEntity, // Deleted Entity - parentEntityDelete); // ParentEntity - - // Add it to the Set - srcCodeChangeList.add(srcCodeChange); - - // break; - } else { - log.info("Unsupported Operation Type" + operationType); - } - - /* - * default: } - */ - - } //closes for loop - - } - - //Add the List to the StructureEntityVersion instance - rootEntity.addAllSourceCodeChanges(srcCodeChangeList); - - //astSignChange = new ASTSignatureChange(srcCodeChangeList); - ASTSignatureChange astSignChange = new ASTSignatureChange(rootEntity); - return astSignChange; - - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + // Values for JsonElement Names, used as a member name during deserialization + // We need only to change these value if the name/value pair of a JsonElement + // changes in the json representation of the ASTSignatureChange + // For instance, if we want to compress the json object - not to store a large + // amount data in the DB. + private static String SIGN_CHANGE = "vulasChange"; + private static String CHANGE_TYPE = "changeType"; + + // StructureEntity, ROOT Entity + private static String STRUCTURE_ENTITY = "StructureEntity"; + private static String STRUCTURE_ENTITY_UNIQUE_NAME = "UniqueName"; + private static String STRUCTURE_ENTITY_ENTITY_TYPE = "EntityType"; + private static String STRUCTURE_ENTITY_MODIFIERS = "Modifiers"; + private static String STRUCTURE_ENTITY_CHANGES = "changes"; + + // ChagedEntity + private static String SOURCE_CODE_ENTITY = "SourceCodeEntity"; + private static String SRC_ENTITY_UNIQUE_NAME = "UniqueName"; + private static String SRC_ENTITY_TYPE = "EntityType"; + private static String SRC_ENTITY_MODIFIERS = "Modifiers"; + private static String SRC_ENTITY_SOURCE_RANGE = "SourceCodeRange"; + private static String SRC_ENTITY_SOURCE_RANGE_END = "End"; + private static String SRC_ENTITY_SOURCE_RANGE_START = "Start"; + + // parentEntity + private static String PARENT_SOURCE_CODE_ENTITY = "parentEntity"; + private static String PARENT_SRC_ENTITY_UNIQUE_NAME = "UniqueName"; + private static String PARENT_SRC_ENTITY_TYPE = "EntityType"; + private static String PARENT_SRC_ENTITY_MODIFIERS = "Modifiers"; + private static String PARENT_SRC_ENTITY_SOURCE_RANGE = "SourceRange"; + private static String PARENT_SRC_ENTITY_SOURCE_RANGE_END = "End"; + private static String PARENT_SRC_ENTITY_SOURCE_RANGE_START = "Start"; + + // private Set srcCodeChanges; + // private SourceCodeChange srcCodeChange; + // private StructureEntityVersion rootEntity = null; + // List of SourceCodeChange modifications + // private List srcCodeChangeList= new + // ArrayList(); + + // ASTSignatureChange + // private ASTSignatureChange astSignChange = null; + + // Signature + // private SignatureChange signChange = null; + // private ChangeType changeType = null; + + /** + *

+ * Constructor for ASTSignatureChangeDeserializer. + *

+ */ + public ASTSignatureChangeDeserializer() { + this(null); + } + + /** + *

+ * Constructor for ASTSignatureChangeDeserializer. + *

+ * + * @param t a {@link java.lang.Class} object. + */ + public ASTSignatureChangeDeserializer(Class t) { + super(t); + } + + /** + * Helper method for retrieving a SourceCodeEntity element + */ + private SourceCodeEntity getSourceCodeEntityElement(JsonNode srcCodeEntityJsonObject) { + + // Retrieve the SourceCodeEntity + SourceCodeEntity srcCodeEntity = null; + String fValue = srcCodeEntityJsonObject.get("UniqueName").asText(); // Retrieve the Value + String strLabel = srcCodeEntityJsonObject.get("EntityType").asText(); + EntityType fLabel = ASTUtil.getJavaEntityType(strLabel); // Retrieve the EntityType + int modifiers = srcCodeEntityJsonObject.get(SRC_ENTITY_MODIFIERS).asInt(); + + // SourceRange JsonObject + JsonNode srcCodeEntitySrcRangeJsonObject = srcCodeEntityJsonObject.get(SRC_ENTITY_SOURCE_RANGE); + int srcRangeStart = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_START).asInt(); + int srcRangeEnd = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_END).asInt(); + SourceRange srcRange = new SourceRange(srcRangeStart, srcRangeEnd); + srcCodeEntity = new SourceCodeEntity(fValue, fLabel, modifiers, srcRange); + + srcCodeEntity = new SourceCodeEntity(fValue, fLabel, modifiers, srcRange); + return srcCodeEntity; + } + + @Override + public SignatureChange deserialize(JsonParser p, DeserializationContext ctxt) + throws IOException, JsonProcessingException { + // HP, 10.12.2015, the following were members, now moved into method + SourceCodeChange srcCodeChange; + StructureEntityVersion rootEntity = null; + List srcCodeChangeList = new ArrayList(); + ChangeType changeType = null; + + // The deserialization logic goes here + + final JsonNode json_root = p.getCodec().readTree(p); + final List strEntity_nodes = json_root.findValues(STRUCTURE_ENTITY); + final JsonNode strEntity_root = strEntity_nodes.get(0); + String uniqueName = strEntity_root.findValue(STRUCTURE_ENTITY_UNIQUE_NAME).asText(); + EntityType type = + ASTUtil.getJavaEntityType(strEntity_root.findValue(STRUCTURE_ENTITY_ENTITY_TYPE).asText()); + int modifiers = strEntity_root.findValue(SRC_ENTITY_MODIFIERS).asInt(); + + rootEntity = new StructureEntityVersion(type, uniqueName, modifiers); + + JsonNode changesJsonArray = strEntity_root.get("changes"); + SourceCodeChange[] srcCodeChanges = new SourceCodeChange[changesJsonArray.size()]; + // Read in the Value the array from the "changes" element + if (changesJsonArray.isArray()) { + for (final JsonNode change : changesJsonArray) { + // Depending on the "OperationType" of the "changes" element, initialize the appropriate + // sourceCodeChange element (Insert, Update, Move, Delete) + String operationType = change.findValue("OperationType").asText(); + /* + * switch(operationType) { + */ + // case "Insert": + if (operationType.equals("Insert")) { + + changeType = ASTUtil.getChangeType(change.findValue("changeType").asText()); + SourceCodeEntity insertedEntity = + this.getSourceCodeEntityElement(change.findValue("InsertedEntity")); + SourceCodeEntity parentEntity = + this.getSourceCodeEntityElement(change.findValue("ParentEntity")); + + srcCodeChange = + new Insert( + changeType, + rootEntity, // StructureEntityVersion + insertedEntity, // New Inserted Entity + parentEntity); // ParentEntity for the New Inserted Node + + // Add it to the List + srcCodeChangeList.add(srcCodeChange); + // break; + + } else if (operationType.equals("Move")) { + // case "Move": + changeType = ASTUtil.getChangeType(change.get("changeType").asText()); + SourceCodeEntity movedEntity = this.getSourceCodeEntityElement(change.get("MovedEntity")); + SourceCodeEntity newEntity = this.getSourceCodeEntityElement(change.get("NewEntity")); + SourceCodeEntity oldParentEntity = + this.getSourceCodeEntityElement(change.get("OldParentEntity")); + SourceCodeEntity newParentEntity = + this.getSourceCodeEntityElement(change.get("NewParentEntity")); + + // srcCodeChange.setRootEntity(rootEntity); //StructureEntityVersion + srcCodeChange = + new Move( + changeType, rootEntity, movedEntity, newEntity, oldParentEntity, newParentEntity); + + // Add it to the List + srcCodeChangeList.add(srcCodeChange); + // break; + } + + // case "Update": + else if (operationType.equals("Update")) { + changeType = ASTUtil.getChangeType(change.get("changeType").asText()); + + SourceCodeEntity updatedEntity = + this.getSourceCodeEntityElement(change.get("UpdatedEntity")); + SourceCodeEntity newEntityUpdate = + this.getSourceCodeEntityElement(change.get("NewEntity")); + SourceCodeEntity parentEntityUpdate = + this.getSourceCodeEntityElement(change.get("ParentEntity")); + + srcCodeChange = + new Update( + changeType, + rootEntity, + updatedEntity, // Old Updated Entity + newEntityUpdate, // New Updated Entity + parentEntityUpdate); // Same Parent Entity + + // Add it to the Set + srcCodeChangeList.add(srcCodeChange); + + // break; + } + + // case "Delete": + + else if (operationType.equals("Delete")) { + changeType = ASTUtil.getChangeType(change.get("changeType").asText()); + SourceCodeEntity deletedEntity = + this.getSourceCodeEntityElement(change.get("DeletedEntity")); + SourceCodeEntity parentEntityDelete = + this.getSourceCodeEntityElement(change.get("ParentEntity")); + + srcCodeChange = + new Delete( + changeType, + rootEntity, // StructureEntityVersion; + deletedEntity, // Deleted Entity + parentEntityDelete); // ParentEntity + + // Add it to the Set + srcCodeChangeList.add(srcCodeChange); + + // break; + } else { + log.info("Unsupported Operation Type" + operationType); + } + + /* + * default: } + */ + + } // closes for loop + } + + // Add the List to the StructureEntityVersion instance + rootEntity.addAllSourceCodeChanges(srcCodeChangeList); + + // astSignChange = new ASTSignatureChange(srcCodeChangeList); + ASTSignatureChange astSignChange = new ASTSignatureChange(rootEntity); + return astSignChange; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeSerializer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeSerializer.java index 9f5a8b4d5..7f96b381d 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeSerializer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureChangeSerializer.java @@ -26,7 +26,6 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.sap.psr.vulas.java.sign.ASTSignatureChange; -import com.sap.psr.vulas.shared.json.JsonBuilder; import ch.uzh.ifi.seal.changedistiller.model.entities.Delete; import ch.uzh.ifi.seal.changedistiller.model.entities.Insert; @@ -41,89 +40,94 @@ */ public class ASTSignatureChangeSerializer extends StdSerializer { - /** - *

Constructor for ASTSignatureChangeSerializer.

- */ - public ASTSignatureChangeSerializer() { - this(null); - } - - /** - *

Constructor for ASTSignatureChangeSerializer.

- * - * @param t a {@link java.lang.Class} object. - */ - public ASTSignatureChangeSerializer(Class t) { - super(t); - } - - /** - * Helper method for building a "SourceCodeEntity" element - * - * @param change - SourcCodeChangeElement - * @param buffer - */ - private void writeSourceCodeEntityElement(JsonGenerator jgen, String _property_name, SourceCodeEntity _entity) throws IOException { - jgen.writeObjectFieldStart(_property_name); - jgen.writeStringField("UniqueName", _entity.getUniqueName().toString()); - jgen.writeStringField("EntityType", _entity.getType().toString()); - jgen.writeStringField("Modifiers", new Integer(_entity.getModifiers()).toString()); - jgen.writeObjectFieldStart("SourceCodeRange"); - jgen.writeStringField("Start", new Integer(_entity.getSourceRange().getStart()).toString()); - jgen.writeStringField("End", new Integer(_entity.getSourceRange().getEnd()).toString()); - jgen.writeEndObject(); - jgen.writeEndObject(); - } - - /** {@inheritDoc} */ - @Override - public void serialize(ASTSignatureChange value, JsonGenerator jgen, SerializerProvider provider) throws IOException, JsonProcessingException { - - jgen.writeStartObject(); - - jgen.writeObjectFieldStart("StructureEntity"); - - jgen.writeStringField("UniqueName", value.getStructureEntity().getUniqueName()); - jgen.writeStringField("EntityType", value.getStructureEntity().getType().toString()); - jgen.writeStringField("Modifiers", new Integer(value.getStructureEntity().getModifiers()).toString()); - - jgen.writeArrayFieldStart("changes"); - - for(SourceCodeChange change : value.getListOfChanges()) { - - jgen.writeStartObject(); - - jgen.writeStringField("OperationType", change.getClass().getSimpleName()); - jgen.writeStringField("changeType", change.getChangeType().toString()); - - // INSERT OPERATION - if(change instanceof Insert) { - this.writeSourceCodeEntityElement(jgen, "InsertedEntity", change.getChangedEntity()); - this.writeSourceCodeEntityElement(jgen, "ParentEntity", change.getParentEntity()); - } - //DELETE OPERATION - else if(change instanceof Delete) { - this.writeSourceCodeEntityElement(jgen, "DeletedEntity", change.getChangedEntity()); - this.writeSourceCodeEntityElement(jgen, "ParentEntity", change.getParentEntity()); - } - //MOVE OPERATION - else if(change instanceof Move) { - this.writeSourceCodeEntityElement(jgen, "OldParentEntity", change.getParentEntity()); - this.writeSourceCodeEntityElement(jgen, "MovedEntity", change.getChangedEntity()); - this.writeSourceCodeEntityElement(jgen, "NewParentEntity", ((Move)change).getNewParentEntity()); - this.writeSourceCodeEntityElement(jgen, "NewEntity", ((Move)change).getNewEntity()); - } - //UPDATE OPERATION - else if(change instanceof Update) { - this.writeSourceCodeEntityElement(jgen, "NewEntity", ((Update)change).getNewEntity()); - this.writeSourceCodeEntityElement(jgen, "UpdatedEntity", ((Update)change).getChangedEntity()); - this.writeSourceCodeEntityElement(jgen, "ParentEntity", change.getParentEntity()); - } - - jgen.writeEndObject(); - } - jgen.writeEndArray(); // changes - jgen.writeEndObject(); // StructureEntity - jgen.writeEndObject(); - } + /** + *

Constructor for ASTSignatureChangeSerializer.

+ */ + public ASTSignatureChangeSerializer() { + this(null); + } + + /** + *

Constructor for ASTSignatureChangeSerializer.

+ * + * @param t a {@link java.lang.Class} object. + */ + public ASTSignatureChangeSerializer(Class t) { + super(t); + } + + /** + * Helper method for building a "SourceCodeEntity" element + * + * @param change - SourcCodeChangeElement + * @param buffer + */ + private void writeSourceCodeEntityElement( + JsonGenerator jgen, String _property_name, SourceCodeEntity _entity) throws IOException { + jgen.writeObjectFieldStart(_property_name); + jgen.writeStringField("UniqueName", _entity.getUniqueName().toString()); + jgen.writeStringField("EntityType", _entity.getType().toString()); + jgen.writeStringField("Modifiers", new Integer(_entity.getModifiers()).toString()); + jgen.writeObjectFieldStart("SourceCodeRange"); + jgen.writeStringField("Start", new Integer(_entity.getSourceRange().getStart()).toString()); + jgen.writeStringField("End", new Integer(_entity.getSourceRange().getEnd()).toString()); + jgen.writeEndObject(); + jgen.writeEndObject(); + } + + /** {@inheritDoc} */ + @Override + public void serialize(ASTSignatureChange value, JsonGenerator jgen, SerializerProvider provider) + throws IOException, JsonProcessingException { + + jgen.writeStartObject(); + + jgen.writeObjectFieldStart("StructureEntity"); + + jgen.writeStringField("UniqueName", value.getStructureEntity().getUniqueName()); + jgen.writeStringField("EntityType", value.getStructureEntity().getType().toString()); + jgen.writeStringField( + "Modifiers", new Integer(value.getStructureEntity().getModifiers()).toString()); + + jgen.writeArrayFieldStart("changes"); + + for (SourceCodeChange change : value.getListOfChanges()) { + + jgen.writeStartObject(); + + jgen.writeStringField("OperationType", change.getClass().getSimpleName()); + jgen.writeStringField("changeType", change.getChangeType().toString()); + + // INSERT OPERATION + if (change instanceof Insert) { + this.writeSourceCodeEntityElement(jgen, "InsertedEntity", change.getChangedEntity()); + this.writeSourceCodeEntityElement(jgen, "ParentEntity", change.getParentEntity()); + } + // DELETE OPERATION + else if (change instanceof Delete) { + this.writeSourceCodeEntityElement(jgen, "DeletedEntity", change.getChangedEntity()); + this.writeSourceCodeEntityElement(jgen, "ParentEntity", change.getParentEntity()); + } + // MOVE OPERATION + else if (change instanceof Move) { + this.writeSourceCodeEntityElement(jgen, "OldParentEntity", change.getParentEntity()); + this.writeSourceCodeEntityElement(jgen, "MovedEntity", change.getChangedEntity()); + this.writeSourceCodeEntityElement( + jgen, "NewParentEntity", ((Move) change).getNewParentEntity()); + this.writeSourceCodeEntityElement(jgen, "NewEntity", ((Move) change).getNewEntity()); + } + // UPDATE OPERATION + else if (change instanceof Update) { + this.writeSourceCodeEntityElement(jgen, "NewEntity", ((Update) change).getNewEntity()); + this.writeSourceCodeEntityElement( + jgen, "UpdatedEntity", ((Update) change).getChangedEntity()); + this.writeSourceCodeEntityElement(jgen, "ParentEntity", change.getParentEntity()); + } + + jgen.writeEndObject(); + } + jgen.writeEndArray(); // changes + jgen.writeEndObject(); // StructureEntity + jgen.writeEndObject(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureDeserializer.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureDeserializer.java index b490bcb95..24b229088 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureDeserializer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/ASTSignatureDeserializer.java @@ -26,8 +26,6 @@ import ch.uzh.ifi.seal.changedistiller.model.entities.SourceCodeEntity; import ch.uzh.ifi.seal.changedistiller.treedifferencing.Node; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; import com.google.gson.JsonArray; import com.google.gson.JsonDeserializationContext; import com.google.gson.JsonDeserializer; @@ -41,7 +39,7 @@ /** * This class is used to deserialize an AST JSON representation of a construct body object into its corresponding * java Signatures object -/** + * /** * *JSON representation of ASTConstructBodySignature: * @@ -64,125 +62,131 @@ */ public class ASTSignatureDeserializer implements JsonDeserializer { - //Values for JsonElement Names, used as a member name during deserialization - //We need only to change these value if the name/value pair of a JsonElement changes in the json representation of the signature - //For instance, if we want to compress the json object for not storing a large data in the DB. - private static String AST = "ast"; - private static String ENTITY_TYPE = "EntityType"; - private static String VALUE = "Value"; - private static String CHILDREN = "C"; - - private static String SOURCE_CODE_ENTITY = "SourceCodeEntity"; - private static String SRC_ENTITY_MODIFIERS = "Modifiers"; - private static String SRC_ENTITY_SOURCE_RANGE ="SourceRange"; - private static String SRC_ENTITY_SOURCE_RANGE_END = "End"; - private static String SRC_ENTITY_SOURCE_RANGE_START = "Start"; - - //ASTConstructBodySignature - //private ASTConstructBodySignature astConstructSign = null; - - //Signature - //private Signature sign = null; - - /** {@inheritDoc} */ - @Override - public Signature deserialize(final JsonElement json, final Type typeOfT, final JsonDeserializationContext context) - throws JsonParseException { - - //The Deserialization logic goes here - final JsonObject jsonObject = json.getAsJsonObject(); - final JsonObject astRootJsonObject = jsonObject.get(AST).getAsJsonArray().get(0).getAsJsonObject(); - - String fValue = astRootJsonObject.get(VALUE).getAsString(); //Retrieve the Value - String strLabel = astRootJsonObject.get(ENTITY_TYPE).getAsString(); - EntityType fLabel = ASTUtil.getJavaEntityType(strLabel); //Retrieve the EntityType - - //Instantiate the ASTConstructBodySignature object here (We can have instance of Node object with the above two informations) - ASTConstructBodySignature astConstructSign = new ASTConstructBodySignature(fLabel,fValue); - - //Create the Root Node - astConstructSign.setRoot(astConstructSign); - - //TODO : Check if these setting are really necessary to compute the "diff" as an input to changedistiller - //Settings for order and matching - //astConstructSign.enableInOrder(); - //astConstructSign.enableMatched(); - - //Retrieve the Children - JsonElement jsonChildrenElement = astRootJsonObject.get(CHILDREN); - if(jsonChildrenElement != null){ - - JsonArray jsonChildrenArray = astRootJsonObject.get(CHILDREN).getAsJsonArray(); - //Add the children of a Node - final Node [] children = new Node[jsonChildrenArray.size()]; - - for (int i=0; i < children.length; i++){ - final JsonObject jsonChildren = jsonChildrenArray.get(i).getAsJsonObject(); - - //Get the child Node element and add it - Node newChild = getNodeChildElement(jsonChildren); - astConstructSign.add(newChild); - } - - } - //Retrieve the SourceCodeEntity - SourceCodeEntity srcCodeEntity = null; - JsonObject srcCodeEntityJsonObject = astRootJsonObject.get(SOURCE_CODE_ENTITY).getAsJsonObject(); - int modifiers = srcCodeEntityJsonObject.get(SRC_ENTITY_MODIFIERS).getAsInt(); - - //SourceRange JsonObject - JsonObject srcCodeEntitySrcRangeJsonObject = srcCodeEntityJsonObject.get(SRC_ENTITY_SOURCE_RANGE).getAsJsonObject(); - int srcRangeStart = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_START).getAsInt(); - int srcRangeEnd = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_END).getAsInt(); - SourceRange srcRange = new SourceRange(srcRangeStart,srcRangeEnd); - srcCodeEntity = new SourceCodeEntity(fValue,fLabel,modifiers,srcRange); - astConstructSign.setEntity(srcCodeEntity); - - return astConstructSign; - } - - - private Node getNodeChildElement(JsonObject jsonObject){ + // Values for JsonElement Names, used as a member name during deserialization + // We need only to change these value if the name/value pair of a JsonElement changes in the json + // representation of the signature + // For instance, if we want to compress the json object for not storing a large data in the DB. + private static String AST = "ast"; + private static String ENTITY_TYPE = "EntityType"; + private static String VALUE = "Value"; + private static String CHILDREN = "C"; + + private static String SOURCE_CODE_ENTITY = "SourceCodeEntity"; + private static String SRC_ENTITY_MODIFIERS = "Modifiers"; + private static String SRC_ENTITY_SOURCE_RANGE = "SourceRange"; + private static String SRC_ENTITY_SOURCE_RANGE_END = "End"; + private static String SRC_ENTITY_SOURCE_RANGE_START = "Start"; + + // ASTConstructBodySignature + // private ASTConstructBodySignature astConstructSign = null; + + // Signature + // private Signature sign = null; + + /** {@inheritDoc} */ + @Override + public Signature deserialize( + final JsonElement json, final Type typeOfT, final JsonDeserializationContext context) + throws JsonParseException { + + // The Deserialization logic goes here + final JsonObject jsonObject = json.getAsJsonObject(); + final JsonObject astRootJsonObject = + jsonObject.get(AST).getAsJsonArray().get(0).getAsJsonObject(); + + String fValue = astRootJsonObject.get(VALUE).getAsString(); // Retrieve the Value + String strLabel = astRootJsonObject.get(ENTITY_TYPE).getAsString(); + EntityType fLabel = ASTUtil.getJavaEntityType(strLabel); // Retrieve the EntityType + + // Instantiate the ASTConstructBodySignature object here (We can have instance of Node object + // with the above two informations) + ASTConstructBodySignature astConstructSign = new ASTConstructBodySignature(fLabel, fValue); + + // Create the Root Node + astConstructSign.setRoot(astConstructSign); + + // TODO : Check if these setting are really necessary to compute the "diff" as an input to + // changedistiller + // Settings for order and matching + // astConstructSign.enableInOrder(); + // astConstructSign.enableMatched(); + + // Retrieve the Children + JsonElement jsonChildrenElement = astRootJsonObject.get(CHILDREN); + if (jsonChildrenElement != null) { + + JsonArray jsonChildrenArray = astRootJsonObject.get(CHILDREN).getAsJsonArray(); + // Add the children of a Node + final Node[] children = new Node[jsonChildrenArray.size()]; + + for (int i = 0; i < children.length; i++) { + final JsonObject jsonChildren = jsonChildrenArray.get(i).getAsJsonObject(); + + // Get the child Node element and add it + Node newChild = getNodeChildElement(jsonChildren); + astConstructSign.add(newChild); + } + } + // Retrieve the SourceCodeEntity + SourceCodeEntity srcCodeEntity = null; + JsonObject srcCodeEntityJsonObject = + astRootJsonObject.get(SOURCE_CODE_ENTITY).getAsJsonObject(); + int modifiers = srcCodeEntityJsonObject.get(SRC_ENTITY_MODIFIERS).getAsInt(); + + // SourceRange JsonObject + JsonObject srcCodeEntitySrcRangeJsonObject = + srcCodeEntityJsonObject.get(SRC_ENTITY_SOURCE_RANGE).getAsJsonObject(); + int srcRangeStart = + srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_START).getAsInt(); + int srcRangeEnd = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_END).getAsInt(); + SourceRange srcRange = new SourceRange(srcRangeStart, srcRangeEnd); + srcCodeEntity = new SourceCodeEntity(fValue, fLabel, modifiers, srcRange); + astConstructSign.setEntity(srcCodeEntity); + + return astConstructSign; + } - String fValue = jsonObject.get(VALUE).getAsString(); //Retrieve the Value - String strLabel = jsonObject.get(ENTITY_TYPE).getAsString(); - EntityType fLabel = ASTUtil.getJavaEntityType(strLabel); //Retrieve the EntityType + private Node getNodeChildElement(JsonObject jsonObject) { - //Instantiate the Node object here - Node childNode = new Node(fLabel,fValue); + String fValue = jsonObject.get(VALUE).getAsString(); // Retrieve the Value + String strLabel = jsonObject.get(ENTITY_TYPE).getAsString(); + EntityType fLabel = ASTUtil.getJavaEntityType(strLabel); // Retrieve the EntityType - //Retrieve the SourceCodeEntity - SourceCodeEntity srcCodeEntity = null; - JsonObject srcCodeEntityJsonObject = jsonObject.get(SOURCE_CODE_ENTITY).getAsJsonObject(); - int modifiers = srcCodeEntityJsonObject.get(SRC_ENTITY_MODIFIERS).getAsInt(); + // Instantiate the Node object here + Node childNode = new Node(fLabel, fValue); - //SourceRange JsonObject - JsonObject srcCodeEntitySrcRangeJsonObject = srcCodeEntityJsonObject.get(SRC_ENTITY_SOURCE_RANGE).getAsJsonObject(); - int srcRangeStart = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_START).getAsInt(); - int srcRangeEnd = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_END).getAsInt(); - SourceRange srcRange = new SourceRange(srcRangeStart,srcRangeEnd); - srcCodeEntity = new SourceCodeEntity(fValue,fLabel,modifiers,srcRange); + // Retrieve the SourceCodeEntity + SourceCodeEntity srcCodeEntity = null; + JsonObject srcCodeEntityJsonObject = jsonObject.get(SOURCE_CODE_ENTITY).getAsJsonObject(); + int modifiers = srcCodeEntityJsonObject.get(SRC_ENTITY_MODIFIERS).getAsInt(); - JsonElement jsonChildrenElement = jsonObject.get(CHILDREN); - if(jsonChildrenElement != null){ + // SourceRange JsonObject + JsonObject srcCodeEntitySrcRangeJsonObject = + srcCodeEntityJsonObject.get(SRC_ENTITY_SOURCE_RANGE).getAsJsonObject(); + int srcRangeStart = + srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_START).getAsInt(); + int srcRangeEnd = srcCodeEntitySrcRangeJsonObject.get(SRC_ENTITY_SOURCE_RANGE_END).getAsInt(); + SourceRange srcRange = new SourceRange(srcRangeStart, srcRangeEnd); + srcCodeEntity = new SourceCodeEntity(fValue, fLabel, modifiers, srcRange); - JsonArray jsonChildrenArray = jsonChildrenElement.getAsJsonArray(); + JsonElement jsonChildrenElement = jsonObject.get(CHILDREN); + if (jsonChildrenElement != null) { - //Add the children of a Node - final Node [] children = new Node[jsonChildrenArray.size()]; + JsonArray jsonChildrenArray = jsonChildrenElement.getAsJsonArray(); - for (int i=0; i < children.length; i++){ - final JsonObject jsonChildren = jsonChildrenArray.get(i).getAsJsonObject(); + // Add the children of a Node + final Node[] children = new Node[jsonChildrenArray.size()]; - //Get the child Node element and add it - Node newChild = getNodeChildElement(jsonChildren); - childNode.add(newChild); - } + for (int i = 0; i < children.length; i++) { + final JsonObject jsonChildren = jsonChildrenArray.get(i).getAsJsonObject(); - } + // Get the child Node element and add it + Node newChild = getNodeChildElement(jsonChildren); + childNode.add(newChild); + } + } - childNode.setEntity(srcCodeEntity); - return childNode; + childNode.setEntity(srcCodeEntity); + return childNode; } } - diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/GsonHelper.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/GsonHelper.java index e6e482275..b7f95ed97 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/GsonHelper.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/GsonHelper.java @@ -48,69 +48,70 @@ */ public class GsonHelper { - /** - * Returns a Vulas-specific GsonBuilder, i.e., with several custom serializers and deserializers registered. * - * - * @return a {@link com.google.gson.GsonBuilder} object. - */ - public static GsonBuilder getCustomGsonBuilder() { - final GsonBuilder gson = new GsonBuilder(); + /** + * Returns a Vulas-specific GsonBuilder, i.e., with several custom serializers and deserializers registered. * + * + * @return a {@link com.google.gson.GsonBuilder} object. + */ + public static GsonBuilder getCustomGsonBuilder() { + final GsonBuilder gson = new GsonBuilder(); - // Subclasses of ConstructId and JavaId - gson.registerTypeAdapter(ConstructId.class, new ConstructIdSerializer()); - gson.registerTypeAdapter(JavaPackageId.class, new ConstructIdSerializer()); - gson.registerTypeAdapter(JavaClassId.class, new ConstructIdSerializer()); - gson.registerTypeAdapter(JavaClassInit.class, new ConstructIdSerializer()); - gson.registerTypeAdapter(JavaConstructorId.class, new ConstructIdSerializer()); - gson.registerTypeAdapter(JavaMethodId.class, new ConstructIdSerializer()); + // Subclasses of ConstructId and JavaId + gson.registerTypeAdapter(ConstructId.class, new ConstructIdSerializer()); + gson.registerTypeAdapter(JavaPackageId.class, new ConstructIdSerializer()); + gson.registerTypeAdapter(JavaClassId.class, new ConstructIdSerializer()); + gson.registerTypeAdapter(JavaClassInit.class, new ConstructIdSerializer()); + gson.registerTypeAdapter(JavaConstructorId.class, new ConstructIdSerializer()); + gson.registerTypeAdapter(JavaMethodId.class, new ConstructIdSerializer()); - // Signature-related classes - gson.registerTypeAdapter(ASTSignatureChange.class, new ASTSignatureChangeDeserializer()); - gson.registerTypeAdapter(ASTConstructBodySignature.class, new ASTSignatureDeserializer()); + // Signature-related classes + gson.registerTypeAdapter(ASTSignatureChange.class, new ASTSignatureChangeDeserializer()); + gson.registerTypeAdapter(ASTConstructBodySignature.class, new ASTSignatureDeserializer()); - return gson; - } + return gson; + } - static class ConstructIdSerializer implements JsonSerializer, JsonDeserializer { + static class ConstructIdSerializer + implements JsonSerializer, JsonDeserializer { - public JsonElement serialize(ConstructId src, Type typeOfSrc, JsonSerializationContext context) { - final JsonObject c = new JsonObject(); - c.addProperty("lang", src.getLanguage().toString()); - c.addProperty("type", JavaId.typeToString(((JavaId)src).getType())); - c.addProperty("qname", src.getQualifiedName()); - final Set annotations = ((JavaId)src).getAnnotations(); - if(!annotations.isEmpty()) { - final JsonArray anno = new JsonArray(); - for(String a: annotations) { - anno.add(new JsonPrimitive(a)); - } - c.add("a", anno); - } - return c; - } + public JsonElement serialize( + ConstructId src, Type typeOfSrc, JsonSerializationContext context) { + final JsonObject c = new JsonObject(); + c.addProperty("lang", src.getLanguage().toString()); + c.addProperty("type", JavaId.typeToString(((JavaId) src).getType())); + c.addProperty("qname", src.getQualifiedName()); + final Set annotations = ((JavaId) src).getAnnotations(); + if (!annotations.isEmpty()) { + final JsonArray anno = new JsonArray(); + for (String a : annotations) { + anno.add(new JsonPrimitive(a)); + } + c.add("a", anno); + } + return c; + } - public ConstructId deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { - // To be returned - ConstructId cid = null; + public ConstructId deserialize( + JsonElement json, Type typeOfT, JsonDeserializationContext context) + throws JsonParseException { + // To be returned + ConstructId cid = null; - final JsonObject c = (JsonObject)json; - final String t = c.getAsJsonPrimitive("type").getAsString(); - final String qn = c.getAsJsonPrimitive("qname").getAsString(); + final JsonObject c = (JsonObject) json; + final String t = c.getAsJsonPrimitive("type").getAsString(); + final String qn = c.getAsJsonPrimitive("qname").getAsString(); - if(JavaId.typeToString(JavaId.Type.PACKAGE).equals(t)) - cid = new JavaPackageId(qn); - else if(JavaId.typeToString(JavaId.Type.CLASS).equals(t)) - cid = JavaId.parseClassQName(qn); - else if(JavaId.typeToString(JavaId.Type.CLASSINIT).equals(t)) - cid = JavaId.parseClassInitQName(qn); - else if(JavaId.typeToString(JavaId.Type.METHOD).equals(t)) - cid = JavaId.parseMethodQName(qn); - else if(JavaId.typeToString(JavaId.Type.CONSTRUCTOR).equals(t)) - cid = JavaId.parseConstructorQName(qn); + if (JavaId.typeToString(JavaId.Type.PACKAGE).equals(t)) cid = new JavaPackageId(qn); + else if (JavaId.typeToString(JavaId.Type.CLASS).equals(t)) cid = JavaId.parseClassQName(qn); + else if (JavaId.typeToString(JavaId.Type.CLASSINIT).equals(t)) + cid = JavaId.parseClassInitQName(qn); + else if (JavaId.typeToString(JavaId.Type.METHOD).equals(t)) cid = JavaId.parseMethodQName(qn); + else if (JavaId.typeToString(JavaId.Type.CONSTRUCTOR).equals(t)) + cid = JavaId.parseConstructorQName(qn); - //TODO: Add annotations + // TODO: Add annotations - return cid; - } - } + return cid; + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/package-info.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/package-info.java index eca816ffc..32790b6f3 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/package-info.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/gson/package-info.java @@ -18,9 +18,9 @@ * Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. */ /** - * + * */ /** * */ -package com.sap.psr.vulas.java.sign.gson; \ No newline at end of file +package com.sap.psr.vulas.java.sign.gson; diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/package-info.java b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/package-info.java index 129ba816d..181ab64a6 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/sign/package-info.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/sign/package-info.java @@ -20,4 +20,4 @@ /** * */ -package com.sap.psr.vulas.java.sign; \ No newline at end of file +package com.sap.psr.vulas.java.sign; diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/JavaBomTask.java b/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/JavaBomTask.java index 593c976c7..4c4ffb640 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/JavaBomTask.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/JavaBomTask.java @@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.DirAnalyzer; import com.sap.psr.vulas.FileAnalysisException; @@ -59,303 +58,409 @@ */ public class JavaBomTask extends AbstractBomTask { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final String[] EXT_FILTER = new String[] { "jar", "war", "class", "java", "aar" }; - - private String[] appPrefixes = null; - - private StringList appJarNames = null; - - private static final List pluginGoalClients = Arrays.asList(GoalClient.MAVEN_PLUGIN, GoalClient.GRADLE_PLUGIN); - - /** {@inheritDoc} */ - @Override - public Set getLanguage() { return new HashSet(Arrays.asList(new ProgrammingLanguage[] { ProgrammingLanguage.JAVA })); } - - /** - * Returns true if the configuration setting {@link CoreConfiguration#APP_PREFIXES} shall be considered, false otherwise. - */ - private final boolean useAppPrefixes() { - return this.appPrefixes!=null && !this.isOneOfGoalClients(pluginGoalClients); - } - - /** - * Returns true if the configuration setting {@link CoreConfiguration#APP_PREFIXES} shall be considered, false otherwise. - */ - private final boolean useAppJarNames() { - return this.appJarNames!=null && !this.isOneOfGoalClients(pluginGoalClients); - } - - /** {@inheritDoc} */ - @Override - public void configure(VulasConfiguration _cfg) throws GoalConfigurationException { - super.configure(_cfg); - - // App constructs identified using package prefixes - this.appPrefixes = _cfg.getStringArray(CoreConfiguration.APP_PREFIXES, null); - - // Print warning message in case the setting is used as part of the Maven plugin - if(this.appPrefixes!=null && this.isOneOfGoalClients(pluginGoalClients)) { - log.warn("Configuration setting [" + CoreConfiguration.APP_PREFIXES + "] ignored when running the goal as Maven plugin"); - this.appPrefixes = null; - } - - // App constructs identified using JAR file name patterns (regex) - final String[] app_jar_names = _cfg.getStringArray(CoreConfiguration.APP_JAR_NAMES, null); - if(app_jar_names!=null) { - // Print warning message in case the setting is used as part of the Maven plugin - if( this.isOneOfGoalClients(pluginGoalClients)) { - log.warn("Configuration setting [" + CoreConfiguration.APP_JAR_NAMES + "] ignored when running the goal as Maven plugin"); - this.appJarNames = null; - } - else { - this.appJarNames = new StringList(); - this.appJarNames.addAll(app_jar_names); - } - } - - // CLI: Only one of appPrefixes and appJarNames can be used - if(!this.isOneOfGoalClients(pluginGoalClients)) { - if(this.appPrefixes!=null && this.appJarNames!=null) { - throw new GoalConfigurationException("Exactly one of the configuration settings [" + CoreConfiguration.APP_PREFIXES + "] and [" + CoreConfiguration.APP_JAR_NAMES + "] must be set"); - } - else if(this.appPrefixes==null && this.appJarNames==null) { - throw new GoalConfigurationException("Exactly one of the configuration settings [" + CoreConfiguration.APP_PREFIXES + "] and [" + CoreConfiguration.APP_JAR_NAMES + "] must be set"); - } - } - } - - /** {@inheritDoc} */ - @Override - public void execute() throws GoalExecutionException { - - // All app constructs - final Set app_constructs = new HashSet(); - - // Dependency files - final Map dep_files = new HashMap(); - if(this.getKnownDependencies()!=null) { - for(Path p: this.getKnownDependencies().keySet()) - dep_files.put(p, null); - } - - // 1) Find app constructs by looping over all app paths - if(this.hasSearchPath()) { - for(Path p: this.getSearchPath()) { - log.info("Searching for Java constructs in search path [" + p + "] with filter [" + StringUtil.join(EXT_FILTER, ", ") + "] ..."); - final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(p.toFile(), EXT_FILTER); - - // Prefixes or jar name regex: Filter JAR constructs - if(this.useAppPrefixes() || this.useAppJarNames()) { - - // All analyzers to loop over - final Set analyzers = new HashSet(); - - // Add child analyzers and analyzer itself (except DirAnalyzer) - if(fa.hasChilds()) - analyzers.addAll(fa.getChilds(true)); - if(!(fa instanceof DirAnalyzer)) - analyzers.add(fa); - - // Log - int count = 0; - if(this.useAppPrefixes()) { - log.info("Looping over Java archive analyzers to separate application and dependency code using package prefix(es) [" + StringUtil.join(this.appPrefixes, ", ") + "] ..."); - } else if(this.useAppJarNames()) { - log.info("Looping over Java archive analyzers to separate application and dependency code using filename pattern(s) [" + this.appJarNames.toString(", ") + "] ..."); - } - - // Loop over all analyzers - for(FileAnalyzer fa2: analyzers) { - - try { - if(fa2 instanceof JarAnalyzer) { - final JarAnalyzer ja = (JarAnalyzer)fa2; - - // Prefixes - if(this.useAppPrefixes()) { - final Set constructs = JavaId.filter(fa2.getConstructs().keySet(), this.appPrefixes); - - // Constructs match to the prefixes - if(constructs!=null && constructs.size()>0) { - app_constructs.addAll(constructs); - - // Exclusively app constructs - if(constructs.size()==fa2.getConstructs().size()) { - log.info(StringUtil.padLeft(++count, 4) + " [" + StringUtil.padLeft(ja.getFileName(), 30) + "]: All [" + fa2.getConstructs().size() + "] constructs matched prefix(es): Constructs added to application, file NOT added as dependency"); - } - // Mixed archive: Add as dependency - else { - log.info(StringUtil.padLeft(++count, 4) + " [" + StringUtil.padLeft(ja.getFileName(), 30) + "]: [" + constructs.size() + "/" + fa2.getConstructs().size() + "] constructs matched prefix(es): Constructs added to application, file added as dependency"); - dep_files.put(ja.getPath(), ja); - } - } - // No constructs match to the prefixes - else { - log.info(StringUtil.padLeft(++count, 4) + " [" + StringUtil.padLeft(ja.getFileName(), 30) + "]: None of the [" + fa2.getConstructs().size() + "] constructs matched prefix(es): No constructs added to application, file added as dependency"); - dep_files.put(ja.getPath(), ja); - } - } - // Jar name regex - else if(this.useAppJarNames()) { - // Belongs to application - if(this.appJarNames.contains(ja.getFileName(), StringList.ComparisonMode.PATTERN, StringList.CaseSensitivity.CASE_INSENSITIVE)) { - log.info(StringUtil.padLeft(++count, 4) + " [" + StringUtil.padLeft(ja.getFileName(), 30) + "]: Filename matches pattern(s), all of its [" + fa2.getConstructs().size() + "] constructs added to application"); - app_constructs.addAll(fa2.getConstructs().keySet()); - } - // Dependency - else { - log.info(StringUtil.padLeft(++count, 4) + " [" + StringUtil.padLeft(ja.getFileName(), 30) + "]: Filename does not match pattern(s), file added as dependency"); - dep_files.put(ja.getPath(), ja); - } - } - } - // Important: What is in java and class files is always part of the app - else { - app_constructs.addAll(fa2.getConstructs().keySet()); - } - } catch (FileAnalysisException e) { - log.error(e.getMessage(), e); - } - } - } - // No prefixes and jar name regex: Add all constructs to app - else { - try { - app_constructs.addAll(fa.getConstructs().keySet()); - } catch (FileAnalysisException e) { - log.error(e.getMessage(), e); - } - } - } - } - - // 2) Analyze all of the JAR/WAR files - final Set app_dependencies = new HashSet(); - - final long timeout = this.vulasConfiguration.getConfiguration().getLong(CoreConfiguration.JAR_TIMEOUT, -1); - final int no_threads = ThreadUtil.getNoThreads(this.vulasConfiguration, 2); - - final ArchiveAnalysisManager mgr = new ArchiveAnalysisManager(no_threads, timeout, false, this.getApplication()); - mgr.setKnownDependencies(this.getKnownDependencies()); - mgr.startAnalysis(dep_files, null); - - // Loop over all analyzers created above and add to app dependencies - final Set analyzers = mgr.getAnalyzers(); - for(JarAnalyzer ja: analyzers) { - - try { - // Prefixes can be used: Filter JAR constructs - if(this.useAppPrefixes()) { - final Set constructs = JavaId.filter(ja.getConstructs().keySet(), this.appPrefixes); - - // Constructs match to the prefixes - if(constructs!=null && constructs.size()>0) { - app_constructs.addAll(constructs); - - // Exclusively app constructs - if(constructs.size()==ja.getConstructs().size()) { - log.info("All of the [" + ja.getConstructs().size() + "] constructs from [" + ja.getFileName() + "] matched to prefix [" + StringUtil.join(this.appPrefixes, ", ") + "]: Constructs added to application, file removed from dependencies"); - } - // Mixed archive: Add as dependency - else { - log.info("[" + constructs.size() + "/" + ja.getConstructs().size() + "] constructs from [" + ja.getFileName() + "] matched to prefix [" + StringUtil.join(this.appPrefixes, ", ") + "]: Constructs added to application, file kept as dependency"); - app_dependencies.add(ja); - } - } - // No constructs match to the prefixes - else { - log.info("None of the [" + ja.getConstructs().size() + "] constructs from [" + ja.getFileName() + "] matched to prefix [" + StringUtil.join(this.appPrefixes, ", ") + "]: No constructs added to application, file kept as dependency"); - app_dependencies.add(ja); - } - } - // Prefixes cannot be used: Add JAR as dependency unless jar name regex exists - else { - if(this.useAppJarNames() && this.appJarNames.contains(ja.getFileName(), StringList.ComparisonMode.PATTERN, StringList.CaseSensitivity.CASE_INSENSITIVE)) { - app_constructs.addAll(ja.getConstructs().keySet()); - } else { - app_dependencies.add(ja); - } - } - } catch (FileAnalysisException e) { - log.error(e.getMessage(), e); - } - } - - // Update application - final Application a = this.getApplication(); - a.addConstructs(ConstructId.getSharedType(app_constructs)); - - // Loop all JAR analyzers and add a corresponding dependency - for(JarAnalyzer ja: app_dependencies) { - try { - final Dependency app_dep = new Dependency(); - app_dep.setLib(ja.getLibrary()); - app_dep.setApp(this.getApplication()); - app_dep.setFilename(ja.getFileName()); - app_dep.setPath(ja.getPath().toString()); - - // Dependency known to a package manager (if any) - Dependency known_dep = null; - if(ja.getParent()!=null){ - known_dep = mgr.getKnownDependency(ja.getParent().getPath()); - } - else { - known_dep = mgr.getKnownDependency(ja.getPath()); - } - - // Take information from known dependency - app_dep.setScope( (known_dep!=null ? known_dep.getScope() : Scope.RUNTIME) ); - app_dep.setTransitive( (ja.getParent()!= null? new Boolean(true) :(known_dep!=null ? new Boolean(known_dep.getTransitive()) : new Boolean(false)) ) ); - app_dep.setDeclared( ((known_dep!=null && ja.getParent()==null) ? new Boolean(true): new Boolean(false)) ); - - // Set the parent (if any) - if(known_dep!=null && known_dep.getParent()!=null) { - // Complete the draft parent dependency with library info - for(JarAnalyzer ja2: app_dependencies) { - //TODO: As soon as we add the relative path to the JARAnalyzer, it must also be used to uniquely identify the parent and set all its fields - if(ja2.getPath().toString().equals(known_dep.getParent().getPath())) { - known_dep.getParent().setLib(ja2.getLibrary()); - break; - } - } - app_dep.setParent(known_dep.getParent()); - } - - a.addDependency(app_dep); - } catch (FileAnalysisException e) { - log.error(e.getMessage(), e); - } - } - - // Get a clean set of dependencies - final Set no_dupl_deps = DependencyUtil.removeDuplicateLibraryDependencies(a.getDependencies()); - a.setDependencies(no_dupl_deps); - - // Fix parents on dependencies that were removed (this block should be removed once we use the relativePath and we get a dependency tree representing the actual one - for(Dependency d : a.getDependencies()) { - if(d.getParent()!=null ) { - for(Dependency existing: a.getDependencies()) { - //TODO: as soon as we add the relative path to the JARAnalyzer, it must also be used to uniquely identify the parent - if(existing.getLib().getDigest().equals(d.getParent().getLib().getDigest())) { - d.getParent().setLib(existing.getLib()); - d.getParent().setPath(existing.getPath()); - d.getParent().setFilename(existing.getFilename()); - break; - } - } - } - } - - - // Check whether the parent-child dependency relationships are consistent - final boolean consistent_deps = DependencyUtil.isValidDependencyCollection(a); - if(!consistent_deps) { - throw new GoalExecutionException("Inconsistent application dependencies cannot be uploaded", null); - } - - // Set the one to be returned - this.setCompletedApplication(a); - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static final String[] EXT_FILTER = new String[] {"jar", "war", "class", "java", "aar"}; + + private String[] appPrefixes = null; + + private StringList appJarNames = null; + + private static final List pluginGoalClients = + Arrays.asList(GoalClient.MAVEN_PLUGIN, GoalClient.GRADLE_PLUGIN); + + /** {@inheritDoc} */ + @Override + public Set getLanguage() { + return new HashSet( + Arrays.asList(new ProgrammingLanguage[] {ProgrammingLanguage.JAVA})); + } + + /** + * Returns true if the configuration setting {@link CoreConfiguration#APP_PREFIXES} shall be considered, false otherwise. + */ + private final boolean useAppPrefixes() { + return this.appPrefixes != null && !this.isOneOfGoalClients(pluginGoalClients); + } + + /** + * Returns true if the configuration setting {@link CoreConfiguration#APP_PREFIXES} shall be considered, false otherwise. + */ + private final boolean useAppJarNames() { + return this.appJarNames != null && !this.isOneOfGoalClients(pluginGoalClients); + } + + /** {@inheritDoc} */ + @Override + public void configure(VulasConfiguration _cfg) throws GoalConfigurationException { + super.configure(_cfg); + + // App constructs identified using package prefixes + this.appPrefixes = _cfg.getStringArray(CoreConfiguration.APP_PREFIXES, null); + + // Print warning message in case the setting is used as part of the Maven plugin + if (this.appPrefixes != null && this.isOneOfGoalClients(pluginGoalClients)) { + log.warn( + "Configuration setting [" + + CoreConfiguration.APP_PREFIXES + + "] ignored when running the goal as Maven plugin"); + this.appPrefixes = null; + } + + // App constructs identified using JAR file name patterns (regex) + final String[] app_jar_names = _cfg.getStringArray(CoreConfiguration.APP_JAR_NAMES, null); + if (app_jar_names != null) { + // Print warning message in case the setting is used as part of the Maven plugin + if (this.isOneOfGoalClients(pluginGoalClients)) { + log.warn( + "Configuration setting [" + + CoreConfiguration.APP_JAR_NAMES + + "] ignored when running the goal as Maven plugin"); + this.appJarNames = null; + } else { + this.appJarNames = new StringList(); + this.appJarNames.addAll(app_jar_names); + } + } + + // CLI: Only one of appPrefixes and appJarNames can be used + if (!this.isOneOfGoalClients(pluginGoalClients)) { + if (this.appPrefixes != null && this.appJarNames != null) { + throw new GoalConfigurationException( + "Exactly one of the configuration settings [" + + CoreConfiguration.APP_PREFIXES + + "] and [" + + CoreConfiguration.APP_JAR_NAMES + + "] must be set"); + } else if (this.appPrefixes == null && this.appJarNames == null) { + throw new GoalConfigurationException( + "Exactly one of the configuration settings [" + + CoreConfiguration.APP_PREFIXES + + "] and [" + + CoreConfiguration.APP_JAR_NAMES + + "] must be set"); + } + } + } + + /** {@inheritDoc} */ + @Override + public void execute() throws GoalExecutionException { + + // All app constructs + final Set app_constructs = new HashSet(); + + // Dependency files + final Map dep_files = new HashMap(); + if (this.getKnownDependencies() != null) { + for (Path p : this.getKnownDependencies().keySet()) dep_files.put(p, null); + } + + // 1) Find app constructs by looping over all app paths + if (this.hasSearchPath()) { + for (Path p : this.getSearchPath()) { + log.info( + "Searching for Java constructs in search path [" + + p + + "] with filter [" + + StringUtil.join(EXT_FILTER, ", ") + + "] ..."); + final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(p.toFile(), EXT_FILTER); + + // Prefixes or jar name regex: Filter JAR constructs + if (this.useAppPrefixes() || this.useAppJarNames()) { + + // All analyzers to loop over + final Set analyzers = new HashSet(); + + // Add child analyzers and analyzer itself (except DirAnalyzer) + if (fa.hasChilds()) analyzers.addAll(fa.getChilds(true)); + if (!(fa instanceof DirAnalyzer)) analyzers.add(fa); + + // Log + int count = 0; + if (this.useAppPrefixes()) { + log.info( + "Looping over Java archive analyzers to separate application and dependency code" + + " using package prefix(es) [" + + StringUtil.join(this.appPrefixes, ", ") + + "] ..."); + } else if (this.useAppJarNames()) { + log.info( + "Looping over Java archive analyzers to separate application and dependency code" + + " using filename pattern(s) [" + + this.appJarNames.toString(", ") + + "] ..."); + } + + // Loop over all analyzers + for (FileAnalyzer fa2 : analyzers) { + + try { + if (fa2 instanceof JarAnalyzer) { + final JarAnalyzer ja = (JarAnalyzer) fa2; + + // Prefixes + if (this.useAppPrefixes()) { + final Set constructs = + JavaId.filter(fa2.getConstructs().keySet(), this.appPrefixes); + + // Constructs match to the prefixes + if (constructs != null && constructs.size() > 0) { + app_constructs.addAll(constructs); + + // Exclusively app constructs + if (constructs.size() == fa2.getConstructs().size()) { + log.info( + StringUtil.padLeft(++count, 4) + + " [" + + StringUtil.padLeft(ja.getFileName(), 30) + + "]: All [" + + fa2.getConstructs().size() + + "] constructs matched prefix(es): Constructs added to application," + + " file NOT added as dependency"); + } + // Mixed archive: Add as dependency + else { + log.info( + StringUtil.padLeft(++count, 4) + + " [" + + StringUtil.padLeft(ja.getFileName(), 30) + + "]: [" + + constructs.size() + + "/" + + fa2.getConstructs().size() + + "] constructs matched prefix(es): Constructs added to application," + + " file added as dependency"); + dep_files.put(ja.getPath(), ja); + } + } + // No constructs match to the prefixes + else { + log.info( + StringUtil.padLeft(++count, 4) + + " [" + + StringUtil.padLeft(ja.getFileName(), 30) + + "]: None of the [" + + fa2.getConstructs().size() + + "] constructs matched prefix(es): No constructs added to" + + " application, file added as dependency"); + dep_files.put(ja.getPath(), ja); + } + } + // Jar name regex + else if (this.useAppJarNames()) { + // Belongs to application + if (this.appJarNames.contains( + ja.getFileName(), + StringList.ComparisonMode.PATTERN, + StringList.CaseSensitivity.CASE_INSENSITIVE)) { + log.info( + StringUtil.padLeft(++count, 4) + + " [" + + StringUtil.padLeft(ja.getFileName(), 30) + + "]: Filename matches pattern(s), all of its [" + + fa2.getConstructs().size() + + "] constructs added to application"); + app_constructs.addAll(fa2.getConstructs().keySet()); + } + // Dependency + else { + log.info( + StringUtil.padLeft(++count, 4) + + " [" + + StringUtil.padLeft(ja.getFileName(), 30) + + "]: Filename does not match pattern(s), file added as dependency"); + dep_files.put(ja.getPath(), ja); + } + } + } + // Important: What is in java and class files is always part of the app + else { + app_constructs.addAll(fa2.getConstructs().keySet()); + } + } catch (FileAnalysisException e) { + log.error(e.getMessage(), e); + } + } + } + // No prefixes and jar name regex: Add all constructs to app + else { + try { + app_constructs.addAll(fa.getConstructs().keySet()); + } catch (FileAnalysisException e) { + log.error(e.getMessage(), e); + } + } + } + } + + // 2) Analyze all of the JAR/WAR files + final Set app_dependencies = new HashSet(); + + final long timeout = + this.vulasConfiguration.getConfiguration().getLong(CoreConfiguration.JAR_TIMEOUT, -1); + final int no_threads = ThreadUtil.getNoThreads(this.vulasConfiguration, 2); + + final ArchiveAnalysisManager mgr = + new ArchiveAnalysisManager(no_threads, timeout, false, this.getApplication()); + mgr.setKnownDependencies(this.getKnownDependencies()); + mgr.startAnalysis(dep_files, null); + + // Loop over all analyzers created above and add to app dependencies + final Set analyzers = mgr.getAnalyzers(); + for (JarAnalyzer ja : analyzers) { + + try { + // Prefixes can be used: Filter JAR constructs + if (this.useAppPrefixes()) { + final Set constructs = + JavaId.filter(ja.getConstructs().keySet(), this.appPrefixes); + + // Constructs match to the prefixes + if (constructs != null && constructs.size() > 0) { + app_constructs.addAll(constructs); + + // Exclusively app constructs + if (constructs.size() == ja.getConstructs().size()) { + log.info( + "All of the [" + + ja.getConstructs().size() + + "] constructs from [" + + ja.getFileName() + + "] matched to prefix [" + + StringUtil.join(this.appPrefixes, ", ") + + "]: Constructs added to application, file removed from dependencies"); + } + // Mixed archive: Add as dependency + else { + log.info( + "[" + + constructs.size() + + "/" + + ja.getConstructs().size() + + "] constructs from [" + + ja.getFileName() + + "] matched to prefix [" + + StringUtil.join(this.appPrefixes, ", ") + + "]: Constructs added to application, file kept as dependency"); + app_dependencies.add(ja); + } + } + // No constructs match to the prefixes + else { + log.info( + "None of the [" + + ja.getConstructs().size() + + "] constructs from [" + + ja.getFileName() + + "] matched to prefix [" + + StringUtil.join(this.appPrefixes, ", ") + + "]: No constructs added to application, file kept as dependency"); + app_dependencies.add(ja); + } + } + // Prefixes cannot be used: Add JAR as dependency unless jar name regex exists + else { + if (this.useAppJarNames() + && this.appJarNames.contains( + ja.getFileName(), + StringList.ComparisonMode.PATTERN, + StringList.CaseSensitivity.CASE_INSENSITIVE)) { + app_constructs.addAll(ja.getConstructs().keySet()); + } else { + app_dependencies.add(ja); + } + } + } catch (FileAnalysisException e) { + log.error(e.getMessage(), e); + } + } + + // Update application + final Application a = this.getApplication(); + a.addConstructs(ConstructId.getSharedType(app_constructs)); + + // Loop all JAR analyzers and add a corresponding dependency + for (JarAnalyzer ja : app_dependencies) { + try { + final Dependency app_dep = new Dependency(); + app_dep.setLib(ja.getLibrary()); + app_dep.setApp(this.getApplication()); + app_dep.setFilename(ja.getFileName()); + app_dep.setPath(ja.getPath().toString()); + + // Dependency known to a package manager (if any) + Dependency known_dep = null; + if (ja.getParent() != null) { + known_dep = mgr.getKnownDependency(ja.getParent().getPath()); + } else { + known_dep = mgr.getKnownDependency(ja.getPath()); + } + + // Take information from known dependency + app_dep.setScope((known_dep != null ? known_dep.getScope() : Scope.RUNTIME)); + app_dep.setTransitive( + (ja.getParent() != null + ? new Boolean(true) + : (known_dep != null + ? new Boolean(known_dep.getTransitive()) + : new Boolean(false)))); + app_dep.setDeclared( + ((known_dep != null && ja.getParent() == null) + ? new Boolean(true) + : new Boolean(false))); + + // Set the parent (if any) + if (known_dep != null && known_dep.getParent() != null) { + // Complete the draft parent dependency with library info + for (JarAnalyzer ja2 : app_dependencies) { + // TODO: As soon as we add the relative path to the JARAnalyzer, it must also be used to + // uniquely identify the parent and set all its fields + if (ja2.getPath().toString().equals(known_dep.getParent().getPath())) { + known_dep.getParent().setLib(ja2.getLibrary()); + break; + } + } + app_dep.setParent(known_dep.getParent()); + } + + a.addDependency(app_dep); + } catch (FileAnalysisException e) { + log.error(e.getMessage(), e); + } + } + + // Get a clean set of dependencies + final Set no_dupl_deps = + DependencyUtil.removeDuplicateLibraryDependencies(a.getDependencies()); + a.setDependencies(no_dupl_deps); + + // Fix parents on dependencies that were removed (this block should be removed once we use the + // relativePath and we get a dependency tree representing the actual one + for (Dependency d : a.getDependencies()) { + if (d.getParent() != null) { + for (Dependency existing : a.getDependencies()) { + // TODO: as soon as we add the relative path to the JARAnalyzer, it must also be used to + // uniquely identify the parent + if (existing.getLib().getDigest().equals(d.getParent().getLib().getDigest())) { + d.getParent().setLib(existing.getLib()); + d.getParent().setPath(existing.getPath()); + d.getParent().setFilename(existing.getFilename()); + break; + } + } + } + } + + // Check whether the parent-child dependency relationships are consistent + final boolean consistent_deps = DependencyUtil.isValidDependencyCollection(a); + if (!consistent_deps) { + throw new GoalExecutionException( + "Inconsistent application dependencies cannot be uploaded", null); + } + + // Set the one to be returned + this.setCompletedApplication(a); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/package-info.java b/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/package-info.java index 1314bf9ff..22877582e 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/package-info.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/java/tasks/package-info.java @@ -18,9 +18,9 @@ * Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. */ /** - * + * */ /** * */ -package com.sap.psr.vulas.java.tasks; \ No newline at end of file +package com.sap.psr.vulas.java.tasks; diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/AbstractInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/AbstractInstrumentor.java index 2e61ccc47..178c2cb84 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/AbstractInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/AbstractInstrumentor.java @@ -32,87 +32,106 @@ * */ public abstract class AbstractInstrumentor implements IInstrumentor { - - protected VulasConfiguration vulasConfiguration = new VulasConfiguration(); - /** - * Adds Java code to determine the URL of the resource from which the given class was loaded, and the class loader which loaded it. - * This information is available in the Java variables vul_cls_res and vul_cls_ldr. - * - * @param _buffer a {@link java.lang.StringBuffer} object. - * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _behavior a {@link javassist.CtBehavior} object. - */ - protected synchronized void injectUrlAndLoader(StringBuffer _buffer, JavaId _jid, CtBehavior _behavior) { - // Only add the following if not yet existing - final StringBuffer buffer = new StringBuffer(); - buffer.append("Class vul_cls = null;"); // Different techniques will be used to determine the current method's class - buffer.append("ClassLoader vul_cls_ldr = null;"); - buffer.append("java.net.URL vul_cls_res = null;"); - if(_buffer.length()==0 || _buffer.indexOf(buffer.toString())==-1) - _buffer.insert(0, buffer); - - // Get the class object of the current class - int m = _behavior.getModifiers(); - if(Modifier.isStatic(m)) { - // See http://stackoverflow.com/questions/8275499/how-to-call-getclass-from-a-static-method-in-java - // Also see https://jboss-javassist.github.io/javassist/tutorial/tutorial2.html + protected VulasConfiguration vulasConfiguration = new VulasConfiguration(); - // Use MethodHandles.lookup().lookupClass() - _buffer.append("if(vul_cls==null) { try { vul_cls=java.lang.invoke.MethodHandles.lookup().lookupClass(); } catch(Exception e) {} }"); + /** + * Adds Java code to determine the URL of the resource from which the given class was loaded, and the class loader which loaded it. + * This information is available in the Java variables vul_cls_res and vul_cls_ldr. + * + * @param _buffer a {@link java.lang.StringBuffer} object. + * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _behavior a {@link javassist.CtBehavior} object. + */ + protected synchronized void injectUrlAndLoader( + StringBuffer _buffer, JavaId _jid, CtBehavior _behavior) { + // Only add the following if not yet existing + final StringBuffer buffer = new StringBuffer(); + buffer.append( + "Class vul_cls = null;"); // Different techniques will be used to determine the current + // method's class + buffer.append("ClassLoader vul_cls_ldr = null;"); + buffer.append("java.net.URL vul_cls_res = null;"); + if (_buffer.length() == 0 || _buffer.indexOf(buffer.toString()) == -1) + _buffer.insert(0, buffer); - // Option 3) Use fully-qualified class name --> fails for static methods in anonymous classes - //buffer.append("final Class vul_cls=").append(_jid.getDefinitionContext().getQualifiedName().replace('$', '.')).append(".class;"); + // Get the class object of the current class + int m = _behavior.getModifiers(); + if (Modifier.isStatic(m)) { + // See + // http://stackoverflow.com/questions/8275499/how-to-call-getclass-from-a-static-method-in-java + // Also see https://jboss-javassist.github.io/javassist/tutorial/tutorial2.html - // Results in the runtime call of "javassist.runtime.Desc.getClazz(String)" - // See https://jboss-javassist.github.io/javassist/tutorial/tutorial2.html - _buffer.append("if(vul_cls==null) { try { vul_cls=$class; } catch(Exception e) {} }"); + // Use MethodHandles.lookup().lookupClass() + _buffer.append( + "if(vul_cls==null) { try {" + + " vul_cls=java.lang.invoke.MethodHandles.lookup().lookupClass(); } catch(Exception" + + " e) {} }"); - // Results as is in a compile exception, commented out - //buffer.append("if(vul_cls==null) { try { vul_cls=new Object(){}.getClass().getEnclosingClass(); } catch(Exception e) {} }"); - } else { - // Results in the runtime call of "this.getClass()" - // For unknown reasons, the getClass method does sometimes not exist (even though every class should inherit from Object). - // The lack of the method causes a compile exception, which can be avoided by checking for its presence. - // Example: [pool-2-thread-1] INFO com.sap.psr.vulas.monitor.ClassVisitor - Exception while instrumenting JAVA METH [org.apache.struts2.views.jsp.ParamTag.getBean(ValueStack,HttpServletRequest,HttpServletResponse)]: [source error] getClass() not found in org.apache.struts2.views.jsp.ParamTag - if(this.hasGetClassMethod(_behavior.getDeclaringClass())) - _buffer.append("if(vul_cls==null) { try { vul_cls=$0.getClass(); } catch(Exception e) {} }"); + // Option 3) Use fully-qualified class name --> fails for static methods in anonymous classes + // buffer.append("final Class + // vul_cls=").append(_jid.getDefinitionContext().getQualifiedName().replace('$', + // '.')).append(".class;"); - // Use MethodHandles.lookup().lookupClass() - _buffer.append("if(vul_cls==null) { try { vul_cls=java.lang.invoke.MethodHandles.lookup().lookupClass(); } catch(Exception e) {} }"); + // Results in the runtime call of "javassist.runtime.Desc.getClazz(String)" + // See https://jboss-javassist.github.io/javassist/tutorial/tutorial2.html + _buffer.append("if(vul_cls==null) { try { vul_cls=$class; } catch(Exception e) {} }"); - // Results in the runtime call of "javassist.runtime.Desc.getClazz(String)" - _buffer.append("if(vul_cls==null) { try { vul_cls=$class; } catch(Exception e) {} }"); - } + // Results as is in a compile exception, commented out + // buffer.append("if(vul_cls==null) { try { vul_cls=new + // Object(){}.getClass().getEnclosingClass(); } catch(Exception e) {} }"); + } else { + // Results in the runtime call of "this.getClass()" + // For unknown reasons, the getClass method does sometimes not exist (even though every class + // should inherit from Object). + // The lack of the method causes a compile exception, which can be avoided by checking for its + // presence. + // Example: [pool-2-thread-1] INFO com.sap.psr.vulas.monitor.ClassVisitor - Exception while + // instrumenting JAVA METH + // [org.apache.struts2.views.jsp.ParamTag.getBean(ValueStack,HttpServletRequest,HttpServletResponse)]: [source error] getClass() not found in org.apache.struts2.views.jsp.ParamTag + if (this.hasGetClassMethod(_behavior.getDeclaringClass())) + _buffer.append( + "if(vul_cls==null) { try { vul_cls=$0.getClass(); } catch(Exception e) {} }"); - _buffer.append("if(vul_cls!=null && vul_cls_ldr==null && vul_cls_res==null) {"); - _buffer.append(" vul_cls_ldr = vul_cls.getClassLoader();"); - _buffer.append(" if(vul_cls_ldr!=null)"); - _buffer.append(" vul_cls_res = vul_cls_ldr.getResource(vul_cls.getName().replace('.', '/') + \".class\");"); - _buffer.append("}"); - } + // Use MethodHandles.lookup().lookupClass() + _buffer.append( + "if(vul_cls==null) { try {" + + " vul_cls=java.lang.invoke.MethodHandles.lookup().lookupClass(); } catch(Exception" + + " e) {} }"); - /** - * Adds Java code to obtain the stacktrace. - * This information is available in the Java variable vul_st. - * - * @param _buffer a {@link java.lang.StringBuffer} object. - * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _behavior a {@link javassist.CtBehavior} object. - */ - protected synchronized void injectStacktrace(StringBuffer _buffer, JavaId _jid, CtBehavior _behavior) { - final String decl = "StackTraceElement[] vul_st = null;"; - if(_buffer.length()==0 || _buffer.indexOf(decl.toString())==-1) - _buffer.insert(0, decl); - _buffer.append("if(vul_st==null) { vul_st = new Throwable().getStackTrace(); }"); - } - - private boolean hasGetClassMethod(CtClass _c) { - final CtMethod[] methods = _c.getMethods(); - for(CtMethod m: methods) { - if(m.getLongName().equals("java.lang.Object.getClass()")) - return true; - } - return false; - } + // Results in the runtime call of "javassist.runtime.Desc.getClazz(String)" + _buffer.append("if(vul_cls==null) { try { vul_cls=$class; } catch(Exception e) {} }"); + } + + _buffer.append("if(vul_cls!=null && vul_cls_ldr==null && vul_cls_res==null) {"); + _buffer.append(" vul_cls_ldr = vul_cls.getClassLoader();"); + _buffer.append(" if(vul_cls_ldr!=null)"); + _buffer.append( + " vul_cls_res = vul_cls_ldr.getResource(vul_cls.getName().replace('.', '/') +" + + " \".class\");"); + _buffer.append("}"); + } + + /** + * Adds Java code to obtain the stacktrace. + * This information is available in the Java variable vul_st. + * + * @param _buffer a {@link java.lang.StringBuffer} object. + * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _behavior a {@link javassist.CtBehavior} object. + */ + protected synchronized void injectStacktrace( + StringBuffer _buffer, JavaId _jid, CtBehavior _behavior) { + final String decl = "StackTraceElement[] vul_st = null;"; + if (_buffer.length() == 0 || _buffer.indexOf(decl.toString()) == -1) _buffer.insert(0, decl); + _buffer.append("if(vul_st==null) { vul_st = new Throwable().getStackTrace(); }"); + } + + private boolean hasGetClassMethod(CtClass _c) { + final CtMethod[] methods = _c.getMethods(); + for (CtMethod m : methods) { + if (m.getLongName().equals("java.lang.Object.getClass()")) return true; + } + return false; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassNameLoaderFilter.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassNameLoaderFilter.java index 5af81d078..8339864d1 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassNameLoaderFilter.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassNameLoaderFilter.java @@ -19,45 +19,39 @@ */ package com.sap.psr.vulas.monitor; - /** * Checks whether the provided class loader is of the given type, or whether it is a child of another class loader of that type. * Use 'org.apache.catalina.loader.WebappClassLoader', for instance, to only consider classes loaded/traced in the context of * Web applications deployed in Tomcat (but not classes loaded by parent class loaders, such as the system or bootstrap loader). */ public class ClassNameLoaderFilter implements LoaderFilter { - - private String classname = null; - private boolean acceptChilds = false; - - /** - *

Constructor for ClassNameLoaderFilter.

- * - * @param _classname a {@link java.lang.String} object. - * @param _accept_childs a boolean. - */ - public ClassNameLoaderFilter(String _classname, boolean _accept_childs) { - this.classname = _classname; - this.acceptChilds = _accept_childs; - } - - /** - * {@inheritDoc} - * - * Returns true of the given _loader is accepted by the filter. - */ - public boolean accept(Loader _loader) { - if(_loader.getClassLoader().getClass().getName().equals(this.classname)) - return true; - - if(!this.acceptChilds) - return false; - - final Loader parent = _loader.getParent(); - if(parent==null) - return false; - else - return this.accept(parent); - } + private String classname = null; + private boolean acceptChilds = false; + + /** + *

Constructor for ClassNameLoaderFilter.

+ * + * @param _classname a {@link java.lang.String} object. + * @param _accept_childs a boolean. + */ + public ClassNameLoaderFilter(String _classname, boolean _accept_childs) { + this.classname = _classname; + this.acceptChilds = _accept_childs; + } + + /** + * {@inheritDoc} + * + * Returns true of the given _loader is accepted by the filter. + */ + public boolean accept(Loader _loader) { + if (_loader.getClassLoader().getClass().getName().equals(this.classname)) return true; + + if (!this.acceptChilds) return false; + + final Loader parent = _loader.getParent(); + if (parent == null) return false; + else return this.accept(parent); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassPoolUpdater.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassPoolUpdater.java index 5d10e04f8..79bf1d221 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassPoolUpdater.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassPoolUpdater.java @@ -31,7 +31,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.java.JavaId; import com.sap.psr.vulas.shared.util.FileUtil; @@ -47,263 +46,274 @@ */ public class ClassPoolUpdater { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static ClassPoolUpdater instance = null; + + /** + * Created to contain the paths of the resources (JarFiles) loaded and + * analyzed be the reachability analyzer + */ + private ClassPool customClassPool = null; + + private Set appendedResources = null; + private boolean useDefault = true; + + /** + *

Constructor for ClassPoolUpdater.

+ */ + public ClassPoolUpdater() { + this(true); + } + + private ClassPoolUpdater(boolean _use_default) { + this.appendedResources = new HashSet(); + this.useDefault = _use_default; + if (_use_default) this.customClassPool = ClassPool.getDefault(); + else this.customClassPool = new ClassPool(); + } + + /** + * Returns an instance of {@link ClassPoolUpdater} making use of a custom Javassist {@link ClassPool}. + * This instance will be created at the time of the first call, later calls will return this instance. + * If the default {@link ClassPool} is sufficient, i.e., if no custom resources need to be added to its + * classpath, one can also create an instance using the public constructor. + * + * @return a {@link com.sap.psr.vulas.monitor.ClassPoolUpdater} object. + */ + public static synchronized ClassPoolUpdater getInstance() { + if (ClassPoolUpdater.instance == null) { + ClassPoolUpdater.instance = new ClassPoolUpdater(false); + } + return ClassPoolUpdater.instance; + } + + /** + *

getClasspaths.

+ * + * @param _files a {@link java.util.Set} object. + * @return a {@link java.util.Set} object. + */ + public Set getClasspaths(Set _files) { + Set paths = new HashSet(); + Path path = null; + for (Path file : _files) { + if (file.toFile().getName().endsWith(".jar")) { + paths.add(file); + } else { + path = this.getClasspath(file.toFile()); + if (path != null) paths.add(path); + } + } + return paths; + } - private static ClassPoolUpdater instance = null; + /** + * For a given class file, the method returns the directory .... + * + * @param _class_file a {@link java.io.File} object. + * @return a {@link java.nio.file.Path} object. + */ + public Path getClasspath(File _class_file) { + // Must have file extension "class" + if (!"class".equals(FileUtil.getFileExtension(_class_file))) + throw new IllegalArgumentException( + "Expected file with extension 'class', got [" + _class_file + "]"); - /** - * Created to contain the paths of the resources (JarFiles) loaded and - * analyzed be the reachability analyzer - */ - private ClassPool customClassPool = null; - private Set appendedResources = null; - private boolean useDefault = true; + Path dir = null; + Path p = null; + FileInputStream fis = null; + try { + fis = new FileInputStream(_class_file); + final CtClass ctclass = ClassPool.getDefault().makeClass(fis); + p = _class_file.toPath(); - /** - *

Constructor for ClassPoolUpdater.

- */ - public ClassPoolUpdater() { this(true); } - - private ClassPoolUpdater(boolean _use_default) { - this.appendedResources = new HashSet(); - this.useDefault = _use_default; - if(_use_default) - this.customClassPool = ClassPool.getDefault(); - else - this.customClassPool = new ClassPool(); - } - - /** - * Returns an instance of {@link ClassPoolUpdater} making use of a custom Javassist {@link ClassPool}. - * This instance will be created at the time of the first call, later calls will return this instance. - * If the default {@link ClassPool} is sufficient, i.e., if no custom resources need to be added to its - * classpath, one can also create an instance using the public constructor. - * - * @return a {@link com.sap.psr.vulas.monitor.ClassPoolUpdater} object. - */ - public static synchronized ClassPoolUpdater getInstance() { - if(ClassPoolUpdater.instance==null) { - ClassPoolUpdater.instance = new ClassPoolUpdater(false); - } - return ClassPoolUpdater.instance; - } + // Distinguish absolute and relative paths + if (p.isAbsolute()) { + dir = + p.subpath( + 0, p.getNameCount() - 1); // Root is lost, as subpath always returns relative paths + dir = p.getRoot().resolve(dir); + } else { + dir = p.subpath(0, p.getNameCount() - 1); + dir = dir.toAbsolutePath().normalize(); + } - /** - *

getClasspaths.

- * - * @param _files a {@link java.util.Set} object. - * @return a {@link java.util.Set} object. - */ - public Set getClasspaths(Set _files) { - Set paths = new HashSet(); - Path path = null; - for(Path file: _files) { - if(file.toFile().getName().endsWith(".jar")) { - paths.add(file); - } - else { - path = this.getClasspath(file.toFile()); - if(path!=null) - paths.add(path); - } - } - return paths; - } + final Path package_dir = this.getPackagePath(ctclass); - /** - * For a given class file, the method returns the directory .... - * - * @param _class_file a {@link java.io.File} object. - * @return a {@link java.nio.file.Path} object. - */ - public Path getClasspath(File _class_file) { - // Must have file extension "class" - if(!"class".equals(FileUtil.getFileExtension(_class_file))) - throw new IllegalArgumentException("Expected file with extension 'class', got [" + _class_file + "]"); + // Class w/o package: Take dir as is + if (package_dir == null) { + } - Path dir = null; - Path p = null; - FileInputStream fis = null; - try { - fis= new FileInputStream(_class_file); - final CtClass ctclass = ClassPool.getDefault().makeClass(fis); - p = _class_file.toPath(); - - // Distinguish absolute and relative paths - if(p.isAbsolute()) { - dir = p.subpath(0, p.getNameCount()-1); // Root is lost, as subpath always returns relative paths - dir = p.getRoot().resolve(dir); - } else { - dir = p.subpath(0, p.getNameCount()-1); - dir = dir.toAbsolutePath().normalize(); - } - - final Path package_dir = this.getPackagePath(ctclass); + // Class w/ package, remove package related folders from dir + else { - // Class w/o package: Take dir as is - if(package_dir==null) {} + // If the package dirs name is equal to the last name of pdir, remove the last name of pdir + // Before while loop: pdir=/home/xyz/org/apache/x/y/z and package_dir=x/y/z + // After while loop (if successful): pdir=/home/xyz/ + // After while loop (if unsuccessful): pdir=null + int current_idx = package_dir.getNameCount(); + Path name = null, root = dir.getRoot(); + while (current_idx-- > 0) { + name = package_dir.getName(current_idx); + if (dir.getName(dir.getNameCount() - 1).equals(name)) { + dir = dir.subpath(0, dir.getNameCount() - 1); + } else { + dir = null; + break; + } + } + if (dir != null && root != null) dir = root.resolve(dir); + } + } catch (FileNotFoundException e) { + ClassPoolUpdater.log.error("", e); + dir = null; + } catch (IOException e) { + ClassPoolUpdater.log.error("", e); + dir = null; + } catch (RuntimeException e) { + ClassPoolUpdater.log.error("", e); + dir = null; + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException e) { + ClassPoolUpdater.log.error("Error closing input stream: " + e.getMessage(), e); + } + } + } + return dir; + } - // Class w/ package, remove package related folders from dir - else { + /** + * Appends a directory to the classpath of the default {@link ClassPool}. This directory corresponds to the + * given file minus the path elements that correspond to the Java package structure of the given {@link CtClass}. + * Returns true if the path has been appended, false otherwise. + * + * @param _ctclass a {@link javassist.CtClass} object. + * @param _file a {@link java.io.File} object. + * @return a boolean. + */ + public boolean updateClasspath(CtClass _ctclass, File _file) { + // Append (null handled in other method) + return this.appendToClasspath(this.getClasspath(_file)); + } - // If the package dirs name is equal to the last name of pdir, remove the last name of pdir - // Before while loop: pdir=/home/xyz/org/apache/x/y/z and package_dir=x/y/z - // After while loop (if successful): pdir=/home/xyz/ - // After while loop (if unsuccessful): pdir=null - int current_idx = package_dir.getNameCount(); - Path name = null, root = dir.getRoot(); - while(current_idx-->0) { - name = package_dir.getName(current_idx); - if(dir.getName(dir.getNameCount()-1).equals(name)) { - dir = dir.subpath(0, dir.getNameCount()-1); - } - else { - dir = null; - break; - } - } - if(dir!=null && root!=null) - dir = root.resolve(dir); - } - } catch (FileNotFoundException e) { - ClassPoolUpdater.log.error("", e); - dir = null; - } catch (IOException e) { - ClassPoolUpdater.log.error("", e); - dir = null; - } catch (RuntimeException e) { - ClassPoolUpdater.log.error("", e); - dir = null; - } finally { - if(fis!=null) { - try { - fis.close(); - } catch (IOException e) { - ClassPoolUpdater.log.error("Error closing input stream: " + e.getMessage(), e); - } - } - } - return dir; - } + /** + *

appendToClasspath.

+ * + * @param _paths a {@link java.util.Set} object. + */ + public void appendToClasspath(Set _paths) { + for (Path p : _paths) this.appendToClasspath(p); + } - /** - * Appends a directory to the classpath of the default {@link ClassPool}. This directory corresponds to the - * given file minus the path elements that correspond to the Java package structure of the given {@link CtClass}. - * Returns true if the path has been appended, false otherwise. - * - * @param _ctclass a {@link javassist.CtClass} object. - * @param _file a {@link java.io.File} object. - * @return a boolean. - */ - public boolean updateClasspath(CtClass _ctclass, File _file) { - // Append (null handled in other method) - return this.appendToClasspath(this.getClasspath(_file)); - } - - /** - *

appendToClasspath.

- * - * @param _paths a {@link java.util.Set} object. - */ - public void appendToClasspath(Set _paths) { - for(Path p: _paths) - this.appendToClasspath(p); - } + /** + * If not done already, appends the given {@link Path} to the classpath of the + * {@link ClassPoolUpdater#customClassPool}. + * + * @param _path a {@link java.nio.file.Path} object. + * @return a boolean. + */ + public synchronized boolean appendToClasspath(Path _path) { + boolean appended = false; + if (_path != null) { + final Path normalized = _path.normalize(); + if (!this.appendedResources.contains(normalized)) { + try { + this.customClassPool.appendClassPath(normalized.toString()); + this.appendedResources.add(normalized); + appended = true; + // ClassPoolUpdater.log.info("Appended [" + normalized + "] to the loadedResources class + // pool"); + } catch (NotFoundException e) { + ClassPoolUpdater.log.error( + "Not found exception while appending [" + + normalized + + "] to the custom class pool: " + + e.getMessage(), + e); + } catch (Exception e) { + ClassPoolUpdater.log.error( + "Error while appending [" + + normalized + + "] to the custom class pool: " + + e.getMessage(), + e); + } + } + } + return appended; + } - /** - * If not done already, appends the given {@link Path} to the classpath of the - * {@link ClassPoolUpdater#customClassPool}. - * - * @param _path a {@link java.nio.file.Path} object. - * @return a boolean. - */ - public synchronized boolean appendToClasspath(Path _path) { - boolean appended = false; - if(_path!=null) { - final Path normalized = _path.normalize(); - if(!this.appendedResources.contains(normalized)) { - try { - this.customClassPool.appendClassPath(normalized.toString()); - this.appendedResources.add(normalized); - appended = true; - //ClassPoolUpdater.log.info("Appended [" + normalized + "] to the loadedResources class pool"); - } catch (NotFoundException e) { - ClassPoolUpdater.log.error("Not found exception while appending [" + normalized + "] to the custom class pool: " + e.getMessage(), e); - } - catch (Exception e) { - ClassPoolUpdater.log.error("Error while appending [" + normalized + "] to the custom class pool: " + e.getMessage(), e); - } - } - } - return appended; - } - - /** - *

countClasspathElements.

- * - * @return a int. - */ - public int countClasspathElements() { - return this.appendedResources.size(); - } - - /** - * Resets the {@link ClassPoolUpdater} to its initial state. In particular, a new instance of the {@link ClassPool} will be created, and all - * all the {@link Path}s that have been added to its class path will be removed. - * - * @see ClassPoolUpdater#appendToClasspath(Path) - */ - public synchronized void reset() { - this.appendedResources.clear(); - if(this.useDefault) - this.customClassPool = ClassPool.getDefault(); - else - this.customClassPool = new ClassPool(); - } + /** + *

countClasspathElements.

+ * + * @return a int. + */ + public int countClasspathElements() { + return this.appendedResources.size(); + } - /** - * Returns a {@link ClassPool} object that can be populated using the methods - * {@link #appendToClasspath(java.nio.file.Path)} and {@link #appendToClasspath(Set)}. - * - * @return A {@link ClassPool} object, can be null if there is none - */ - public ClassPool getCustomClassPool() { return this.customClassPool; } + /** + * Resets the {@link ClassPoolUpdater} to its initial state. In particular, a new instance of the {@link ClassPool} will be created, and all + * all the {@link Path}s that have been added to its class path will be removed. + * + * @see ClassPoolUpdater#appendToClasspath(Path) + */ + public synchronized void reset() { + this.appendedResources.clear(); + if (this.useDefault) this.customClassPool = ClassPool.getDefault(); + else this.customClassPool = new ClassPool(); + } - /** - * This method look into the custom ClassPool and return a string with the - * physical path of the JAR if is present in the resources loaded into the - * ClassPool. If is not found it returns null - * PS: We can add to the ClassPool all the resources that we want using - * the methods {@link #appendToClasspath(java.nio.file.Path)} and {@link #appendToClasspath(Set)}. - * - * @param _cid the ConstructId that we want to search in the ClassPool - * @return the JAR path or null if is not found - */ - public URL getJarResourcePath(ConstructId _cid) { - URL url = null; - if(_cid instanceof JavaId) { - final JavaId jid = (JavaId)_cid; - if(jid.getType()==JavaId.Type.METHOD || jid.getType()==JavaId.Type.CONSTRUCTOR || jid.getType()==JavaId.Type.CLASSINIT) { - url = this.customClassPool.find(_cid.getDefinitionContext().getQualifiedName()); - } - else if(jid.getType()==JavaId.Type.CLASS || jid.getType()==JavaId.Type.INTERFACE || jid.getType()==JavaId.Type.ENUM || jid.getType()==JavaId.Type.NESTED_CLASS) { - url = this.customClassPool.find(_cid.getQualifiedName()); - } - } - return url; - } + /** + * Returns a {@link ClassPool} object that can be populated using the methods + * {@link #appendToClasspath(java.nio.file.Path)} and {@link #appendToClasspath(Set)}. + * + * @return A {@link ClassPool} object, can be null if there is none + */ + public ClassPool getCustomClassPool() { + return this.customClassPool; + } + /** + * This method look into the custom ClassPool and return a string with the + * physical path of the JAR if is present in the resources loaded into the + * ClassPool. If is not found it returns null + * PS: We can add to the ClassPool all the resources that we want using + * the methods {@link #appendToClasspath(java.nio.file.Path)} and {@link #appendToClasspath(Set)}. + * + * @param _cid the ConstructId that we want to search in the ClassPool + * @return the JAR path or null if is not found + */ + public URL getJarResourcePath(ConstructId _cid) { + URL url = null; + if (_cid instanceof JavaId) { + final JavaId jid = (JavaId) _cid; + if (jid.getType() == JavaId.Type.METHOD + || jid.getType() == JavaId.Type.CONSTRUCTOR + || jid.getType() == JavaId.Type.CLASSINIT) { + url = this.customClassPool.find(_cid.getDefinitionContext().getQualifiedName()); + } else if (jid.getType() == JavaId.Type.CLASS + || jid.getType() == JavaId.Type.INTERFACE + || jid.getType() == JavaId.Type.ENUM + || jid.getType() == JavaId.Type.NESTED_CLASS) { + url = this.customClassPool.find(_cid.getQualifiedName()); + } + } + return url; + } - /** - * Returns a path reflecting the package structure of the given {@link CtClass}. - * @param _ctclass - * @return - */ - private Path getPackagePath(CtClass _ctclass) { - final String package_name = _ctclass.getPackageName(); - if(package_name==null) - return null; - else - return Paths.get(package_name.replace('.', '/')); - } + /** + * Returns a path reflecting the package structure of the given {@link CtClass}. + * @param _ctclass + * @return + */ + private Path getPackagePath(CtClass _ctclass) { + final String package_name = _ctclass.getPackageName(); + if (package_name == null) return null; + else return Paths.get(package_name.replace('.', '/')); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassVisitor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassVisitor.java index d842dba75..fac5155c8 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassVisitor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ClassVisitor.java @@ -64,593 +64,695 @@ */ public class ClassVisitor { - // ====================================== STATIC MEMBERS - - private static Logger log = null; - private static final Logger getLog() { - if(ClassVisitor.log==null) - ClassVisitor.log = org.apache.logging.log4j.LogManager.getLogger(); - return ClassVisitor.log; - } - - // ====================================== INSTANCE MEMBERS - - private JavaId javaId = null; - private String qname = null; - private CtClass c = null; - - /** The outer class of nested classes. */ - private CtClass declaringClass = null; - - /** True if the class is already instrumented. */ - private Boolean isInstrumented = null; - - private String originalArchiveDigest = null; - private Application appContext = null; - private byte[] bytes = null; - - /** Major version of the class file format (see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html). */ - private int major = 0; - - /** Minor version of the class file format (see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html). */ - private int minor = 0; - - /** The constructs found in the given class. */ - private Set constructs = null; - - private boolean writeCodeToTmp = false; - - private String[] fieldAnnotations = null; - - /** - *

Constructor for ClassVisitor.

- * - * @param _c a {@link javassist.CtClass} object. - */ - public ClassVisitor(CtClass _c) { - // Build the JavaId - if(_c.isInterface()) - throw new IllegalArgumentException("[" + _c.getName() + "]: Interfaces are not supported"); - else if(_c.isEnum()) - this.javaId = JavaId.parseEnumQName(_c.getName()); - else - this.javaId = JavaId.parseClassQName(_c.getName()); - - this.qname = this.javaId.getQualifiedName(); - this.c = _c; - - // Remember major/minor - final ClassFile cf = _c.getClassFile(); - this.major = cf.getMajorVersion(); - this.minor = cf.getMinorVersion(); - - // For nested classes, get the declaring (outer) class: It is used to skip the first argument in non-static inner classes - try { - this.declaringClass = _c.getDeclaringClass(); - } catch (NotFoundException e) { - // Only a problem in case of non-static inner classes, because in that case the 1st argument of the constructor cannot be removed, cf. method visitConstructors(boolean) - if(!Modifier.isStatic(this.c.getModifiers())) - ClassVisitor.getLog().warn("No declaring class found for non-static inner class [" + this.javaId.getQualifiedName() + "]");//: " + e.getMessage()); - } - - this.writeCodeToTmp = VulasConfiguration.getGlobal().getConfiguration().getBoolean(CoreConfiguration.INSTR_WRITE_CODE, false); - - this.fieldAnnotations = VulasConfiguration.getGlobal().getStringArray(CoreConfiguration.INSTR_FLD_ANNOS, new String[] {}); - } - - /** - * Returns a set with the {@link ConstructId}s of all constructs contained in the given Java class, i.e., - * all methods, all constructors, the class or enumeration and the package (unless it is the default package, - * i.e., no package). - * - * @return a {@link java.util.Set} object. - */ - public Set getConstructs() { - if(this.constructs==null) { - this.constructs = new TreeSet(); - this.constructs.add(this.javaId); - - // Do not add the default package (qualified name=="") - // This makes the constructs obtained from java and class files more comparable - if(!this.javaId.getJavaPackageId().getSimpleName().equals("")) - this.constructs.add(this.javaId.getJavaPackageId()); - - try { - this.constructs.addAll(this.visitConstructors(false)); - this.constructs.addAll(this.visitMethods(false)); - } catch (CannotCompileException e) { - // Should never happen since we do not instrument in this case (argument is false) - } - } - return this.constructs; - } - - /** - *

isInstrumented.

- * - * @return a boolean. - */ - public synchronized boolean isInstrumented() { - if(this.isInstrumented==null) { - try { - this.c.getDeclaredField("VUL_CLS_INS"); - this.isInstrumented = new Boolean(true); - } - catch(NotFoundException e) { - this.isInstrumented = new Boolean(false); - } - } - return this.isInstrumented.booleanValue(); - } - - /** - *

visitMethods.

- * - * @param _instrument a boolean. - * @return a {@link java.util.Set} object. - * @throws javassist.CannotCompileException if any. - */ - public synchronized Set visitMethods(boolean _instrument) throws CannotCompileException { - final Set constructs = new HashSet(); - final CtMethod[] methods = this.c.getDeclaredMethods(); - - // Loop all methods - JavaId jid = null; - for(CtMethod meth : methods) { - jid = JavaId.parseMethodQName(this.javaId.getType(), ClassVisitor.removeParameterQualification(meth.getLongName())); - constructs.add(jid); - - // Instrument if requested, not yet done and possible (= not empty, as for abstract methods) - final boolean is_native = Modifier.isNative(meth.getModifiers()); - if(_instrument && !isInstrumented() && !meth.isEmpty() && !is_native && meth.getLongName().startsWith(this.qname)) { - try { - this.instrument(jid, meth); - } - // Can happen if dependencies of the class are not available in the ClassPool - catch (CannotCompileException ex) { - //ClassVisitor.getLog().info("Exception while instrumenting " + jid + ": " + ex.getMessage()); - throw ex; - } - } - } - ClassVisitor.getLog().debug("Class '" + this.qname + "': " + methods.length + " methods"); - return constructs; - } - - /** - *

visitConstructors.

- * - * @param _instrument a boolean. - * @return a {@link java.util.Set} object. - * @throws javassist.CannotCompileException if any. - */ - public synchronized Set visitConstructors(boolean _instrument) throws CannotCompileException { - final Set constructs = new HashSet(); - final CtConstructor[] constructors = this.c.getDeclaredConstructors(); - String constr_name = null; - JavaId jid = null; - - // Skip the first constructor parameter (added by the compiler for non-static classes)? - final String param_to_skip = ( this.declaringClass!=null && !Modifier.isStatic(this.c.getModifiers()) ? ClassVisitor.removePackageContext(this.declaringClass.getName()) : null ); - - // Static initializer exists: Add it to the constructs and instrument (if requested) - final CtConstructor initializer = this.c.getClassInitializer(); - if(initializer != null && this.javaId.getType()==Type.CLASS) { - jid = ((JavaClassId)this.javaId).getClassInit(); - constructs.add(jid); - - // Instrument if requested - if(_instrument && !isInstrumented() && !initializer.isEmpty() && initializer.getLongName().startsWith(this.qname)) { - try { - constr_name = this.removeParameterQualification(initializer.getLongName()); - this.instrument(jid, initializer); - } - // Can happen if dependencies of the class are not available in the ClassPool - catch (CannotCompileException ex) { - //ClassVisitor.getLog().error("Exception while instrumenting initializer [" + constr_name + "]: " + ex.getMessage()); - throw ex; - } - } - } - - // Loop all constructors and instrument (if requested) - for(CtConstructor constr : constructors) { - jid = JavaId.parseConstructorQName(this.javaId.getType(), ClassVisitor.removeParameterQualification(constr.getLongName()), param_to_skip); - constructs.add(jid); - - // Instrument if requested - if(_instrument && !isInstrumented() && !constr.isEmpty() && constr.getLongName().startsWith(this.qname)) { - try { - constr_name = this.removeParameterQualification(constr.getLongName()); - this.instrument(jid, constr); - } - // Can happen if dependencies of the class are not available in the ClassPool - catch (CannotCompileException ex) { - //ClassVisitor.getLog().error("Exception while instrumenting constructor [" + constr_name + "]: " + ex.getMessage()); - throw ex; - } - } - } - ClassVisitor.getLog().debug("Class '" + this.qname + "': " + constructors.length + " constructors"); - return constructs; - } - - private void instrument(JavaId _jid, CtBehavior _behavior) throws CannotCompileException { - // Loop all instrumentors to build the to-be-injected source code - final List instrumentorList = InstrumentorFactory.getInstrumentors(); - final Iterator iter = instrumentorList.iterator(); - final StringBuffer instrumentation_code = new StringBuffer(); - while(iter.hasNext()) { - IInstrumentor i = iter.next(); - if(i.acceptToInstrument(_jid, _behavior, this)) { - i.instrument(instrumentation_code, _jid, _behavior, this); - } - } - - // Return if there's nothing to inject - if(instrumentation_code.length()==0) - return; - - // If there's something to inject, surround it by a try clause - final StringBuffer source_code = new StringBuffer(); - source_code.append("try {"); - source_code.append(instrumentation_code.toString()); - source_code.append("}"); - source_code.append("catch(IllegalStateException ise) { throw ise; }"); - source_code.append("catch(Throwable e) { System.err.println(e.getClass().getName() + \" occurred during execution of instrumentation code in " + _jid.toString() + ": \" + e.getMessage()); }"); - - // Remember an exception (if any) and throw it at the end - CannotCompileException cce = null; - - // Inject the code - try { - if(_jid.getType().equals(JavaId.Type.CONSTRUCTOR) || _jid.getType().equals(JavaId.Type.CLASSINIT)) - _behavior.insertAfter(source_code.toString()); - else - _behavior.insertBefore(source_code.toString()); - } catch (CannotCompileException e) { - cce = e; - } - - // Write source and byte code to tmp - if(source_code.length()>0 && (this.writeCodeToTmp || cce!=null)) { - Path p = null; - try { - p = Paths.get(VulasConfiguration.getGlobal().getTmpDir().toString(), _jid.getJavaPackageId().getQualifiedName().replace('.','/'), _jid.getDefinitionContext().getName() + "." + _jid.getName().replace('<', '_').replace('>','_') + ".java"); - FileUtil.createDirectory(p.getParent()); - FileUtil.writeToFile(p.toFile(), ClassVisitor.prettyPrint(source_code.toString())); - - // Only log the writing of the source code in case of a previous exception - if(cce!=null) - ClassVisitor.getLog().warn("Compile exception when adding code to " + _jid + ": Instrumentation code written to file [" + p + "]"); - } catch (IOException e) { - ClassVisitor.getLog().warn("Cannot write instrumentation code of " + _jid + " to file [" + p + "]: " + e.getMessage()); - } catch(InvalidPathException ipe) { - ClassVisitor.getLog().warn("Cannot write instrumentation code of " + _jid + " to file [" + p + "]: " + ipe.getMessage()); - } - } - - // Throw exception (if any) - if(cce!=null) - throw cce; - } - - /** - * If called, the given SHA1 digest will be included in the instrumented code (as literal argument in the callback). - * Like this, the digest of the original JAR is preserved even if the instrumented class is written back to the - * archive. - * - * This method must be called prior to the invocation of visitMethods and visitConstructors, as the instrumentation - * code varies depending on whether the digest is known or not. - * - * @param _sha1 a {@link java.lang.String} object. - */ - public synchronized void setOriginalArchiveDigest(String _sha1) { this.originalArchiveDigest = _sha1; } - - /** - * If called, the application context (Maven groupId, artifactId and version) will be included in the instrumented code (as literal argument in the callback). - * Like this, the trace collector already knows the application context and does not need to determine it itself. - * * - * This method must be called prior to the invocation of visitMethods and visitConstructors, as the instrumentation - * code varies depending on whether the app context is known or not. - * - * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public synchronized void setAppContext(Application _ctx) { this.appContext = _ctx; } - - /** - * Adds one additional member to the class: A boolean to indicate that the class has been instrumented - * (so that later processes and threads do not need to do it again). - * - * @throws javassist.CannotCompileException if any. - * @throws java.io.IOException if any. - */ - public synchronized void finalizeInstrumentation() throws CannotCompileException, IOException { - // Add member to indicate that the class has been instrumented - if(!this.isInstrumented()) { - this.addBooleanMember("VUL_CLS_INS", true, true); - this.isInstrumented = new Boolean(true); - } - - // this.bytes = this.c.toBytecode(); - - // Alternatively, create the byte array from the classfile - final ByteArrayOutputStream bos = new ByteArrayOutputStream(); - final DataOutputStream dos = new DataOutputStream(bos); - final ClassFile cf = c.getClassFile(); - - // Set major and minor version of the new class file (max. JAVA 7), preferably from the original class file (as read in the constructor) - // Todo: Make max. version configurable - cf.setMajorVersion(Math.min(this.major, ClassFile.JAVA_7)); - cf.setMinorVersion(this.minor); - - cf.write(dos); - dos.flush(); - this.bytes = bos.toByteArray(); - - this.c.detach(); // Removes the CtClass from the ClassPool - - if(this.writeCodeToTmp) { - Path p = null; - try { - p = Paths.get(VulasConfiguration.getGlobal().getTmpDir().toString(), this.javaId.getJavaPackageId().getQualifiedName().replace('.','/'), this.javaId.getName().replace('<', '_').replace('>','_') + ".class"); - FileUtil.createDirectory(p.getParent()); - FileUtil.writeToFile(p.toFile(), this.bytes); - } catch(IOException e) { - ClassVisitor.getLog().warn("Cannot write bytecode of " + this.javaId+ " to file [" + p + "]: " + e.getMessage()); - } catch(InvalidPathException ipe) { - ClassVisitor.getLog().warn("Cannot write bytecode of " + this.javaId+ " to file [" + p + "]: " + ipe.getMessage()); - } - } - } - - /** - * Returns the byte code of the visited class. - * - * @return the byte code of the visited class - */ - public byte[] getBytecode() { return this.bytes.clone(); } - - /** - *

addBooleanMember.

- * - * @param _field_name a {@link java.lang.String} object. - * @param _value a boolean. - * @param _final a boolean. - * @throws javassist.CannotCompileException if any. - */ - public synchronized void addBooleanMember(String _field_name, boolean _value, boolean _final) throws CannotCompileException { - final CtField f = new CtField(CtClass.booleanType, _field_name, this.c); - if(!_final) - f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT); - else - f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT | Modifier.FINAL); - - // Avoid problems with JDO/JPA - this.addFieldAnnotations(f, this.fieldAnnotations); - - this.c.addField(f, new Boolean(_value).toString()); - } - - /** - * Adds the given annotations to the given field. Can be used to avoid problems with OR mappers by adding - * an annotation "javax.persistence.Transient". - * @param _fld - * @param _annotations - */ - private void addFieldAnnotations(CtField _fld, String[] _annotations) { - if(_annotations!=null && _annotations.length>0) { - final ConstPool cpool = this.c.getClassFile().getConstPool(); - final AnnotationsAttribute attr = new AnnotationsAttribute(cpool, AnnotationsAttribute.visibleTag); - for(String anno: _annotations) { - final Annotation annot = new Annotation(anno, cpool); - attr.addAnnotation(annot); - } - _fld.getFieldInfo().addAttribute(attr); - } - } - - /** - *

addIntMember.

- * - * @param _field_name a {@link java.lang.String} object. - * @param _final a boolean. - * @throws javassist.CannotCompileException if any. - */ - public synchronized void addIntMember(String _field_name, boolean _final) throws CannotCompileException { - final CtField f = new CtField(CtClass.intType, _field_name, this.c); - if(!_final) - f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT); - else - f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT | Modifier.FINAL); - - // Avoid problems with JDO/JPA - this.addFieldAnnotations(f, this.fieldAnnotations); - - this.c.addField(f, "0"); - } - - /** - * Generates a name for a class member. - * - * @param _prefix a {@link java.lang.String} object. - * @param _construct_name a {@link java.lang.String} object. - * @param _random_part a boolean. - * @return a {@link java.lang.String} object. - */ - public String getUniqueMemberName(String _prefix, String _construct_name, boolean _random_part) { - final StringBuffer b = new StringBuffer(); - if(_prefix!=null) b.append(_prefix); - if(_construct_name!=null) { - if(_prefix!=null) b.append("_"); - - // check if is a clinit removing <> - _construct_name = _construct_name.replace("<", "").replace(">", ""); - - b.append(_construct_name.toUpperCase()); - } - if(_random_part) { - if(_prefix!=null || _construct_name!=null) b.append("_"); - final String rnd = String.valueOf(Math.random()*10000000); - b.append(rnd.substring(0, rnd.indexOf('.'))); - } - return b.toString(); - } - - /** - * From http://docs.oracle.com/javase/specs/jls/se7/html/jls-3.html#jls-3.8: - * - * The "Java letters" include uppercase and lowercase ASCII Latin letters A-Z (\u0041-\u005a), - * and a-z (\u0061-\u007a), and, for historical reasons, the ASCII underscore (_, or \u005f) and dollar sign ($, or \u0024). - * The $ character should be used only in mechanically generated source code or, rarely, to access pre-existing names on legacy systems. - * The "Java digits" include the ASCII digits 0-9 (\u0030-\u0039). - */ - private static Pattern QUALIFIED_TYPE_PATTERN = null; - private static Pattern getClassPattern() { - if(QUALIFIED_TYPE_PATTERN==null) - QUALIFIED_TYPE_PATTERN = Pattern.compile("([0-9a-zA-Z_\\.\\$]*\\.)([a-zA-Z0-9_\\$]*)"); - return QUALIFIED_TYPE_PATTERN; - } - - private static Pattern NESTED_CLASS_PATTERN = null; - private static Pattern getNestedClassPattern() { - if(NESTED_CLASS_PATTERN==null) - NESTED_CLASS_PATTERN = Pattern.compile("([0-9a-zA-Z_\\$]*\\$)([a-zA-Z0-9_]*)"); - return NESTED_CLASS_PATTERN; - } - - /** - * Removes package information (if any) from method and constructor parameters. - * Previously, a string tokenizer split the given {@link String} at every comma, - * which led to problems in case of Map parameters (e.g., Map<String,Object>). - * The current implementation uses the regular expression {@link ClassVisitor#QUALIFIED_TYPE_PATTERN}. - * - * @param _string a String with qualified parameter types - * @return a a String where the package info of qualified parameter types has been removed - */ - public static String removeParameterQualification(String _string) { - final StringBuilder b = new StringBuilder(); - - // Get everything between the brackets - final int i = _string.indexOf("("); - final int j = _string.lastIndexOf(")"); - if(i==-1 || j==-1) - throw new IllegalArgumentException("Method has no round brackets: [" + _string + "]"); - - b.append(_string.substring(0, i+1)); - b.append(ClassVisitor.removePackageContext(_string.substring(i+1, j))); - b.append(_string.substring(j)); - return b.toString(); - } - - /** - *

removePackageContext.

- * - * @param _string a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public static String removePackageContext(String _string) { - final StringBuilder b = new StringBuilder(); - - // Find and replace pattern - final Matcher m = ClassVisitor.getClassPattern().matcher(_string); - Matcher nested_class_matcher = null; - int idx = 0; - String class_name = null; - while(m.find()) { - b.append(_string.substring(idx, m.start())); - - // Found class name, now check if nested - class_name = m.group(2); - nested_class_matcher = ClassVisitor.getNestedClassPattern().matcher(class_name); - if(nested_class_matcher.matches()) { - b.append(nested_class_matcher.group(2)); - } - else { - b.append(class_name); - } - idx = m.end(); - } - - // Append the remainders - b.append(_string.substring(idx)); - - return b.toString(); - } - - /** - *

Getter for the field javaId.

- * - * @return a {@link com.sap.psr.vulas.java.JavaId} object. - */ - public JavaId getJavaId() { return this.javaId; } - - /** - *

getCtClass.

- * - * @return a {@link javassist.CtClass} object. - */ - public CtClass getCtClass() { return this.c; } - - /** - *

getArchiveDigest.

- * - * @return a {@link java.lang.String} object. - */ - public String getArchiveDigest() { return this.originalArchiveDigest; } - - /** - *

Getter for the field appContext.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public Application getAppContext() { return this.appContext; } - - /** - *

Getter for the field qname.

- * - * @return a {@link java.lang.String} object. - */ - public String getQname() { return this.qname; } - - /** - *

Getter for the field originalArchiveDigest.

- * - * @return a {@link java.lang.String} object. - */ - public String getOriginalArchiveDigest() { return this.originalArchiveDigest; } - - /** - *

prettyPrint.

- * - * @param _src a {@link java.lang.String} object. - * @return a {@link java.lang.String} object. - */ - public final static String prettyPrint(String _src) { - final String n = System.getProperty("line.separator"); - final String indent = " "; - final StringBuffer b = new StringBuffer(); - int lvl = 0; - for(int i=0; i<_src.length(); i++) { - char c = _src.charAt(i); - switch(c) { - case ';': - b.append(c).append(n).append(getIndent(indent, lvl)); break; - case '{': - b.append(c).append(n).append(getIndent(indent, ++lvl)); break; - case '}': - b.append(c).append(n).append(getIndent(indent, --lvl)); break; - default: - b.append(c); - } - } - return b.toString(); - } - - private static String getIndent(String _c, int _i) { - final StringBuffer b = new StringBuffer(); - for(int i=0; i<_i; i++) - b.append(_c); - return b.toString(); - } + // ====================================== STATIC MEMBERS + + private static Logger log = null; + + private static final Logger getLog() { + if (ClassVisitor.log == null) + ClassVisitor.log = org.apache.logging.log4j.LogManager.getLogger(); + return ClassVisitor.log; + } + + // ====================================== INSTANCE MEMBERS + + private JavaId javaId = null; + private String qname = null; + private CtClass c = null; + + /** The outer class of nested classes. */ + private CtClass declaringClass = null; + + /** True if the class is already instrumented. */ + private Boolean isInstrumented = null; + + private String originalArchiveDigest = null; + private Application appContext = null; + private byte[] bytes = null; + + /** Major version of the class file format (see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html). */ + private int major = 0; + + /** Minor version of the class file format (see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html). */ + private int minor = 0; + + /** The constructs found in the given class. */ + private Set constructs = null; + + private boolean writeCodeToTmp = false; + + private String[] fieldAnnotations = null; + + /** + *

Constructor for ClassVisitor.

+ * + * @param _c a {@link javassist.CtClass} object. + */ + public ClassVisitor(CtClass _c) { + // Build the JavaId + if (_c.isInterface()) + throw new IllegalArgumentException("[" + _c.getName() + "]: Interfaces are not supported"); + else if (_c.isEnum()) this.javaId = JavaId.parseEnumQName(_c.getName()); + else this.javaId = JavaId.parseClassQName(_c.getName()); + + this.qname = this.javaId.getQualifiedName(); + this.c = _c; + + // Remember major/minor + final ClassFile cf = _c.getClassFile(); + this.major = cf.getMajorVersion(); + this.minor = cf.getMinorVersion(); + + // For nested classes, get the declaring (outer) class: It is used to skip the first argument in + // non-static inner classes + try { + this.declaringClass = _c.getDeclaringClass(); + } catch (NotFoundException e) { + // Only a problem in case of non-static inner classes, because in that case the 1st argument + // of the constructor cannot be removed, cf. method visitConstructors(boolean) + if (!Modifier.isStatic(this.c.getModifiers())) + ClassVisitor.getLog() + .warn( + "No declaring class found for non-static inner class [" + + this.javaId.getQualifiedName() + + "]"); // : " + e.getMessage()); + } + + this.writeCodeToTmp = + VulasConfiguration.getGlobal() + .getConfiguration() + .getBoolean(CoreConfiguration.INSTR_WRITE_CODE, false); + + this.fieldAnnotations = + VulasConfiguration.getGlobal() + .getStringArray(CoreConfiguration.INSTR_FLD_ANNOS, new String[] {}); + } + + /** + * Returns a set with the {@link ConstructId}s of all constructs contained in the given Java class, i.e., + * all methods, all constructors, the class or enumeration and the package (unless it is the default package, + * i.e., no package). + * + * @return a {@link java.util.Set} object. + */ + public Set getConstructs() { + if (this.constructs == null) { + this.constructs = new TreeSet(); + this.constructs.add(this.javaId); + + // Do not add the default package (qualified name=="") + // This makes the constructs obtained from java and class files more comparable + if (!this.javaId.getJavaPackageId().getSimpleName().equals("")) + this.constructs.add(this.javaId.getJavaPackageId()); + + try { + this.constructs.addAll(this.visitConstructors(false)); + this.constructs.addAll(this.visitMethods(false)); + } catch (CannotCompileException e) { + // Should never happen since we do not instrument in this case (argument is false) + } + } + return this.constructs; + } + + /** + *

isInstrumented.

+ * + * @return a boolean. + */ + public synchronized boolean isInstrumented() { + if (this.isInstrumented == null) { + try { + this.c.getDeclaredField("VUL_CLS_INS"); + this.isInstrumented = new Boolean(true); + } catch (NotFoundException e) { + this.isInstrumented = new Boolean(false); + } + } + return this.isInstrumented.booleanValue(); + } + + /** + *

visitMethods.

+ * + * @param _instrument a boolean. + * @return a {@link java.util.Set} object. + * @throws javassist.CannotCompileException if any. + */ + public synchronized Set visitMethods(boolean _instrument) + throws CannotCompileException { + final Set constructs = new HashSet(); + final CtMethod[] methods = this.c.getDeclaredMethods(); + + // Loop all methods + JavaId jid = null; + for (CtMethod meth : methods) { + jid = + JavaId.parseMethodQName( + this.javaId.getType(), ClassVisitor.removeParameterQualification(meth.getLongName())); + constructs.add(jid); + + // Instrument if requested, not yet done and possible (= not empty, as for abstract methods) + final boolean is_native = Modifier.isNative(meth.getModifiers()); + if (_instrument + && !isInstrumented() + && !meth.isEmpty() + && !is_native + && meth.getLongName().startsWith(this.qname)) { + try { + this.instrument(jid, meth); + } + // Can happen if dependencies of the class are not available in the ClassPool + catch (CannotCompileException ex) { + // ClassVisitor.getLog().info("Exception while instrumenting " + jid + ": " + + // ex.getMessage()); + throw ex; + } + } + } + ClassVisitor.getLog().debug("Class '" + this.qname + "': " + methods.length + " methods"); + return constructs; + } + + /** + *

visitConstructors.

+ * + * @param _instrument a boolean. + * @return a {@link java.util.Set} object. + * @throws javassist.CannotCompileException if any. + */ + public synchronized Set visitConstructors(boolean _instrument) + throws CannotCompileException { + final Set constructs = new HashSet(); + final CtConstructor[] constructors = this.c.getDeclaredConstructors(); + String constr_name = null; + JavaId jid = null; + + // Skip the first constructor parameter (added by the compiler for non-static classes)? + final String param_to_skip = + (this.declaringClass != null && !Modifier.isStatic(this.c.getModifiers()) + ? ClassVisitor.removePackageContext(this.declaringClass.getName()) + : null); + + // Static initializer exists: Add it to the constructs and instrument (if requested) + final CtConstructor initializer = this.c.getClassInitializer(); + if (initializer != null && this.javaId.getType() == Type.CLASS) { + jid = ((JavaClassId) this.javaId).getClassInit(); + constructs.add(jid); + + // Instrument if requested + if (_instrument + && !isInstrumented() + && !initializer.isEmpty() + && initializer.getLongName().startsWith(this.qname)) { + try { + constr_name = this.removeParameterQualification(initializer.getLongName()); + this.instrument(jid, initializer); + } + // Can happen if dependencies of the class are not available in the ClassPool + catch (CannotCompileException ex) { + // ClassVisitor.getLog().error("Exception while instrumenting initializer [" + constr_name + // + "]: " + ex.getMessage()); + throw ex; + } + } + } + + // Loop all constructors and instrument (if requested) + for (CtConstructor constr : constructors) { + jid = + JavaId.parseConstructorQName( + this.javaId.getType(), + ClassVisitor.removeParameterQualification(constr.getLongName()), + param_to_skip); + constructs.add(jid); + + // Instrument if requested + if (_instrument + && !isInstrumented() + && !constr.isEmpty() + && constr.getLongName().startsWith(this.qname)) { + try { + constr_name = this.removeParameterQualification(constr.getLongName()); + this.instrument(jid, constr); + } + // Can happen if dependencies of the class are not available in the ClassPool + catch (CannotCompileException ex) { + // ClassVisitor.getLog().error("Exception while instrumenting constructor [" + constr_name + // + "]: " + ex.getMessage()); + throw ex; + } + } + } + ClassVisitor.getLog() + .debug("Class '" + this.qname + "': " + constructors.length + " constructors"); + return constructs; + } + + private void instrument(JavaId _jid, CtBehavior _behavior) throws CannotCompileException { + // Loop all instrumentors to build the to-be-injected source code + final List instrumentorList = InstrumentorFactory.getInstrumentors(); + final Iterator iter = instrumentorList.iterator(); + final StringBuffer instrumentation_code = new StringBuffer(); + while (iter.hasNext()) { + IInstrumentor i = iter.next(); + if (i.acceptToInstrument(_jid, _behavior, this)) { + i.instrument(instrumentation_code, _jid, _behavior, this); + } + } + + // Return if there's nothing to inject + if (instrumentation_code.length() == 0) return; + + // If there's something to inject, surround it by a try clause + final StringBuffer source_code = new StringBuffer(); + source_code.append("try {"); + source_code.append(instrumentation_code.toString()); + source_code.append("}"); + source_code.append("catch(IllegalStateException ise) { throw ise; }"); + source_code.append( + "catch(Throwable e) { System.err.println(e.getClass().getName() + \" occurred during" + + " execution of instrumentation code in " + + _jid.toString() + + ": \" + e.getMessage()); }"); + + // Remember an exception (if any) and throw it at the end + CannotCompileException cce = null; + + // Inject the code + try { + if (_jid.getType().equals(JavaId.Type.CONSTRUCTOR) + || _jid.getType().equals(JavaId.Type.CLASSINIT)) + _behavior.insertAfter(source_code.toString()); + else _behavior.insertBefore(source_code.toString()); + } catch (CannotCompileException e) { + cce = e; + } + + // Write source and byte code to tmp + if (source_code.length() > 0 && (this.writeCodeToTmp || cce != null)) { + Path p = null; + try { + p = + Paths.get( + VulasConfiguration.getGlobal().getTmpDir().toString(), + _jid.getJavaPackageId().getQualifiedName().replace('.', '/'), + _jid.getDefinitionContext().getName() + + "." + + _jid.getName().replace('<', '_').replace('>', '_') + + ".java"); + FileUtil.createDirectory(p.getParent()); + FileUtil.writeToFile(p.toFile(), ClassVisitor.prettyPrint(source_code.toString())); + + // Only log the writing of the source code in case of a previous exception + if (cce != null) + ClassVisitor.getLog() + .warn( + "Compile exception when adding code to " + + _jid + + ": Instrumentation code written to file [" + + p + + "]"); + } catch (IOException e) { + ClassVisitor.getLog() + .warn( + "Cannot write instrumentation code of " + + _jid + + " to file [" + + p + + "]: " + + e.getMessage()); + } catch (InvalidPathException ipe) { + ClassVisitor.getLog() + .warn( + "Cannot write instrumentation code of " + + _jid + + " to file [" + + p + + "]: " + + ipe.getMessage()); + } + } + + // Throw exception (if any) + if (cce != null) throw cce; + } + + /** + * If called, the given SHA1 digest will be included in the instrumented code (as literal argument in the callback). + * Like this, the digest of the original JAR is preserved even if the instrumented class is written back to the + * archive. + * + * This method must be called prior to the invocation of visitMethods and visitConstructors, as the instrumentation + * code varies depending on whether the digest is known or not. + * + * @param _sha1 a {@link java.lang.String} object. + */ + public synchronized void setOriginalArchiveDigest(String _sha1) { + this.originalArchiveDigest = _sha1; + } + + /** + * If called, the application context (Maven groupId, artifactId and version) will be included in the instrumented code (as literal argument in the callback). + * Like this, the trace collector already knows the application context and does not need to determine it itself. + * * + * This method must be called prior to the invocation of visitMethods and visitConstructors, as the instrumentation + * code varies depending on whether the app context is known or not. + * + * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public synchronized void setAppContext(Application _ctx) { + this.appContext = _ctx; + } + + /** + * Adds one additional member to the class: A boolean to indicate that the class has been instrumented + * (so that later processes and threads do not need to do it again). + * + * @throws javassist.CannotCompileException if any. + * @throws java.io.IOException if any. + */ + public synchronized void finalizeInstrumentation() throws CannotCompileException, IOException { + // Add member to indicate that the class has been instrumented + if (!this.isInstrumented()) { + this.addBooleanMember("VUL_CLS_INS", true, true); + this.isInstrumented = new Boolean(true); + } + + // this.bytes = this.c.toBytecode(); + + // Alternatively, create the byte array from the classfile + final ByteArrayOutputStream bos = new ByteArrayOutputStream(); + final DataOutputStream dos = new DataOutputStream(bos); + final ClassFile cf = c.getClassFile(); + + // Set major and minor version of the new class file (max. JAVA 7), preferably from the original + // class file (as read in the constructor) + // Todo: Make max. version configurable + cf.setMajorVersion(Math.min(this.major, ClassFile.JAVA_7)); + cf.setMinorVersion(this.minor); + + cf.write(dos); + dos.flush(); + this.bytes = bos.toByteArray(); + + this.c.detach(); // Removes the CtClass from the ClassPool + + if (this.writeCodeToTmp) { + Path p = null; + try { + p = + Paths.get( + VulasConfiguration.getGlobal().getTmpDir().toString(), + this.javaId.getJavaPackageId().getQualifiedName().replace('.', '/'), + this.javaId.getName().replace('<', '_').replace('>', '_') + ".class"); + FileUtil.createDirectory(p.getParent()); + FileUtil.writeToFile(p.toFile(), this.bytes); + } catch (IOException e) { + ClassVisitor.getLog() + .warn( + "Cannot write bytecode of " + + this.javaId + + " to file [" + + p + + "]: " + + e.getMessage()); + } catch (InvalidPathException ipe) { + ClassVisitor.getLog() + .warn( + "Cannot write bytecode of " + + this.javaId + + " to file [" + + p + + "]: " + + ipe.getMessage()); + } + } + } + + /** + * Returns the byte code of the visited class. + * + * @return the byte code of the visited class + */ + public byte[] getBytecode() { + return this.bytes.clone(); + } + + /** + *

addBooleanMember.

+ * + * @param _field_name a {@link java.lang.String} object. + * @param _value a boolean. + * @param _final a boolean. + * @throws javassist.CannotCompileException if any. + */ + public synchronized void addBooleanMember(String _field_name, boolean _value, boolean _final) + throws CannotCompileException { + final CtField f = new CtField(CtClass.booleanType, _field_name, this.c); + if (!_final) f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT); + else f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT | Modifier.FINAL); + + // Avoid problems with JDO/JPA + this.addFieldAnnotations(f, this.fieldAnnotations); + + this.c.addField(f, new Boolean(_value).toString()); + } + + /** + * Adds the given annotations to the given field. Can be used to avoid problems with OR mappers by adding + * an annotation "javax.persistence.Transient". + * @param _fld + * @param _annotations + */ + private void addFieldAnnotations(CtField _fld, String[] _annotations) { + if (_annotations != null && _annotations.length > 0) { + final ConstPool cpool = this.c.getClassFile().getConstPool(); + final AnnotationsAttribute attr = + new AnnotationsAttribute(cpool, AnnotationsAttribute.visibleTag); + for (String anno : _annotations) { + final Annotation annot = new Annotation(anno, cpool); + attr.addAnnotation(annot); + } + _fld.getFieldInfo().addAttribute(attr); + } + } + + /** + *

addIntMember.

+ * + * @param _field_name a {@link java.lang.String} object. + * @param _final a boolean. + * @throws javassist.CannotCompileException if any. + */ + public synchronized void addIntMember(String _field_name, boolean _final) + throws CannotCompileException { + final CtField f = new CtField(CtClass.intType, _field_name, this.c); + if (!_final) f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT); + else f.setModifiers(Modifier.PUBLIC | Modifier.STATIC | Modifier.TRANSIENT | Modifier.FINAL); + + // Avoid problems with JDO/JPA + this.addFieldAnnotations(f, this.fieldAnnotations); + + this.c.addField(f, "0"); + } + + /** + * Generates a name for a class member. + * + * @param _prefix a {@link java.lang.String} object. + * @param _construct_name a {@link java.lang.String} object. + * @param _random_part a boolean. + * @return a {@link java.lang.String} object. + */ + public String getUniqueMemberName(String _prefix, String _construct_name, boolean _random_part) { + final StringBuffer b = new StringBuffer(); + if (_prefix != null) b.append(_prefix); + if (_construct_name != null) { + if (_prefix != null) b.append("_"); + + // check if is a clinit removing <> + _construct_name = _construct_name.replace("<", "").replace(">", ""); + + b.append(_construct_name.toUpperCase()); + } + if (_random_part) { + if (_prefix != null || _construct_name != null) b.append("_"); + final String rnd = String.valueOf(Math.random() * 10000000); + b.append(rnd.substring(0, rnd.indexOf('.'))); + } + return b.toString(); + } + + /** + * From http://docs.oracle.com/javase/specs/jls/se7/html/jls-3.html#jls-3.8: + * + * The "Java letters" include uppercase and lowercase ASCII Latin letters A-Z (\u0041-\u005a), + * and a-z (\u0061-\u007a), and, for historical reasons, the ASCII underscore (_, or \u005f) and dollar sign ($, or \u0024). + * The $ character should be used only in mechanically generated source code or, rarely, to access pre-existing names on legacy systems. + * The "Java digits" include the ASCII digits 0-9 (\u0030-\u0039). + */ + private static Pattern QUALIFIED_TYPE_PATTERN = null; + + private static Pattern getClassPattern() { + if (QUALIFIED_TYPE_PATTERN == null) + QUALIFIED_TYPE_PATTERN = Pattern.compile("([0-9a-zA-Z_\\.\\$]*\\.)([a-zA-Z0-9_\\$]*)"); + return QUALIFIED_TYPE_PATTERN; + } + + private static Pattern NESTED_CLASS_PATTERN = null; + + private static Pattern getNestedClassPattern() { + if (NESTED_CLASS_PATTERN == null) + NESTED_CLASS_PATTERN = Pattern.compile("([0-9a-zA-Z_\\$]*\\$)([a-zA-Z0-9_]*)"); + return NESTED_CLASS_PATTERN; + } + + /** + * Removes package information (if any) from method and constructor parameters. + * Previously, a string tokenizer split the given {@link String} at every comma, + * which led to problems in case of Map parameters (e.g., Map<String,Object>). + * The current implementation uses the regular expression {@link ClassVisitor#QUALIFIED_TYPE_PATTERN}. + * + * @param _string a String with qualified parameter types + * @return a a String where the package info of qualified parameter types has been removed + */ + public static String removeParameterQualification(String _string) { + final StringBuilder b = new StringBuilder(); + + // Get everything between the brackets + final int i = _string.indexOf("("); + final int j = _string.lastIndexOf(")"); + if (i == -1 || j == -1) + throw new IllegalArgumentException("Method has no round brackets: [" + _string + "]"); + + b.append(_string.substring(0, i + 1)); + b.append(ClassVisitor.removePackageContext(_string.substring(i + 1, j))); + b.append(_string.substring(j)); + return b.toString(); + } + + /** + *

removePackageContext.

+ * + * @param _string a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public static String removePackageContext(String _string) { + final StringBuilder b = new StringBuilder(); + + // Find and replace pattern + final Matcher m = ClassVisitor.getClassPattern().matcher(_string); + Matcher nested_class_matcher = null; + int idx = 0; + String class_name = null; + while (m.find()) { + b.append(_string.substring(idx, m.start())); + + // Found class name, now check if nested + class_name = m.group(2); + nested_class_matcher = ClassVisitor.getNestedClassPattern().matcher(class_name); + if (nested_class_matcher.matches()) { + b.append(nested_class_matcher.group(2)); + } else { + b.append(class_name); + } + idx = m.end(); + } + + // Append the remainders + b.append(_string.substring(idx)); + + return b.toString(); + } + + /** + *

Getter for the field javaId.

+ * + * @return a {@link com.sap.psr.vulas.java.JavaId} object. + */ + public JavaId getJavaId() { + return this.javaId; + } + + /** + *

getCtClass.

+ * + * @return a {@link javassist.CtClass} object. + */ + public CtClass getCtClass() { + return this.c; + } + + /** + *

getArchiveDigest.

+ * + * @return a {@link java.lang.String} object. + */ + public String getArchiveDigest() { + return this.originalArchiveDigest; + } + + /** + *

Getter for the field appContext.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public Application getAppContext() { + return this.appContext; + } + + /** + *

Getter for the field qname.

+ * + * @return a {@link java.lang.String} object. + */ + public String getQname() { + return this.qname; + } + + /** + *

Getter for the field originalArchiveDigest.

+ * + * @return a {@link java.lang.String} object. + */ + public String getOriginalArchiveDigest() { + return this.originalArchiveDigest; + } + + /** + *

prettyPrint.

+ * + * @param _src a {@link java.lang.String} object. + * @return a {@link java.lang.String} object. + */ + public static final String prettyPrint(String _src) { + final String n = System.getProperty("line.separator"); + final String indent = " "; + final StringBuffer b = new StringBuffer(); + int lvl = 0; + for (int i = 0; i < _src.length(); i++) { + char c = _src.charAt(i); + switch (c) { + case ';': + b.append(c).append(n).append(getIndent(indent, lvl)); + break; + case '{': + b.append(c).append(n).append(getIndent(indent, ++lvl)); + break; + case '}': + b.append(c).append(n).append(getIndent(indent, --lvl)); + break; + default: + b.append(c); + } + } + return b.toString(); + } + + private static String getIndent(String _c, int _i) { + final StringBuffer b = new StringBuffer(); + for (int i = 0; i < _i; i++) b.append(_c); + return b.toString(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/DynamicTransformer.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/DynamicTransformer.java index 44dc1884e..25e25432e 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/DynamicTransformer.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/DynamicTransformer.java @@ -30,7 +30,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.core.util.CoreConfiguration; import com.sap.psr.vulas.java.JarAnalyzer; import com.sap.psr.vulas.java.JarWriter; @@ -54,233 +53,275 @@ */ public class DynamicTransformer implements ClassFileTransformer { - // ====================================== STATIC MEMBERS - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static DynamicTransformer instance = null; - - // ====================================== INSTANCE MEMBERS - - private String id = new Double(Math.random()).toString(); - - private LoaderHierarchy loaderHierarchy = new LoaderHierarchy(); - - private InstrumentationControl instrControl = null; - - /** - * Determines whether classes will be instrumented or not. - * Checked in {@link DynamicTransformer#transform(ClassLoader, String, Class, ProtectionDomain, byte[])}. - * Will be changed to true only after a successful instantiation, otherwise - * the transform method will called to early (which results in StackOverflow problems). - */ - private boolean transformationEnabled = false; - - private DynamicTransformer() throws IllegalStateException { - this.instrControl = InstrumentationControl.getInstance(this.getClass().getSimpleName()); - - try { - if(!CoreConfiguration.existsInBackend(CoreConfiguration.getAppContext())) - throw new IllegalStateException("Application " + CoreConfiguration.getAppContext() + " does not exist in backend"); - } catch (ConfigurationException e) { - throw new IllegalStateException("Error while reading configuration: " + e.getMessage()); - } - - // Freeze a couple of classes - this.freezeClasses(); - } - - // ====================================== INSTANCE METHODS - - /** - * Called during the construction in order to have some classes frozen. - * @return - */ - private final void freezeClasses() { - try { - final JavaMethodId jmi = JavaId.parseMethodQName("com.sap.Test.test()"); - final ConstructUsage cu = new ConstructUsage(jmi, null, -1); - final Loader l = new Loader(this.getClass().getClassLoader()); - final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); - ConstructIdUtil.getInstance(); - final JarWriter jw = new JarWriter(Paths.get(DynamicTransformer.class.getClassLoader().getResource(DynamicTransformer.class.getName().replace('.', '/') + ".class").toString())); - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(Paths.get(DynamicTransformer.class.getClassLoader().getResource(DynamicTransformer.class.getName().replace('.', '/') + ".class").toString()).toFile()); - } - // Getting an exception does not matter in the context of freezing some classes - catch(Exception e) {;} - } - - /** - *

isTransformationEnabled.

- * - * @return a boolean. - */ - public boolean isTransformationEnabled() { return transformationEnabled; } - - /** - *

Setter for the field transformationEnabled.

- * - * @param transformationEnabled a boolean. - */ - public void setTransformationEnabled(boolean transformationEnabled) { this.transformationEnabled = transformationEnabled; } - - /** - *

Getter for the field loaderHierarchy.

- * - * @return a {@link com.sap.psr.vulas.monitor.LoaderHierarchy} object. - */ - public LoaderHierarchy getLoaderHierarchy() { return this.loaderHierarchy; } - - /** - * Adds instrumentation code to all constructors and methods of all classes (thereby considering certain - * blacklists and whitelists read from the configuration file). - *

- * The method is called by the JRE class loading process and returns the instrumented bytecode for a given - * class. - * - * @return the instrumented bytecode - * @param loader a {@link java.lang.ClassLoader} object. - * @param className a {@link java.lang.String} object. - * @param classBeingRedefined a {@link java.lang.Class} object. - * @param protectionDomain a {@link java.security.ProtectionDomain} object. - * @param classfileBuffer an array of {@link byte} objects. - * @throws java.lang.instrument.IllegalClassFormatException if any. - */ - public byte[] transform(ClassLoader loader, String className, - Class classBeingRedefined, ProtectionDomain protectionDomain, - byte[] classfileBuffer) throws IllegalClassFormatException { - - byte[] byteCode = classfileBuffer; - - // All methods of current class - Loader l = null; - CtClass c = null; - ClassVisitor cv = null; - - final String loader_classname = loader.getClass().getName(); - final String dot_classname = className.replace('/', '.'); - - //07.08.2015, HP: Added in order to load class definition for stacktrace transformation - if(loader.getParent()!=null) // && loader!=null - this.loaderHierarchy.add(loader); - - // We are not interested in instrumenting classes in the following cases: - // - loader==null || loader.getParent()==null: The class in question is loaded by the bootstrap loader, which loads class definitions from JRE_HOME/lib/ext. - // - loader is instance of sun.reflect.DelegatingClassLoader (created for the optimization of java.lang.reflect calls) or javax.management.remote.rmi.NoCallStackClassLoader (?) - // - classname is blacklisted - if(loader.getParent()!=null) {// && // && loader!=null - - // Let's add the loader to the class loader hierarchy - l = this.loaderHierarchy.add(loader); - - // Is the tracer (already) supposed to instrument? - // If not we spare us the expensive instrumentation (but assume it happened already before, for all JARs, so that the callback happens nevertheless) - if(this.isTransformationEnabled()) { - - // Blacklisted class according to the configuration parameters "instr.blacklist.classes.jre/custom"? - final boolean is_blacklisted_class = this.instrControl.isBlacklistedClass(dot_classname); - - // Class is blacklisted - if(!is_blacklisted_class) { - try { - ClassPool cp = l.getClassPool(); //ClassPool.getDefault(); - c = cp.get(dot_classname); - - // Blacklisted JAR according to the configuration parameters "instr.blacklist.jars/dirs"? - final boolean is_blacklisted_jar = this.instrControl.isBlacklistedJar(c.getURL()); - - // Instrument methods and constructors of classes (but not interfaces) - if(!is_blacklisted_jar && !c.isInterface()) { - cv = new ClassVisitor(c); - if(!cv.isInstrumented()) { - cv.visitMethods(true); - cv.visitConstructors(true); - cv.finalizeInstrumentation(); - byteCode = cv.getBytecode(); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(true)); - DynamicTransformer.log.debug("Class [" + dot_classname + "] now instrumented"); - } - else { - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); - DynamicTransformer.log.debug("Class [" + dot_classname + "] already instrumented"); - } - } - } - catch (IOException ioe) { - DynamicTransformer.log.error("I/O exception while instrumenting class [" + dot_classname + "]: " + ioe.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } - catch (CannotCompileException cce) { - DynamicTransformer.log.warn("Cannot compile instrumented class [" + dot_classname + "]: " + cce.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } - // Covers the following problems with Javassist and Java 8: "java.io.IOException: invalid constant type: 15" - catch (Exception e) { - DynamicTransformer.log.warn(e.getClass().getName() + " occured while instrumenting class [" + dot_classname + "]: " + e.getMessage()); - this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); - } - } - } - } - return byteCode; - } - - /** - *

toString.

- * - * @return a {@link java.lang.String} object. - */ - public String toString() { - final StringBuffer b = new StringBuffer(); - b.append("DynamicTransformer [id=").append(this.id); - b.append(", instrumentation enabled=").append(this.isTransformationEnabled()); - b.append("]"); - return b.toString(); - } - - // ====================================== STATIC METHODS - - /** - * Singleton method: Creates (if necessary) and returns the single instance that can be created for this class. - * - * @return a {@link com.sap.psr.vulas.monitor.DynamicTransformer} object. - */ - public static synchronized DynamicTransformer getInstance() { - if(DynamicTransformer.instance==null) { - // Disable trace collection during the instantiation process. As we use a couple of OSS components - // ourselves, we may end up in an endless loop and StackOverflow exceptions otherwise - //DynamicTransformer.TRACE_ENABLED = false; - - DynamicTransformer.instance = new DynamicTransformer(); - - // Now that the instance has been created, we enable tracing again - instance.setTransformationEnabled(true); - } - return DynamicTransformer.instance; - } - - /** - * Returns true if the Singleton has been created. - * - * @return a boolean. - */ - public static synchronized boolean isInstantiated() { return DynamicTransformer.instance!=null; } - - /** - *

premain.

- * - * @param agentArgs a {@link java.lang.String} object. - * @param inst a {@link java.lang.instrument.Instrumentation} object. - */ - public static void premain(String agentArgs, Instrumentation inst) { - // Create monitor, which will register upload scheduler and start goal execution - final ExecutionMonitor m = ExecutionMonitor.getInstance(); - - // Create and register transformer, which will inject the byte code using instrumentors - final DynamicTransformer t = DynamicTransformer.getInstance(); - inst.addTransformer(t); - - DynamicTransformer.log.info(t + " registered via JVM option -javaagent"); - } + // ====================================== STATIC MEMBERS + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static DynamicTransformer instance = null; + + // ====================================== INSTANCE MEMBERS + + private String id = new Double(Math.random()).toString(); + + private LoaderHierarchy loaderHierarchy = new LoaderHierarchy(); + + private InstrumentationControl instrControl = null; + + /** + * Determines whether classes will be instrumented or not. + * Checked in {@link DynamicTransformer#transform(ClassLoader, String, Class, ProtectionDomain, byte[])}. + * Will be changed to true only after a successful instantiation, otherwise + * the transform method will called to early (which results in StackOverflow problems). + */ + private boolean transformationEnabled = false; + + private DynamicTransformer() throws IllegalStateException { + this.instrControl = InstrumentationControl.getInstance(this.getClass().getSimpleName()); + + try { + if (!CoreConfiguration.existsInBackend(CoreConfiguration.getAppContext())) + throw new IllegalStateException( + "Application " + CoreConfiguration.getAppContext() + " does not exist in backend"); + } catch (ConfigurationException e) { + throw new IllegalStateException("Error while reading configuration: " + e.getMessage()); + } + + // Freeze a couple of classes + this.freezeClasses(); + } + + // ====================================== INSTANCE METHODS + + /** + * Called during the construction in order to have some classes frozen. + * @return + */ + private final void freezeClasses() { + try { + final JavaMethodId jmi = JavaId.parseMethodQName("com.sap.Test.test()"); + final ConstructUsage cu = new ConstructUsage(jmi, null, -1); + final Loader l = new Loader(this.getClass().getClassLoader()); + final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); + ConstructIdUtil.getInstance(); + final JarWriter jw = + new JarWriter( + Paths.get( + DynamicTransformer.class + .getClassLoader() + .getResource(DynamicTransformer.class.getName().replace('.', '/') + ".class") + .toString())); + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze( + Paths.get( + DynamicTransformer.class + .getClassLoader() + .getResource(DynamicTransformer.class.getName().replace('.', '/') + ".class") + .toString()) + .toFile()); + } + // Getting an exception does not matter in the context of freezing some classes + catch (Exception e) { + ; + } + } + + /** + *

isTransformationEnabled.

+ * + * @return a boolean. + */ + public boolean isTransformationEnabled() { + return transformationEnabled; + } + + /** + *

Setter for the field transformationEnabled.

+ * + * @param transformationEnabled a boolean. + */ + public void setTransformationEnabled(boolean transformationEnabled) { + this.transformationEnabled = transformationEnabled; + } + + /** + *

Getter for the field loaderHierarchy.

+ * + * @return a {@link com.sap.psr.vulas.monitor.LoaderHierarchy} object. + */ + public LoaderHierarchy getLoaderHierarchy() { + return this.loaderHierarchy; + } + + /** + * Adds instrumentation code to all constructors and methods of all classes (thereby considering certain + * blacklists and whitelists read from the configuration file). + *

+ * The method is called by the JRE class loading process and returns the instrumented bytecode for a given + * class. + * + * @return the instrumented bytecode + * @param loader a {@link java.lang.ClassLoader} object. + * @param className a {@link java.lang.String} object. + * @param classBeingRedefined a {@link java.lang.Class} object. + * @param protectionDomain a {@link java.security.ProtectionDomain} object. + * @param classfileBuffer an array of {@link byte} objects. + * @throws java.lang.instrument.IllegalClassFormatException if any. + */ + public byte[] transform( + ClassLoader loader, + String className, + Class classBeingRedefined, + ProtectionDomain protectionDomain, + byte[] classfileBuffer) + throws IllegalClassFormatException { + + byte[] byteCode = classfileBuffer; + + // All methods of current class + Loader l = null; + CtClass c = null; + ClassVisitor cv = null; + + final String loader_classname = loader.getClass().getName(); + final String dot_classname = className.replace('/', '.'); + + // 07.08.2015, HP: Added in order to load class definition for stacktrace transformation + if (loader.getParent() != null) // && loader!=null + this.loaderHierarchy.add(loader); + + // We are not interested in instrumenting classes in the following cases: + // - loader==null || loader.getParent()==null: The class in question is loaded by the bootstrap + // loader, which loads class definitions from JRE_HOME/lib/ext. + // - loader is instance of sun.reflect.DelegatingClassLoader (created for the optimization of + // java.lang.reflect calls) or javax.management.remote.rmi.NoCallStackClassLoader (?) + // - classname is blacklisted + if (loader.getParent() != null) { // && // && loader!=null + + // Let's add the loader to the class loader hierarchy + l = this.loaderHierarchy.add(loader); + + // Is the tracer (already) supposed to instrument? + // If not we spare us the expensive instrumentation (but assume it happened already before, + // for all JARs, so that the callback happens nevertheless) + if (this.isTransformationEnabled()) { + + // Blacklisted class according to the configuration parameters + // "instr.blacklist.classes.jre/custom"? + final boolean is_blacklisted_class = this.instrControl.isBlacklistedClass(dot_classname); + + // Class is blacklisted + if (!is_blacklisted_class) { + try { + ClassPool cp = l.getClassPool(); // ClassPool.getDefault(); + c = cp.get(dot_classname); + + // Blacklisted JAR according to the configuration parameters + // "instr.blacklist.jars/dirs"? + final boolean is_blacklisted_jar = this.instrControl.isBlacklistedJar(c.getURL()); + + // Instrument methods and constructors of classes (but not interfaces) + if (!is_blacklisted_jar && !c.isInterface()) { + cv = new ClassVisitor(c); + if (!cv.isInstrumented()) { + cv.visitMethods(true); + cv.visitConstructors(true); + cv.finalizeInstrumentation(); + byteCode = cv.getBytecode(); + this.instrControl.updateInstrumentationStatistics( + cv.getJavaId(), new Boolean(true)); + DynamicTransformer.log.debug("Class [" + dot_classname + "] now instrumented"); + } else { + this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); + DynamicTransformer.log.debug("Class [" + dot_classname + "] already instrumented"); + } + } + } catch (IOException ioe) { + DynamicTransformer.log.error( + "I/O exception while instrumenting class [" + + dot_classname + + "]: " + + ioe.getMessage()); + this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); + } catch (CannotCompileException cce) { + DynamicTransformer.log.warn( + "Cannot compile instrumented class [" + dot_classname + "]: " + cce.getMessage()); + this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); + } + // Covers the following problems with Javassist and Java 8: "java.io.IOException: invalid + // constant type: 15" + catch (Exception e) { + DynamicTransformer.log.warn( + e.getClass().getName() + + " occured while instrumenting class [" + + dot_classname + + "]: " + + e.getMessage()); + this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), new Boolean(false)); + } + } + } + } + return byteCode; + } + + /** + *

toString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toString() { + final StringBuffer b = new StringBuffer(); + b.append("DynamicTransformer [id=").append(this.id); + b.append(", instrumentation enabled=").append(this.isTransformationEnabled()); + b.append("]"); + return b.toString(); + } + + // ====================================== STATIC METHODS + + /** + * Singleton method: Creates (if necessary) and returns the single instance that can be created for this class. + * + * @return a {@link com.sap.psr.vulas.monitor.DynamicTransformer} object. + */ + public static synchronized DynamicTransformer getInstance() { + if (DynamicTransformer.instance == null) { + // Disable trace collection during the instantiation process. As we use a couple of OSS + // components + // ourselves, we may end up in an endless loop and StackOverflow exceptions otherwise + // DynamicTransformer.TRACE_ENABLED = false; + + DynamicTransformer.instance = new DynamicTransformer(); + + // Now that the instance has been created, we enable tracing again + instance.setTransformationEnabled(true); + } + return DynamicTransformer.instance; + } + + /** + * Returns true if the Singleton has been created. + * + * @return a boolean. + */ + public static synchronized boolean isInstantiated() { + return DynamicTransformer.instance != null; + } + + /** + *

premain.

+ * + * @param agentArgs a {@link java.lang.String} object. + * @param inst a {@link java.lang.instrument.Instrumentation} object. + */ + public static void premain(String agentArgs, Instrumentation inst) { + // Create monitor, which will register upload scheduler and start goal execution + final ExecutionMonitor m = ExecutionMonitor.getInstance(); + + // Create and register transformer, which will inject the byte code using instrumentors + final DynamicTransformer t = DynamicTransformer.getInstance(); + inst.addTransformer(t); + + DynamicTransformer.log.info(t + " registered via JVM option -javaagent"); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ExecutionMonitor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ExecutionMonitor.java index 66813517e..84e4092e8 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/ExecutionMonitor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/ExecutionMonitor.java @@ -42,198 +42,212 @@ */ public class ExecutionMonitor { - // ====================================== STATIC MEMBERS - - private static ExecutionMonitor instance = null; - - private static Logger log = null; - - private static boolean PAUSE_COLLECTION = false; - - // ====================================== INSTANCE MEMBERS - - private String id = new Double(Math.random()).toString(); - - private UploadScheduler shutdownUploader = null; - private UploadScheduler periodicUploader = null; - - /** - * The goal execution related to a trace collection, will be null for all context determination modes except FIXED. - * @see ApplicationContextFinder#isFixedMode() - */ - private AbstractGoal exe = null; - - /** - *

Constructor for ExecutionMonitor.

- */ - public ExecutionMonitor() { - try { - final Application app_ctx = CoreConfiguration.getAppContext(); - final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); - - // Always create and register shutdown uploader - this.shutdownUploader = new UploadScheduler(this); - Runtime.getRuntime().addShutdownHook(new Thread(this.shutdownUploader, "vulas-shutdown-trace-upload")); - - // Configure uploader: Create and start periodic uploader according to configuration - if(cfg.getBoolean(CoreConfiguration.MONI_PERIODIC_UPL_ENABLED, true)) - this.enablePeriodicUpload(cfg.getInt(CoreConfiguration.MONI_PERIODIC_UPL_INTERVAL, 300000), cfg.getInt(CoreConfiguration.MONI_PERIODIC_UPL_BATCH_SIZE, 1000)); - - // Goal execution - this.exe = new TestGoal(); - this.exe.setGoalClient(GoalClient.AGENT); - this.startGoal(); - } - catch(ConfigurationException ce) { - ExecutionMonitor.getLog().error(ce.getMessage()); - } - catch(GoalConfigurationException gce) { - ExecutionMonitor.getLog().error(gce.getMessage()); - } - } - - // ====================================== STATIC METHODS - - /** - *

Getter for the field instance.

- * - * @return a {@link com.sap.psr.vulas.monitor.ExecutionMonitor} object. - */ - public synchronized static ExecutionMonitor getInstance() { - if(ExecutionMonitor.instance==null) ExecutionMonitor.instance = new ExecutionMonitor(); - return ExecutionMonitor.instance; - } - - private static final Logger getLog() { - if(ExecutionMonitor.log==null) - ExecutionMonitor.log = org.apache.logging.log4j.LogManager.getLogger(); - return ExecutionMonitor.log; - } - - /** - *

isPaused.

- * - * @return a boolean. - */ - public static boolean isPaused() { return ExecutionMonitor.PAUSE_COLLECTION; } - /** - *

setPaused.

- * - * @param _bool a boolean. - */ - public static synchronized void setPaused(boolean _bool) { ExecutionMonitor.PAUSE_COLLECTION = _bool; } - - // ====================================== INSTANCE METHODS - - /** - *

toString.

- * - * @return a {@link java.lang.String} object. - */ - public String toString() { - final StringBuffer b = new StringBuffer(); - b.append("ExecutionMonitor [id=").append(this.id); - b.append(", periodicUpload=").append(this.isPeriodicUploadEnabled()); - if(this.isPeriodicUploadEnabled()) { - b.append(", interval=").append(this.getPeriodicUploadInterval()); - b.append(", batchSize=").append(this.getPeriodicUploadBatchSize()); - } - b.append("]"); - return b.toString(); - } - - /** - *

enablePeriodicUpload.

- * - * @param _interval a long. - * @param _batch_size a int. - */ - public void enablePeriodicUpload(long _interval, int _batch_size) { - this.periodicUploader = new UploadScheduler(this, _interval, _batch_size); - final Thread thread = new Thread(this.periodicUploader, "vulas-periodic-trace-upload"); - thread.setPriority(Thread.MIN_PRIORITY); - thread.start(); - this.shutdownUploader.addObserver(this.periodicUploader); - } - - /** - *

isPeriodicUploadEnabled.

- * - * @return a boolean. - */ - public boolean isPeriodicUploadEnabled() { return this.periodicUploader!=null && this.periodicUploader.isEnabled(); } - /** - *

getPeriodicUploadInterval.

- * - * @return a long. - */ - public long getPeriodicUploadInterval() { return (this.periodicUploader==null ? -1 : this.periodicUploader.getInterval()); }; - /** - *

getPeriodicUploadBatchSize.

- * - * @return a int. - */ - public int getPeriodicUploadBatchSize() { return (this.periodicUploader==null ? -1 : this.periodicUploader.getBatchSize()); }; - - /** - *

startGoal.

- * - * @throws com.sap.psr.vulas.goals.GoalConfigurationException if any. - */ - public void startGoal() throws GoalConfigurationException { - if(this.exe!=null) - this.exe.start(); - } - - /** - *

stopGoal.

- */ - public void stopGoal() { - if(this.exe!=null) { - this.exe.stop(); - - // Add instrumentation stats (if any) - exe.addGoalStats("test", InstrumentationControl.getOverallStatistics()); - - final List instrumentorList = InstrumentorFactory.getInstrumentors(); - final Iterator iter = instrumentorList.iterator(); - while(iter.hasNext()){ - final IInstrumentor i = iter.next(); - exe.addGoalStats("test." + i.getClass().getSimpleName(), i.getStatistics()); - } - - this.exe.upload(false); - } - } - - /** - * Iterates over all configured {@link IInstrumentor}s and calls {@link IInstrumentor#awaitUpload()} for each of them. - */ - public void awaitUpload() { - final List instrumentorList = InstrumentorFactory.getInstrumentors(); - final Iterator iter = instrumentorList.iterator(); - while(iter.hasNext()){ - final IInstrumentor i = iter.next(); - i.awaitUpload(); - } - } - - /** - * Calls {@link ExecutionMonitor#uploadInformation(int)} with a batch size of -1. - */ - public synchronized void uploadInformation() { this.uploadInformation(-1); } - - /** - * Iterates over all configured {@link IInstrumentor}s and calls {@link IInstrumentor#upladInformation(AbstractGoal, int)} for each of them. - * - * @param batchSize a int. - */ - public synchronized void uploadInformation(int batchSize) { - final List instrumentorList = InstrumentorFactory.getInstrumentors(); - final Iterator iter = instrumentorList.iterator(); - while(iter.hasNext()){ - final IInstrumentor i = iter.next(); - i.upladInformation(this.exe, batchSize); - } - } + // ====================================== STATIC MEMBERS + + private static ExecutionMonitor instance = null; + + private static Logger log = null; + + private static boolean PAUSE_COLLECTION = false; + + // ====================================== INSTANCE MEMBERS + + private String id = new Double(Math.random()).toString(); + + private UploadScheduler shutdownUploader = null; + private UploadScheduler periodicUploader = null; + + /** + * The goal execution related to a trace collection, will be null for all context determination modes except FIXED. + * @see ApplicationContextFinder#isFixedMode() + */ + private AbstractGoal exe = null; + + /** + *

Constructor for ExecutionMonitor.

+ */ + public ExecutionMonitor() { + try { + final Application app_ctx = CoreConfiguration.getAppContext(); + final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); + + // Always create and register shutdown uploader + this.shutdownUploader = new UploadScheduler(this); + Runtime.getRuntime() + .addShutdownHook(new Thread(this.shutdownUploader, "vulas-shutdown-trace-upload")); + + // Configure uploader: Create and start periodic uploader according to configuration + if (cfg.getBoolean(CoreConfiguration.MONI_PERIODIC_UPL_ENABLED, true)) + this.enablePeriodicUpload( + cfg.getInt(CoreConfiguration.MONI_PERIODIC_UPL_INTERVAL, 300000), + cfg.getInt(CoreConfiguration.MONI_PERIODIC_UPL_BATCH_SIZE, 1000)); + + // Goal execution + this.exe = new TestGoal(); + this.exe.setGoalClient(GoalClient.AGENT); + this.startGoal(); + } catch (ConfigurationException ce) { + ExecutionMonitor.getLog().error(ce.getMessage()); + } catch (GoalConfigurationException gce) { + ExecutionMonitor.getLog().error(gce.getMessage()); + } + } + + // ====================================== STATIC METHODS + + /** + *

Getter for the field instance.

+ * + * @return a {@link com.sap.psr.vulas.monitor.ExecutionMonitor} object. + */ + public static synchronized ExecutionMonitor getInstance() { + if (ExecutionMonitor.instance == null) ExecutionMonitor.instance = new ExecutionMonitor(); + return ExecutionMonitor.instance; + } + + private static final Logger getLog() { + if (ExecutionMonitor.log == null) + ExecutionMonitor.log = org.apache.logging.log4j.LogManager.getLogger(); + return ExecutionMonitor.log; + } + + /** + *

isPaused.

+ * + * @return a boolean. + */ + public static boolean isPaused() { + return ExecutionMonitor.PAUSE_COLLECTION; + } + /** + *

setPaused.

+ * + * @param _bool a boolean. + */ + public static synchronized void setPaused(boolean _bool) { + ExecutionMonitor.PAUSE_COLLECTION = _bool; + } + + // ====================================== INSTANCE METHODS + + /** + *

toString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toString() { + final StringBuffer b = new StringBuffer(); + b.append("ExecutionMonitor [id=").append(this.id); + b.append(", periodicUpload=").append(this.isPeriodicUploadEnabled()); + if (this.isPeriodicUploadEnabled()) { + b.append(", interval=").append(this.getPeriodicUploadInterval()); + b.append(", batchSize=").append(this.getPeriodicUploadBatchSize()); + } + b.append("]"); + return b.toString(); + } + + /** + *

enablePeriodicUpload.

+ * + * @param _interval a long. + * @param _batch_size a int. + */ + public void enablePeriodicUpload(long _interval, int _batch_size) { + this.periodicUploader = new UploadScheduler(this, _interval, _batch_size); + final Thread thread = new Thread(this.periodicUploader, "vulas-periodic-trace-upload"); + thread.setPriority(Thread.MIN_PRIORITY); + thread.start(); + this.shutdownUploader.addObserver(this.periodicUploader); + } + + /** + *

isPeriodicUploadEnabled.

+ * + * @return a boolean. + */ + public boolean isPeriodicUploadEnabled() { + return this.periodicUploader != null && this.periodicUploader.isEnabled(); + } + /** + *

getPeriodicUploadInterval.

+ * + * @return a long. + */ + public long getPeriodicUploadInterval() { + return (this.periodicUploader == null ? -1 : this.periodicUploader.getInterval()); + } + ; + /** + *

getPeriodicUploadBatchSize.

+ * + * @return a int. + */ + public int getPeriodicUploadBatchSize() { + return (this.periodicUploader == null ? -1 : this.periodicUploader.getBatchSize()); + } + ; + + /** + *

startGoal.

+ * + * @throws com.sap.psr.vulas.goals.GoalConfigurationException if any. + */ + public void startGoal() throws GoalConfigurationException { + if (this.exe != null) this.exe.start(); + } + + /** + *

stopGoal.

+ */ + public void stopGoal() { + if (this.exe != null) { + this.exe.stop(); + + // Add instrumentation stats (if any) + exe.addGoalStats("test", InstrumentationControl.getOverallStatistics()); + + final List instrumentorList = InstrumentorFactory.getInstrumentors(); + final Iterator iter = instrumentorList.iterator(); + while (iter.hasNext()) { + final IInstrumentor i = iter.next(); + exe.addGoalStats("test." + i.getClass().getSimpleName(), i.getStatistics()); + } + + this.exe.upload(false); + } + } + + /** + * Iterates over all configured {@link IInstrumentor}s and calls {@link IInstrumentor#awaitUpload()} for each of them. + */ + public void awaitUpload() { + final List instrumentorList = InstrumentorFactory.getInstrumentors(); + final Iterator iter = instrumentorList.iterator(); + while (iter.hasNext()) { + final IInstrumentor i = iter.next(); + i.awaitUpload(); + } + } + + /** + * Calls {@link ExecutionMonitor#uploadInformation(int)} with a batch size of -1. + */ + public synchronized void uploadInformation() { + this.uploadInformation(-1); + } + + /** + * Iterates over all configured {@link IInstrumentor}s and calls {@link IInstrumentor#upladInformation(AbstractGoal, int)} for each of them. + * + * @param batchSize a int. + */ + public synchronized void uploadInformation(int batchSize) { + final List instrumentorList = InstrumentorFactory.getInstrumentors(); + final Iterator iter = instrumentorList.iterator(); + while (iter.hasNext()) { + final IInstrumentor i = iter.next(); + i.upladInformation(this.exe, batchSize); + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/IInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/IInstrumentor.java index 0da89b50f..8982b7d9a 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/IInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/IInstrumentor.java @@ -32,47 +32,48 @@ * To be implemented by every instrumentor. */ public interface IInstrumentor { - - /** - * Returns true of a given instrumentor accepts to instrument the given Java class, false otherwise. - * - * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _behavior a {@link javassist.CtBehavior} object. - * @param _cv a {@link com.sap.psr.vulas.monitor.ClassVisitor} object. - * @return a boolean. - */ - public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv); - /** - * Appends Java source code to the given {@link StringBuffer}. After all {@link IInstrumentor}s appended - * their respective code, the ensemble will be added to a {@link Construct}, which will then be compiled. - * - * @param _code a {@link java.lang.StringBuffer} object. - * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. - * @param _behavior a {@link javassist.CtBehavior} object. - * @param _cv a {@link com.sap.psr.vulas.monitor.ClassVisitor} object. - * @throws javassist.CannotCompileException if any. - */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) throws CannotCompileException; + /** + * Returns true of a given instrumentor accepts to instrument the given Java class, false otherwise. + * + * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _behavior a {@link javassist.CtBehavior} object. + * @param _cv a {@link com.sap.psr.vulas.monitor.ClassVisitor} object. + * @return a boolean. + */ + public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv); - /** - * Saves the information that has been collected by the instrumentor - * in the context of the given {@link AbstractGoal}. - * - * @param _exe a {@link com.sap.psr.vulas.goals.AbstractGoal} object. - * @param batchSize a int. - */ - public void upladInformation(AbstractGoal _exe, int batchSize); + /** + * Appends Java source code to the given {@link StringBuffer}. After all {@link IInstrumentor}s appended + * their respective code, the ensemble will be added to a {@link Construct}, which will then be compiled. + * + * @param _code a {@link java.lang.StringBuffer} object. + * @param _jid a {@link com.sap.psr.vulas.java.JavaId} object. + * @param _behavior a {@link javassist.CtBehavior} object. + * @param _cv a {@link com.sap.psr.vulas.monitor.ClassVisitor} object. + * @throws javassist.CannotCompileException if any. + */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException; - /** - * Make the current thread wait until the upload of the information finished. - */ - public void awaitUpload(); + /** + * Saves the information that has been collected by the instrumentor + * in the context of the given {@link AbstractGoal}. + * + * @param _exe a {@link com.sap.psr.vulas.goals.AbstractGoal} object. + * @param batchSize a int. + */ + public void upladInformation(AbstractGoal _exe, int batchSize); - /** - * Return instrumentor-specific statistics. - * - * @return a {@link java.util.Map} object. - */ - public Map getStatistics(); + /** + * Make the current thread wait until the upload of the information finished. + */ + public void awaitUpload(); + + /** + * Return instrumentor-specific statistics. + * + * @return a {@link java.util.Map} object. + */ + public Map getStatistics(); } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentationControl.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentationControl.java index 9e870b110..327fc56e9 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentationControl.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentationControl.java @@ -32,7 +32,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.backend.BackendConnectionException; import com.sap.psr.vulas.backend.BackendConnector; import com.sap.psr.vulas.core.util.CoreConfiguration; @@ -58,399 +57,496 @@ */ public class InstrumentationControl { - // ====================================== STATIC MEMBERS + // ====================================== STATIC MEMBERS + + public static enum InstrumentationMetrics { + classesTotal, + classesInstrumentedSuccess, + classesInstrumentedFailure, + classesAlreadyInstrumented + }; - public static enum InstrumentationMetrics { classesTotal, classesInstrumentedSuccess, classesInstrumentedFailure, classesAlreadyInstrumented }; - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** - * All instances of the class, used to produce overall instrumentation statistics. - */ - private static Map instances = new HashMap(); - - // ====================================== INSTANCE MEMBERS - - private Object instrumentationContext = null; - - private LoaderFilter classloaderWhitelist = null; - private StringList classloaderBlacklist = new StringList(); - - // ------- Members related to blacklist checks for JARs and DIRs - - /** Build from config param instr.blacklist.jars. */ - private StringList blacklistedJars = new StringList(); - - /** Build from config param instr.blacklist.dirs. */ - private Set blacklistedDirs = new HashSet(); - - /** JARs from which classes were loaded, together with the cached result of the blacklist check. */ - private Map checkedJars = new ConcurrentHashMap(); - - private int acceptedJarsCount = 0, blacklistedJarsCount = 0; - - // ------- Members related to blacklist checks for classes - - /** Build from config param instr.blacklist.classes.jre and instr.blacklist.classes.custom. */ - private StringList blacklistedClasses = new StringList(); - - /** Classes for which {@link #isBlacklistedClass(String)} was called, together with the cached result of the blacklist check. */ - private Map checkedClasses = new HashMap(); - - /** Counters for accepted and blacklisted classes. */ - private int acceptedClassesCount = 0, blacklistedClassesCount = 0; - - // ------- Members related to instrumentation stats (on class and package level) - - private int classesCount = 0, successfulInstrumentationCount = 0, failedInstrumentationCount = 0, alreadyInstrumentedCount = 0; - private Map successfulInstrumentationCountPP = new HashMap(); - private Map failedInstrumentationCountPP = new HashMap(); - private Map alreadyInstrumentedCountPP = new HashMap(); - - private Set failedInstrumentations = new HashSet(); - - /** - * Instances are only created through {@link InstrumentationControl#getInstance()}, in order to maintain - * a set of all instances existing. - */ - private InstrumentationControl(Object _context) { - this.instrumentationContext = _context; - - //TODO: It is maybe better to use static members for the blacklists, maybe no need to re-create the same lists over and over again - - // Get the configuration - final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); - - // Only instrument classes loader by a certain class loader - if(cfg.getString("instr.whitelist.classloader", null)!=null) - this.classloaderWhitelist = new ClassNameLoaderFilter(cfg.getString("instr.whitelist.classloader", null), cfg.getBoolean("instr.whitelist.classloader.acceptChilds", true)); - - // Blacklist from configuration (evaluated during transform) - this.blacklistedClasses.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CLASSES)); - this.blacklistedClasses.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_JRE_CLASSES)); - this.blacklistedClasses.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CUSTOM_CLASSES)); - - //TODO: Duplicate to the class loader filter? - this.classloaderBlacklist.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CLASSLOADER)); - - // JAR and DIR blacklists (evaluated during transform) - this.blacklistedJars.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_JARS)); - this.blacklistedJars.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CUSTOM_JARS)); - final String[] items = cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_DIRS); - for(String item: items) { - try { - this.blacklistedDirs.add(Paths.get(item)); - } catch (Exception e) { - InstrumentationControl.log.error("Error when adding [" + item + "] to blacklisted JAR dirs: " + e.getMessage()); - } - } - - // Depending on the configuration, dependencies with certain scopes can be added to the JAR blacklist - final String[] scopes = cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_JAR_SCOPES); - if(scopes!=null && scopes.length>0 && VulasConfiguration.getGlobal().hasServiceUrl(Service.BACKEND)) { - try { - // Read all dependencies and add JARs whose dependency matches the specified scope(s) to the blacklist - final Set deps = BackendConnector.getInstance().getAppDeps(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), CoreConfiguration.getAppContext()); - int blacklisted_deps_count = 0; - for(Dependency dep: deps) { - if(dep.getScope()!=null) { - for(String scope: scopes) { - if(scope.equalsIgnoreCase(dep.getScope().toString())) { - this.blacklistedJars.add(dep.getFilename()); - blacklisted_deps_count++; - break; - } - } - } - } - InstrumentationControl.log.info("Added [" + blacklisted_deps_count + "] dependencies with scopes [" + StringUtil.join(scopes, ", ") + "] to JAR blacklist"); - } catch (ConfigurationException e) { - InstrumentationControl.log.error("Configuration error when adding JARs with blacklisted scopes to JAR blacklist: " + e.getMessage()); - } catch (BackendConnectionException e) { - InstrumentationControl.log.error("Connection error when adding JARs with blacklisted scopes to JAR blacklist: " + e.getMessage()); - } - } - } - - /** - * Updates the statistics depending on whether the instrumentation of the given Java class succeeded or not. - * - * @param _jcid the class that was instrumented successfully or not - * @param _instr_successful null if the class was already instrumented, or true/false if the instrumentation was done in this transformer - */ - public void updateInstrumentationStatistics(JavaId _jcid, Boolean _instr_successful) { - final JavaPackageId pid = _jcid.getJavaPackageId(); - this.classesCount++; - - // Case 1: Already instrumented - if(_instr_successful==null) { - final Integer count = this.alreadyInstrumentedCountPP.get(pid); - final Integer new_count = new Integer((count==null ? 1 : count.intValue()+1)); - this.alreadyInstrumentedCountPP.put(pid, new_count); - this.alreadyInstrumentedCount++; - } - // Case 2: Successful instrumentation - else if(_instr_successful.booleanValue()) { - final Integer count = this.successfulInstrumentationCountPP.get(pid); - final Integer new_count = new Integer((count==null ? 1 : count.intValue()+1)); - this.successfulInstrumentationCountPP.put(pid, new_count); - this.successfulInstrumentationCount++; - } - // Case 3: Unsuccessful instrumentation - else { - final Integer count = this.failedInstrumentationCountPP.get(pid); - final Integer new_count = new Integer((count==null ? 1 : count.intValue()+1)); - this.failedInstrumentationCountPP.put(pid, new_count); - this.failedInstrumentationCount++; - this.failedInstrumentations.add(_jcid); - } - } - - /** - * Logs various statistics, depending on the log level. - * Called by {@link UploadScheduler#run()}. - */ - public synchronized void logStatistics() { - // Log loader hierarchy - /*if(InstrumentationControl.log.isDebugEnabled()) { - InstrumentationControl.log.debug("Class loader hierarchy:"); - this.loaderHierarchy.logHierarchy(this.loaderHierarchy.getRoot(), 0); - }*/ - - if(this.checkedJars.size()>0 || this.checkedClasses.size()>0) - InstrumentationControl.log.info("Instrumentation metrics in context [" + this.instrumentationContext.toString() + "]:"); - - if(this.checkedClasses.size()>0) - InstrumentationControl.log.info(" Class name filter: [" + this.acceptedClassesCount + " classes] accepted for instrumentation, [" + this.blacklistedClassesCount + " classes] ignored (blacklisted)"); - - // Accepted and ignored (blacklisted) JARs - if(this.checkedJars.size()>0) { - InstrumentationControl.log.info(" JAR name and directory filter: [" + this.acceptedJarsCount + " JARs] accepted for instrumentation, [" + this.blacklistedJarsCount + " JARs] ignored (blacklisted)"); - if(InstrumentationControl.log.isInfoEnabled()) - for(String path: this.checkedJars.keySet()) { - if(this.checkedJars.get(path)) - InstrumentationControl.log.info(" [IGNOR] [" + path + "]"); - else - InstrumentationControl.log.info(" [ACCEP] [" + path + "]"); - } - } - - // Accepted and ignored (blacklisted) classes - if(this.checkedClasses.size()>0) { - InstrumentationControl.log.info(" Of [" + StringUtil.padLeft(this.classesCount, 5) + "] classes considered for instrumentation after class and JAR filters:"); - InstrumentationControl.log.info(" [" + StringUtil.padLeft(this.alreadyInstrumentedCount, 5) + "] classes in [" + StringUtil.padLeft(this.alreadyInstrumentedCountPP.keySet().size(), 3) + "] packages: Instrumentation existed"); - if(InstrumentationControl.log.isDebugEnabled()) - for(JavaPackageId pid : this.alreadyInstrumentedCountPP.keySet()) - InstrumentationControl.log.debug(" | " + this.alreadyInstrumentedCountPP.get(pid).intValue() + " in " + pid.toString()); - - // Log no. of instrumented classes, and those for which instrumentation failed (per package) - InstrumentationControl.log.info(" [" + StringUtil.padLeft(this.successfulInstrumentationCount, 5) + "] classes in [" + StringUtil.padLeft(this.successfulInstrumentationCountPP.keySet().size(), 3) + "] packages: Instrumentation successful"); - // for(JavaPackageId pid : this.successfulInstrumentationCountPP.keySet()) - // ConstructTracer.log.info(" | " + this.successfulInstrumentationCountPP.get(pid).intValue() + " in " + pid.toString()); - - InstrumentationControl.log.info(" [" + StringUtil.padLeft(this.failedInstrumentationCount, 5) + "] classes in [" + StringUtil.padLeft(this.failedInstrumentationCountPP.keySet().size(), 3) + "] packages: Instrumentation failed"); - if(InstrumentationControl.log.isDebugEnabled()) - for(JavaPackageId pid : this.failedInstrumentationCountPP.keySet()) - InstrumentationControl.log.debug(" | " + this.failedInstrumentationCountPP.get(pid).intValue() + " in " + pid.toString()); - } - } - - /** - *

getMetric.

- * - * @param _metric a {@link com.sap.psr.vulas.monitor.InstrumentationControl.InstrumentationMetrics} object. - * @return a long. - */ - public long getMetric(InstrumentationMetrics _metric) { - if(InstrumentationMetrics.classesTotal.equals(_metric)) - return this.classesCount; - else if(InstrumentationMetrics.classesAlreadyInstrumented.equals(_metric)) - return this.alreadyInstrumentedCount; - else if(InstrumentationMetrics.classesInstrumentedSuccess.equals(_metric)) - return this.successfulInstrumentationCount; - else if(InstrumentationMetrics.classesInstrumentedFailure.equals(_metric)) - return this.failedInstrumentationCount; - else - return -1; - } - - /** - *

getStatistics.

- * - * @return a {@link java.util.Map} object. - */ - public Map getStatistics() { - final Map stats = new HashMap(); - stats.put(InstrumentationMetrics.classesTotal, new Long(this.classesCount)); - stats.put(InstrumentationMetrics.classesAlreadyInstrumented, new Long(this.alreadyInstrumentedCount)); - stats.put(InstrumentationMetrics.classesInstrumentedSuccess, new Long(this.successfulInstrumentationCount)); - stats.put(InstrumentationMetrics.classesInstrumentedFailure, new Long(this.failedInstrumentationCount)); - return stats; - } - - /** - * Returns true if the JAR at the specified path is blacklisted, false otherwise. - * A JAR is blacklisted if the file name matches any of the patterns specified with configuration parameter instr.blacklist.jars, - * or if it resides in a directory (or subdirectory) of any of the paths specified with instr.blacklist.dirs. - * - * @param _url a {@link java.net.URL} object. - * @return a boolean. - */ - public boolean isBlacklistedJar(URL _url) { - // If the URL does not point to a class that has been loaded from a URL, return false - if(_url==null) return true; - - // Check whether it has been loaded from a JAR: If not, return false (probably an app class), otherwise check the blacklist - final String jar_path = FileUtil.getJARFilePath(_url.toString()); - if(jar_path==null) return false; - - // If a JAR URL can be determined, check if we already checked whether it is blacklisted - if(!this.checkedJars.containsKey(jar_path)) { - String path2 = jar_path.toString().replaceAll("C:", "C"); - final String jar_file = Paths.get(path2).getFileName().toString(); - - // Compare path with whitelist - boolean blacklisted_dir = false; - for(Path path: this.blacklistedDirs) { - if(Paths.get(path2).startsWith(path)) { - blacklisted_dir = true; - break; - } - } - - // Compare filename with blacklist - boolean blacklisted_jar = this.blacklistedJars.contains(jar_file, StringList.ComparisonMode.PATTERN, StringList.CaseSensitivity.CASE_INSENSITIVE); - - // Result - final boolean is_blacklisted = blacklisted_dir || blacklisted_jar; - InstrumentationControl.log.info("JAR [" + jar_path + "] is blacklisted: [" + is_blacklisted + "]"); - - // Cache - this.checkedJars.put(jar_path, is_blacklisted); - - // Stats - if(is_blacklisted) this.blacklistedJarsCount++; - else this.acceptedJarsCount++; - } - - return this.checkedJars.get(jar_path); - } - - /** - * Returns true if the class with the specified qualified name is blacklisted, false otherwise. - * A qualified name is blacklisted if its package (or any of its parent packages) is specified - * as part of the configuration parameters instr.blacklist.classes.jre or instr.blacklist.classes.custom. - * - * @param _qname a {@link java.lang.String} object. - * @return a boolean. - */ - public boolean isBlacklistedClass(String _qname) { - if(!this.checkedClasses.containsKey(_qname)) { - // Result - final boolean is_blacklisted = this.blacklistedClasses.contains(_qname, StringList.ComparisonMode.STARTSWITH, StringList.CaseSensitivity.CASE_SENSITIVE); - - // Cache - this.checkedClasses.put(_qname, is_blacklisted); - - // Stats - if(is_blacklisted) this.blacklistedClassesCount++; - else this.acceptedClassesCount++; - } - return this.checkedClasses.get(_qname); - } - - /** - * Returns the total number of classes looked at. - * - * @return a int. - */ - public int countClassesTotal() { return this.classesCount; } - - /** - * Returns the number of classes that were already instrumented. - * - * @see #updateInstrumentationStatistics(JavaId, Boolean) - * @return a int. - */ - public int countClassesInstrumentedAlready() { return this.alreadyInstrumentedCount; } - - /** - * Returns the number of classes that were successfully instrumented. - * - * @see #updateInstrumentationStatistics(JavaId, Boolean) - * @return a int. - */ - public int countClassesInstrumentedSuccess() { return this.successfulInstrumentationCount; } - - /** - * Returns the number of classes that could not be instrumented. - * - * @see #updateInstrumentationStatistics(JavaId, Boolean) - * @return a int. - */ - public int countClassesInstrumentedFailure() { return this.failedInstrumentationCount; } - - /** - * Returns the classes which could not be instrumented, hence, for which no - * traces or other information could be collected. - * - * @return a {@link java.util.Set} object. - */ - public Set getFailedInstrumentations() { return this.failedInstrumentations; } - - // ====================================== STATIC MEMBERS - - /** - *

getInstance.

- * - * @return a {@link com.sap.psr.vulas.monitor.InstrumentationControl} object. - */ - public static synchronized InstrumentationControl getInstance() { - return InstrumentationControl.getInstance(null); - } - - /** - *

getInstance.

- * - * @param _context a {@link java.lang.Object} object. - * @return a {@link com.sap.psr.vulas.monitor.InstrumentationControl} object. - */ - public static synchronized InstrumentationControl getInstance(Object _context) { - InstrumentationControl instance = null; - if(!instances.containsKey(_context)) - InstrumentationControl.instances.put(_context, new InstrumentationControl(_context)); - instance = instances.get(_context); - return instance; - } - - /** - *

getOverallStatistics.

- * - * @return a {@link java.util.Map} object. - */ - public static synchronized Map getOverallStatistics() { - final Map overall_stats = new HashMap(); - for(InstrumentationControl ctrl: instances.values()) { - final Map stats = ctrl.getStatistics(); - for(InstrumentationMetrics m: stats.keySet()) { - final String key = m.toString(); - if(overall_stats.containsKey(key)) { - final long new_count = overall_stats.get(key).longValue() + stats.get(m).longValue(); - overall_stats.put(key, new Long(new_count)); - } else { - overall_stats.put(key, stats.get(m)); - } - } - } - return overall_stats; - } - - /** - *

logOverallStatistics.

- */ - public static synchronized void logOverallStatistics() { - for(InstrumentationControl ctrl: instances.values()) { - ctrl.logStatistics(); - } - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** + * All instances of the class, used to produce overall instrumentation statistics. + */ + private static Map instances = + new HashMap(); + + // ====================================== INSTANCE MEMBERS + + private Object instrumentationContext = null; + + private LoaderFilter classloaderWhitelist = null; + private StringList classloaderBlacklist = new StringList(); + + // ------- Members related to blacklist checks for JARs and DIRs + + /** Build from config param instr.blacklist.jars. */ + private StringList blacklistedJars = new StringList(); + + /** Build from config param instr.blacklist.dirs. */ + private Set blacklistedDirs = new HashSet(); + + /** JARs from which classes were loaded, together with the cached result of the blacklist check. */ + private Map checkedJars = new ConcurrentHashMap(); + + private int acceptedJarsCount = 0, blacklistedJarsCount = 0; + + // ------- Members related to blacklist checks for classes + + /** Build from config param instr.blacklist.classes.jre and instr.blacklist.classes.custom. */ + private StringList blacklistedClasses = new StringList(); + + /** Classes for which {@link #isBlacklistedClass(String)} was called, together with the cached result of the blacklist check. */ + private Map checkedClasses = new HashMap(); + + /** Counters for accepted and blacklisted classes. */ + private int acceptedClassesCount = 0, blacklistedClassesCount = 0; + + // ------- Members related to instrumentation stats (on class and package level) + + private int classesCount = 0, + successfulInstrumentationCount = 0, + failedInstrumentationCount = 0, + alreadyInstrumentedCount = 0; + private Map successfulInstrumentationCountPP = + new HashMap(); + private Map failedInstrumentationCountPP = + new HashMap(); + private Map alreadyInstrumentedCountPP = + new HashMap(); + + private Set failedInstrumentations = new HashSet(); + + /** + * Instances are only created through {@link InstrumentationControl#getInstance()}, in order to maintain + * a set of all instances existing. + */ + private InstrumentationControl(Object _context) { + this.instrumentationContext = _context; + + // TODO: It is maybe better to use static members for the blacklists, maybe no need to re-create + // the same lists over and over again + + // Get the configuration + final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); + + // Only instrument classes loader by a certain class loader + if (cfg.getString("instr.whitelist.classloader", null) != null) + this.classloaderWhitelist = + new ClassNameLoaderFilter( + cfg.getString("instr.whitelist.classloader", null), + cfg.getBoolean("instr.whitelist.classloader.acceptChilds", true)); + + // Blacklist from configuration (evaluated during transform) + this.blacklistedClasses.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CLASSES)); + this.blacklistedClasses.addAll( + cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_JRE_CLASSES)); + this.blacklistedClasses.addAll( + cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CUSTOM_CLASSES)); + + // TODO: Duplicate to the class loader filter? + this.classloaderBlacklist.addAll( + cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CLASSLOADER)); + + // JAR and DIR blacklists (evaluated during transform) + this.blacklistedJars.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_JARS)); + this.blacklistedJars.addAll(cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_CUSTOM_JARS)); + final String[] items = cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_DIRS); + for (String item : items) { + try { + this.blacklistedDirs.add(Paths.get(item)); + } catch (Exception e) { + InstrumentationControl.log.error( + "Error when adding [" + item + "] to blacklisted JAR dirs: " + e.getMessage()); + } + } + + // Depending on the configuration, dependencies with certain scopes can be added to the JAR + // blacklist + final String[] scopes = cfg.getStringArray(CoreConfiguration.INSTR_BLACKLIST_JAR_SCOPES); + if (scopes != null + && scopes.length > 0 + && VulasConfiguration.getGlobal().hasServiceUrl(Service.BACKEND)) { + try { + // Read all dependencies and add JARs whose dependency matches the specified scope(s) to the + // blacklist + final Set deps = + BackendConnector.getInstance() + .getAppDeps( + CoreConfiguration.buildGoalContextFromGlobalConfiguration(), + CoreConfiguration.getAppContext()); + int blacklisted_deps_count = 0; + for (Dependency dep : deps) { + if (dep.getScope() != null) { + for (String scope : scopes) { + if (scope.equalsIgnoreCase(dep.getScope().toString())) { + this.blacklistedJars.add(dep.getFilename()); + blacklisted_deps_count++; + break; + } + } + } + } + InstrumentationControl.log.info( + "Added [" + + blacklisted_deps_count + + "] dependencies with scopes [" + + StringUtil.join(scopes, ", ") + + "] to JAR blacklist"); + } catch (ConfigurationException e) { + InstrumentationControl.log.error( + "Configuration error when adding JARs with blacklisted scopes to JAR blacklist: " + + e.getMessage()); + } catch (BackendConnectionException e) { + InstrumentationControl.log.error( + "Connection error when adding JARs with blacklisted scopes to JAR blacklist: " + + e.getMessage()); + } + } + } + + /** + * Updates the statistics depending on whether the instrumentation of the given Java class succeeded or not. + * + * @param _jcid the class that was instrumented successfully or not + * @param _instr_successful null if the class was already instrumented, or true/false if the instrumentation was done in this transformer + */ + public void updateInstrumentationStatistics(JavaId _jcid, Boolean _instr_successful) { + final JavaPackageId pid = _jcid.getJavaPackageId(); + this.classesCount++; + + // Case 1: Already instrumented + if (_instr_successful == null) { + final Integer count = this.alreadyInstrumentedCountPP.get(pid); + final Integer new_count = new Integer((count == null ? 1 : count.intValue() + 1)); + this.alreadyInstrumentedCountPP.put(pid, new_count); + this.alreadyInstrumentedCount++; + } + // Case 2: Successful instrumentation + else if (_instr_successful.booleanValue()) { + final Integer count = this.successfulInstrumentationCountPP.get(pid); + final Integer new_count = new Integer((count == null ? 1 : count.intValue() + 1)); + this.successfulInstrumentationCountPP.put(pid, new_count); + this.successfulInstrumentationCount++; + } + // Case 3: Unsuccessful instrumentation + else { + final Integer count = this.failedInstrumentationCountPP.get(pid); + final Integer new_count = new Integer((count == null ? 1 : count.intValue() + 1)); + this.failedInstrumentationCountPP.put(pid, new_count); + this.failedInstrumentationCount++; + this.failedInstrumentations.add(_jcid); + } + } + + /** + * Logs various statistics, depending on the log level. + * Called by {@link UploadScheduler#run()}. + */ + public synchronized void logStatistics() { + // Log loader hierarchy + /*if(InstrumentationControl.log.isDebugEnabled()) { + InstrumentationControl.log.debug("Class loader hierarchy:"); + this.loaderHierarchy.logHierarchy(this.loaderHierarchy.getRoot(), 0); + }*/ + + if (this.checkedJars.size() > 0 || this.checkedClasses.size() > 0) + InstrumentationControl.log.info( + "Instrumentation metrics in context [" + this.instrumentationContext.toString() + "]:"); + + if (this.checkedClasses.size() > 0) + InstrumentationControl.log.info( + " Class name filter: [" + + this.acceptedClassesCount + + " classes] accepted for instrumentation, [" + + this.blacklistedClassesCount + + " classes] ignored (blacklisted)"); + + // Accepted and ignored (blacklisted) JARs + if (this.checkedJars.size() > 0) { + InstrumentationControl.log.info( + " JAR name and directory filter: [" + + this.acceptedJarsCount + + " JARs] accepted for instrumentation, [" + + this.blacklistedJarsCount + + " JARs] ignored (blacklisted)"); + if (InstrumentationControl.log.isInfoEnabled()) + for (String path : this.checkedJars.keySet()) { + if (this.checkedJars.get(path)) + InstrumentationControl.log.info(" [IGNOR] [" + path + "]"); + else InstrumentationControl.log.info(" [ACCEP] [" + path + "]"); + } + } + + // Accepted and ignored (blacklisted) classes + if (this.checkedClasses.size() > 0) { + InstrumentationControl.log.info( + " Of [" + + StringUtil.padLeft(this.classesCount, 5) + + "] classes considered for instrumentation after class and JAR filters:"); + InstrumentationControl.log.info( + " [" + + StringUtil.padLeft(this.alreadyInstrumentedCount, 5) + + "] classes in [" + + StringUtil.padLeft(this.alreadyInstrumentedCountPP.keySet().size(), 3) + + "] packages: Instrumentation existed"); + if (InstrumentationControl.log.isDebugEnabled()) + for (JavaPackageId pid : this.alreadyInstrumentedCountPP.keySet()) + InstrumentationControl.log.debug( + " | " + + this.alreadyInstrumentedCountPP.get(pid).intValue() + + " in " + + pid.toString()); + + // Log no. of instrumented classes, and those for which instrumentation failed (per package) + InstrumentationControl.log.info( + " [" + + StringUtil.padLeft(this.successfulInstrumentationCount, 5) + + "] classes in [" + + StringUtil.padLeft(this.successfulInstrumentationCountPP.keySet().size(), 3) + + "] packages: Instrumentation successful"); + // for(JavaPackageId pid : this.successfulInstrumentationCountPP.keySet()) + // ConstructTracer.log.info(" | " + + // this.successfulInstrumentationCountPP.get(pid).intValue() + " in " + pid.toString()); + + InstrumentationControl.log.info( + " [" + + StringUtil.padLeft(this.failedInstrumentationCount, 5) + + "] classes in [" + + StringUtil.padLeft(this.failedInstrumentationCountPP.keySet().size(), 3) + + "] packages: Instrumentation failed"); + if (InstrumentationControl.log.isDebugEnabled()) + for (JavaPackageId pid : this.failedInstrumentationCountPP.keySet()) + InstrumentationControl.log.debug( + " | " + + this.failedInstrumentationCountPP.get(pid).intValue() + + " in " + + pid.toString()); + } + } + + /** + *

getMetric.

+ * + * @param _metric a {@link com.sap.psr.vulas.monitor.InstrumentationControl.InstrumentationMetrics} object. + * @return a long. + */ + public long getMetric(InstrumentationMetrics _metric) { + if (InstrumentationMetrics.classesTotal.equals(_metric)) return this.classesCount; + else if (InstrumentationMetrics.classesAlreadyInstrumented.equals(_metric)) + return this.alreadyInstrumentedCount; + else if (InstrumentationMetrics.classesInstrumentedSuccess.equals(_metric)) + return this.successfulInstrumentationCount; + else if (InstrumentationMetrics.classesInstrumentedFailure.equals(_metric)) + return this.failedInstrumentationCount; + else return -1; + } + + /** + *

getStatistics.

+ * + * @return a {@link java.util.Map} object. + */ + public Map getStatistics() { + final Map stats = new HashMap(); + stats.put(InstrumentationMetrics.classesTotal, new Long(this.classesCount)); + stats.put( + InstrumentationMetrics.classesAlreadyInstrumented, new Long(this.alreadyInstrumentedCount)); + stats.put( + InstrumentationMetrics.classesInstrumentedSuccess, + new Long(this.successfulInstrumentationCount)); + stats.put( + InstrumentationMetrics.classesInstrumentedFailure, + new Long(this.failedInstrumentationCount)); + return stats; + } + + /** + * Returns true if the JAR at the specified path is blacklisted, false otherwise. + * A JAR is blacklisted if the file name matches any of the patterns specified with configuration parameter instr.blacklist.jars, + * or if it resides in a directory (or subdirectory) of any of the paths specified with instr.blacklist.dirs. + * + * @param _url a {@link java.net.URL} object. + * @return a boolean. + */ + public boolean isBlacklistedJar(URL _url) { + // If the URL does not point to a class that has been loaded from a URL, return false + if (_url == null) return true; + + // Check whether it has been loaded from a JAR: If not, return false (probably an app class), + // otherwise check the blacklist + final String jar_path = FileUtil.getJARFilePath(_url.toString()); + if (jar_path == null) return false; + + // If a JAR URL can be determined, check if we already checked whether it is blacklisted + if (!this.checkedJars.containsKey(jar_path)) { + String path2 = jar_path.toString().replaceAll("C:", "C"); + final String jar_file = Paths.get(path2).getFileName().toString(); + + // Compare path with whitelist + boolean blacklisted_dir = false; + for (Path path : this.blacklistedDirs) { + if (Paths.get(path2).startsWith(path)) { + blacklisted_dir = true; + break; + } + } + + // Compare filename with blacklist + boolean blacklisted_jar = + this.blacklistedJars.contains( + jar_file, + StringList.ComparisonMode.PATTERN, + StringList.CaseSensitivity.CASE_INSENSITIVE); + + // Result + final boolean is_blacklisted = blacklisted_dir || blacklisted_jar; + InstrumentationControl.log.info( + "JAR [" + jar_path + "] is blacklisted: [" + is_blacklisted + "]"); + + // Cache + this.checkedJars.put(jar_path, is_blacklisted); + + // Stats + if (is_blacklisted) this.blacklistedJarsCount++; + else this.acceptedJarsCount++; + } + + return this.checkedJars.get(jar_path); + } + + /** + * Returns true if the class with the specified qualified name is blacklisted, false otherwise. + * A qualified name is blacklisted if its package (or any of its parent packages) is specified + * as part of the configuration parameters instr.blacklist.classes.jre or instr.blacklist.classes.custom. + * + * @param _qname a {@link java.lang.String} object. + * @return a boolean. + */ + public boolean isBlacklistedClass(String _qname) { + if (!this.checkedClasses.containsKey(_qname)) { + // Result + final boolean is_blacklisted = + this.blacklistedClasses.contains( + _qname, + StringList.ComparisonMode.STARTSWITH, + StringList.CaseSensitivity.CASE_SENSITIVE); + + // Cache + this.checkedClasses.put(_qname, is_blacklisted); + + // Stats + if (is_blacklisted) this.blacklistedClassesCount++; + else this.acceptedClassesCount++; + } + return this.checkedClasses.get(_qname); + } + + /** + * Returns the total number of classes looked at. + * + * @return a int. + */ + public int countClassesTotal() { + return this.classesCount; + } + + /** + * Returns the number of classes that were already instrumented. + * + * @see #updateInstrumentationStatistics(JavaId, Boolean) + * @return a int. + */ + public int countClassesInstrumentedAlready() { + return this.alreadyInstrumentedCount; + } + + /** + * Returns the number of classes that were successfully instrumented. + * + * @see #updateInstrumentationStatistics(JavaId, Boolean) + * @return a int. + */ + public int countClassesInstrumentedSuccess() { + return this.successfulInstrumentationCount; + } + + /** + * Returns the number of classes that could not be instrumented. + * + * @see #updateInstrumentationStatistics(JavaId, Boolean) + * @return a int. + */ + public int countClassesInstrumentedFailure() { + return this.failedInstrumentationCount; + } + + /** + * Returns the classes which could not be instrumented, hence, for which no + * traces or other information could be collected. + * + * @return a {@link java.util.Set} object. + */ + public Set getFailedInstrumentations() { + return this.failedInstrumentations; + } + + // ====================================== STATIC MEMBERS + + /** + *

getInstance.

+ * + * @return a {@link com.sap.psr.vulas.monitor.InstrumentationControl} object. + */ + public static synchronized InstrumentationControl getInstance() { + return InstrumentationControl.getInstance(null); + } + + /** + *

getInstance.

+ * + * @param _context a {@link java.lang.Object} object. + * @return a {@link com.sap.psr.vulas.monitor.InstrumentationControl} object. + */ + public static synchronized InstrumentationControl getInstance(Object _context) { + InstrumentationControl instance = null; + if (!instances.containsKey(_context)) + InstrumentationControl.instances.put(_context, new InstrumentationControl(_context)); + instance = instances.get(_context); + return instance; + } + + /** + *

getOverallStatistics.

+ * + * @return a {@link java.util.Map} object. + */ + public static synchronized Map getOverallStatistics() { + final Map overall_stats = new HashMap(); + for (InstrumentationControl ctrl : instances.values()) { + final Map stats = ctrl.getStatistics(); + for (InstrumentationMetrics m : stats.keySet()) { + final String key = m.toString(); + if (overall_stats.containsKey(key)) { + final long new_count = overall_stats.get(key).longValue() + stats.get(m).longValue(); + overall_stats.put(key, new Long(new_count)); + } else { + overall_stats.put(key, stats.get(m)); + } + } + } + return overall_stats; + } + + /** + *

logOverallStatistics.

+ */ + public static synchronized void logOverallStatistics() { + for (InstrumentationControl ctrl : instances.values()) { + ctrl.logStatistics(); + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentorFactory.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentorFactory.java index 8df17845f..a7550e352 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentorFactory.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/InstrumentorFactory.java @@ -21,12 +21,10 @@ import java.util.ArrayList; import java.util.List; -import java.util.Set; import org.apache.commons.configuration.Configuration; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.core.util.CoreConfiguration; import com.sap.psr.vulas.shared.util.VulasConfiguration; @@ -36,40 +34,40 @@ */ public class InstrumentorFactory { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - private static List instrumentors = null; + private static List instrumentors = null; - /** - * Creates and returns implementations of {@link IInstrumentor} for all classes specified via the - * configuration option {@link CoreConfiguration#INSTR_CHOOSEN_INSTR}. - * Those will be looped during static and dynamic instrumentation, e.g., in the classes - * {@link ExecutionMonitor} and {@link ClassVisitor}. - * - * @return a {@link java.util.List} object. - */ - public static synchronized List getInstrumentors() { - if(instrumentors==null) { - instrumentors = new ArrayList(); - final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); - final String[] instrumentors = cfg.getStringArray(CoreConfiguration.INSTR_CHOOSEN_INSTR); - for(String name: instrumentors) { - final AbstractInstrumentor i = InstrumentorFactory.getInstrumentor(name); - if(i!=null) InstrumentorFactory.instrumentors.add(i); - } - } - return instrumentors; - } + /** + * Creates and returns implementations of {@link IInstrumentor} for all classes specified via the + * configuration option {@link CoreConfiguration#INSTR_CHOOSEN_INSTR}. + * Those will be looped during static and dynamic instrumentation, e.g., in the classes + * {@link ExecutionMonitor} and {@link ClassVisitor}. + * + * @return a {@link java.util.List} object. + */ + public static synchronized List getInstrumentors() { + if (instrumentors == null) { + instrumentors = new ArrayList(); + final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); + final String[] instrumentors = cfg.getStringArray(CoreConfiguration.INSTR_CHOOSEN_INSTR); + for (String name : instrumentors) { + final AbstractInstrumentor i = InstrumentorFactory.getInstrumentor(name); + if (i != null) InstrumentorFactory.instrumentors.add(i); + } + } + return instrumentors; + } - private static AbstractInstrumentor getInstrumentor(String _name) { - AbstractInstrumentor i = null; - try { - final Class cls = Class.forName(_name); - i = (AbstractInstrumentor)cls.newInstance(); - } - catch (Throwable e) { - InstrumentorFactory.log.error("Error while creating instrumentor of class [" + _name + "]: " + e.getMessage(), e); - } - return i; - } + private static AbstractInstrumentor getInstrumentor(String _name) { + AbstractInstrumentor i = null; + try { + final Class cls = Class.forName(_name); + i = (AbstractInstrumentor) cls.newInstance(); + } catch (Throwable e) { + InstrumentorFactory.log.error( + "Error while creating instrumentor of class [" + _name + "]: " + e.getMessage(), e); + } + return i; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/Loader.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/Loader.java index 81856c8fa..b3baa36e1 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/Loader.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/Loader.java @@ -30,148 +30,144 @@ * Specifically, {@link ClassLoader} does not allow navigating to the child class loader(s). */ public class Loader { - private ClassLoader classLoader = null; - private Loader parent = null; - private Set childs = new HashSet(); - private ClassPool classPool = null; - Loader(ClassLoader _loader) { - this.classLoader = _loader; - } - /** - *

Setter for the field parent.

- * - * @param _l a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public void setParent(Loader _l) { - if(this.parent==null) - this.parent = _l; - if(!_l.getChilds().contains(this)) - _l.addChild(this); - } - /** - *

Getter for the field parent.

- * - * @return a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public Loader getParent() { return this.parent; } - /** - *

addChild.

- * - * @param _l a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public void addChild(Loader _l) { - this.childs.add(_l); - } - /** {@inheritDoc} */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((classLoader == null) ? 0 : classLoader.hashCode()); - return result; - } - /** {@inheritDoc} */ - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - Loader other = (Loader) obj; - if (classLoader == null) { - if (other.classLoader != null) - return false; - } else if (!classLoader.equals(other.classLoader)) - return false; - return true; - } - /** - *

Getter for the field childs.

- * - * @return a {@link java.util.Set} object. - */ - public Set getChilds() { return this.childs; } - /** - *

isLeaf.

- * - * @return a boolean. - */ - public boolean isLeaf() { - return this.childs.size()==0; - } - /** - *

isRoot.

- * - * @return a boolean. - */ - public boolean isRoot() { - return this.parent==null; - } - /** - *

getDepth.

- * - * @return a int. - */ - public int getDepth() { - return (this.parent==null ? 0 : parent.getDepth()+1); - } - /** - *

Getter for the field classLoader.

- * - * @return a {@link java.lang.ClassLoader} object. - */ - public ClassLoader getClassLoader() { - return this.classLoader; - } - /** - *

Getter for the field classPool.

- * - * @return a {@link javassist.ClassPool} object. - */ - public ClassPool getClassPool() { - return this.classPool; - } - /** - *

createClassPool.

- * - * @param _parent a {@link com.sap.psr.vulas.monitor.Loader} object. - * @param _classloader a {@link java.lang.ClassLoader} object. - */ - public void createClassPool(Loader _parent, ClassLoader _classloader) { - if(_parent==null) { - this.classPool = new ClassPool(); - } - else { - this.classPool = new ClassPool(_parent.getClassPool()); - } - this.classPool.appendClassPath(new LoaderClassPath(_classloader)); - } - /** - *

toString.

- * - * @return a {@link java.lang.String} object. - */ - public String toString() { - final StringBuilder b = new StringBuilder(); - b.append("Loader [classLoader=").append(this.classLoader.getClass().getName()); - b.append(",hashCode=").append(this.classLoader.hashCode()); - b.append(",#childs=").append(this.childs.size()); - b.append(",depth=").append(this.getDepth()).append("]"); - return b.toString(); - } - /** - *

toJSON.

- * - * @return a {@link java.lang.String} object. - */ - public String toJSON() { - StringBuilder b = new StringBuilder(); - b.append(" { \"classLoader\" : \"").append(this.classLoader.getClass().getName()).append("\""); - b.append(" , \"hashCode\" : \"").append(this.classLoader.hashCode()).append("\""); - b.append(" , \"depth\" : \"").append(this.getDepth()).append("\" }"); - return b.toString(); - } + private ClassLoader classLoader = null; + private Loader parent = null; + private Set childs = new HashSet(); + private ClassPool classPool = null; + + Loader(ClassLoader _loader) { + this.classLoader = _loader; + } + /** + *

Setter for the field parent.

+ * + * @param _l a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public void setParent(Loader _l) { + if (this.parent == null) this.parent = _l; + if (!_l.getChilds().contains(this)) _l.addChild(this); + } + /** + *

Getter for the field parent.

+ * + * @return a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public Loader getParent() { + return this.parent; + } + /** + *

addChild.

+ * + * @param _l a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public void addChild(Loader _l) { + this.childs.add(_l); + } + /** {@inheritDoc} */ + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((classLoader == null) ? 0 : classLoader.hashCode()); + return result; + } + /** {@inheritDoc} */ + @Override + public boolean equals(Object obj) { + if (this == obj) return true; + if (obj == null) return false; + if (getClass() != obj.getClass()) return false; + Loader other = (Loader) obj; + if (classLoader == null) { + if (other.classLoader != null) return false; + } else if (!classLoader.equals(other.classLoader)) return false; + return true; + } + /** + *

Getter for the field childs.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getChilds() { + return this.childs; + } + /** + *

isLeaf.

+ * + * @return a boolean. + */ + public boolean isLeaf() { + return this.childs.size() == 0; + } + /** + *

isRoot.

+ * + * @return a boolean. + */ + public boolean isRoot() { + return this.parent == null; + } + /** + *

getDepth.

+ * + * @return a int. + */ + public int getDepth() { + return (this.parent == null ? 0 : parent.getDepth() + 1); + } + /** + *

Getter for the field classLoader.

+ * + * @return a {@link java.lang.ClassLoader} object. + */ + public ClassLoader getClassLoader() { + return this.classLoader; + } + /** + *

Getter for the field classPool.

+ * + * @return a {@link javassist.ClassPool} object. + */ + public ClassPool getClassPool() { + return this.classPool; + } + /** + *

createClassPool.

+ * + * @param _parent a {@link com.sap.psr.vulas.monitor.Loader} object. + * @param _classloader a {@link java.lang.ClassLoader} object. + */ + public void createClassPool(Loader _parent, ClassLoader _classloader) { + if (_parent == null) { + this.classPool = new ClassPool(); + } else { + this.classPool = new ClassPool(_parent.getClassPool()); + } + this.classPool.appendClassPath(new LoaderClassPath(_classloader)); + } + /** + *

toString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toString() { + final StringBuilder b = new StringBuilder(); + b.append("Loader [classLoader=").append(this.classLoader.getClass().getName()); + b.append(",hashCode=").append(this.classLoader.hashCode()); + b.append(",#childs=").append(this.childs.size()); + b.append(",depth=").append(this.getDepth()).append("]"); + return b.toString(); + } + /** + *

toJSON.

+ * + * @return a {@link java.lang.String} object. + */ + public String toJSON() { + StringBuilder b = new StringBuilder(); + b.append(" { \"classLoader\" : \"").append(this.classLoader.getClass().getName()).append("\""); + b.append(" , \"hashCode\" : \"").append(this.classLoader.hashCode()).append("\""); + b.append(" , \"depth\" : \"").append(this.getDepth()).append("\" }"); + return b.toString(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderFilter.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderFilter.java index 8fc0ce809..386812576 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderFilter.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderFilter.java @@ -19,18 +19,17 @@ */ package com.sap.psr.vulas.monitor; - /** *

LoaderFilter interface.

* */ public interface LoaderFilter { - /** - *

accept.

- * - * @param _loader a {@link com.sap.psr.vulas.monitor.Loader} object. - * @return a boolean. - */ - public boolean accept(Loader _loader); + /** + *

accept.

+ * + * @param _loader a {@link com.sap.psr.vulas.monitor.Loader} object. + * @return a boolean. + */ + public boolean accept(Loader _loader); } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderHierarchy.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderHierarchy.java index 2b23f5616..813e3c475 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderHierarchy.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/LoaderHierarchy.java @@ -24,109 +24,103 @@ import org.apache.logging.log4j.Logger; - /** * Offers methods to create and interact with a hierarchy of {@link ClassLoader}s and {@link Loader}s. */ public class LoaderHierarchy { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - private Map loaderMap = new HashMap(); - - /** - *

add.

- * - * @param _cl a {@link java.lang.ClassLoader} object. - * @return a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public Loader add(ClassLoader _cl) { - Loader l = this.loaderMap.get(_cl); - if(l==null) { - l = new Loader(_cl); - this.loaderMap.put(_cl, l); - - final ClassLoader pcl = _cl.getParent(); - if(pcl!=null) { - Loader pl = this.add(pcl); - l.setParent(pl); - l.createClassPool(pl, _cl); - } - else { - l.createClassPool(null, _cl); - } - } - return l; - } - - /** - *

getLoader.

- * - * @param _cl a {@link java.lang.ClassLoader} object. - * @return a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public Loader getLoader(ClassLoader _cl) { - return this.loaderMap.get(_cl); - } - - /** - *

isLeaf.

- * - * @param _cl a {@link java.lang.ClassLoader} object. - * @return a boolean. - */ - public boolean isLeaf(ClassLoader _cl) { - final Loader l = this.loaderMap.get(_cl); - if(l==null) - throw new IllegalArgumentException(); - else - return l.isLeaf(); - } - - /** - *

isRoot.

- * - * @param _cl a {@link java.lang.ClassLoader} object. - * @return a boolean. - */ - public boolean isRoot(ClassLoader _cl) { - final Loader l = this.loaderMap.get(_cl); - if(l==null) - throw new IllegalArgumentException(); - else - return l.isRoot(); - } - - /** - *

getRoot.

- * - * @return a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public Loader getRoot() { - Loader r = null; - for(Loader l : this.loaderMap.values()) { - if(l.isRoot()) { - r = l; - break; - } - } - return r; - } - - /** - *

logHierarchy.

- * - * @param _l a {@link com.sap.psr.vulas.monitor.Loader} object. - * @param _lvl a int. - */ - public void logHierarchy(Loader _l, int _lvl) { - LoaderHierarchy.log.info(_lvl + " " + this.getIndent(_lvl) + _l.toString()); - for(Loader c : _l.getChilds()) this.logHierarchy(c, _lvl+1); - } - - private String getIndent(int _i) { - final StringBuilder b = new StringBuilder(); - for(int i=0; i<_i; i++) b.append(" "); - return b.toString(); - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private Map loaderMap = new HashMap(); + + /** + *

add.

+ * + * @param _cl a {@link java.lang.ClassLoader} object. + * @return a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public Loader add(ClassLoader _cl) { + Loader l = this.loaderMap.get(_cl); + if (l == null) { + l = new Loader(_cl); + this.loaderMap.put(_cl, l); + + final ClassLoader pcl = _cl.getParent(); + if (pcl != null) { + Loader pl = this.add(pcl); + l.setParent(pl); + l.createClassPool(pl, _cl); + } else { + l.createClassPool(null, _cl); + } + } + return l; + } + + /** + *

getLoader.

+ * + * @param _cl a {@link java.lang.ClassLoader} object. + * @return a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public Loader getLoader(ClassLoader _cl) { + return this.loaderMap.get(_cl); + } + + /** + *

isLeaf.

+ * + * @param _cl a {@link java.lang.ClassLoader} object. + * @return a boolean. + */ + public boolean isLeaf(ClassLoader _cl) { + final Loader l = this.loaderMap.get(_cl); + if (l == null) throw new IllegalArgumentException(); + else return l.isLeaf(); + } + + /** + *

isRoot.

+ * + * @param _cl a {@link java.lang.ClassLoader} object. + * @return a boolean. + */ + public boolean isRoot(ClassLoader _cl) { + final Loader l = this.loaderMap.get(_cl); + if (l == null) throw new IllegalArgumentException(); + else return l.isRoot(); + } + + /** + *

getRoot.

+ * + * @return a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public Loader getRoot() { + Loader r = null; + for (Loader l : this.loaderMap.values()) { + if (l.isRoot()) { + r = l; + break; + } + } + return r; + } + + /** + *

logHierarchy.

+ * + * @param _l a {@link com.sap.psr.vulas.monitor.Loader} object. + * @param _lvl a int. + */ + public void logHierarchy(Loader _l, int _lvl) { + LoaderHierarchy.log.info(_lvl + " " + this.getIndent(_lvl) + _l.toString()); + for (Loader c : _l.getChilds()) this.logHierarchy(c, _lvl + 1); + } + + private String getIndent(int _i) { + final StringBuilder b = new StringBuilder(); + for (int i = 0; i < _i; i++) b.append(" "); + return b.toString(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/PrintlnInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/PrintlnInstrumentor.java index e64b32949..b41d7e461 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/PrintlnInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/PrintlnInstrumentor.java @@ -34,25 +34,37 @@ */ public class PrintlnInstrumentor extends AbstractInstrumentor { - /** {@inheritDoc} */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) throws CannotCompileException { - this.injectUrlAndLoader(_code, _jid, _behavior); - _code.append("System.out.println(\"Call of ").append(_jid.toString()).append(", loaded from [\" + vul_cls_res.toString() + \"]\");"); - } - - /** {@inheritDoc} */ - @Override - public void upladInformation(AbstractGoal _exe, int _batch_size) {;} - - /** {@inheritDoc} */ - @Override - public void awaitUpload() {;} - - /** {@inheritDoc} */ - @Override - public Map getStatistics() { return new HashMap(); } - - /** {@inheritDoc} */ - @Override - public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { return true; } + /** {@inheritDoc} */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException { + this.injectUrlAndLoader(_code, _jid, _behavior); + _code + .append("System.out.println(\"Call of ") + .append(_jid.toString()) + .append(", loaded from [\" + vul_cls_res.toString() + \"]\");"); + } + + /** {@inheritDoc} */ + @Override + public void upladInformation(AbstractGoal _exe, int _batch_size) { + ; + } + + /** {@inheritDoc} */ + @Override + public void awaitUpload() { + ; + } + + /** {@inheritDoc} */ + @Override + public Map getStatistics() { + return new HashMap(); + } + + /** {@inheritDoc} */ + @Override + public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { + return true; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/UploadScheduler.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/UploadScheduler.java index 86288b3a3..e15cd2f00 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/UploadScheduler.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/UploadScheduler.java @@ -24,112 +24,126 @@ import org.apache.logging.log4j.Logger; - - /** * Calls a sequence methods of a given {@link ExecutionMonitor} in order upload collected * information to the Vulas backend. The {@link UploadScheduler} runs either once or periodically, * depending on the way it was constructed. */ public class UploadScheduler extends Observable implements Runnable, Observer { - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private long millis = -1; - private int batchSize = -1; - private boolean enabled = true; - private ExecutionMonitor monitor = null; - /** - *

Constructor for UploadScheduler.

- * - * @param _monitor a {@link com.sap.psr.vulas.monitor.ExecutionMonitor} object. - */ - public UploadScheduler(ExecutionMonitor _monitor) { this(_monitor, -1, -1); } - /** - *

Constructor for UploadScheduler.

- * - * @param _monitor a {@link com.sap.psr.vulas.monitor.ExecutionMonitor} object. - * @param _millis a long. - * @param _batch_size a int. - */ - public UploadScheduler(ExecutionMonitor _monitor, long _millis, int _batch_size) { this.monitor = _monitor; this.millis = _millis; this.batchSize = _batch_size; } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private long millis = -1; + private int batchSize = -1; + private boolean enabled = true; + private ExecutionMonitor monitor = null; + + /** + *

Constructor for UploadScheduler.

+ * + * @param _monitor a {@link com.sap.psr.vulas.monitor.ExecutionMonitor} object. + */ + public UploadScheduler(ExecutionMonitor _monitor) { + this(_monitor, -1, -1); + } + /** + *

Constructor for UploadScheduler.

+ * + * @param _monitor a {@link com.sap.psr.vulas.monitor.ExecutionMonitor} object. + * @param _millis a long. + * @param _batch_size a int. + */ + public UploadScheduler(ExecutionMonitor _monitor, long _millis, int _batch_size) { + this.monitor = _monitor; + this.millis = _millis; + this.batchSize = _batch_size; + } + + /** + *

enabled.

+ */ + public void enabled() { + this.enabled = true; + } + /** + *

disable.

+ */ + public void disable() { + this.enabled = false; + } + /** + *

isEnabled.

+ * + * @return a boolean. + */ + public boolean isEnabled() { + return this.enabled; + } + /** + *

getInterval.

+ * + * @return a long. + */ + public long getInterval() { + return this.millis; + } + /** + *

Getter for the field batchSize.

+ * + * @return a int. + */ + public int getBatchSize() { + return this.batchSize; + } + + /** + * Calls a sequence of methods of a {@link ExecutionMonitor}. + */ + public void run() { + // Final upload + if (this.millis == -1) { + + // Stop further instrumentation and collection (that may happen in the course of the following + // stmts) + this.monitor.setPaused(true); + DynamicTransformer.getInstance().setTransformationEnabled(false); + + // Upload stuff + this.monitor.uploadInformation(); + this.monitor.awaitUpload(); + this.monitor.stopGoal(); - /** - *

enabled.

- */ - public void enabled() { this.enabled=true; } - /** - *

disable.

- */ - public void disable() { this.enabled=false; } - /** - *

isEnabled.

- * - * @return a boolean. - */ - public boolean isEnabled() { return this.enabled; } - /** - *

getInterval.

- * - * @return a long. - */ - public long getInterval() { return this.millis; } - /** - *

Getter for the field batchSize.

- * - * @return a int. - */ - public int getBatchSize() { return this.batchSize; } + // Log instrumentation stats + InstrumentationControl.logOverallStatistics(); - /** - * Calls a sequence of methods of a {@link ExecutionMonitor}. - */ - public void run() { - // Final upload - if(this.millis==-1) { - - // Stop further instrumentation and collection (that may happen in the course of the following stmts) - this.monitor.setPaused(true); - DynamicTransformer.getInstance().setTransformationEnabled(false); - - // Upload stuff - this.monitor.uploadInformation(); - this.monitor.awaitUpload(); - this.monitor.stopGoal(); - - // Log instrumentation stats - InstrumentationControl.logOverallStatistics(); - - // Notify others that the final upload took place - this.notifyObservers(); - } - // Periodic uploads - else { - while(this.isEnabled()) { - try { - Thread.sleep(this.millis); - if(this.isEnabled()) { - this.monitor.uploadInformation(this.batchSize); - - // Log instrumentation stats - InstrumentationControl.logOverallStatistics(); - } - } catch (InterruptedException e) { - UploadScheduler.log.error("Error in periodic trace upload: " + e.getMessage()); - } - } - } + // Notify others that the final upload took place + this.notifyObservers(); + } + // Periodic uploads + else { + while (this.isEnabled()) { + try { + Thread.sleep(this.millis); + if (this.isEnabled()) { + this.monitor.uploadInformation(this.batchSize); - } + // Log instrumentation stats + InstrumentationControl.logOverallStatistics(); + } + } catch (InterruptedException e) { + UploadScheduler.log.error("Error in periodic trace upload: " + e.getMessage()); + } + } + } + } - /** - * {@inheritDoc} - * - * Disables periodic uploads (called by the shutdown uploader). - */ - public void update(Observable obj, Object arg) { - this.disable(); - UploadScheduler.log.info("Uploader disabled"); - } + /** + * {@inheritDoc} + * + * Disables periodic uploads (called by the shutdown uploader). + */ + public void update(Observable obj, Object arg) { + this.disable(); + UploadScheduler.log.info("Uploader disabled"); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/slice/SliceInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/slice/SliceInstrumentor.java index 959126416..48c53f8df 100755 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/slice/SliceInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/slice/SliceInstrumentor.java @@ -30,7 +30,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.backend.BackendConnectionException; import com.sap.psr.vulas.backend.BackendConnector; @@ -51,110 +50,176 @@ */ public class SliceInstrumentor extends AbstractInstrumentor { - // ====================================== STATIC MEMBERS - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - // ====================================== INSTANCE MEMBERS - - /** - * Blacklist of constructs not to be instrumented. - */ - private Set blacklistedConstructsNotToInstrument = new HashSet(); - - /** - * Whitelist of constructs to be instrumented. - */ - private Set whitelistedConstructsToInstrument = new HashSet();; - - /** - *

Constructor for SliceInstrumentor.

- */ - public SliceInstrumentor() { - try { - this.determineConstructs(); - } catch (Exception e) { - SliceInstrumentor.log.error("[" + e.getClass().getSimpleName() + "] during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } - } - - /** - * Builds the whitelist (blacklist) of constructs that will (not) be instrumented. The respective {@link ConstructId}s are - * either loaded from disk or read from the backend, depending on the presence of the configuration settings {@link CoreConfiguration#INSTR_SLICE_WHITELIST} and {@link CoreConfiguration#INSTR_SLICE_BLACKLIST}. - * - * @throws ConfigurationException - * @throws IllegalStateException - * @throws BackendConnectionException - */ - private void determineConstructs() throws ConfigurationException, IllegalStateException, BackendConnectionException, IOException { - if(!this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_WHITELIST) || !this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_BLACKLIST)) { - // Whitelist - if(!this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_WHITELIST)) { - final com.sap.psr.vulas.shared.json.model.ConstructId[] wl = (com.sap.psr.vulas.shared.json.model.ConstructId[])JacksonUtil.asObject(FileUtil.readFile(Paths.get(this.vulasConfiguration.getConfiguration().getString(CoreConfiguration.INSTR_SLICE_WHITELIST))), com.sap.psr.vulas.shared.json.model.ConstructId[].class); - whitelistedConstructsToInstrument.addAll(JavaId.toCoreType(Arrays.asList(wl))); - } - // Blacklist - if(!this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_BLACKLIST)) { - final com.sap.psr.vulas.shared.json.model.ConstructId[] bl = (com.sap.psr.vulas.shared.json.model.ConstructId[])JacksonUtil.asObject(FileUtil.readFile(Paths.get(this.vulasConfiguration.getConfiguration().getString(CoreConfiguration.INSTR_SLICE_BLACKLIST))), com.sap.psr.vulas.shared.json.model.ConstructId[].class); - blacklistedConstructsNotToInstrument.addAll(JavaId.toCoreType(Arrays.asList(bl))); - } - } else { - this.blacklistedConstructsNotToInstrument.addAll(JavaId.toCoreType(BackendConnector.getInstance().getAppTraces(CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration), CoreConfiguration.getAppContext(this.vulasConfiguration)))); - final Set reached_dependencies = BackendConnector.getInstance().getAppDependencies(CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration), CoreConfiguration.getAppContext(this.vulasConfiguration)); - for(Dependency d: reached_dependencies) { - blacklistedConstructsNotToInstrument.addAll(JavaId.toCoreType(d.getReachableConstructIds())); - } - } - log.info("Construct whitelist comprises [" + this.whitelistedConstructsToInstrument.size() + "] items, construct blacklist comprises [" + this.blacklistedConstructsNotToInstrument.size() + "] items"); - } - - /** - * {@inheritDoc} - * - * Returns true if the following two conditions hold, false otherwise: - * (1) The given {@link JavaId} is whitelisted or there is no whitelist - * (2) The given {@link JavaId} is NOT blacklisted or there is no blacklist. - * - * If there is neither a blacklist nor a whitelist, the method always returns false. - */ - @Override - public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { - final boolean whitelisted = this.whitelistedConstructsToInstrument.isEmpty() || this.whitelistedConstructsToInstrument.contains(_jid) || this.whitelistedConstructsToInstrument.contains(_jid.getCompilationUnit()) || this.whitelistedConstructsToInstrument.contains(_jid.getJavaPackageId()); - final boolean blacklisted = !this.blacklistedConstructsNotToInstrument.isEmpty() && (this.blacklistedConstructsNotToInstrument.contains(_jid) || this.blacklistedConstructsNotToInstrument.contains(_jid.getCompilationUnit()) || this.blacklistedConstructsNotToInstrument.contains(_jid.getJavaPackageId())); - final boolean r = whitelisted && !blacklisted; - log.info(_jid + " is whitelisted [" + whitelisted + "] and blacklisted [" + blacklisted + "]: Accepted for instrumentation [" + r + "]"); - return r; - } - - /** {@inheritDoc} */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) throws CannotCompileException { - _code.append("final boolean is_open = Boolean.parseBoolean(System.getProperty(\"").append(CoreConfiguration.INSTR_SLICE_GUARD_OPEN).append("\"));"); - _code.append("System.err.println(\"Execution of " + _jid.toString() + "\" + (is_open ? \"allowed\" : \"prevented\") + \" by Vulas guarding condition\");"); - _code.append("if(!is_open) throw new IllegalStateException(\"Execution of " + _jid.toString() + " prevented by Vulas guarding condition\");"); - } - - /** - * {@inheritDoc} - * - * Implementation does not do anything. - */ - @Override - public void upladInformation(AbstractGoal _exe, int _batch_size) { ; } - - /** - * {@inheritDoc} - * - * Implementation does not do anything. - */ - @Override - public void awaitUpload() { ; } - - /** {@inheritDoc} */ - @Override - public Map getStatistics() { - final Map stats = new HashMap(); - //TODO: Add number of instrumented methods - return stats; - } + // ====================================== STATIC MEMBERS + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + // ====================================== INSTANCE MEMBERS + + /** + * Blacklist of constructs not to be instrumented. + */ + private Set blacklistedConstructsNotToInstrument = new HashSet(); + + /** + * Whitelist of constructs to be instrumented. + */ + private Set whitelistedConstructsToInstrument = new HashSet(); + ; + + /** + *

Constructor for SliceInstrumentor.

+ */ + public SliceInstrumentor() { + try { + this.determineConstructs(); + } catch (Exception e) { + SliceInstrumentor.log.error( + "[" + e.getClass().getSimpleName() + "] during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } + } + + /** + * Builds the whitelist (blacklist) of constructs that will (not) be instrumented. The respective {@link ConstructId}s are + * either loaded from disk or read from the backend, depending on the presence of the configuration settings {@link CoreConfiguration#INSTR_SLICE_WHITELIST} and {@link CoreConfiguration#INSTR_SLICE_BLACKLIST}. + * + * @throws ConfigurationException + * @throws IllegalStateException + * @throws BackendConnectionException + */ + private void determineConstructs() + throws ConfigurationException, IllegalStateException, BackendConnectionException, + IOException { + if (!this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_WHITELIST) + || !this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_BLACKLIST)) { + // Whitelist + if (!this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_WHITELIST)) { + final com.sap.psr.vulas.shared.json.model.ConstructId[] wl = + (com.sap.psr.vulas.shared.json.model.ConstructId[]) + JacksonUtil.asObject( + FileUtil.readFile( + Paths.get( + this.vulasConfiguration + .getConfiguration() + .getString(CoreConfiguration.INSTR_SLICE_WHITELIST))), + com.sap.psr.vulas.shared.json.model.ConstructId[].class); + whitelistedConstructsToInstrument.addAll(JavaId.toCoreType(Arrays.asList(wl))); + } + // Blacklist + if (!this.vulasConfiguration.isEmpty(CoreConfiguration.INSTR_SLICE_BLACKLIST)) { + final com.sap.psr.vulas.shared.json.model.ConstructId[] bl = + (com.sap.psr.vulas.shared.json.model.ConstructId[]) + JacksonUtil.asObject( + FileUtil.readFile( + Paths.get( + this.vulasConfiguration + .getConfiguration() + .getString(CoreConfiguration.INSTR_SLICE_BLACKLIST))), + com.sap.psr.vulas.shared.json.model.ConstructId[].class); + blacklistedConstructsNotToInstrument.addAll(JavaId.toCoreType(Arrays.asList(bl))); + } + } else { + this.blacklistedConstructsNotToInstrument.addAll( + JavaId.toCoreType( + BackendConnector.getInstance() + .getAppTraces( + CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration), + CoreConfiguration.getAppContext(this.vulasConfiguration)))); + final Set reached_dependencies = + BackendConnector.getInstance() + .getAppDependencies( + CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration), + CoreConfiguration.getAppContext(this.vulasConfiguration)); + for (Dependency d : reached_dependencies) { + blacklistedConstructsNotToInstrument.addAll( + JavaId.toCoreType(d.getReachableConstructIds())); + } + } + log.info( + "Construct whitelist comprises [" + + this.whitelistedConstructsToInstrument.size() + + "] items, construct blacklist comprises [" + + this.blacklistedConstructsNotToInstrument.size() + + "] items"); + } + + /** + * {@inheritDoc} + * + * Returns true if the following two conditions hold, false otherwise: + * (1) The given {@link JavaId} is whitelisted or there is no whitelist + * (2) The given {@link JavaId} is NOT blacklisted or there is no blacklist. + * + * If there is neither a blacklist nor a whitelist, the method always returns false. + */ + @Override + public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { + final boolean whitelisted = + this.whitelistedConstructsToInstrument.isEmpty() + || this.whitelistedConstructsToInstrument.contains(_jid) + || this.whitelistedConstructsToInstrument.contains(_jid.getCompilationUnit()) + || this.whitelistedConstructsToInstrument.contains(_jid.getJavaPackageId()); + final boolean blacklisted = + !this.blacklistedConstructsNotToInstrument.isEmpty() + && (this.blacklistedConstructsNotToInstrument.contains(_jid) + || this.blacklistedConstructsNotToInstrument.contains(_jid.getCompilationUnit()) + || this.blacklistedConstructsNotToInstrument.contains(_jid.getJavaPackageId())); + final boolean r = whitelisted && !blacklisted; + log.info( + _jid + + " is whitelisted [" + + whitelisted + + "] and blacklisted [" + + blacklisted + + "]: Accepted for instrumentation [" + + r + + "]"); + return r; + } + + /** {@inheritDoc} */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException { + _code + .append("final boolean is_open = Boolean.parseBoolean(System.getProperty(\"") + .append(CoreConfiguration.INSTR_SLICE_GUARD_OPEN) + .append("\"));"); + _code.append( + "System.err.println(\"Execution of " + + _jid.toString() + + "\" + (is_open ? \"allowed\" : \"prevented\") + \" by Vulas guarding condition\");"); + _code.append( + "if(!is_open) throw new IllegalStateException(\"Execution of " + + _jid.toString() + + " prevented by Vulas guarding condition\");"); + } + + /** + * {@inheritDoc} + * + * Implementation does not do anything. + */ + @Override + public void upladInformation(AbstractGoal _exe, int _batch_size) { + ; + } + + /** + * {@inheritDoc} + * + * Implementation does not do anything. + */ + @Override + public void awaitUpload() { + ; + } + + /** {@inheritDoc} */ + @Override + public Map getStatistics() { + final Map stats = new HashMap(); + // TODO: Add number of instrumented methods + return stats; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/ConstructIdUtil.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/ConstructIdUtil.java index 9151b553d..1bdb6f3fe 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/ConstructIdUtil.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/ConstructIdUtil.java @@ -41,137 +41,140 @@ */ public class ConstructIdUtil { - private static Logger log = null; - private static final Logger getLog() { - if(ConstructIdUtil.log==null) - ConstructIdUtil.log = org.apache.logging.log4j.LogManager.getLogger(); - return ConstructIdUtil.log; - } - - private static ConstructIdUtil instance = null; - - private Set appConstructs = null; - - private ConstructIdUtil() { - try { - final Set app_constructs = BackendConnector.getInstance().getAppConstructIds(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), CoreConfiguration.getAppContext()); - this.appConstructs = new HashSet(); - for(com.sap.psr.vulas.shared.json.model.ConstructId cid: app_constructs) { - this.appConstructs.add(JavaId.toCoreType(cid)); - } - } catch (ConfigurationException e) { - ConstructIdUtil.getLog().error(e.getMessage(), e); - } catch (BackendConnectionException e) { - ConstructIdUtil.getLog().error(e.getMessage(), e); - } - } - - /** - *

Getter for the field instance.

- * - * @return a {@link com.sap.psr.vulas.monitor.touch.ConstructIdUtil} object. - */ - public synchronized static ConstructIdUtil getInstance() { - if(ConstructIdUtil.instance==null) - ConstructIdUtil.instance = new ConstructIdUtil(); - return ConstructIdUtil.instance; - } - - /** - * Checks whether the given {@link ConstructId} is part of the application under analysis. - * The check is implemented by looing at the definition context, which should be either - * class or enum. The reason is that, e.g., static initializers are not considered at - * the time of the source code analysis, hence, are not part of the collection. - * - * @param _jid a {@link com.sap.psr.vulas.ConstructId} object. - * @return a boolean. - */ - public boolean isAppConstruct(ConstructId _jid) { - boolean is_app_construct = false; - - // We only instrument clinit, methods and constructors - if(ConstructIdUtil.isOfInstrumentableType(_jid)) { - final ConstructId context = _jid.getDefinitionContext(); - is_app_construct = this.appConstructs!=null && this.appConstructs.contains(context); - } - else { - ConstructIdUtil.getLog().error("Expected , method or constructor, got [" + _jid.toString() + "]"); - } - - return is_app_construct; - } - - /** - * Returns true if the given {@link ConstructId} is neither part of the application nor a test method, false otherwise. - * - * @param _jid a {@link com.sap.psr.vulas.ConstructId} object. - * @return a boolean. - */ - public boolean isLibConstruct(ConstructId _jid) { - boolean is_lib_construct = false; - - // We only instrument clinit, methods and constructors - if(ConstructIdUtil.isOfInstrumentableType(_jid)) { - final ConstructId context = _jid.getDefinitionContext(); - is_lib_construct = this.appConstructs!=null && !this.appConstructs.contains(context); - - // Not part of the app, now check that is not a JUnit test method of the app - if(is_lib_construct) { - if(_jid instanceof JavaMethodId) { - is_lib_construct = !((JavaMethodId)_jid).isTestMethod(); - } - } - } - else { - ConstructIdUtil.getLog().error("Expected , method or constructor, got [" + _jid.toString() + "]"); - } - - return is_lib_construct; - } - - /** - * Returns true if the given {@link JavaId} is an instance of {@link JavaClassInit}, {@link JavaMethodId} or - * {@link JavaConstructorId}, false otherwise. - * - * @param _jid a {@link com.sap.psr.vulas.ConstructId} object. - * @return a boolean. - */ - public static boolean isOfInstrumentableType(ConstructId _jid) { - return _jid instanceof JavaClassInit || _jid instanceof JavaConstructorId || _jid instanceof JavaMethodId; - } - - /** - * Given a qualified name return the ConstructId that represent it. For now is - * implemented only on constructors and method (also including <clinit> and <init>). - * If the type requested is null or is not in the range of teh allowed types the method return null - * - * @param _qname the qname of the construct. - * @param type can be CONSTRUCTOR,CLASSINIT,METHOD,CLASS,NESTED_CLASS - * @return Return the java representation of this constructid or null if is not found - */ - public ConstructId getConstructidFromQName(String _qname, String type){ - if(_qname == null || type==null) return null; - // Constructor - if(_qname.contains("") || type.contains("CONSTRUCTOR")) { - _qname = ClassVisitor.removeParameterQualification(_qname); - return JavaId.parseConstructorQName(_qname); - } - // Static initializer - else if(_qname.contains("") || type.contains("CLASSINIT")) { - return JavaId.parseClassInitQName(_qname.substring(0, _qname.lastIndexOf('>')+1)); - } - // Method - else if(type.contains("METHOD")){ - // Cleanup the method's string representation for parsing - _qname = ClassVisitor.removeParameterQualification(_qname); - return JavaId.parseMethodQName(_qname); - } - else if(type.contains("CLASS") || type.contains("NESTED_CLASS")){ - return JavaId.parseClassQName(_qname); - } - else if(type.contains("ENUM")){ - return JavaId.parseEnumQName(_qname); - } - else return null; - } + private static Logger log = null; + + private static final Logger getLog() { + if (ConstructIdUtil.log == null) + ConstructIdUtil.log = org.apache.logging.log4j.LogManager.getLogger(); + return ConstructIdUtil.log; + } + + private static ConstructIdUtil instance = null; + + private Set appConstructs = null; + + private ConstructIdUtil() { + try { + final Set app_constructs = + BackendConnector.getInstance() + .getAppConstructIds( + CoreConfiguration.buildGoalContextFromGlobalConfiguration(), + CoreConfiguration.getAppContext()); + this.appConstructs = new HashSet(); + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : app_constructs) { + this.appConstructs.add(JavaId.toCoreType(cid)); + } + } catch (ConfigurationException e) { + ConstructIdUtil.getLog().error(e.getMessage(), e); + } catch (BackendConnectionException e) { + ConstructIdUtil.getLog().error(e.getMessage(), e); + } + } + + /** + *

Getter for the field instance.

+ * + * @return a {@link com.sap.psr.vulas.monitor.touch.ConstructIdUtil} object. + */ + public static synchronized ConstructIdUtil getInstance() { + if (ConstructIdUtil.instance == null) ConstructIdUtil.instance = new ConstructIdUtil(); + return ConstructIdUtil.instance; + } + + /** + * Checks whether the given {@link ConstructId} is part of the application under analysis. + * The check is implemented by looing at the definition context, which should be either + * class or enum. The reason is that, e.g., static initializers are not considered at + * the time of the source code analysis, hence, are not part of the collection. + * + * @param _jid a {@link com.sap.psr.vulas.ConstructId} object. + * @return a boolean. + */ + public boolean isAppConstruct(ConstructId _jid) { + boolean is_app_construct = false; + + // We only instrument clinit, methods and constructors + if (ConstructIdUtil.isOfInstrumentableType(_jid)) { + final ConstructId context = _jid.getDefinitionContext(); + is_app_construct = this.appConstructs != null && this.appConstructs.contains(context); + } else { + ConstructIdUtil.getLog() + .error("Expected , method or constructor, got [" + _jid.toString() + "]"); + } + + return is_app_construct; + } + + /** + * Returns true if the given {@link ConstructId} is neither part of the application nor a test method, false otherwise. + * + * @param _jid a {@link com.sap.psr.vulas.ConstructId} object. + * @return a boolean. + */ + public boolean isLibConstruct(ConstructId _jid) { + boolean is_lib_construct = false; + + // We only instrument clinit, methods and constructors + if (ConstructIdUtil.isOfInstrumentableType(_jid)) { + final ConstructId context = _jid.getDefinitionContext(); + is_lib_construct = this.appConstructs != null && !this.appConstructs.contains(context); + + // Not part of the app, now check that is not a JUnit test method of the app + if (is_lib_construct) { + if (_jid instanceof JavaMethodId) { + is_lib_construct = !((JavaMethodId) _jid).isTestMethod(); + } + } + } else { + ConstructIdUtil.getLog() + .error("Expected , method or constructor, got [" + _jid.toString() + "]"); + } + + return is_lib_construct; + } + + /** + * Returns true if the given {@link JavaId} is an instance of {@link JavaClassInit}, {@link JavaMethodId} or + * {@link JavaConstructorId}, false otherwise. + * + * @param _jid a {@link com.sap.psr.vulas.ConstructId} object. + * @return a boolean. + */ + public static boolean isOfInstrumentableType(ConstructId _jid) { + return _jid instanceof JavaClassInit + || _jid instanceof JavaConstructorId + || _jid instanceof JavaMethodId; + } + + /** + * Given a qualified name return the ConstructId that represent it. For now is + * implemented only on constructors and method (also including <clinit> and <init>). + * If the type requested is null or is not in the range of teh allowed types the method return null + * + * @param _qname the qname of the construct. + * @param type can be CONSTRUCTOR,CLASSINIT,METHOD,CLASS,NESTED_CLASS + * @return Return the java representation of this constructid or null if is not found + */ + public ConstructId getConstructidFromQName(String _qname, String type) { + if (_qname == null || type == null) return null; + // Constructor + if (_qname.contains("") || type.contains("CONSTRUCTOR")) { + _qname = ClassVisitor.removeParameterQualification(_qname); + return JavaId.parseConstructorQName(_qname); + } + // Static initializer + else if (_qname.contains("") || type.contains("CLASSINIT")) { + return JavaId.parseClassInitQName(_qname.substring(0, _qname.lastIndexOf('>') + 1)); + } + // Method + else if (type.contains("METHOD")) { + // Cleanup the method's string representation for parsing + _qname = ClassVisitor.removeParameterQualification(_qname); + return JavaId.parseMethodQName(_qname); + } else if (type.contains("CLASS") || type.contains("NESTED_CLASS")) { + return JavaId.parseClassQName(_qname); + } else if (type.contains("ENUM")) { + return JavaId.parseEnumQName(_qname); + } else return null; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointCollector.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointCollector.java index 3d49b7f5c..b4fa964bd 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointCollector.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointCollector.java @@ -20,7 +20,6 @@ package com.sap.psr.vulas.monitor.touch; import java.io.Serializable; -import java.net.MalformedURLException; import java.net.URL; import java.nio.file.Paths; import java.util.HashMap; @@ -58,358 +57,394 @@ */ public class TouchPointCollector { - // STATIC MEMBERS - - private static Logger log = null; - private static final Logger getLog() { - if(TouchPointCollector.log==null) - TouchPointCollector.log = org.apache.logging.log4j.LogManager.getLogger(); - return TouchPointCollector.log; - } - - private static TouchPointCollector instance = null; - - private static LoaderHierarchy loaderHierarchy = null; - - //private static boolean PAUSE_COLLECTION = false; - - // INSTANCE MEMBERS - - private Set touchPoints = new HashSet(); - - private Map jarAnalyzerCache = new HashMap(); - - private TouchPointCollector() { - this.loaderHierarchy = new LoaderHierarchy(); - } - - /** - *

Getter for the field instance.

- * - * @return a {@link com.sap.psr.vulas.monitor.touch.TouchPointCollector} object. - */ - public synchronized static TouchPointCollector getInstance() { - if(TouchPointCollector.instance==null) { - // Disable trace collection during the instantiation process. As we use a couple of OSS components - // ourselves, we may end up in an endless loop and StackOverflow exceptions otherwise - ExecutionMonitor.setPaused(true);//TouchPointCollector.PAUSE_COLLECTION = true; - - TouchPointCollector.instance = new TouchPointCollector(); - - // Trigger the creation of the execution monitor singleton - ExecutionMonitor.getInstance(); - - // Create instances of StackTraceUtil and ConstructIdUtil, which are both called in the instrumented code - new StackTraceUtil(); - ConstructIdUtil.getInstance(); - - BackendConnector.getInstance(); - - ClassVisitor.removePackageContext("a.b.c"); - - TouchPointCollector.getLog().info("Completed instantiation of touch point collector"); - - // Now that the instance has been created, we enable trace collection again - ExecutionMonitor.setPaused(false); //TouchPointCollector.PAUSE_COLLECTION = false; - } - return TouchPointCollector.instance; - } - - /** - * Adds the given touch point to the list of touch points collected during the tests. This method is called by the - * callback method {@link TouchPointCollector#callback(String, String, ClassLoader, URL, boolean, StackTraceElement[], String, String, String, Map)}. - * - * @param _tp a {@link com.sap.psr.vulas.monitor.touch.TouchPointCollector.TouchPoint} object. - */ - public void addTouchPoint(TouchPoint _tp) { this.touchPoints.add(_tp); } - - /** - *

Getter for the field touchPoints.

- * - * @return a {@link java.util.Set} object. - */ - public Set getTouchPoints() { return this.touchPoints; } - - /** - *

getJarAnalyzerByPath.

- * - * @param _jar_path a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.java.JarAnalyzer} object. - */ - public JarAnalyzer getJarAnalyzerByPath(String _jar_path){ - if(!this.jarAnalyzerCache.containsKey(_jar_path)){ - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(Paths.get(_jar_path).toFile()); - this.jarAnalyzerCache.put(_jar_path, ja); - } - catch(FileAnalysisException e) { - TouchPointCollector.getLog().error("Error while reading JAR file from URL [" + _jar_path + "]: " + e.getMessage()); - } - } - return this.jarAnalyzerCache.get(_jar_path); - } - - /** - *

callback.

- * - * @param _callee_type a {@link java.lang.String} object. - * @param _callee_qname a {@link java.lang.String} object. - * @param _class_loader a {@link java.lang.ClassLoader} object. - * @param _callee_url a {@link java.net.URL} object. - * @param callee_in_app a boolean. - * @param _stacktrace an array of {@link java.lang.StackTraceElement} objects. - * @param _app_groupid a {@link java.lang.String} object. - * @param _app_artifactid a {@link java.lang.String} object. - * @param _app_version a {@link java.lang.String} object. - * @param _callee_params a {@link java.util.Map} object. - */ - public static void callback(String _callee_type, String _callee_qname, ClassLoader _class_loader, URL _callee_url, boolean callee_in_app, StackTraceElement[] _stacktrace, String _app_groupid, String _app_artifactid, String _app_version, Map _callee_params){ - if(!ExecutionMonitor.isPaused()) { - - final TouchPointCollector tpi = TouchPointCollector.getInstance(); - - // Return right away if the max number of touch points has been collected already - if(CoreConfiguration.isMaxItemsCollected(tpi.getTouchPoints().size())) - return; - - final ConstructIdUtil cidu = ConstructIdUtil.getInstance(); - - // Extract caller from stacktrace - final Loader l = (_class_loader == null ? null : loaderHierarchy.add(_class_loader)); - final ConstructId caller = new StackTraceUtil(loaderHierarchy, l).getPredecessorConstruct(_stacktrace); - if(caller!=null) { - - // Get the direction of the touch point call (if any) - TouchPointCollector.Direction tp_direction = null; - if(cidu.isAppConstruct(caller) && !callee_in_app) - tp_direction = TouchPointCollector.Direction.A2L; - else if(cidu.isLibConstruct(caller) && callee_in_app) - tp_direction = TouchPointCollector.Direction.L2A; - - if(tp_direction!=null) { - final java.net.URL caller_url = ((com.sap.psr.vulas.java.JavaId)caller).getJarUrl(); - - // Build from method args - final ConstructId callee = ConstructIdUtil.getInstance().getConstructidFromQName(_callee_qname, _callee_type); - - // Caller and callee should be methods, constructors or clinits - if(!ConstructIdUtil.isOfInstrumentableType(caller) || !ConstructIdUtil.isOfInstrumentableType(callee)) { - TouchPointCollector.getLog().warn("Expected , method or constructor for caller and callee, but got " + caller + " and " + callee); - } - - // Create and collect the touch point - else { - final String callee_jar_path = (_callee_url == null ? null : FileUtil.getJARFilePath(_callee_url.toString())); - JarAnalyzer callee_ja = null; - if(callee_jar_path!=null ) callee_ja = tpi.getJarAnalyzerByPath(callee_jar_path); - - final String caller_jar_path = (caller_url == null ? null : FileUtil.getJARFilePath(caller_url.toString())); - JarAnalyzer caller_ja = null; - if(caller_jar_path!=null ) caller_ja = tpi.getJarAnalyzerByPath(caller_jar_path); - - final TouchPoint tp = new TouchPoint(tp_direction, caller, caller_ja, callee, _callee_params, callee_ja); - - tpi.addTouchPoint(tp); - } - } - } - } - } - - /** - * The instrumentation code created by {@link TouchPointInstrumentor#instrument(StringBuffer, JavaId, CtBehavior, ClassVisitor)} will - * call this callback method if it is possible to determine the caller (through stack trace analysis). - * - * @param _exe a {@link com.sap.psr.vulas.goals.AbstractGoal} object. - * @param _batch_size a int. - */ - /*public static void callback(Direction _direction, String _callee_type, String _callee_qname, URL _callee_url, ConstructId _caller, URL _caller_url, String _app_groupid, String _app_artifactid, String _app_version, Map _callee_params){ - if(!TouchPointCollector.PAUSE_COLLECTION) { - - // Build from method args - final ConstructId callee = ConstructIdUtil.getInstance().getConstructidFromQName(_callee_qname, _callee_type); - - // Caller and callee should be methods, constructors or clinits - if(!ConstructIdUtil.isOfInstrumentableType(_caller) || !ConstructIdUtil.isOfInstrumentableType(callee)) { - TouchPointCollector.getLog().warn("Expected > touchPointByArchiveId = new HashMap>(); - - // Loop and group by archive - final Iterator iter = this.touchPoints.iterator(); - while(iter.hasNext()){ - TouchPoint ase = iter.next(); - if(ase.getJarAnalyzerOfOss()!=null) { - String archiveId = ase.getJarAnalyzerOfOss().getSHA1(); - if(!touchPointByArchiveId.containsKey(archiveId)){ - touchPointByArchiveId.put(archiveId, new LinkedList()); - } - touchPointByArchiveId.get(archiveId).add(ase); - } - else { - TouchPointCollector.getLog().warn("No JAR analyzer found for touch point " + ase); - } - } - - // Upload touch points for each archive - for (Map.Entry> entry : touchPointByArchiveId.entrySet()) { - TouchPointCollector.getLog().info("Uploading [" + entry.getValue().size() + "] touch points for archive [" + entry.getKey() + "]"); - - // build attacksurface json - JsonArray myArray = new JsonArray(); - for(TouchPoint ase : entry.getValue()) { - myArray.add(ase.toJSON()); - } - - // Upload touch points for archiveid - try { - BackendConnector.getInstance().uploadTouchPoints(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), CoreConfiguration.getAppContext(), entry.getKey(), myArray.toString()); - } catch (ConfigurationException e) { - TouchPointCollector.getLog().error(e.getMessage(), e); - } catch (Exception e) { - TouchPointCollector.getLog().error("Error during upload: " + e.getMessage(), e); - } - } - } - - public static enum Direction { A2L, L2A }; - - private static class TouchPoint { - - private Direction direction = null; - - private ConstructId caller = null; - private ConstructId callee = null; - - private Map calleeArgs = null; - - private JarAnalyzer callerJa = null; - private JarAnalyzer calleeJa = null; - - private TouchPoint(Direction _direction, ConstructId _caller, JarAnalyzer _caller_ja, ConstructId _callee, Map _callee_args, JarAnalyzer _callee_ja) { - this.direction = _direction; - this.caller = _caller; - this.callee = _callee; - this.calleeArgs = _callee_args; - this.callerJa = _caller_ja; - this.calleeJa = _callee_ja; - } - - /** - * Returns the {@link JarAnalyzer} of the OSS that is part of the {@link TouchPoint}. Depending on the direction of the touch point, - * this can be the analyzer of the caller or callee. - * @return - */ - public JarAnalyzer getJarAnalyzerOfOss(){ - if(this.direction.equals(Direction.A2L)) return calleeJa; - else return callerJa; - } - - public JsonObject toJSON(){ - final JsonObject rootObj = new JsonObject(); - - rootObj.addProperty("direction", this.direction.toString()); - rootObj.add("from", this.caller.toGSON()); - rootObj.add("to", this.callee.toGSON()); - - // Add the archive SHA1 of the OSS (not needed for the application archive, if any) - if(this.getJarAnalyzerOfOss()!=null) - rootObj.addProperty("archiveId", this.getJarAnalyzerOfOss().getSHA1()); - - // Callee arguments - /*if(this.calleeArgs != null && this.calleeArgs.size()>0){ - final JsonArray myArray = new JsonArray(); - for(Entry entry : this.calleeArgs.entrySet()){ - if (entry.getKey().contains("arg_value_")) { - String argNumber = entry.getKey().substring(entry.getKey().lastIndexOf('_')+1); - JsonObject jo = new JsonObject(); - jo.addProperty(this.calleeArgs.get("arg_type_"+argNumber), entry.getValue().toString()); - myArray.add(jo); - } - - } - rootObj.add("endPointArguments", myArray); - }*/ - rootObj.addProperty("source", "X2C"); - return rootObj; - } - - @Override - public String toString() { - return "[" + this.caller.getQualifiedName() + " --> " + this.callee.getQualifiedName() + "]"; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((callee == null) ? 0 : callee.hashCode()); - result = prime * result + ((calleeJa == null) ? 0 : calleeJa.hashCode()); - result = prime * result + ((caller == null) ? 0 : caller.hashCode()); - result = prime * result + ((callerJa == null) ? 0 : callerJa.hashCode()); - result = prime * result + ((direction == null) ? 0 : direction.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - TouchPoint other = (TouchPoint) obj; - if (callee == null) { - if (other.callee != null) - return false; - } else if (!callee.equals(other.callee)) - return false; - if (calleeJa == null) { - if (other.calleeJa != null) - return false; - } else if (!calleeJa.equals(other.calleeJa)) - return false; - if (caller == null) { - if (other.caller != null) - return false; - } else if (!caller.equals(other.caller)) - return false; - if (callerJa == null) { - if (other.callerJa != null) - return false; - } else if (!callerJa.equals(other.callerJa)) - return false; - if (direction != other.direction) - return false; - return true; - } - } + // STATIC MEMBERS + + private static Logger log = null; + + private static final Logger getLog() { + if (TouchPointCollector.log == null) + TouchPointCollector.log = org.apache.logging.log4j.LogManager.getLogger(); + return TouchPointCollector.log; + } + + private static TouchPointCollector instance = null; + + private static LoaderHierarchy loaderHierarchy = null; + + // private static boolean PAUSE_COLLECTION = false; + + // INSTANCE MEMBERS + + private Set touchPoints = new HashSet(); + + private Map jarAnalyzerCache = new HashMap(); + + private TouchPointCollector() { + this.loaderHierarchy = new LoaderHierarchy(); + } + + /** + *

Getter for the field instance.

+ * + * @return a {@link com.sap.psr.vulas.monitor.touch.TouchPointCollector} object. + */ + public static synchronized TouchPointCollector getInstance() { + if (TouchPointCollector.instance == null) { + // Disable trace collection during the instantiation process. As we use a couple of OSS + // components + // ourselves, we may end up in an endless loop and StackOverflow exceptions otherwise + ExecutionMonitor.setPaused(true); // TouchPointCollector.PAUSE_COLLECTION = true; + + TouchPointCollector.instance = new TouchPointCollector(); + + // Trigger the creation of the execution monitor singleton + ExecutionMonitor.getInstance(); + + // Create instances of StackTraceUtil and ConstructIdUtil, which are both called in the + // instrumented code + new StackTraceUtil(); + ConstructIdUtil.getInstance(); + + BackendConnector.getInstance(); + + ClassVisitor.removePackageContext("a.b.c"); + + TouchPointCollector.getLog().info("Completed instantiation of touch point collector"); + + // Now that the instance has been created, we enable trace collection again + ExecutionMonitor.setPaused(false); // TouchPointCollector.PAUSE_COLLECTION = false; + } + return TouchPointCollector.instance; + } + + /** + * Adds the given touch point to the list of touch points collected during the tests. This method is called by the + * callback method {@link TouchPointCollector#callback(String, String, ClassLoader, URL, boolean, StackTraceElement[], String, String, String, Map)}. + * + * @param _tp a {@link com.sap.psr.vulas.monitor.touch.TouchPointCollector.TouchPoint} object. + */ + public void addTouchPoint(TouchPoint _tp) { + this.touchPoints.add(_tp); + } + + /** + *

Getter for the field touchPoints.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getTouchPoints() { + return this.touchPoints; + } + + /** + *

getJarAnalyzerByPath.

+ * + * @param _jar_path a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.java.JarAnalyzer} object. + */ + public JarAnalyzer getJarAnalyzerByPath(String _jar_path) { + if (!this.jarAnalyzerCache.containsKey(_jar_path)) { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(Paths.get(_jar_path).toFile()); + this.jarAnalyzerCache.put(_jar_path, ja); + } catch (FileAnalysisException e) { + TouchPointCollector.getLog() + .error("Error while reading JAR file from URL [" + _jar_path + "]: " + e.getMessage()); + } + } + return this.jarAnalyzerCache.get(_jar_path); + } + + /** + *

callback.

+ * + * @param _callee_type a {@link java.lang.String} object. + * @param _callee_qname a {@link java.lang.String} object. + * @param _class_loader a {@link java.lang.ClassLoader} object. + * @param _callee_url a {@link java.net.URL} object. + * @param callee_in_app a boolean. + * @param _stacktrace an array of {@link java.lang.StackTraceElement} objects. + * @param _app_groupid a {@link java.lang.String} object. + * @param _app_artifactid a {@link java.lang.String} object. + * @param _app_version a {@link java.lang.String} object. + * @param _callee_params a {@link java.util.Map} object. + */ + public static void callback( + String _callee_type, + String _callee_qname, + ClassLoader _class_loader, + URL _callee_url, + boolean callee_in_app, + StackTraceElement[] _stacktrace, + String _app_groupid, + String _app_artifactid, + String _app_version, + Map _callee_params) { + if (!ExecutionMonitor.isPaused()) { + + final TouchPointCollector tpi = TouchPointCollector.getInstance(); + + // Return right away if the max number of touch points has been collected already + if (CoreConfiguration.isMaxItemsCollected(tpi.getTouchPoints().size())) return; + + final ConstructIdUtil cidu = ConstructIdUtil.getInstance(); + + // Extract caller from stacktrace + final Loader l = (_class_loader == null ? null : loaderHierarchy.add(_class_loader)); + final ConstructId caller = + new StackTraceUtil(loaderHierarchy, l).getPredecessorConstruct(_stacktrace); + if (caller != null) { + + // Get the direction of the touch point call (if any) + TouchPointCollector.Direction tp_direction = null; + if (cidu.isAppConstruct(caller) && !callee_in_app) + tp_direction = TouchPointCollector.Direction.A2L; + else if (cidu.isLibConstruct(caller) && callee_in_app) + tp_direction = TouchPointCollector.Direction.L2A; + + if (tp_direction != null) { + final java.net.URL caller_url = ((com.sap.psr.vulas.java.JavaId) caller).getJarUrl(); + + // Build from method args + final ConstructId callee = + ConstructIdUtil.getInstance().getConstructidFromQName(_callee_qname, _callee_type); + + // Caller and callee should be methods, constructors or clinits + if (!ConstructIdUtil.isOfInstrumentableType(caller) + || !ConstructIdUtil.isOfInstrumentableType(callee)) { + TouchPointCollector.getLog() + .warn( + "Expected , method or constructor for caller and callee, but got " + + caller + + " and " + + callee); + } + + // Create and collect the touch point + else { + final String callee_jar_path = + (_callee_url == null ? null : FileUtil.getJARFilePath(_callee_url.toString())); + JarAnalyzer callee_ja = null; + if (callee_jar_path != null) callee_ja = tpi.getJarAnalyzerByPath(callee_jar_path); + + final String caller_jar_path = + (caller_url == null ? null : FileUtil.getJARFilePath(caller_url.toString())); + JarAnalyzer caller_ja = null; + if (caller_jar_path != null) caller_ja = tpi.getJarAnalyzerByPath(caller_jar_path); + + final TouchPoint tp = + new TouchPoint(tp_direction, caller, caller_ja, callee, _callee_params, callee_ja); + + tpi.addTouchPoint(tp); + } + } + } + } + } + + /** + * The instrumentation code created by {@link TouchPointInstrumentor#instrument(StringBuffer, JavaId, CtBehavior, ClassVisitor)} will + * call this callback method if it is possible to determine the caller (through stack trace analysis). + * + * @param _exe a {@link com.sap.psr.vulas.goals.AbstractGoal} object. + * @param _batch_size a int. + */ + /*public static void callback(Direction _direction, String _callee_type, String _callee_qname, URL _callee_url, ConstructId _caller, URL _caller_url, String _app_groupid, String _app_artifactid, String _app_version, Map _callee_params){ + if(!TouchPointCollector.PAUSE_COLLECTION) { + + // Build from method args + final ConstructId callee = ConstructIdUtil.getInstance().getConstructidFromQName(_callee_qname, _callee_type); + + // Caller and callee should be methods, constructors or clinits + if(!ConstructIdUtil.isOfInstrumentableType(_caller) || !ConstructIdUtil.isOfInstrumentableType(callee)) { + TouchPointCollector.getLog().warn("Expected > touchPointByArchiveId = + new HashMap>(); + + // Loop and group by archive + final Iterator iter = this.touchPoints.iterator(); + while (iter.hasNext()) { + TouchPoint ase = iter.next(); + if (ase.getJarAnalyzerOfOss() != null) { + String archiveId = ase.getJarAnalyzerOfOss().getSHA1(); + if (!touchPointByArchiveId.containsKey(archiveId)) { + touchPointByArchiveId.put(archiveId, new LinkedList()); + } + touchPointByArchiveId.get(archiveId).add(ase); + } else { + TouchPointCollector.getLog().warn("No JAR analyzer found for touch point " + ase); + } + } + + // Upload touch points for each archive + for (Map.Entry> entry : touchPointByArchiveId.entrySet()) { + TouchPointCollector.getLog() + .info( + "Uploading [" + + entry.getValue().size() + + "] touch points for archive [" + + entry.getKey() + + "]"); + + // build attacksurface json + JsonArray myArray = new JsonArray(); + for (TouchPoint ase : entry.getValue()) { + myArray.add(ase.toJSON()); + } + + // Upload touch points for archiveid + try { + BackendConnector.getInstance() + .uploadTouchPoints( + CoreConfiguration.buildGoalContextFromGlobalConfiguration(), + CoreConfiguration.getAppContext(), + entry.getKey(), + myArray.toString()); + } catch (ConfigurationException e) { + TouchPointCollector.getLog().error(e.getMessage(), e); + } catch (Exception e) { + TouchPointCollector.getLog().error("Error during upload: " + e.getMessage(), e); + } + } + } + + public static enum Direction { + A2L, + L2A + }; + + private static class TouchPoint { + + private Direction direction = null; + + private ConstructId caller = null; + private ConstructId callee = null; + + private Map calleeArgs = null; + + private JarAnalyzer callerJa = null; + private JarAnalyzer calleeJa = null; + + private TouchPoint( + Direction _direction, + ConstructId _caller, + JarAnalyzer _caller_ja, + ConstructId _callee, + Map _callee_args, + JarAnalyzer _callee_ja) { + this.direction = _direction; + this.caller = _caller; + this.callee = _callee; + this.calleeArgs = _callee_args; + this.callerJa = _caller_ja; + this.calleeJa = _callee_ja; + } + + /** + * Returns the {@link JarAnalyzer} of the OSS that is part of the {@link TouchPoint}. Depending on the direction of the touch point, + * this can be the analyzer of the caller or callee. + * @return + */ + public JarAnalyzer getJarAnalyzerOfOss() { + if (this.direction.equals(Direction.A2L)) return calleeJa; + else return callerJa; + } + + public JsonObject toJSON() { + final JsonObject rootObj = new JsonObject(); + + rootObj.addProperty("direction", this.direction.toString()); + rootObj.add("from", this.caller.toGSON()); + rootObj.add("to", this.callee.toGSON()); + + // Add the archive SHA1 of the OSS (not needed for the application archive, if any) + if (this.getJarAnalyzerOfOss() != null) + rootObj.addProperty("archiveId", this.getJarAnalyzerOfOss().getSHA1()); + + // Callee arguments + /*if(this.calleeArgs != null && this.calleeArgs.size()>0){ + final JsonArray myArray = new JsonArray(); + for(Entry entry : this.calleeArgs.entrySet()){ + if (entry.getKey().contains("arg_value_")) { + String argNumber = entry.getKey().substring(entry.getKey().lastIndexOf('_')+1); + JsonObject jo = new JsonObject(); + jo.addProperty(this.calleeArgs.get("arg_type_"+argNumber), entry.getValue().toString()); + myArray.add(jo); + } + + } + rootObj.add("endPointArguments", myArray); + }*/ + rootObj.addProperty("source", "X2C"); + return rootObj; + } + + @Override + public String toString() { + return "[" + this.caller.getQualifiedName() + " --> " + this.callee.getQualifiedName() + "]"; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((callee == null) ? 0 : callee.hashCode()); + result = prime * result + ((calleeJa == null) ? 0 : calleeJa.hashCode()); + result = prime * result + ((caller == null) ? 0 : caller.hashCode()); + result = prime * result + ((callerJa == null) ? 0 : callerJa.hashCode()); + result = prime * result + ((direction == null) ? 0 : direction.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) return true; + if (obj == null) return false; + if (getClass() != obj.getClass()) return false; + TouchPoint other = (TouchPoint) obj; + if (callee == null) { + if (other.callee != null) return false; + } else if (!callee.equals(other.callee)) return false; + if (calleeJa == null) { + if (other.calleeJa != null) return false; + } else if (!calleeJa.equals(other.calleeJa)) return false; + if (caller == null) { + if (other.caller != null) return false; + } else if (!caller.equals(other.caller)) return false; + if (callerJa == null) { + if (other.callerJa != null) return false; + } else if (!callerJa.equals(other.callerJa)) return false; + if (direction != other.direction) return false; + return true; + } + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointInstrumentor.java index 81d400b9a..434a4f1d7 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/touch/TouchPointInstrumentor.java @@ -24,7 +24,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.goals.AbstractGoal; import com.sap.psr.vulas.java.JavaId; import com.sap.psr.vulas.monitor.AbstractInstrumentor; @@ -41,91 +40,101 @@ */ public class TouchPointInstrumentor extends AbstractInstrumentor { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - /** {@inheritDoc} */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) throws CannotCompileException { - - // Inject some basic stuff common to several instrumentors - this.injectUrlAndLoader(_code, _jid, _behavior); - this.injectStacktrace(_code, _jid, _behavior); - - // Is the construct in question part of the application? - final boolean callee_in_app = ConstructIdUtil.getInstance().isAppConstruct(_jid); - - // Get type and value of all method arguments - _code.append("final java.util.Map tp_params = new java.util.HashMap();"); - final String callee_qname = _behavior.getLongName(); - - // The following code causes a StackOverflowException in certain cases --> see vulas-testapp, packages POI and xmlbeans - // Reason is maybe the call of this.toString() in constructors, which is injected due to the loop starting at index 0 - // $0 means 'this' for Javassist - /*final String callee_args = callee_qname.substring(callee_qname.indexOf('(')+1, callee_qname.indexOf(')')); - - String [] arg_types = null; - if(callee_args.length() > 0) - arg_types = callee_args.split(","); - else - arg_types = new String[0]; - - for(int i=0; i - _code.append("tp_params.put(\"arg_type_\" + \"" + i +"\", \"" + arg_types[i] + "\");"); - if(!arg_types[i].contains("<") && !arg_types[i].contains(">")) { - if(arg_types[i].contains(".")){ // assuming that a param type contains at least a point (e.g. java.lang.String) - _code.append("if($" + (i+1) + " != null){"); - _code.append("tp_params.put(\"arg_value_\" + \"" + i +"\", $" + (i+1) + ".toString());"); - _code.append("}"); - } - else { // this case contains every case that is no an object (int, boolean, byte[]) - _code.append("tp_params.put(\"arg_value_\" + \"" + i +"\", String.valueOf($" + (i+1) + "));"); - } - } - }*/ - - _code.append("com.sap.psr.vulas.monitor.touch.TouchPointCollector.callback"); - _code.append("(\"").append(_jid.getType()+"\",\"").append(ClassVisitor.removeParameterQualification(_behavior.getLongName())).append("\",vul_cls_ldr,vul_cls_res," + callee_in_app + ",vul_st,"); - - // If specified, include the application context, otherwise null, null, null - if(_cv.getAppContext()!=null) { - _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); - _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); - _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); - } - else - _code.append("null,null,null,"); - - // Map containing instrumentor specific parameter - _code.append("tp_params);"); - } - - /** {@inheritDoc} */ - @Override - public void upladInformation(AbstractGoal _exe, int _batch_size) { - TouchPointCollector.getInstance().uploadInformation(_exe, _batch_size); - } - - /** {@inheritDoc} */ - @Override - public void awaitUpload() {;} - - //TODO: Add statistics - /** {@inheritDoc} */ - @Override - public Map getStatistics() { return new HashMap(); } - - /** - * {@inheritDoc} - * - * Accepts every class. - * - * Note that the instrumentation can involve two levels of filtering: - * First, {@link DynamicTransformer#transform(ClassLoader, String, Class, java.security.ProtectionDomain, byte[])} - * filters according to class names, JAR names and - * JAR directory locations. Second, every {@link IInstrumentor} can apply an additional - * filter in the implementation of this method. - */ - @Override - public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { return true; } - + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + /** {@inheritDoc} */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException { + + // Inject some basic stuff common to several instrumentors + this.injectUrlAndLoader(_code, _jid, _behavior); + this.injectStacktrace(_code, _jid, _behavior); + + // Is the construct in question part of the application? + final boolean callee_in_app = ConstructIdUtil.getInstance().isAppConstruct(_jid); + + // Get type and value of all method arguments + _code.append("final java.util.Map tp_params = new java.util.HashMap();"); + final String callee_qname = _behavior.getLongName(); + + // The following code causes a StackOverflowException in certain cases --> see vulas-testapp, + // packages POI and xmlbeans + // Reason is maybe the call of this.toString() in constructors, which is injected due to the + // loop starting at index 0 + // $0 means 'this' for Javassist + /*final String callee_args = callee_qname.substring(callee_qname.indexOf('(')+1, callee_qname.indexOf(')')); + + String [] arg_types = null; + if(callee_args.length() > 0) + arg_types = callee_args.split(","); + else + arg_types = new String[0]; + + for(int i=0; i + _code.append("tp_params.put(\"arg_type_\" + \"" + i +"\", \"" + arg_types[i] + "\");"); + if(!arg_types[i].contains("<") && !arg_types[i].contains(">")) { + if(arg_types[i].contains(".")){ // assuming that a param type contains at least a point (e.g. java.lang.String) + _code.append("if($" + (i+1) + " != null){"); + _code.append("tp_params.put(\"arg_value_\" + \"" + i +"\", $" + (i+1) + ".toString());"); + _code.append("}"); + } + else { // this case contains every case that is no an object (int, boolean, byte[]) + _code.append("tp_params.put(\"arg_value_\" + \"" + i +"\", String.valueOf($" + (i+1) + "));"); + } + } + }*/ + + _code.append("com.sap.psr.vulas.monitor.touch.TouchPointCollector.callback"); + _code + .append("(\"") + .append(_jid.getType() + "\",\"") + .append(ClassVisitor.removeParameterQualification(_behavior.getLongName())) + .append("\",vul_cls_ldr,vul_cls_res," + callee_in_app + ",vul_st,"); + + // If specified, include the application context, otherwise null, null, null + if (_cv.getAppContext() != null) { + _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); + _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); + _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); + } else _code.append("null,null,null,"); + + // Map containing instrumentor specific parameter + _code.append("tp_params);"); + } + + /** {@inheritDoc} */ + @Override + public void upladInformation(AbstractGoal _exe, int _batch_size) { + TouchPointCollector.getInstance().uploadInformation(_exe, _batch_size); + } + + /** {@inheritDoc} */ + @Override + public void awaitUpload() { + ; + } + + // TODO: Add statistics + /** {@inheritDoc} */ + @Override + public Map getStatistics() { + return new HashMap(); + } + + /** + * {@inheritDoc} + * + * Accepts every class. + * + * Note that the instrumentation can involve two levels of filtering: + * First, {@link DynamicTransformer#transform(ClassLoader, String, Class, java.security.ProtectionDomain, byte[])} + * filters according to class names, JAR names and + * JAR directory locations. Second, every {@link IInstrumentor} can apply an additional + * filter in the implementation of this method. + */ + @Override + public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { + return true; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/AbstractTraceInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/AbstractTraceInstrumentor.java index 440ec1ba5..ca9092e62 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/AbstractTraceInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/AbstractTraceInstrumentor.java @@ -40,63 +40,68 @@ */ public abstract class AbstractTraceInstrumentor extends AbstractInstrumentor { - /** {@inheritDoc} */ - @Override - public void upladInformation(AbstractGoal _exe, int _batch_size) { - TraceCollector.getInstance().uploadInformation(_exe, _batch_size); - } + /** {@inheritDoc} */ + @Override + public void upladInformation(AbstractGoal _exe, int _batch_size) { + TraceCollector.getInstance().uploadInformation(_exe, _batch_size); + } - /** {@inheritDoc} */ - @Override - public void awaitUpload() { - TraceCollector.getInstance().awaitUpload(); - } + /** {@inheritDoc} */ + @Override + public void awaitUpload() { + TraceCollector.getInstance().awaitUpload(); + } - /** {@inheritDoc} */ - @Override - public Map getStatistics() { - return TraceCollector.getInstance().getStatistics(); - } + /** {@inheritDoc} */ + @Override + public Map getStatistics() { + return TraceCollector.getInstance().getStatistics(); + } - /** - * {@inheritDoc} - * - * Accepts every class. - * - * Note that the instrumentation involves two levels of filtering: - * First, {@link DynamicTransformer#transform(ClassLoader, String, Class, java.security.ProtectionDomain, byte[])} - * filters according to class names, JAR names and - * JAR directory locations. Second, every {@link IInstrumentor} can apply an additional - * filter in the implementation of this method. - * Note that - */ - @Override - public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { return true; } - - /** - * Merges the constructs of the map into a single HashSet, i.e., unordered. - * - * @param _map a {@link java.util.Map} object. - * @return a {@link java.util.Set} object. - */ - public static final Set merge(Map> _map) { - return AbstractTraceInstrumentor.merge(_map, false); - } - - /** - * Merges the constructs of the map into a single set. Returns a TreeSet if _ordered is equal to true, a HashSet otherwise. - * - * @param _map a {@link java.util.Map} object. - * @return a single set containing all the constructs passed in _map - * @param _ordered a boolean. - */ - public static final Set merge(Map> _map, boolean _ordered) { - final Set set = ( _ordered ? new TreeSet() : new HashSet() ); - for(Object key: _map.keySet()) { - for(com.sap.psr.vulas.shared.json.model.ConstructId cid: _map.get(key)) { - set.add(JavaId.toCoreType(cid)); - } - } - return set; - } + /** + * {@inheritDoc} + * + * Accepts every class. + * + * Note that the instrumentation involves two levels of filtering: + * First, {@link DynamicTransformer#transform(ClassLoader, String, Class, java.security.ProtectionDomain, byte[])} + * filters according to class names, JAR names and + * JAR directory locations. Second, every {@link IInstrumentor} can apply an additional + * filter in the implementation of this method. + * Note that + */ + @Override + public boolean acceptToInstrument(JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) { + return true; + } + + /** + * Merges the constructs of the map into a single HashSet, i.e., unordered. + * + * @param _map a {@link java.util.Map} object. + * @return a {@link java.util.Set} object. + */ + public static final Set merge( + Map> _map) { + return AbstractTraceInstrumentor.merge(_map, false); + } + + /** + * Merges the constructs of the map into a single set. Returns a TreeSet if _ordered is equal to true, a HashSet otherwise. + * + * @param _map a {@link java.util.Map} object. + * @return a single set containing all the constructs passed in _map + * @param _ordered a boolean. + */ + public static final Set merge( + Map> _map, boolean _ordered) { + final Set set = + (_ordered ? new TreeSet() : new HashSet()); + for (Object key : _map.keySet()) { + for (com.sap.psr.vulas.shared.json.model.ConstructId cid : _map.get(key)) { + set.add(JavaId.toCoreType(cid)); + } + } + return set; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/ConstructUsage.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/ConstructUsage.java index 4631765d2..6fdba72e5 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/ConstructUsage.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/ConstructUsage.java @@ -29,209 +29,225 @@ import com.sap.psr.vulas.shared.json.model.Application; import com.sap.psr.vulas.shared.util.StringUtil; - /** * Represents the usage of a given construct. */ public class ConstructUsage { - private long t = -1; - private ConstructId c = null; - private int counter = 1; - /** The URL of the resource from where the construct was loaded, can be the URL of a class file or a JAR. */ - private String resourceURL = null; - private String archiveDigest = null; - private String archiveFileName = null; - private Loader loader = null; - private Application appContext = null; - private String executionId = null; - private Set junitContexts = new HashSet(); - /** - *

Constructor for ConstructUsage.

- * - * @param _c a {@link com.sap.psr.vulas.ConstructId} object. - * @param _resource_url a {@link java.lang.String} object. - * @param _t a long. - */ - public ConstructUsage(ConstructId _c, String _resource_url, long _t) { - this(_c, _resource_url, null, _t, 1); - } - /** - *

Constructor for ConstructUsage.

- * - * @param _c a {@link com.sap.psr.vulas.ConstructId} object. - * @param _resource_url a {@link java.lang.String} object. - * @param _loader a {@link com.sap.psr.vulas.monitor.Loader} object. - * @param _t a long. - * @param _counter a int. - */ - public ConstructUsage(ConstructId _c, String _resource_url, Loader _loader, long _t, int _counter) { - this.c = _c; - this.resourceURL = _resource_url; - this.loader = _loader; - this.t = _t; - this.counter = _counter; - } - /** - *

addJUnitContext.

- * - * @param _junit a {@link com.sap.psr.vulas.ConstructId} object. - */ - public void addJUnitContext(ConstructId _junit) { this.junitContexts.add(_junit); } - /** - *

getJUnitContexts.

- * - * @return a {@link java.util.Set} object. - */ - public Set getJUnitContexts() { return this.junitContexts; } - /** - *

Getter for the field counter.

- * - * @return a int. - */ - public int getCounter() { return this.counter; } - /** - *

Getter for the field appContext.

- * - * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public Application getAppContext() { return this.appContext; } - /** - *

Setter for the field appContext.

- * - * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. - */ - public void setAppContext(Application _ctx) { this.appContext = _ctx; } - /** - *

Getter for the field resourceURL.

- * - * @return a {@link java.lang.String} object. - */ - public String getResourceURL() { return this.resourceURL; } - /** - *

Getter for the field archiveDigest.

- * - * @return a {@link java.lang.String} object. - */ - public String getArchiveDigest() { return archiveDigest; } - /** - *

Setter for the field archiveDigest.

- * - * @param resourceDigest a {@link java.lang.String} object. - */ - public void setArchiveDigest(String resourceDigest) { this.archiveDigest = resourceDigest; } - /** - *

Getter for the field archiveFileName.

- * - * @return a {@link java.lang.String} object. - */ - public String getArchiveFileName() { return archiveFileName; } - /** - *

Setter for the field archiveFileName.

- * - * @param archiveFileName a {@link java.lang.String} object. - */ - public void setArchiveFileName(String archiveFileName) { this.archiveFileName = archiveFileName; } - /** - *

Getter for the field loader.

- * - * @return a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public Loader getLoader() { return this.loader; } - /** - *

Setter for the field executionId.

- * - * @param _id a {@link java.lang.String} object. - */ - public void setExecutionId(String _id) { this.executionId = _id; } - - /** - *

toString.

- * - * @return a {@link java.lang.String} object. - */ - public String toString() { - final StringBuilder b = new StringBuilder(); - b.append("ConstructUsage [timestamp=").append(StringUtil.formatDate(this.t)).append(", count=").append(counter); - if(this.archiveFileName!=null) b.append(", archiveFileName=").append(this.archiveFileName); - if(this.archiveDigest!=null) b.append(", archiveDigest=").append(this.archiveDigest); - //if(this.resourceURL!=null) b.append(", resourceURL=").append(this.resourceURL); - b.append(", construct=").append(c.toString()).append("]"); - return b.toString(); - } - /** - *

toJSON.

- * - * @return a {@link java.lang.String} object. - */ - public String toJSON() { - final JsonBuilder jb = new JsonBuilder(); - jb.startObject(); - jb.appendObjectProperty("tracedAt", StringUtil.formatDate(this.t)); - jb.appendObjectProperty("count", new Integer(this.counter)); - jb.appendObjectProperty("executionId", this.executionId); - if(this.appContext!=null) - jb.appendObjectProperty("app", JacksonUtil.asJsonString(this.appContext), false); - if(this.archiveFileName!=null && this.archiveDigest!=null) { - jb.appendObjectProperty("lib", this.archiveDigest); - jb.appendObjectProperty("filename", this.archiveFileName); - } - if(this.junitContexts!=null && this.junitContexts.size()>0) { - jb.startArrayProperty("junits"); - for(ConstructId junit: this.junitContexts) - jb.appendJsonToArray(junit.toJSON()); - jb.endArray(); - } - //if(this.loader!=null) b.append(", \"loader\" : ").append(this.loader.toJSON()).append(""); - jb.appendObjectProperty("constructId", c.toJSON(), false); - jb.endObject(); - return jb.toString(); - } - /** - *

merge.

- * - * @param _other a {@link com.sap.psr.vulas.monitor.trace.ConstructUsage} object. - */ - public void merge(ConstructUsage _other) { - this.counter = Math.max(this.counter, _other.getCounter()); - this.junitContexts.addAll(_other.getJUnitContexts()); - } - /** {@inheritDoc} */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((appContext == null) ? 0 : appContext.hashCode()); - result = prime * result + ((c == null) ? 0 : c.hashCode()); - result = prime * result - + ((resourceURL == null) ? 0 : resourceURL.hashCode()); - return result; - } - /** {@inheritDoc} */ - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - ConstructUsage other = (ConstructUsage) obj; - if (appContext == null) { - if (other.appContext != null) - return false; - } else if (!appContext.equals(other.appContext)) - return false; - if (c == null) { - if (other.c != null) - return false; - } else if (!c.equals(other.c)) - return false; - if (resourceURL == null) { - if (other.resourceURL != null) - return false; - } else if (!resourceURL.equals(other.resourceURL)) - return false; - return true; - } + private long t = -1; + private ConstructId c = null; + private int counter = 1; + /** The URL of the resource from where the construct was loaded, can be the URL of a class file or a JAR. */ + private String resourceURL = null; + + private String archiveDigest = null; + private String archiveFileName = null; + private Loader loader = null; + private Application appContext = null; + private String executionId = null; + private Set junitContexts = new HashSet(); + /** + *

Constructor for ConstructUsage.

+ * + * @param _c a {@link com.sap.psr.vulas.ConstructId} object. + * @param _resource_url a {@link java.lang.String} object. + * @param _t a long. + */ + public ConstructUsage(ConstructId _c, String _resource_url, long _t) { + this(_c, _resource_url, null, _t, 1); + } + /** + *

Constructor for ConstructUsage.

+ * + * @param _c a {@link com.sap.psr.vulas.ConstructId} object. + * @param _resource_url a {@link java.lang.String} object. + * @param _loader a {@link com.sap.psr.vulas.monitor.Loader} object. + * @param _t a long. + * @param _counter a int. + */ + public ConstructUsage( + ConstructId _c, String _resource_url, Loader _loader, long _t, int _counter) { + this.c = _c; + this.resourceURL = _resource_url; + this.loader = _loader; + this.t = _t; + this.counter = _counter; + } + /** + *

addJUnitContext.

+ * + * @param _junit a {@link com.sap.psr.vulas.ConstructId} object. + */ + public void addJUnitContext(ConstructId _junit) { + this.junitContexts.add(_junit); + } + /** + *

getJUnitContexts.

+ * + * @return a {@link java.util.Set} object. + */ + public Set getJUnitContexts() { + return this.junitContexts; + } + /** + *

Getter for the field counter.

+ * + * @return a int. + */ + public int getCounter() { + return this.counter; + } + /** + *

Getter for the field appContext.

+ * + * @return a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public Application getAppContext() { + return this.appContext; + } + /** + *

Setter for the field appContext.

+ * + * @param _ctx a {@link com.sap.psr.vulas.shared.json.model.Application} object. + */ + public void setAppContext(Application _ctx) { + this.appContext = _ctx; + } + /** + *

Getter for the field resourceURL.

+ * + * @return a {@link java.lang.String} object. + */ + public String getResourceURL() { + return this.resourceURL; + } + /** + *

Getter for the field archiveDigest.

+ * + * @return a {@link java.lang.String} object. + */ + public String getArchiveDigest() { + return archiveDigest; + } + /** + *

Setter for the field archiveDigest.

+ * + * @param resourceDigest a {@link java.lang.String} object. + */ + public void setArchiveDigest(String resourceDigest) { + this.archiveDigest = resourceDigest; + } + /** + *

Getter for the field archiveFileName.

+ * + * @return a {@link java.lang.String} object. + */ + public String getArchiveFileName() { + return archiveFileName; + } + /** + *

Setter for the field archiveFileName.

+ * + * @param archiveFileName a {@link java.lang.String} object. + */ + public void setArchiveFileName(String archiveFileName) { + this.archiveFileName = archiveFileName; + } + /** + *

Getter for the field loader.

+ * + * @return a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public Loader getLoader() { + return this.loader; + } + /** + *

Setter for the field executionId.

+ * + * @param _id a {@link java.lang.String} object. + */ + public void setExecutionId(String _id) { + this.executionId = _id; + } + + /** + *

toString.

+ * + * @return a {@link java.lang.String} object. + */ + public String toString() { + final StringBuilder b = new StringBuilder(); + b.append("ConstructUsage [timestamp=") + .append(StringUtil.formatDate(this.t)) + .append(", count=") + .append(counter); + if (this.archiveFileName != null) b.append(", archiveFileName=").append(this.archiveFileName); + if (this.archiveDigest != null) b.append(", archiveDigest=").append(this.archiveDigest); + // if(this.resourceURL!=null) b.append(", resourceURL=").append(this.resourceURL); + b.append(", construct=").append(c.toString()).append("]"); + return b.toString(); + } + /** + *

toJSON.

+ * + * @return a {@link java.lang.String} object. + */ + public String toJSON() { + final JsonBuilder jb = new JsonBuilder(); + jb.startObject(); + jb.appendObjectProperty("tracedAt", StringUtil.formatDate(this.t)); + jb.appendObjectProperty("count", new Integer(this.counter)); + jb.appendObjectProperty("executionId", this.executionId); + if (this.appContext != null) + jb.appendObjectProperty("app", JacksonUtil.asJsonString(this.appContext), false); + if (this.archiveFileName != null && this.archiveDigest != null) { + jb.appendObjectProperty("lib", this.archiveDigest); + jb.appendObjectProperty("filename", this.archiveFileName); + } + if (this.junitContexts != null && this.junitContexts.size() > 0) { + jb.startArrayProperty("junits"); + for (ConstructId junit : this.junitContexts) jb.appendJsonToArray(junit.toJSON()); + jb.endArray(); + } + // if(this.loader!=null) b.append(", \"loader\" : ").append(this.loader.toJSON()).append(""); + jb.appendObjectProperty("constructId", c.toJSON(), false); + jb.endObject(); + return jb.toString(); + } + /** + *

merge.

+ * + * @param _other a {@link com.sap.psr.vulas.monitor.trace.ConstructUsage} object. + */ + public void merge(ConstructUsage _other) { + this.counter = Math.max(this.counter, _other.getCounter()); + this.junitContexts.addAll(_other.getJUnitContexts()); + } + /** {@inheritDoc} */ + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((appContext == null) ? 0 : appContext.hashCode()); + result = prime * result + ((c == null) ? 0 : c.hashCode()); + result = prime * result + ((resourceURL == null) ? 0 : resourceURL.hashCode()); + return result; + } + /** {@inheritDoc} */ + @Override + public boolean equals(Object obj) { + if (this == obj) return true; + if (obj == null) return false; + if (getClass() != obj.getClass()) return false; + ConstructUsage other = (ConstructUsage) obj; + if (appContext == null) { + if (other.appContext != null) return false; + } else if (!appContext.equals(other.appContext)) return false; + if (c == null) { + if (other.c != null) return false; + } else if (!c.equals(other.c)) return false; + if (resourceURL == null) { + if (other.resourceURL != null) return false; + } else if (!resourceURL.equals(other.resourceURL)) return false; + return true; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/PathNode.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/PathNode.java index d42f81d5f..67d6552e9 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/PathNode.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/PathNode.java @@ -27,74 +27,76 @@ */ public class PathNode { - private ConstructId constructId = null; - - private String sha1 = null; - - /** - *

Constructor for PathNode.

- * - * @param _cid a {@link com.sap.psr.vulas.ConstructId} object. - */ - public PathNode(ConstructId _cid) { - this(_cid, null); - } - - /** - *

Constructor for PathNode.

- * - * @param _cid a {@link com.sap.psr.vulas.ConstructId} object. - * @param _sha1 a {@link java.lang.String} object. - */ - public PathNode(ConstructId _cid, String _sha1) { - this.constructId = _cid; - this.sha1 = _sha1; - } + private ConstructId constructId = null; - /** - *

Getter for the field constructId.

- * - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getConstructId() { - return constructId; - } + private String sha1 = null; - /** - *

Getter for the field sha1.

- * - * @return a {@link java.lang.String} object. - */ - public String getSha1() { - return sha1; - } - - /** - *

Setter for the field sha1.

- * - * @param _sha1 a {@link java.lang.String} object. - */ - public void setSha1(String _sha1) { - this.sha1= _sha1; - } - - /** - *

hasSha1.

- * - * @return a boolean. - */ - public boolean hasSha1() { return this.sha1!=null; } - - /** {@inheritDoc} */ - @Override - public String toString() { - final StringBuffer b = new StringBuffer(); - b.append("[qname="); - b.append(this.constructId.getQualifiedName()); - if(this.sha1!=null) { - b.append(", libsha1=").append(this.sha1); - } - b.append("]"); - return b.toString(); - } + /** + *

Constructor for PathNode.

+ * + * @param _cid a {@link com.sap.psr.vulas.ConstructId} object. + */ + public PathNode(ConstructId _cid) { + this(_cid, null); + } + + /** + *

Constructor for PathNode.

+ * + * @param _cid a {@link com.sap.psr.vulas.ConstructId} object. + * @param _sha1 a {@link java.lang.String} object. + */ + public PathNode(ConstructId _cid, String _sha1) { + this.constructId = _cid; + this.sha1 = _sha1; + } + + /** + *

Getter for the field constructId.

+ * + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getConstructId() { + return constructId; + } + + /** + *

Getter for the field sha1.

+ * + * @return a {@link java.lang.String} object. + */ + public String getSha1() { + return sha1; + } + + /** + *

Setter for the field sha1.

+ * + * @param _sha1 a {@link java.lang.String} object. + */ + public void setSha1(String _sha1) { + this.sha1 = _sha1; + } + + /** + *

hasSha1.

+ * + * @return a boolean. + */ + public boolean hasSha1() { + return this.sha1 != null; + } + + /** {@inheritDoc} */ + @Override + public String toString() { + final StringBuffer b = new StringBuffer(); + b.append("[qname="); + b.append(this.constructId.getQualifiedName()); + if (this.sha1 != null) { + b.append(", libsha1=").append(this.sha1); + } + b.append("]"); + return b.toString(); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleStackTraceInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleStackTraceInstrumentor.java index edf79536a..7c65a5ab1 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleStackTraceInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleStackTraceInstrumentor.java @@ -25,7 +25,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.backend.BackendConnectionException; import com.sap.psr.vulas.backend.BackendConnector; @@ -33,7 +32,6 @@ import com.sap.psr.vulas.goals.GoalContext; import com.sap.psr.vulas.java.JavaId; import com.sap.psr.vulas.monitor.ClassVisitor; -import com.sap.psr.vulas.shared.util.VulasConfiguration; import javassist.CannotCompileException; import javassist.CtBehavior; @@ -45,125 +43,134 @@ */ public class SingleStackTraceInstrumentor extends AbstractTraceInstrumentor { - // ====================================== STATIC MEMBERS - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - // ====================================== INSTANCE MEMBERS - - /** - * Constructs for which the stacktrace will be collected and transformed into a path. - */ - private Set constructsCollectStacktrace = null; - - private int maxStacktraces = -1; - - /** - *

Constructor for SingleStackTraceInstrumentor.

- */ - public SingleStackTraceInstrumentor() { - final GoalContext gc = CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration); - this.maxStacktraces = this.vulasConfiguration.getConfiguration().getInt(CoreConfiguration.INSTR_MAX_STACKTRACES, 10); - try { - final Map> bug_change_lists = BackendConnector.getInstance().getAppBugs(gc, CoreConfiguration.getAppContext(this.vulasConfiguration)); - this.constructsCollectStacktrace = AbstractTraceInstrumentor.merge(bug_change_lists); - } catch (ConfigurationException e) { - SingleStackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } catch (IllegalStateException e) { - SingleStackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } catch (BackendConnectionException e) { - SingleStackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } - } - - /** - *

isStacktraceRequestedFor.

- * - * @param _construct a {@link com.sap.psr.vulas.ConstructId} object. - * @return a boolean. - */ - public boolean isStacktraceRequestedFor(ConstructId _construct) { - return this.constructsCollectStacktrace!=null && this.constructsCollectStacktrace.contains(_construct); - } - - /** {@inheritDoc} */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) throws CannotCompileException { - - // Add stack trace only if the construct is in a bug change list - final String st_count = _cv.getUniqueMemberName("VUL_ST_COUNT", _behavior.getName(), true); - - // Add counter for - final boolean is_stacktrace_requested = this.isStacktraceRequestedFor(_jid); - if(is_stacktrace_requested) - _cv.addIntMember(st_count, false); - - // Add boolean and check it to ensure that the instr code is only executed once - final String member_name = _cv.getUniqueMemberName("VUL_TRC", _behavior.getName(), true); - _cv.addBooleanMember(member_name, false, false); - _code.append("if(!").append(member_name); - - // Collect stacktrace info? - if(is_stacktrace_requested) { - // Check stacktrace counter before getting stacktrace for vuln method - if(this.maxStacktraces!=-1) - _code.append(" || ").append(st_count).append("<").append(this.maxStacktraces).append(") {"); - // Always get stacktrace for vuln method - else - _code.append(" || true) {"); - } - else - _code.append(") {"); - - this.injectUrlAndLoader(_code, _jid, _behavior); - - //Map containing all instrumentor specific parameters and flags to be used by the Execution monitor to properly treat the trace - //generic not supported by javassist: _code.append("java.util.Map params = new java.util.HashMap();"); - //http://stackoverflow.com/questions/33279914/javassist-cannotcompileexception-when-trying-to-add-a-line-to-create-a-map - _code.append("java.util.Map params = new java.util.HashMap();"); - - if(is_stacktrace_requested) { - this.injectStacktrace(_code, _jid, _behavior); - _code.append("params.put(\"stacktrace\", vul_st);"); - _code.append(st_count).append("++;"); - } else { - _code.append("params.put(\"stacktrace\", null);"); - } - - _code.append("params.put(\"path\", \""+ Boolean.valueOf(is_stacktrace_requested)+"\");"); - _code.append("params.put(\"junit\", \"true\");"); //corresponds to collectDetails= true -> SIngle StacktraceInstrumentor. junit is the name of the argument in the Execution Monitor - _code.append("params.put(\"counter\", new Integer(1));"); - - _code.append(member_name).append("="); - - // Callback method - if(_jid.getType()==JavaId.Type.CONSTRUCTOR) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackConstructor"); - else if(_jid.getType()==JavaId.Type.METHOD) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackMethod"); - else if(_jid.getType()==JavaId.Type.CLASSINIT) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackClinit"); - - // Callback args - _code.append("(\"").append(ClassVisitor.removeParameterQualification(_behavior.getLongName())).append("\",vul_cls_ldr,vul_cls_res,"); - - if(_cv.getOriginalArchiveDigest()!=null) - _code.append("\"").append(_cv.getOriginalArchiveDigest()).append("\","); - else - _code.append("null,"); - - // If specified, include the application context, otherwise null, null, null - if(_cv.getAppContext()!=null) { - _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); - _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); - _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); - } - else - _code.append("null,null,null,"); - - // Map containing instrumentor specific parameter - _code.append("params); }"); - } + // ====================================== STATIC MEMBERS + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + // ====================================== INSTANCE MEMBERS + + /** + * Constructs for which the stacktrace will be collected and transformed into a path. + */ + private Set constructsCollectStacktrace = null; + + private int maxStacktraces = -1; + + /** + *

Constructor for SingleStackTraceInstrumentor.

+ */ + public SingleStackTraceInstrumentor() { + final GoalContext gc = + CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration); + this.maxStacktraces = + this.vulasConfiguration + .getConfiguration() + .getInt(CoreConfiguration.INSTR_MAX_STACKTRACES, 10); + try { + final Map> bug_change_lists = + BackendConnector.getInstance() + .getAppBugs(gc, CoreConfiguration.getAppContext(this.vulasConfiguration)); + this.constructsCollectStacktrace = AbstractTraceInstrumentor.merge(bug_change_lists); + } catch (ConfigurationException e) { + SingleStackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } catch (IllegalStateException e) { + SingleStackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } catch (BackendConnectionException e) { + SingleStackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } + } + + /** + *

isStacktraceRequestedFor.

+ * + * @param _construct a {@link com.sap.psr.vulas.ConstructId} object. + * @return a boolean. + */ + public boolean isStacktraceRequestedFor(ConstructId _construct) { + return this.constructsCollectStacktrace != null + && this.constructsCollectStacktrace.contains(_construct); + } + + /** {@inheritDoc} */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException { + + // Add stack trace only if the construct is in a bug change list + final String st_count = _cv.getUniqueMemberName("VUL_ST_COUNT", _behavior.getName(), true); + + // Add counter for + final boolean is_stacktrace_requested = this.isStacktraceRequestedFor(_jid); + if (is_stacktrace_requested) _cv.addIntMember(st_count, false); + + // Add boolean and check it to ensure that the instr code is only executed once + final String member_name = _cv.getUniqueMemberName("VUL_TRC", _behavior.getName(), true); + _cv.addBooleanMember(member_name, false, false); + _code.append("if(!").append(member_name); + + // Collect stacktrace info? + if (is_stacktrace_requested) { + // Check stacktrace counter before getting stacktrace for vuln method + if (this.maxStacktraces != -1) + _code.append(" || ").append(st_count).append("<").append(this.maxStacktraces).append(") {"); + // Always get stacktrace for vuln method + else _code.append(" || true) {"); + } else _code.append(") {"); + + this.injectUrlAndLoader(_code, _jid, _behavior); + + // Map containing all instrumentor specific parameters and flags to be used by the Execution + // monitor to properly treat the trace + // generic not supported by javassist: _code.append("java.util.Map + // params = new java.util.HashMap();"); + // http://stackoverflow.com/questions/33279914/javassist-cannotcompileexception-when-trying-to-add-a-line-to-create-a-map + _code.append("java.util.Map params = new java.util.HashMap();"); + + if (is_stacktrace_requested) { + this.injectStacktrace(_code, _jid, _behavior); + _code.append("params.put(\"stacktrace\", vul_st);"); + _code.append(st_count).append("++;"); + } else { + _code.append("params.put(\"stacktrace\", null);"); + } + + _code.append("params.put(\"path\", \"" + Boolean.valueOf(is_stacktrace_requested) + "\");"); + _code.append( + "params.put(\"junit\", \"true\");"); // corresponds to collectDetails= true -> SIngle + // StacktraceInstrumentor. junit is the name of the + // argument in the Execution Monitor + _code.append("params.put(\"counter\", new Integer(1));"); + + _code.append(member_name).append("="); + + // Callback method + if (_jid.getType() == JavaId.Type.CONSTRUCTOR) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackConstructor"); + else if (_jid.getType() == JavaId.Type.METHOD) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackMethod"); + else if (_jid.getType() == JavaId.Type.CLASSINIT) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackClinit"); + + // Callback args + _code + .append("(\"") + .append(ClassVisitor.removeParameterQualification(_behavior.getLongName())) + .append("\",vul_cls_ldr,vul_cls_res,"); + + if (_cv.getOriginalArchiveDigest() != null) + _code.append("\"").append(_cv.getOriginalArchiveDigest()).append("\","); + else _code.append("null,"); + + // If specified, include the application context, otherwise null, null, null + if (_cv.getAppContext() != null) { + _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); + _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); + _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); + } else _code.append("null,null,null,"); + + // Map containing instrumentor specific parameter + _code.append("params); }"); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleTraceInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleTraceInstrumentor.java index d361d8413..14e7dc84d 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleTraceInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/SingleTraceInstrumentor.java @@ -19,13 +19,11 @@ */ package com.sap.psr.vulas.monitor.trace; - - import com.sap.psr.vulas.java.JavaId; import com.sap.psr.vulas.monitor.ClassVisitor; -//import java.util.*; -//import java.io.Serializable; +// import java.util.*; +// import java.io.Serializable; import javassist.CannotCompileException; import javassist.CtBehavior; @@ -35,52 +33,59 @@ */ public class SingleTraceInstrumentor extends AbstractTraceInstrumentor { - /** {@inheritDoc} */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior,ClassVisitor _cv) throws CannotCompileException { - - // Add boolean and check it to ensure that the instr code is only executed once - final String member_name = _cv.getUniqueMemberName("VUL_TRC", _behavior.getName(), true); - _cv.addBooleanMember(member_name, false, false); - _code.append("if(!").append(member_name).append(") {"); + /** {@inheritDoc} */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException { + + // Add boolean and check it to ensure that the instr code is only executed once + final String member_name = _cv.getUniqueMemberName("VUL_TRC", _behavior.getName(), true); + _cv.addBooleanMember(member_name, false, false); + _code.append("if(!").append(member_name).append(") {"); + + this.injectUrlAndLoader(_code, _jid, _behavior); + + // Map containing all instrumentor specific parameters and flags to be used by the Execution + // monitor to properly treat the trace + // generic not supported by javassist: _code.append("java.util.Map + // params = new java.util.HashMap();"); + // http://stackoverflow.com/questions/33279914/javassist-cannotcompileexception-when-trying-to-add-a-line-to-create-a-map + _code.append("java.util.Map params = new java.util.HashMap();"); + _code.append( + "params.put(\"junit\", \"false\");"); // corresponds to collectDetails= false -> SIngle + // Instrumentor. junit is the name of the argument in + // the Execution Monitor + _code.append("params.put(\"counter\", new Integer(1));"); - this.injectUrlAndLoader(_code, _jid, _behavior); + // Change boolean flag to prevent subsequent executions of the callback (only here, in the + // SingleInstrumentor) + _code.append(member_name).append("="); - //Map containing all instrumentor specific parameters and flags to be used by the Execution monitor to properly treat the trace - //generic not supported by javassist: _code.append("java.util.Map params = new java.util.HashMap();"); - //http://stackoverflow.com/questions/33279914/javassist-cannotcompileexception-when-trying-to-add-a-line-to-create-a-map - _code.append("java.util.Map params = new java.util.HashMap();"); - _code.append("params.put(\"junit\", \"false\");"); //corresponds to collectDetails= false -> SIngle Instrumentor. junit is the name of the argument in the Execution Monitor - _code.append("params.put(\"counter\", new Integer(1));"); + // Callback method + if (_jid.getType() == JavaId.Type.CONSTRUCTOR) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackConstructor"); + else if (_jid.getType() == JavaId.Type.METHOD) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackMethod"); + else if (_jid.getType() == JavaId.Type.CLASSINIT) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackClinit"); - // Change boolean flag to prevent subsequent executions of the callback (only here, in the SingleInstrumentor) - _code.append(member_name).append("="); - - // Callback method - if(_jid.getType()==JavaId.Type.CONSTRUCTOR) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackConstructor"); - else if(_jid.getType()==JavaId.Type.METHOD) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackMethod"); - else if(_jid.getType()==JavaId.Type.CLASSINIT) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackClinit"); - - // Callback args - _code.append("(\"").append(ClassVisitor.removeParameterQualification(_behavior.getLongName())).append("\",vul_cls_ldr,vul_cls_res,"); + // Callback args + _code + .append("(\"") + .append(ClassVisitor.removeParameterQualification(_behavior.getLongName())) + .append("\",vul_cls_ldr,vul_cls_res,"); - if(_cv.getOriginalArchiveDigest()!=null) - _code.append("\"").append(_cv.getOriginalArchiveDigest()).append("\","); - else - _code.append("null,"); + if (_cv.getOriginalArchiveDigest() != null) + _code.append("\"").append(_cv.getOriginalArchiveDigest()).append("\","); + else _code.append("null,"); - // If specified, include the application context, otherwise null, null, null - if(_cv.getAppContext()!=null) { - _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); - _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); - _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); - } - else - _code.append("null,null,null,"); + // If specified, include the application context, otherwise null, null, null + if (_cv.getAppContext() != null) { + _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); + _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); + _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); + } else _code.append("null,null,null,"); - // Map containing instrumentor specific parameter - _code.append("params); }"); - } + // Map containing instrumentor specific parameter + _code.append("params); }"); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceInstrumentor.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceInstrumentor.java index 3b67200bd..873099d14 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceInstrumentor.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceInstrumentor.java @@ -25,7 +25,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.backend.BackendConnectionException; import com.sap.psr.vulas.backend.BackendConnector; @@ -43,101 +42,112 @@ */ public class StackTraceInstrumentor extends AbstractTraceInstrumentor { - // ====================================== STATIC MEMBERS - - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - // ====================================== INSTANCE MEMBERS - - /** - * Constructs for which the stacktrace will be collected and transformed into a path. - */ - private Set constructsCollectStacktrace = null; - - /** - *

Constructor for StackTraceInstrumentor.

- */ - public StackTraceInstrumentor() { - try { - final Map> bug_change_lists = BackendConnector.getInstance().getAppBugs(CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration), CoreConfiguration.getAppContext(this.vulasConfiguration)); - this.constructsCollectStacktrace = AbstractTraceInstrumentor.merge(bug_change_lists); - } catch (ConfigurationException e) { - StackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } catch (IllegalStateException e) { - StackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } catch (BackendConnectionException e) { - StackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); - throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); - } - } - - /** - *

isStacktraceRequestedFor.

- * - * @param _construct a {@link com.sap.psr.vulas.ConstructId} object. - * @return a boolean. - */ - public boolean isStacktraceRequestedFor(ConstructId _construct) { - return this.constructsCollectStacktrace!=null && this.constructsCollectStacktrace.contains(_construct); - } - - /** {@inheritDoc} */ - public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) throws CannotCompileException { - - // Inject some basic stuff common to several instrumentors - this.injectUrlAndLoader(_code, _jid, _behavior); - - // Add counter and increment it at every call - final String member_name = _cv.getUniqueMemberName("VUL_TRC", _behavior.getName(), true); - _cv.addIntMember(member_name, false); - _code.append(member_name).append("++;"); - - //Map containing all instrumentor specific parameters and flags to be used by the Execution monitor to properly treat the trace - //generic not supported by javassist: _code.append("java.util.Map params = new java.util.HashMap();"); - //http://stackoverflow.com/questions/33279914/javassist-cannotcompileexception-when-trying-to-add-a-line-to-create-a-map - _code.append("java.util.Map params = new java.util.HashMap();"); - - // Add stack trace only if the construct is in a bug change list - final boolean is_stacktrace_requested = this.isStacktraceRequestedFor(_jid); - if(is_stacktrace_requested) { - this.injectStacktrace(_code, _jid, _behavior); - _code.append("params.put(\"stacktrace\", vul_st);"); - } else { - _code.append("params.put(\"stacktrace\", null);"); - } - - _code.append("params.put(\"path\", \""+ Boolean.valueOf(is_stacktrace_requested)+"\");"); - _code.append("params.put(\"junit\", \"true\");"); //corresponds to collectDetails= true -> SIngle StacktraceInstrumentor. junit is the name of the argument in the Execution Monitor - _code.append("params.put(\"counter\", new Integer("+member_name+"));"); - - // Callback method - if(_jid.getType()==JavaId.Type.CONSTRUCTOR) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackConstructor"); - else if(_jid.getType()==JavaId.Type.METHOD) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackMethod"); - else if(_jid.getType()==JavaId.Type.CLASSINIT) - _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackClinit"); - - // Callback args - _code.append("(\"").append(ClassVisitor.removeParameterQualification(_behavior.getLongName())).append("\",vul_cls_ldr,vul_cls_res,"); - - if(_cv.getOriginalArchiveDigest()!=null) - _code.append("\"").append(_cv.getOriginalArchiveDigest()).append("\","); - else - _code.append("null,"); - - // If specified, include the application context, otherwise null, null, null - if(_cv.getAppContext()!=null) { - _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); - _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); - _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); - } - else - _code.append("null,null,null,"); - - // Map containing instrumentor specific parameter - _code.append("params);"); - } + // ====================================== STATIC MEMBERS + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + // ====================================== INSTANCE MEMBERS + + /** + * Constructs for which the stacktrace will be collected and transformed into a path. + */ + private Set constructsCollectStacktrace = null; + + /** + *

Constructor for StackTraceInstrumentor.

+ */ + public StackTraceInstrumentor() { + try { + final Map> bug_change_lists = + BackendConnector.getInstance() + .getAppBugs( + CoreConfiguration.buildGoalContextFromConfiguration(this.vulasConfiguration), + CoreConfiguration.getAppContext(this.vulasConfiguration)); + this.constructsCollectStacktrace = AbstractTraceInstrumentor.merge(bug_change_lists); + } catch (ConfigurationException e) { + StackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } catch (IllegalStateException e) { + StackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } catch (BackendConnectionException e) { + StackTraceInstrumentor.log.error("Error during instantiation: " + e.getMessage()); + throw new IllegalStateException("Error during instantiation: " + e.getMessage(), e); + } + } + + /** + *

isStacktraceRequestedFor.

+ * + * @param _construct a {@link com.sap.psr.vulas.ConstructId} object. + * @return a boolean. + */ + public boolean isStacktraceRequestedFor(ConstructId _construct) { + return this.constructsCollectStacktrace != null + && this.constructsCollectStacktrace.contains(_construct); + } + + /** {@inheritDoc} */ + public void instrument(StringBuffer _code, JavaId _jid, CtBehavior _behavior, ClassVisitor _cv) + throws CannotCompileException { + + // Inject some basic stuff common to several instrumentors + this.injectUrlAndLoader(_code, _jid, _behavior); + + // Add counter and increment it at every call + final String member_name = _cv.getUniqueMemberName("VUL_TRC", _behavior.getName(), true); + _cv.addIntMember(member_name, false); + _code.append(member_name).append("++;"); + + // Map containing all instrumentor specific parameters and flags to be used by the Execution + // monitor to properly treat the trace + // generic not supported by javassist: _code.append("java.util.Map + // params = new java.util.HashMap();"); + // http://stackoverflow.com/questions/33279914/javassist-cannotcompileexception-when-trying-to-add-a-line-to-create-a-map + _code.append("java.util.Map params = new java.util.HashMap();"); + + // Add stack trace only if the construct is in a bug change list + final boolean is_stacktrace_requested = this.isStacktraceRequestedFor(_jid); + if (is_stacktrace_requested) { + this.injectStacktrace(_code, _jid, _behavior); + _code.append("params.put(\"stacktrace\", vul_st);"); + } else { + _code.append("params.put(\"stacktrace\", null);"); + } + + _code.append("params.put(\"path\", \"" + Boolean.valueOf(is_stacktrace_requested) + "\");"); + _code.append( + "params.put(\"junit\", \"true\");"); // corresponds to collectDetails= true -> SIngle + // StacktraceInstrumentor. junit is the name of the + // argument in the Execution Monitor + _code.append("params.put(\"counter\", new Integer(" + member_name + "));"); + + // Callback method + if (_jid.getType() == JavaId.Type.CONSTRUCTOR) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackConstructor"); + else if (_jid.getType() == JavaId.Type.METHOD) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackMethod"); + else if (_jid.getType() == JavaId.Type.CLASSINIT) + _code.append("com.sap.psr.vulas.monitor.trace.TraceCollector.callbackClinit"); + + // Callback args + _code + .append("(\"") + .append(ClassVisitor.removeParameterQualification(_behavior.getLongName())) + .append("\",vul_cls_ldr,vul_cls_res,"); + + if (_cv.getOriginalArchiveDigest() != null) + _code.append("\"").append(_cv.getOriginalArchiveDigest()).append("\","); + else _code.append("null,"); + + // If specified, include the application context, otherwise null, null, null + if (_cv.getAppContext() != null) { + _code.append("\"").append(_cv.getAppContext().getMvnGroup()).append("\","); + _code.append("\"").append(_cv.getAppContext().getArtifact()).append("\","); + _code.append("\"").append(_cv.getAppContext().getVersion()).append("\","); + } else _code.append("null,null,null,"); + + // Map containing instrumentor specific parameter + _code.append("params);"); + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceUtil.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceUtil.java index ab3e0f97f..f00c3ed0b 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceUtil.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/StackTraceUtil.java @@ -65,424 +65,512 @@ */ public class StackTraceUtil { - private static Logger log = null; - private static final Logger getLog() { - if(StackTraceUtil.log==null) - StackTraceUtil.log = org.apache.logging.log4j.LogManager.getLogger(); - return StackTraceUtil.log; - } - - private Loader loader = null; - - private boolean stopAtJUnit = false; - - private static final String ANNO_JUNIT_TEST = "org.junit.Test"; - - /** Remember ClassNotFoundExceptions in order to not print them again and again. */ - static private final Set cnfe = new HashSet(); - - /** Remember ConstructIds built from stack trace elements. */ - static private final Map constructIds = new HashMap(); - - /** - *

Constructor for StackTraceUtil.

- */ - public StackTraceUtil() {} - - /** - *

Constructor for StackTraceUtil.

- * - * @param _hier a {@link com.sap.psr.vulas.monitor.LoaderHierarchy} object. - * @param _loader a {@link com.sap.psr.vulas.monitor.Loader} object. - */ - public StackTraceUtil(LoaderHierarchy _hier, Loader _loader) { - //_hier.logHierarchy(_hier.getRoot(), 0); - this.loader = _loader; - } - - /** - *

Setter for the field stopAtJUnit.

- * - * @param _b a boolean. - */ - public void setStopAtJUnit(boolean _b) { this.stopAtJUnit = _b; } - - /** - * Returns the JUnit test case representing the starting point of a previously computed path. - * If no JUnit test case is present, the method returns null. - * - * @param _path a {@link java.util.List} object. - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getJUnitContext(List _path) { - ConstructId junit = null, node = null; - final Iterator iter = _path.iterator(); - while(iter.hasNext()) { - node = iter.next().getConstructId(); - if(node instanceof JavaId) { - if(((JavaId)node).hasAnnotation(ANNO_JUNIT_TEST)) { - junit = node; - break; - } - } - } - return junit; - } - - /** - * Transforms the stacktrace (obtained by, for instance, new Throwable().getStackTrace()) into a linked list of construct identifiers. - * - * @param _st an array of {@link java.lang.StackTraceElement} objects. - * @param _change_list_element the construct ID for which the stack trace was collected (if known by caller, can be null) - * @return a {@link java.util.List} object. - */ - public List transformStackTrace(StackTraceElement[] _st, PathNode _change_list_element) { - // The path to be constructed and returned - final List path = new LinkedList(); - - // Loop all elements of the stack trace - boolean cont = true; - int i = 0; - while(cont && i<_st.length) { - - // Ignore the first if it is method getStackTrace - if(i==0 && _st[i].getClassName().equals("java.lang.Thread") && _st[i].getMethodName().equals("getStackTrace")) - i++; - else { - // If the path is empty, take the change list element (if provided), herewith avoid overloading problems - if(path.isEmpty() && _change_list_element!=null) - path.add(_change_list_element); - - // Other elements: Find and add a construct ID for the next stack trace element to - else - cont = this.getConstructId(path, _st[i]); - - i++; - } - } - - // Debug information - if(StackTraceUtil.getLog().isDebugEnabled()) { - StackTraceUtil.getLog().debug("Stacktrace with [" + _st.length + "] elements transformed into path with [" + path.size() + "] nodes"); - final StringBuilder b = new StringBuilder(); - int j = 0, k = path.size()-1; - while(j<_st.length) { - b.delete(0, b.length()); - b.append(" ").append(_st[j].toString()); - if(j==0 && _st[j].getClassName().equals("java.lang.Thread") && _st[j].getMethodName().equals("getStackTrace")) { - j++; - } - else { - j++; - if(k>=0) { - b.append(" --> ").append(path.get(k).toString()); - k--; - } - } - StackTraceUtil.getLog().debug(b.toString()); - } - } - - return path; - } - - /** - * - * @param _path - * @param _e - * @param _loader - * @return true if the path construction shall continue - */ - private boolean getConstructId(List _path, StackTraceElement _e) { - - // To be returned, determines whether the path construction continues after the current element - boolean cont = true; - - // The one or multiple construct IDs found for <_e> - List construct_ids = new ArrayList(); - - // Classloader - ClassLoader cl = null; - if(this.loader!=null) - cl = this.loader.getClassLoader(); - else - cl = this.getClass().getClassLoader(); - - Class c = null; - JavaMethodId meth_cid = null; - JavaConstructorId cons_cid = null; - - try { - // Get the Java class definition, break if that does not work - c = cl.loadClass(_e.getClassName()); - - // To be built from the - String qname = null; - - // Constructor - if(_e.getMethodName().equals("")) { - for(Constructor con: c.getDeclaredConstructors()) { - // Cleanup the constructor's string representation for parsing - qname = con.toString(); - qname = qname.substring(0, qname.lastIndexOf(")")+1); - if(qname.indexOf(" ")!=-1) qname = qname.substring(qname.lastIndexOf(" ")+1); - qname = ClassVisitor.removeParameterQualification(qname); - - try { - cons_cid = JavaId.parseConstructorQName(qname); - for(Annotation a: con.getAnnotations()) cons_cid.addAnnotation(a.annotationType().getName()); - construct_ids.add(cons_cid); - } catch (Exception e) { - StackTraceUtil.getLog().error("Exception while creating construct ID: " + e.getMessage()); - } - } - - // There's some likelihood that multiple constructors are defined - // If we have line number info, use Javassist to find the right one - if(construct_ids.size()>1) { - if(_e.getLineNumber()<=0) - StackTraceUtil.getLog().warn("Stack trace element w/o line number info, cannot use Javassist: " + _e); - else { - try { - final ConstructId the_one = this.filterConstructors(_e, construct_ids); - if(the_one!=null) { - construct_ids.clear(); - construct_ids.add(the_one); - } - else { - StackTraceUtil.getLog().error("Could not determine constructor despite line information: [" + _e.toString() + "]"); - } - } catch (NotFoundException e) { - StackTraceUtil.getLog().error("Javassist class not found exception for class [" + e.getMessage() + "], classloader [" + cl.getClass().toString() + "]"); - } - } - } - } - // Static initializer - else if(_e.getMethodName().equals("")) { - final JavaClassId jcid = JavaId.getClassId(c); - construct_ids.add(jcid.getClassInit()); - } - // Method - else { - for(Method m: c.getDeclaredMethods()) { - if(m.getName().equals(_e.getMethodName())) { - // Cleanup the method's string representation for parsing - qname = m.toString(); - qname = qname.substring(0, qname.lastIndexOf(")")+1); - if(qname.indexOf(" ")!=-1) qname = qname.substring(qname.lastIndexOf(" ")+1); - qname = ClassVisitor.removeParameterQualification(qname); - - try { - meth_cid = JavaId.parseMethodQName(qname); - for(Annotation a: m.getAnnotations()) meth_cid.addAnnotation(a.annotationType().getName()); - construct_ids.add(meth_cid); - } catch (Exception e) { - StackTraceUtil.getLog().error("Exception while creating construct ID: " + e.getMessage()); - } - } - } - - // If the method is overloaded, multiple methods with the same name are found - // If we have line number info, use Javassist to find the right one - if(construct_ids.size()>1) { - // If the path is empty, we can take - if(_e.getLineNumber()<=0) - StackTraceUtil.getLog().warn("Stack trace element w/o line number info, cannot use Javassist: " + _e); - else { - try { - final ConstructId the_one = this.filterMethods(_e, construct_ids); - if(the_one!=null) { - construct_ids.clear(); - construct_ids.add(the_one); - } - else { - StackTraceUtil.getLog().error("Could not determine method despite line information: [" + _e.toString() + "]"); - } - } catch (NotFoundException e) { - StackTraceUtil.getLog().error("Javassist class not found exception for class [" + e.getMessage() + "], classloader [" + cl.getClass().toString() + "]"); - } - } - } - } - - if(construct_ids.size()==0) { - StackTraceUtil.getLog().warn("Class [" + _e.getClassName() + "] has no method with name [" + _e.getMethodName() + "]: Stop path construction"); - cont = false; - } - else if(construct_ids.size()==1) { - //StackTraceUtil.getLog().info(" Class [" + ste.getClassName() + "] has 1 method with name [" + ste.getMethodName() + "]"); - _path.add(0, new PathNode(construct_ids.get(0))); - cont = this.continueStacktraceTransformation((JavaId)construct_ids.get(0)); - } - else if(construct_ids.size()>1) { - StackTraceUtil.getLog().warn("Class [" + _e.getClassName() + "] has " + construct_ids.size() + " constructs with name [" + _e.getMethodName() + "]: Take first"); - _path.add(0, new PathNode(construct_ids.get(0))); - cont = this.continueStacktraceTransformation((JavaId)construct_ids.get(0)); - } - } catch (ClassNotFoundException e) { - if(!StackTraceUtil.cnfe.contains(e.getMessage())) { - StackTraceUtil.getLog().warn("Java class not found exception for class [" + e.getMessage() + "], classloader [" + cl.getClass().toString() + "]: Stop path construction"); - StackTraceUtil.cnfe.add(e.getMessage()); - } - cont = false; - } catch (SecurityException e) { - StackTraceUtil.getLog().warn("Security exception while analyzing class [" + e.getMessage() + "]: Stop path construction"); - cont = false; - } catch (NoClassDefFoundError ncdfe) { - StackTraceUtil.getLog().warn("No class definition exception for class [" + ncdfe.getMessage() + "]: Stop path construction"); - cont = false; - } - return cont; - } - - /** - * Returns true if the given JavaId has the annotation "org.junit.Test" and the stack trace util has been configured to stop at JUnit tests, false otherwise. - * @param _jid the JavaId whose annotations are checked - * @return - */ - private boolean continueStacktraceTransformation(JavaId _jid) { - boolean cont = true; - if(_jid==null) - cont = false; - else if(_jid.hasAnnotation(ANNO_JUNIT_TEST)) { - if(this.stopAtJUnit) { - StackTraceUtil.getLog().debug("Found JUnit test [" + _jid.getQualifiedName() + "]: Stop path construction"); - cont = false; - } - else - StackTraceUtil.getLog().debug("Found JUnit test [" + _jid.getQualifiedName() + "]"); - } - return cont; - } - - private ConstructId filterMethods(StackTraceElement _e, List _methods) throws NotFoundException { - // To be returned - ConstructId method_found = null; - final String class_qname = ((JavaMethodId)_methods.get(0)).getDefinitionContext().getQualifiedName(); - - // Get the CtClass - ClassPool cp = null; - CtClass ctclass = null; - if(this.loader==null) { - cp = ClassPool.getDefault(); - ctclass = cp.get(class_qname); - } - else { - boolean search = true; - Loader l = this.loader; - NotFoundException nfe = null; - while(search) { - try { - cp = l.getClassPool(); - ctclass = cp.get(class_qname); - search = false; - } catch (NotFoundException e) { - StackTraceUtil.getLog().error("Class [" + class_qname + "] not found with class loader [" + l + "]:" + e.getMessage()); - if(!l.isRoot()) - l = l.getParent(); - else { - search = false; - throw e; - } - } - } - } - - // Loop all methods of the class having the same name - int shortest_distance = Integer.MAX_VALUE; - int current_distance = -1; - for(ConstructId m: _methods) { - // Loop all methods of the class and find the one closest to the line number of the stack trace element - for(CtMethod ctm: ctclass.getDeclaredMethods()) { - if(m.getQualifiedName().equals(ClassVisitor.removeParameterQualification(ctm.getLongName())) && _e.getLineNumber()>=ctm.getMethodInfo().getLineNumber(0)) { - current_distance = _e.getLineNumber() - ctm.getMethodInfo().getLineNumber(0); - if(current_distance < shortest_distance) { - shortest_distance = current_distance; - method_found = m; - } - } - } - } - - return method_found; - } - - private ConstructId filterConstructors(StackTraceElement _e, List _constructors) throws NotFoundException { - // To be returned - ConstructId constructor_found = null; - - final SortedMap constructor_line_numbers = new TreeMap(); - - // Get the CtClass - ClassPool cp = null; - if(this.loader!=null) - cp = this.loader.getClassPool(); - else - cp = ClassPool.getDefault(); - final CtClass ctclass = cp.get( ((JavaConstructorId)_constructors.get(0)).getDefinitionContext().getQualifiedName() ); - - // Loop all constructors of the class and find the one closest to the line number of the stack trace element - int shortest_distance = Integer.MAX_VALUE; - int current_distance = -1; - ConstructId c = null; - - for(CtConstructor ctm: ctclass.getDeclaredConstructors()) { - c = JavaId.parseConstructorQName(ClassVisitor.removeParameterQualification(ctm.getLongName())); - constructor_line_numbers.put(new Integer(ctm.getMethodInfo().getLineNumber(0)), c); - if(_e.getLineNumber()>=ctm.getMethodInfo().getLineNumber(0)) { - current_distance = _e.getLineNumber() - ctm.getMethodInfo().getLineNumber(0); - if(current_distance < shortest_distance) { - shortest_distance = current_distance; - constructor_found = c; - } - } - } - - // Print if no constructor was found (wrong line number in stacktrace?) - // 2 examples from commons-compress 1.4: - //[main] WARN com.sap.psr.vulas.monitor.StackTraceUtil - None of the constructors at line numbers [132,144,159] matched the stack trace element [org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.(ZipArchiveInputStream.java:87)], return constructor with smallest line number - //[main] WARN com.sap.psr.vulas.monitor.StackTraceUtil - None of the constructors at line numbers [97,111,136,145,158] matched the stack trace element [org.apache.commons.compress.archivers.zip.ZipArchiveEntry.(ZipArchiveEntry.java:86)], return constructor with smallest line number - if(constructor_found==null && !constructor_line_numbers.isEmpty()) { - constructor_found = constructor_line_numbers.get(constructor_line_numbers.keySet().iterator().next()); - StackTraceUtil.getLog().debug("None of the constructors at line numbers [" + StringUtils.join(constructor_line_numbers.keySet(), ',') + "] matched the stack trace element [" + _e + "], return constructor with smallest line number"); - } - - return constructor_found; - } - - /** - * Given a stacktrace object return the predecessor of the element that called this stacktrace. - * - * @param _st an array of {@link java.lang.StackTraceElement} objects. - * @return a {@link com.sap.psr.vulas.ConstructId} object. - */ - public ConstructId getPredecessorConstruct(StackTraceElement[] _st) { - // StackTraceUtil.constructIds can be null if the method is called a second time during instantiation - if(_st.length > 2 && StackTraceUtil.constructIds!=null) { - // We already searched in the past - if(StackTraceUtil.constructIds.containsKey(_st[1])) { - return StackTraceUtil.constructIds.get(_st[1]); // Can be null - } - - // We did not search before, search now - else { - final List path = new LinkedList(); - this.getConstructId(path, _st[1]); - // We were able to create a constructId for the predecessor - if(path.size()>0) { - final ConstructId cid = path.get(0).getConstructId(); - StackTraceUtil.constructIds.put(_st[1], cid); - return cid; - } - // We failed, e.g., because the class could not be found - else { - StackTraceUtil.constructIds.put(_st[1], null); - //StackTraceUtil.getLog().error("Could not create construct from stack trace element [" + _st[1] + "], which is the predecessor of [" + _st[0] + "]"); - return null; - } - } - } - return null; - } + private static Logger log = null; + + private static final Logger getLog() { + if (StackTraceUtil.log == null) + StackTraceUtil.log = org.apache.logging.log4j.LogManager.getLogger(); + return StackTraceUtil.log; + } + + private Loader loader = null; + + private boolean stopAtJUnit = false; + + private static final String ANNO_JUNIT_TEST = "org.junit.Test"; + + /** Remember ClassNotFoundExceptions in order to not print them again and again. */ + private static final Set cnfe = new HashSet(); + + /** Remember ConstructIds built from stack trace elements. */ + private static final Map constructIds = + new HashMap(); + + /** + *

Constructor for StackTraceUtil.

+ */ + public StackTraceUtil() {} + + /** + *

Constructor for StackTraceUtil.

+ * + * @param _hier a {@link com.sap.psr.vulas.monitor.LoaderHierarchy} object. + * @param _loader a {@link com.sap.psr.vulas.monitor.Loader} object. + */ + public StackTraceUtil(LoaderHierarchy _hier, Loader _loader) { + // _hier.logHierarchy(_hier.getRoot(), 0); + this.loader = _loader; + } + + /** + *

Setter for the field stopAtJUnit.

+ * + * @param _b a boolean. + */ + public void setStopAtJUnit(boolean _b) { + this.stopAtJUnit = _b; + } + + /** + * Returns the JUnit test case representing the starting point of a previously computed path. + * If no JUnit test case is present, the method returns null. + * + * @param _path a {@link java.util.List} object. + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getJUnitContext(List _path) { + ConstructId junit = null, node = null; + final Iterator iter = _path.iterator(); + while (iter.hasNext()) { + node = iter.next().getConstructId(); + if (node instanceof JavaId) { + if (((JavaId) node).hasAnnotation(ANNO_JUNIT_TEST)) { + junit = node; + break; + } + } + } + return junit; + } + + /** + * Transforms the stacktrace (obtained by, for instance, new Throwable().getStackTrace()) into a linked list of construct identifiers. + * + * @param _st an array of {@link java.lang.StackTraceElement} objects. + * @param _change_list_element the construct ID for which the stack trace was collected (if known by caller, can be null) + * @return a {@link java.util.List} object. + */ + public List transformStackTrace( + StackTraceElement[] _st, PathNode _change_list_element) { + // The path to be constructed and returned + final List path = new LinkedList(); + + // Loop all elements of the stack trace + boolean cont = true; + int i = 0; + while (cont && i < _st.length) { + + // Ignore the first if it is method getStackTrace + if (i == 0 + && _st[i].getClassName().equals("java.lang.Thread") + && _st[i].getMethodName().equals("getStackTrace")) i++; + else { + // If the path is empty, take the change list element (if provided), herewith avoid + // overloading problems + if (path.isEmpty() && _change_list_element != null) path.add(_change_list_element); + + // Other elements: Find and add a construct ID for the next stack trace element to + else cont = this.getConstructId(path, _st[i]); + + i++; + } + } + + // Debug information + if (StackTraceUtil.getLog().isDebugEnabled()) { + StackTraceUtil.getLog() + .debug( + "Stacktrace with [" + + _st.length + + "] elements transformed into path with [" + + path.size() + + "] nodes"); + final StringBuilder b = new StringBuilder(); + int j = 0, k = path.size() - 1; + while (j < _st.length) { + b.delete(0, b.length()); + b.append(" ").append(_st[j].toString()); + if (j == 0 + && _st[j].getClassName().equals("java.lang.Thread") + && _st[j].getMethodName().equals("getStackTrace")) { + j++; + } else { + j++; + if (k >= 0) { + b.append(" --> ").append(path.get(k).toString()); + k--; + } + } + StackTraceUtil.getLog().debug(b.toString()); + } + } + + return path; + } + + /** + * + * @param _path + * @param _e + * @param _loader + * @return true if the path construction shall continue + */ + private boolean getConstructId(List _path, StackTraceElement _e) { + + // To be returned, determines whether the path construction continues after the current element + boolean cont = true; + + // The one or multiple construct IDs found for <_e> + List construct_ids = new ArrayList(); + + // Classloader + ClassLoader cl = null; + if (this.loader != null) cl = this.loader.getClassLoader(); + else cl = this.getClass().getClassLoader(); + + Class c = null; + JavaMethodId meth_cid = null; + JavaConstructorId cons_cid = null; + + try { + // Get the Java class definition, break if that does not work + c = cl.loadClass(_e.getClassName()); + + // To be built from the + String qname = null; + + // Constructor + if (_e.getMethodName().equals("")) { + for (Constructor con : c.getDeclaredConstructors()) { + // Cleanup the constructor's string representation for parsing + qname = con.toString(); + qname = qname.substring(0, qname.lastIndexOf(")") + 1); + if (qname.indexOf(" ") != -1) qname = qname.substring(qname.lastIndexOf(" ") + 1); + qname = ClassVisitor.removeParameterQualification(qname); + + try { + cons_cid = JavaId.parseConstructorQName(qname); + for (Annotation a : con.getAnnotations()) + cons_cid.addAnnotation(a.annotationType().getName()); + construct_ids.add(cons_cid); + } catch (Exception e) { + StackTraceUtil.getLog() + .error("Exception while creating construct ID: " + e.getMessage()); + } + } + + // There's some likelihood that multiple constructors are defined + // If we have line number info, use Javassist to find the right one + if (construct_ids.size() > 1) { + if (_e.getLineNumber() <= 0) + StackTraceUtil.getLog() + .warn("Stack trace element w/o line number info, cannot use Javassist: " + _e); + else { + try { + final ConstructId the_one = this.filterConstructors(_e, construct_ids); + if (the_one != null) { + construct_ids.clear(); + construct_ids.add(the_one); + } else { + StackTraceUtil.getLog() + .error( + "Could not determine constructor despite line information: [" + + _e.toString() + + "]"); + } + } catch (NotFoundException e) { + StackTraceUtil.getLog() + .error( + "Javassist class not found exception for class [" + + e.getMessage() + + "], classloader [" + + cl.getClass().toString() + + "]"); + } + } + } + } + // Static initializer + else if (_e.getMethodName().equals("")) { + final JavaClassId jcid = JavaId.getClassId(c); + construct_ids.add(jcid.getClassInit()); + } + // Method + else { + for (Method m : c.getDeclaredMethods()) { + if (m.getName().equals(_e.getMethodName())) { + // Cleanup the method's string representation for parsing + qname = m.toString(); + qname = qname.substring(0, qname.lastIndexOf(")") + 1); + if (qname.indexOf(" ") != -1) qname = qname.substring(qname.lastIndexOf(" ") + 1); + qname = ClassVisitor.removeParameterQualification(qname); + + try { + meth_cid = JavaId.parseMethodQName(qname); + for (Annotation a : m.getAnnotations()) + meth_cid.addAnnotation(a.annotationType().getName()); + construct_ids.add(meth_cid); + } catch (Exception e) { + StackTraceUtil.getLog() + .error("Exception while creating construct ID: " + e.getMessage()); + } + } + } + + // If the method is overloaded, multiple methods with the same name are found + // If we have line number info, use Javassist to find the right one + if (construct_ids.size() > 1) { + // If the path is empty, we can take + if (_e.getLineNumber() <= 0) + StackTraceUtil.getLog() + .warn("Stack trace element w/o line number info, cannot use Javassist: " + _e); + else { + try { + final ConstructId the_one = this.filterMethods(_e, construct_ids); + if (the_one != null) { + construct_ids.clear(); + construct_ids.add(the_one); + } else { + StackTraceUtil.getLog() + .error( + "Could not determine method despite line information: [" + + _e.toString() + + "]"); + } + } catch (NotFoundException e) { + StackTraceUtil.getLog() + .error( + "Javassist class not found exception for class [" + + e.getMessage() + + "], classloader [" + + cl.getClass().toString() + + "]"); + } + } + } + } + + if (construct_ids.size() == 0) { + StackTraceUtil.getLog() + .warn( + "Class [" + + _e.getClassName() + + "] has no method with name [" + + _e.getMethodName() + + "]: Stop path construction"); + cont = false; + } else if (construct_ids.size() == 1) { + // StackTraceUtil.getLog().info(" Class [" + ste.getClassName() + "] has 1 method with + // name [" + ste.getMethodName() + "]"); + _path.add(0, new PathNode(construct_ids.get(0))); + cont = this.continueStacktraceTransformation((JavaId) construct_ids.get(0)); + } else if (construct_ids.size() > 1) { + StackTraceUtil.getLog() + .warn( + "Class [" + + _e.getClassName() + + "] has " + + construct_ids.size() + + " constructs with name [" + + _e.getMethodName() + + "]: Take first"); + _path.add(0, new PathNode(construct_ids.get(0))); + cont = this.continueStacktraceTransformation((JavaId) construct_ids.get(0)); + } + } catch (ClassNotFoundException e) { + if (!StackTraceUtil.cnfe.contains(e.getMessage())) { + StackTraceUtil.getLog() + .warn( + "Java class not found exception for class [" + + e.getMessage() + + "], classloader [" + + cl.getClass().toString() + + "]: Stop path construction"); + StackTraceUtil.cnfe.add(e.getMessage()); + } + cont = false; + } catch (SecurityException e) { + StackTraceUtil.getLog() + .warn( + "Security exception while analyzing class [" + + e.getMessage() + + "]: Stop path construction"); + cont = false; + } catch (NoClassDefFoundError ncdfe) { + StackTraceUtil.getLog() + .warn( + "No class definition exception for class [" + + ncdfe.getMessage() + + "]: Stop path construction"); + cont = false; + } + return cont; + } + + /** + * Returns true if the given JavaId has the annotation "org.junit.Test" and the stack trace util has been configured to stop at JUnit tests, false otherwise. + * @param _jid the JavaId whose annotations are checked + * @return + */ + private boolean continueStacktraceTransformation(JavaId _jid) { + boolean cont = true; + if (_jid == null) cont = false; + else if (_jid.hasAnnotation(ANNO_JUNIT_TEST)) { + if (this.stopAtJUnit) { + StackTraceUtil.getLog() + .debug("Found JUnit test [" + _jid.getQualifiedName() + "]: Stop path construction"); + cont = false; + } else StackTraceUtil.getLog().debug("Found JUnit test [" + _jid.getQualifiedName() + "]"); + } + return cont; + } + + private ConstructId filterMethods(StackTraceElement _e, List _methods) + throws NotFoundException { + // To be returned + ConstructId method_found = null; + final String class_qname = + ((JavaMethodId) _methods.get(0)).getDefinitionContext().getQualifiedName(); + + // Get the CtClass + ClassPool cp = null; + CtClass ctclass = null; + if (this.loader == null) { + cp = ClassPool.getDefault(); + ctclass = cp.get(class_qname); + } else { + boolean search = true; + Loader l = this.loader; + NotFoundException nfe = null; + while (search) { + try { + cp = l.getClassPool(); + ctclass = cp.get(class_qname); + search = false; + } catch (NotFoundException e) { + StackTraceUtil.getLog() + .error( + "Class [" + + class_qname + + "] not found with class loader [" + + l + + "]:" + + e.getMessage()); + if (!l.isRoot()) l = l.getParent(); + else { + search = false; + throw e; + } + } + } + } + + // Loop all methods of the class having the same name + int shortest_distance = Integer.MAX_VALUE; + int current_distance = -1; + for (ConstructId m : _methods) { + // Loop all methods of the class and find the one closest to the line number of the stack + // trace element + for (CtMethod ctm : ctclass.getDeclaredMethods()) { + if (m.getQualifiedName() + .equals(ClassVisitor.removeParameterQualification(ctm.getLongName())) + && _e.getLineNumber() >= ctm.getMethodInfo().getLineNumber(0)) { + current_distance = _e.getLineNumber() - ctm.getMethodInfo().getLineNumber(0); + if (current_distance < shortest_distance) { + shortest_distance = current_distance; + method_found = m; + } + } + } + } + + return method_found; + } + + private ConstructId filterConstructors(StackTraceElement _e, List _constructors) + throws NotFoundException { + // To be returned + ConstructId constructor_found = null; + + final SortedMap constructor_line_numbers = + new TreeMap(); + + // Get the CtClass + ClassPool cp = null; + if (this.loader != null) cp = this.loader.getClassPool(); + else cp = ClassPool.getDefault(); + final CtClass ctclass = + cp.get( + ((JavaConstructorId) _constructors.get(0)).getDefinitionContext().getQualifiedName()); + + // Loop all constructors of the class and find the one closest to the line number of the stack + // trace element + int shortest_distance = Integer.MAX_VALUE; + int current_distance = -1; + ConstructId c = null; + + for (CtConstructor ctm : ctclass.getDeclaredConstructors()) { + c = + JavaId.parseConstructorQName( + ClassVisitor.removeParameterQualification(ctm.getLongName())); + constructor_line_numbers.put(new Integer(ctm.getMethodInfo().getLineNumber(0)), c); + if (_e.getLineNumber() >= ctm.getMethodInfo().getLineNumber(0)) { + current_distance = _e.getLineNumber() - ctm.getMethodInfo().getLineNumber(0); + if (current_distance < shortest_distance) { + shortest_distance = current_distance; + constructor_found = c; + } + } + } + + // Print if no constructor was found (wrong line number in stacktrace?) + // 2 examples from commons-compress 1.4: + // [main] WARN com.sap.psr.vulas.monitor.StackTraceUtil - None of the constructors at line + // numbers [132,144,159] matched the stack trace element + // [org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.(ZipArchiveInputStream.java:87)], return constructor with smallest line number + // [main] WARN com.sap.psr.vulas.monitor.StackTraceUtil - None of the constructors at line + // numbers [97,111,136,145,158] matched the stack trace element + // [org.apache.commons.compress.archivers.zip.ZipArchiveEntry.(ZipArchiveEntry.java:86)], + // return constructor with smallest line number + if (constructor_found == null && !constructor_line_numbers.isEmpty()) { + constructor_found = + constructor_line_numbers.get(constructor_line_numbers.keySet().iterator().next()); + StackTraceUtil.getLog() + .debug( + "None of the constructors at line numbers [" + + StringUtils.join(constructor_line_numbers.keySet(), ',') + + "] matched the stack trace element [" + + _e + + "], return constructor with smallest line number"); + } + + return constructor_found; + } + + /** + * Given a stacktrace object return the predecessor of the element that called this stacktrace. + * + * @param _st an array of {@link java.lang.StackTraceElement} objects. + * @return a {@link com.sap.psr.vulas.ConstructId} object. + */ + public ConstructId getPredecessorConstruct(StackTraceElement[] _st) { + // StackTraceUtil.constructIds can be null if the method is called a second time during + // instantiation + if (_st.length > 2 && StackTraceUtil.constructIds != null) { + // We already searched in the past + if (StackTraceUtil.constructIds.containsKey(_st[1])) { + return StackTraceUtil.constructIds.get(_st[1]); // Can be null + } + + // We did not search before, search now + else { + final List path = new LinkedList(); + this.getConstructId(path, _st[1]); + // We were able to create a constructId for the predecessor + if (path.size() > 0) { + final ConstructId cid = path.get(0).getConstructId(); + StackTraceUtil.constructIds.put(_st[1], cid); + return cid; + } + // We failed, e.g., because the class could not be found + else { + StackTraceUtil.constructIds.put(_st[1], null); + // StackTraceUtil.getLog().error("Could not create construct from stack trace element [" + + // _st[1] + "], which is the predecessor of [" + _st[0] + "]"); + return null; + } + } + } + return null; + } } diff --git a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/TraceCollector.java b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/TraceCollector.java index f7c58969f..d411207a3 100644 --- a/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/TraceCollector.java +++ b/lang-java/src/main/java/com/sap/psr/vulas/monitor/trace/TraceCollector.java @@ -39,7 +39,6 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; import com.sap.psr.vulas.backend.BackendConnectionException; @@ -67,611 +66,742 @@ */ public class TraceCollector { - // STATIC MEMBERS + // STATIC MEMBERS + + private static TraceCollector instance = null; - private static TraceCollector instance = null; + // private static boolean PAUSE_COLLECTION = false; - //private static boolean PAUSE_COLLECTION = false; + private static Logger log = null; - private static Logger log = null; + // INSTANCE MEMBERS - // INSTANCE MEMBERS + private String id = new Double(Math.random()).toString(); - private String id = new Double(Math.random()).toString(); + /** + * The collected traces. + */ + private Queue constructUsage = new LinkedList(); - /** - * The collected traces. - */ - private Queue constructUsage = new LinkedList(); - - /** - * Used to transform a stacktrace into a path of construct IDs. - */ - private StackTraceUtil stu = null; - - /** - * Stacktraces observed for known vulnerabilities (more precisely: their change list elements) are transformed into a path. - */ - private Queue> constructUsagePaths = new LinkedList>(); - - private LoaderHierarchy loaderHierarchy = null; - - private Map jarFiles = new HashMap(); - private StringList jarBlacklist = new StringList(); - private Map checkedJars = new HashMap(); - - private ExecutorService pool = null; - private int poolSize; - - // Statistics - private long methodTraceCount = 0; - private long constructorTraceCount = 0; - private long clinitTraceCount = 0; - private long methodBlacklistedCount = 0; - private long constructorBlacklistedCount = 0; - private long clinitBlacklistedCount = 0; - - /** Used in different upload methods, set in uploadInformarion(GoalExecution, int). */ - private AbstractGoal exe = null; - - /** Java Ids corresponding to classes and packages of executable constructs. */ - private Set contextConstructs = new HashSet(); - - private TraceCollector() { - final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); - - this.loaderHierarchy = new LoaderHierarchy(); - - // Create thread pool for JAR analysis - this.poolSize = cfg.getInt("jarAnalysis.poolSize", 4); - - // JAR blacklist (evaluated during addTrace) - this.jarBlacklist.addAll(cfg.getStringArray(CoreConfiguration.MONI_BLACKLIST_JARS)); - } - - //======================================= STATIC METHODS - - /** - *

Getter for the field instance.

- * - * @return a {@link com.sap.psr.vulas.monitor.trace.TraceCollector} object. - */ - public synchronized static TraceCollector getInstance() { - if(TraceCollector.instance==null) { - // Disable trace collection during the instantiation process. As we use a couple of OSS components - // ourselves, we may end up in an endless loop and StackOverflow exceptions otherwise - ExecutionMonitor.setPaused(true);//TraceCollector.PAUSE_COLLECTION = true; - - TraceCollector.instance = new TraceCollector(); - - // Trigger the creation of the execution monitor singleton - ExecutionMonitor.getInstance(); - - // - ClassPoolUpdater.getInstance(); - - BackendConnector.getInstance(); - - getLog().info("Completed instantiation of trace collector"); - - // Now that the instance has been created, we enable trace collection again - ExecutionMonitor.setPaused(false);//TraceCollector.PAUSE_COLLECTION = false; - } - return TraceCollector.instance; - } - - private static final Logger getLog() { - if(TraceCollector.log==null) - TraceCollector.log = org.apache.logging.log4j.LogManager.getLogger(); - return TraceCollector.log; - } - - /** - * Callback method for instrumented class methods. - * - * @param _qname the qualified name of the method or constructor instrumented, thus, performing the callback - * @param _archive_digest the SHA1 digest of the original JAR archive (optional, must be added to the class during offline instrumentation) - * @param _app_groupid the Maven group Id of the application context (optional, can be added to the class during offline instrumentation) - * @param _app_artifactid the Maven artifact Id of the application context (optional, see above) - * @param _app_version the Maven version of the application context (optional, see above) - * @param _class_loader a {@link java.lang.ClassLoader} object. - * @param _url a {@link java.net.URL} object. - * @param _params a {@link java.util.Map} object. - * @return a boolean. - */ - public static boolean callbackMethod(String _qname, ClassLoader _class_loader, URL _url, String _archive_digest, String _app_groupid, String _app_artifactid, String _app_version, Map _params) { - boolean trace_collected = false; - if(!ExecutionMonitor.isPaused()) { - TraceCollector.getInstance().addTrace(JavaId.parseMethodQName(_qname), _class_loader, _url, _archive_digest, _app_groupid, _app_artifactid, _app_version, _params); - trace_collected = true; - } - return trace_collected; - } - - /** - * Callback method for instrumented class constructors. - * - * @param _qname the qualified name of the method or constructor instrumented, thus, performing the callback - * @param _archive_digest the SHA1 digest of the original JAR archive (optional, must be added to the class during static instrumentation) - * @param _app_groupid the Maven group Id of the application context (optional, can be added to the class during static instrumentation) - * @param _app_artifactid the Maven artifact Id of the application context (optional, see above) - * @param _app_version the Maven version of the application context (optional, see above) - * @param _class_loader a {@link java.lang.ClassLoader} object. - * @param _url a {@link java.net.URL} object. - * @param _params a {@link java.util.Map} object. - * @return a boolean. - */ - public static boolean callbackConstructor(String _qname, ClassLoader _class_loader, URL _url, String _archive_digest, String _app_groupid, String _app_artifactid, String _app_version, Map _params) { - boolean trace_collected = false; - if(!ExecutionMonitor.isPaused()) { - TraceCollector.getInstance().addTrace(JavaId.parseConstructorQName(_qname), _class_loader, _url, _archive_digest, _app_groupid, _app_artifactid, _app_version, _params); - trace_collected = true; - } - return trace_collected; - } - - /** - * Callback method for instrumented class constructors. - * - * @param _qname the qualified name of the method or constructor instrumented, thus, performing the callback - * @param _archive_digest the SHA1 digest of the original JAR archive (optional, must be added to the class during static instrumentation) - * @param _app_groupid the Maven group Id of the application context (optional, can be added to the class during static instrumentation) - * @param _app_artifactid the Maven artifact Id of the application context (optional, see above) - * @param _app_version the Maven version of the application context (optional, see above) - * @param _class_loader a {@link java.lang.ClassLoader} object. - * @param _url a {@link java.net.URL} object. - * @param _params a {@link java.util.Map} object. - * @return a boolean. - */ - public static boolean callbackClinit(String _qname, ClassLoader _class_loader, URL _url, String _archive_digest, String _app_groupid, String _app_artifactid, String _app_version, Map _params) { - boolean trace_collected = false; - if(!ExecutionMonitor.isPaused()) { - TraceCollector.getInstance().addTrace(JavaId.parseClassInitQName(_qname), _class_loader, _url, _archive_digest, _app_groupid, _app_artifactid, _app_version, _params); - trace_collected = true; - } - return trace_collected; - } - - //======================================= INSTANCE METHODS - - /** - *

addTrace.

- * - * @param _id a {@link com.sap.psr.vulas.ConstructId} object. - * @param _class_loader a {@link java.lang.ClassLoader} object. - * @param _url a {@link java.net.URL} object. - * @param _archive_digest a {@link java.lang.String} object. - * @param _app_groupid a {@link java.lang.String} object. - * @param _app_artifactid a {@link java.lang.String} object. - * @param _app_version a {@link java.lang.String} object. - * @param _params a {@link java.util.Map} object. - */ - public synchronized void addTrace(ConstructId _id, ClassLoader _class_loader, URL _url, String _archive_digest, String _app_groupid, String _app_artifactid, String _app_version, Map _params) { - - // Return right away if we already collected >= maxItems traces - if(CoreConfiguration.isMaxItemsCollected(this.constructUsage.size())) - return; - - // Type of the traced construct - if(!(_id instanceof JavaId)) - throw new IllegalArgumentException("Trace collection for type [" + _id.getClass().getSimpleName() + "] not supported"); - final JavaId.Type c_type = ((JavaId)_id).getType(); - - final Loader l = (_class_loader == null ? null : this.loaderHierarchy.add(_class_loader)); - final String jar_path = (_url == null ? null : FileUtil.getJARFilePath(_url.toString())); // The complete FS path pointing to the JAR - final String jar_name = (jar_path == null ? null : FileUtil.getFileName(jar_path)); - - // Ignore blacklisted JARs, cf. MONI_BLACKLIST_JARS - boolean blacklisted_jar = false; - - // Create a new trace - final int counter = (Integer)_params.get("counter"); - final long now = System.currentTimeMillis(); - if(counter==0) this.getLog().error("Error while reading counter: counter is null"); - final ConstructUsage u = new ConstructUsage(_id, jar_path, l, now, counter); - - // Instrumentation happened in this JVM process - if(_archive_digest==null) { - - // If construct is part of a JAR, create an analyzer - if(jar_name!=null) { - - // Unless the JAR is blacklisted - if(!this.checkedJars.containsKey(jar_name)) - this.checkedJars.put(jar_name, this.jarBlacklist.contains(jar_name, StringList.ComparisonMode.PATTERN, StringList.CaseSensitivity.CASE_INSENSITIVE)); - blacklisted_jar = this.checkedJars.get(jar_name); - - if(!blacklisted_jar && !this.jarFiles.containsKey(jar_path)) { - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(Paths.get(jar_path).toFile()); - this.jarFiles.put(jar_path, ja); - - // Schedule JAR analysis (and create pool if necessary) - if(this.pool==null) - this.pool = Executors.newFixedThreadPool(this.poolSize); - this.pool.submit(ja); - } - catch(FileAnalysisException e) { - this.getLog().error("Error while reading JAR file from URL [" + jar_path + "]: " + e.getMessage()); - } - } - } - } - // Instrumentation happened outside of the current JVM process (perfect, saves resources) - else { - u.setArchiveDigest(_archive_digest); - u.setArchiveFileName(jar_name); - if(_app_groupid!=null && _app_artifactid!=null && _app_version!=null) - u.setAppContext(new Application(_app_groupid, _app_artifactid, _app_version)); - } - - // Only add the trace if the JAR is not blacklisted - if(!blacklisted_jar) { - this.constructUsage.add(u); - - // Stats - switch(c_type) { - case CONSTRUCTOR: this.constructorTraceCount++; break; - case METHOD: this.methodTraceCount++; break; - case CLASSINIT: this.clinitTraceCount++; break; - default: break; // Should not happen - } - - // Add 1 trace for context and package (more does not seem to make any sense, there could be easily too many) - final ConstructId ctx_id = _id.getDefinitionContext(); - final ConstructId pack_id = ((JavaId)_id).getJavaPackageId(); - if(!this.contextConstructs.contains(ctx_id)) { - final ConstructUsage ctx_u = new ConstructUsage(ctx_id, jar_path, l, now, 1); - this.contextConstructs.add(ctx_id); - this.constructUsage.add(ctx_u); - } - if(!this.contextConstructs.contains(pack_id)) { - final ConstructUsage pack_u = new ConstructUsage(pack_id, jar_path, l, now, 1); - this.contextConstructs.add(pack_id); - this.constructUsage.add(pack_u); - } - - // Analyze stacktrace to get path and/or junit information - if( (Boolean.valueOf((String)_params.get("junit")) || Boolean.valueOf((String)_params.get("path"))) && _params.get("stacktrace")!=null && !c_type.equals(JavaId.Type.CLASSINIT)) { - - // Build the path in any of the 2 cases - this.stu = new StackTraceUtil(this.loaderHierarchy, l); - this.stu.setStopAtJUnit(true); - final List path = this.stu.transformStackTrace((StackTraceElement[])_params.get("stacktrace"), new PathNode(_id, _archive_digest)); - - // Upload path? - if(Boolean.valueOf((String)_params.get("path"))) { - constructUsagePaths.add(path); - this.getLog().info("Path constructed from stacktrace, length [" + path.size() + "]: entry point [" + path.get(0).getConstructId().getQualifiedName() + "], change list element [" + _id.getQualifiedName() + "]"); - } - - // Collect JUnit info? - if(Boolean.valueOf((String)_params.get("junit"))) { - final ConstructId junit = this.stu.getJUnitContext(path); - if(junit!=null) { - u.addJUnitContext(junit); - } - } - } - } - else { - // Stats - switch(c_type) { - case CONSTRUCTOR: this.constructorBlacklistedCount++; break; - case METHOD: this.methodBlacklistedCount++; break; - case CLASSINIT: this.clinitBlacklistedCount++; break; - default: break; // Should not happen - } - } - } - - /** - *

uploadInformation.

- * - * @param _exe a {@link com.sap.psr.vulas.goals.AbstractGoal} object. - * @param batchSize a int. - */ - public synchronized void uploadInformation(AbstractGoal _exe, int batchSize) { - this.exe = _exe; - if(batchSize > -1){ - this.uploadPaths(10); - this.uploadTraces(batchSize); - } - else{ - this.uploadPaths(); - this.uploadTraces(); - } - } - - /** - *

awaitUpload.

- */ - public void awaitUpload() { - if(this.pool!=null) { - this.pool.shutdown(); - try { - // Once we're all through, let's wait for them to finish - while (!this.pool.awaitTermination(10, TimeUnit.SECONDS)) - this.getLog().info("Awaiting completion of archive analysis threads"); - } catch (InterruptedException e) { - this.getLog().error("Got interruped while waiting for the completion of archive analysis threads: " + e.getMessage()); - } - } - } - - /** - * Uploads all trace information collected during JVM execution to the central collector. - */ - private synchronized void uploadTraces() { this.uploadTraces(-1); } - - /** - * Uploads trace information collected during JVM execution to the central collector. - * If batch size is equal to -1, all traces will be uploaded. - */ - private synchronized void uploadTraces(int _batch_size) { - if(this.constructUsage.isEmpty()) - TraceCollector.getLog().info("No traces collected"); - else { - try { - BackendConnector.getInstance().uploadTraces(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), CoreConfiguration.getAppContext(), this.toJSON(_batch_size)); - } catch (Exception e) { - this.getLog().error("Error while uploaded traces: " + e.getMessage()); - } - } - } - - /** - * Upload all paths gathered from stacktrace information. - * @return - */ - private synchronized void uploadPaths() { this.uploadPaths(-1); } - - /** - * Upload _batch_size paths gathered from stack trace information (all if _batch_size is negative). - * - * @param _batch_size a int. - */ - public synchronized void uploadPaths(int _batch_size) { - // No paths collected since last call - if(this.constructUsagePaths.isEmpty()) { - TraceCollector.getLog().info("No paths collected"); - return; - } - - Application app_ctx = null; - try { - app_ctx = CoreConfiguration.getAppContext(); - } catch (ConfigurationException e) { - TraceCollector.getLog().error("Application context could not be determined"); - return; - } - - TraceCollector.getLog().info(this.constructUsagePaths.size() + " paths collected"); - final StringBuilder json = new StringBuilder(); - - List path = null; - final HashMap>> paths_per_bug = new HashMap>>(); - - // Get _batch_size paths and sort them after bugid - ConstructId cle = null; - int count=0; - boolean match = false; - while(!this.constructUsagePaths.isEmpty() && (_batch_size<0 || count++<_batch_size)) { - path = this.constructUsagePaths.poll(); - - // Get change list element (1st node) - cle = path.get(path.size()-1).getConstructId(); - - // Get the bug id for the change list element - match = false; - Map> change_lists = null; - try { - change_lists = BackendConnector.getInstance().getAppBugs(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), app_ctx); - } catch (BackendConnectionException e) { - TraceCollector.getLog().error("Error while reading app bugs: " + e.getMessage(), e); - change_lists = new HashMap>(); - } - for(String b: change_lists.keySet()) { - if(change_lists.get(b).contains(ConstructId.toSharedType(cle))) { - if(!paths_per_bug.containsKey(b)) - paths_per_bug.put(b, new ArrayList>()); - paths_per_bug.get(b).add(path); - match = true; - TraceCollector.getLog().info("Path for bug [" + b + "]: length " + path.size() + ", change list element " + cle); - } - } - - // No match? Can happen because we collect traces for all methods of a class - if(!match) - TraceCollector.getLog().info("No bug for path: length " + path.size() + ", change list element " + cle); - } - - URL jar_url = null; - String jar_path = null; - JarAnalyzer ja = null; - ClassPoolUpdater cpu = new ClassPoolUpdater(); - // Upload per bug (as in ReachabilityAnalyzer) - for(String bugid: paths_per_bug.keySet()) { - json.delete(0, json.length()); - json.append("["); - int n=0; - - // Build JSON - for(List path1: paths_per_bug.get(bugid)) { - if ( (n++)>0 ) json.append(","); - json.append("{"); - json.append("\"app\":").append(JacksonUtil.asJsonString(app_ctx)).append(","); - json.append("\"bug\":\"").append(bugid).append("\","); - json.append("\"executionId\":\"").append(exe.getId()).append("\","); - json.append("\"source\":\"").append(PathSource.X2C).append("\","); - json.append("\"path\":["); - int m=0; - // Path node - for(PathNode cid: path1) { - if ( (m++)>0 ) json.append(","); - json.append("{"); - json.append("\"constructId\":").append(cid.getConstructId().toJSON()); - - // If existing, put the SHA1 of the lib from which the construct was loaded - if(cid.hasSha1()) { - json.append(",\"lib\":\"").append(cid.getSha1()).append("\""); - } - // If not existing, find it - else { - // - jar_url = cpu.getJarResourcePath(cid.getConstructId()); - /*if(jar_url==null) { - try { - jar_url = new URL(((JavaId)cid.getConstructId()).getJARUrl()); - } catch (MalformedURLException e) { - this.getLog().warn("Cannot create JAR URL: " + e.getMessage()); - } - }*/ - - jar_path = (jar_url==null ? null : FileUtil.getJARFilePath(jar_url.toString())); - if(jar_path!=null && this.jarFiles.containsKey(jar_path)) { - ja = this.jarFiles.get(jar_path); - json.append(",\"lib\":\"").append(ja.getSHA1()).append("\""); - } - else { - // Print warning, if the SHA1 of a JAR cannot be determined - if(jar_path!=null && jar_path.endsWith("jar")) - this.getLog().warn("Library ignored: Construct " + cid.getConstructId() + " and JAR URL [" + jar_url + "]"); - json.append(",\"lib\":null"); - } - } - json.append("}"); - } - json.append("]}"); - } - json.append("]"); - - // Upload JSON - TraceCollector.getLog().info("Upload [" + paths_per_bug.get(bugid).size() + "] path(s) for bug [" + bugid + "]"); - try { - BackendConnector.getInstance().uploadPaths(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), app_ctx, json.toString()); - } catch (BackendConnectionException e) { - TraceCollector.getLog().error("Error while uploading paths: " + e.getMessage(), e); - } - } - } - - private String toJSON(int _batch_size) throws ConcurrentModificationException { - final StringBuilder b = new StringBuilder(); - - // Append construct usage by apps - String jar_path = null; - JarAnalyzer ja = null; - int trace_count=0; - b.append("["); - ConstructUsage u = null, v = null; - Application ctx = null; - - // The traces to be uploaded (polled one after the other) - final Map traces_to_upload = new HashMap(); - while( (_batch_size==-1 || traces_to_upload.size()<_batch_size) && !this.constructUsage.isEmpty()) { - - // Next one from queue - u = this.constructUsage.poll(); - if(u!=null) { - - // Only upload the trace of accepted class loaders (= not filtered) - //if(this.loaderFilter==null || this.loaderFilter.accept(u.getLoader())) { - - // Establish the app context - ctx = u.getAppContext(); // Hard-coded through static instrumentation - if(ctx==null) { - try { - ctx = CoreConfiguration.getAppContext(); // Via configuration - } catch (ConfigurationException e) { - log.error(e.getMessage()); - } - } - - // Continue only if that succeeded - if(ctx!=null && ctx.isComplete()) { - u.setAppContext(ctx); - u.setExecutionId(this.exe.getId()); - - // Update counter if it has been prepared already - if(traces_to_upload.containsKey(u)) { - v = traces_to_upload.get(u); - //ExecutionMonitor.log.info("Merge " + v.toString() + " and " + u.toString()); - v.merge(u); - traces_to_upload.put(u, v); - } - else { - //ExecutionMonitor.log.info("Add " + u.toString()); - traces_to_upload.put(u, u); - } - } - } - } - - // Now prepare the JSON for the selected traces - for(ConstructUsage usage: traces_to_upload.values()) { - - try { - // Get the URL of the JAR from which the construct has been loaded (if any) - jar_path = usage.getResourceURL(); - - // It has been loaded from a JAR, now check whether archive digest and file name are already known - if(jar_path!=null) { - - // Yes, already known - if(usage.getArchiveDigest()!=null && usage.getArchiveFileName()!=null) {} - // No, we need to get it from the JAR analyzer (created in method addUsedConstruct) - else { - - if(this.jarFiles.containsKey(jar_path)) { - ja = this.jarFiles.get(jar_path); - - // Yes, but could the SHA1 be computed (which seems to fail sometimes)? - if(ja.getSHA1()!=null) { - // Ok, let's update the trace with SHA1 and file name - usage.setArchiveFileName(this.jarFiles.get(jar_path).getFileName()); - usage.setArchiveDigest(this.jarFiles.get(jar_path).getSHA1()); - } - // No, SHA1 could not be computed, do add to JSON - else - throw new IllegalStateException("SHA1 for construct [" + usage.toString() + "] not known"); - } - else - throw new IllegalStateException("JAR analyzer not found for [" + jar_path + "]"); - } - } - - // Append the trace to the JSON (hopefully all information has been completed) - if(trace_count++>0) b.append(","); - b.append(usage.toJSON()); - } - catch(IllegalStateException e) { - TraceCollector.getLog().error(e.getMessage()); - //this.constructUsage.add(u); - } - - } - b.append("]"); - - TraceCollector.getLog().info("[" + trace_count + " traces] prepared for upload, [" + this.constructUsage.size() + " traces] remain in queue"); - return b.toString(); - } - - /** - *

getStatistics.

- * - * @return a {@link java.util.Map} object. - */ - public Map getStatistics() { - final Map stats = new HashMap(); - stats.put("archivesAnalyzed", new Long(this.jarFiles.size())); - stats.put("tracesCollectedMethod", this.methodTraceCount); - stats.put("tracesCollectedConstructor", this.constructorTraceCount); - stats.put("tracesCollectedClinit", this.clinitTraceCount); - stats.put("tracesCollectedMethodBlacklisted", this.methodBlacklistedCount); - stats.put("tracesCollectedConstructorBlacklisted", this.constructorBlacklistedCount); - stats.put("tracesCollectedClinitBlacklisted", this.clinitBlacklistedCount); - return stats; - } + /** + * Used to transform a stacktrace into a path of construct IDs. + */ + private StackTraceUtil stu = null; + + /** + * Stacktraces observed for known vulnerabilities (more precisely: their change list elements) are transformed into a path. + */ + private Queue> constructUsagePaths = new LinkedList>(); + + private LoaderHierarchy loaderHierarchy = null; + + private Map jarFiles = new HashMap(); + private StringList jarBlacklist = new StringList(); + private Map checkedJars = new HashMap(); + + private ExecutorService pool = null; + private int poolSize; + + // Statistics + private long methodTraceCount = 0; + private long constructorTraceCount = 0; + private long clinitTraceCount = 0; + private long methodBlacklistedCount = 0; + private long constructorBlacklistedCount = 0; + private long clinitBlacklistedCount = 0; + + /** Used in different upload methods, set in uploadInformarion(GoalExecution, int). */ + private AbstractGoal exe = null; + + /** Java Ids corresponding to classes and packages of executable constructs. */ + private Set contextConstructs = new HashSet(); + + private TraceCollector() { + final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); + + this.loaderHierarchy = new LoaderHierarchy(); + + // Create thread pool for JAR analysis + this.poolSize = cfg.getInt("jarAnalysis.poolSize", 4); + + // JAR blacklist (evaluated during addTrace) + this.jarBlacklist.addAll(cfg.getStringArray(CoreConfiguration.MONI_BLACKLIST_JARS)); + } + + // ======================================= STATIC METHODS + + /** + *

Getter for the field instance.

+ * + * @return a {@link com.sap.psr.vulas.monitor.trace.TraceCollector} object. + */ + public static synchronized TraceCollector getInstance() { + if (TraceCollector.instance == null) { + // Disable trace collection during the instantiation process. As we use a couple of OSS + // components + // ourselves, we may end up in an endless loop and StackOverflow exceptions otherwise + ExecutionMonitor.setPaused(true); // TraceCollector.PAUSE_COLLECTION = true; + + TraceCollector.instance = new TraceCollector(); + + // Trigger the creation of the execution monitor singleton + ExecutionMonitor.getInstance(); + + // + ClassPoolUpdater.getInstance(); + + BackendConnector.getInstance(); + + getLog().info("Completed instantiation of trace collector"); + + // Now that the instance has been created, we enable trace collection again + ExecutionMonitor.setPaused(false); // TraceCollector.PAUSE_COLLECTION = false; + } + return TraceCollector.instance; + } + + private static final Logger getLog() { + if (TraceCollector.log == null) + TraceCollector.log = org.apache.logging.log4j.LogManager.getLogger(); + return TraceCollector.log; + } + + /** + * Callback method for instrumented class methods. + * + * @param _qname the qualified name of the method or constructor instrumented, thus, performing the callback + * @param _archive_digest the SHA1 digest of the original JAR archive (optional, must be added to the class during offline instrumentation) + * @param _app_groupid the Maven group Id of the application context (optional, can be added to the class during offline instrumentation) + * @param _app_artifactid the Maven artifact Id of the application context (optional, see above) + * @param _app_version the Maven version of the application context (optional, see above) + * @param _class_loader a {@link java.lang.ClassLoader} object. + * @param _url a {@link java.net.URL} object. + * @param _params a {@link java.util.Map} object. + * @return a boolean. + */ + public static boolean callbackMethod( + String _qname, + ClassLoader _class_loader, + URL _url, + String _archive_digest, + String _app_groupid, + String _app_artifactid, + String _app_version, + Map _params) { + boolean trace_collected = false; + if (!ExecutionMonitor.isPaused()) { + TraceCollector.getInstance() + .addTrace( + JavaId.parseMethodQName(_qname), + _class_loader, + _url, + _archive_digest, + _app_groupid, + _app_artifactid, + _app_version, + _params); + trace_collected = true; + } + return trace_collected; + } + + /** + * Callback method for instrumented class constructors. + * + * @param _qname the qualified name of the method or constructor instrumented, thus, performing the callback + * @param _archive_digest the SHA1 digest of the original JAR archive (optional, must be added to the class during static instrumentation) + * @param _app_groupid the Maven group Id of the application context (optional, can be added to the class during static instrumentation) + * @param _app_artifactid the Maven artifact Id of the application context (optional, see above) + * @param _app_version the Maven version of the application context (optional, see above) + * @param _class_loader a {@link java.lang.ClassLoader} object. + * @param _url a {@link java.net.URL} object. + * @param _params a {@link java.util.Map} object. + * @return a boolean. + */ + public static boolean callbackConstructor( + String _qname, + ClassLoader _class_loader, + URL _url, + String _archive_digest, + String _app_groupid, + String _app_artifactid, + String _app_version, + Map _params) { + boolean trace_collected = false; + if (!ExecutionMonitor.isPaused()) { + TraceCollector.getInstance() + .addTrace( + JavaId.parseConstructorQName(_qname), + _class_loader, + _url, + _archive_digest, + _app_groupid, + _app_artifactid, + _app_version, + _params); + trace_collected = true; + } + return trace_collected; + } + + /** + * Callback method for instrumented class constructors. + * + * @param _qname the qualified name of the method or constructor instrumented, thus, performing the callback + * @param _archive_digest the SHA1 digest of the original JAR archive (optional, must be added to the class during static instrumentation) + * @param _app_groupid the Maven group Id of the application context (optional, can be added to the class during static instrumentation) + * @param _app_artifactid the Maven artifact Id of the application context (optional, see above) + * @param _app_version the Maven version of the application context (optional, see above) + * @param _class_loader a {@link java.lang.ClassLoader} object. + * @param _url a {@link java.net.URL} object. + * @param _params a {@link java.util.Map} object. + * @return a boolean. + */ + public static boolean callbackClinit( + String _qname, + ClassLoader _class_loader, + URL _url, + String _archive_digest, + String _app_groupid, + String _app_artifactid, + String _app_version, + Map _params) { + boolean trace_collected = false; + if (!ExecutionMonitor.isPaused()) { + TraceCollector.getInstance() + .addTrace( + JavaId.parseClassInitQName(_qname), + _class_loader, + _url, + _archive_digest, + _app_groupid, + _app_artifactid, + _app_version, + _params); + trace_collected = true; + } + return trace_collected; + } + + // ======================================= INSTANCE METHODS + + /** + *

addTrace.

+ * + * @param _id a {@link com.sap.psr.vulas.ConstructId} object. + * @param _class_loader a {@link java.lang.ClassLoader} object. + * @param _url a {@link java.net.URL} object. + * @param _archive_digest a {@link java.lang.String} object. + * @param _app_groupid a {@link java.lang.String} object. + * @param _app_artifactid a {@link java.lang.String} object. + * @param _app_version a {@link java.lang.String} object. + * @param _params a {@link java.util.Map} object. + */ + public synchronized void addTrace( + ConstructId _id, + ClassLoader _class_loader, + URL _url, + String _archive_digest, + String _app_groupid, + String _app_artifactid, + String _app_version, + Map _params) { + + // Return right away if we already collected >= maxItems traces + if (CoreConfiguration.isMaxItemsCollected(this.constructUsage.size())) return; + + // Type of the traced construct + if (!(_id instanceof JavaId)) + throw new IllegalArgumentException( + "Trace collection for type [" + _id.getClass().getSimpleName() + "] not supported"); + final JavaId.Type c_type = ((JavaId) _id).getType(); + + final Loader l = (_class_loader == null ? null : this.loaderHierarchy.add(_class_loader)); + final String jar_path = + (_url == null + ? null + : FileUtil.getJARFilePath(_url.toString())); // The complete FS path pointing to the JAR + final String jar_name = (jar_path == null ? null : FileUtil.getFileName(jar_path)); + + // Ignore blacklisted JARs, cf. MONI_BLACKLIST_JARS + boolean blacklisted_jar = false; + + // Create a new trace + final int counter = (Integer) _params.get("counter"); + final long now = System.currentTimeMillis(); + if (counter == 0) this.getLog().error("Error while reading counter: counter is null"); + final ConstructUsage u = new ConstructUsage(_id, jar_path, l, now, counter); + + // Instrumentation happened in this JVM process + if (_archive_digest == null) { + + // If construct is part of a JAR, create an analyzer + if (jar_name != null) { + + // Unless the JAR is blacklisted + if (!this.checkedJars.containsKey(jar_name)) + this.checkedJars.put( + jar_name, + this.jarBlacklist.contains( + jar_name, + StringList.ComparisonMode.PATTERN, + StringList.CaseSensitivity.CASE_INSENSITIVE)); + blacklisted_jar = this.checkedJars.get(jar_name); + + if (!blacklisted_jar && !this.jarFiles.containsKey(jar_path)) { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(Paths.get(jar_path).toFile()); + this.jarFiles.put(jar_path, ja); + + // Schedule JAR analysis (and create pool if necessary) + if (this.pool == null) this.pool = Executors.newFixedThreadPool(this.poolSize); + this.pool.submit(ja); + } catch (FileAnalysisException e) { + this.getLog() + .error( + "Error while reading JAR file from URL [" + jar_path + "]: " + e.getMessage()); + } + } + } + } + // Instrumentation happened outside of the current JVM process (perfect, saves resources) + else { + u.setArchiveDigest(_archive_digest); + u.setArchiveFileName(jar_name); + if (_app_groupid != null && _app_artifactid != null && _app_version != null) + u.setAppContext(new Application(_app_groupid, _app_artifactid, _app_version)); + } + + // Only add the trace if the JAR is not blacklisted + if (!blacklisted_jar) { + this.constructUsage.add(u); + + // Stats + switch (c_type) { + case CONSTRUCTOR: + this.constructorTraceCount++; + break; + case METHOD: + this.methodTraceCount++; + break; + case CLASSINIT: + this.clinitTraceCount++; + break; + default: + break; // Should not happen + } + + // Add 1 trace for context and package (more does not seem to make any sense, there could be + // easily too many) + final ConstructId ctx_id = _id.getDefinitionContext(); + final ConstructId pack_id = ((JavaId) _id).getJavaPackageId(); + if (!this.contextConstructs.contains(ctx_id)) { + final ConstructUsage ctx_u = new ConstructUsage(ctx_id, jar_path, l, now, 1); + this.contextConstructs.add(ctx_id); + this.constructUsage.add(ctx_u); + } + if (!this.contextConstructs.contains(pack_id)) { + final ConstructUsage pack_u = new ConstructUsage(pack_id, jar_path, l, now, 1); + this.contextConstructs.add(pack_id); + this.constructUsage.add(pack_u); + } + + // Analyze stacktrace to get path and/or junit information + if ((Boolean.valueOf((String) _params.get("junit")) + || Boolean.valueOf((String) _params.get("path"))) + && _params.get("stacktrace") != null + && !c_type.equals(JavaId.Type.CLASSINIT)) { + + // Build the path in any of the 2 cases + this.stu = new StackTraceUtil(this.loaderHierarchy, l); + this.stu.setStopAtJUnit(true); + final List path = + this.stu.transformStackTrace( + (StackTraceElement[]) _params.get("stacktrace"), + new PathNode(_id, _archive_digest)); + + // Upload path? + if (Boolean.valueOf((String) _params.get("path"))) { + constructUsagePaths.add(path); + this.getLog() + .info( + "Path constructed from stacktrace, length [" + + path.size() + + "]: entry point [" + + path.get(0).getConstructId().getQualifiedName() + + "], change list element [" + + _id.getQualifiedName() + + "]"); + } + + // Collect JUnit info? + if (Boolean.valueOf((String) _params.get("junit"))) { + final ConstructId junit = this.stu.getJUnitContext(path); + if (junit != null) { + u.addJUnitContext(junit); + } + } + } + } else { + // Stats + switch (c_type) { + case CONSTRUCTOR: + this.constructorBlacklistedCount++; + break; + case METHOD: + this.methodBlacklistedCount++; + break; + case CLASSINIT: + this.clinitBlacklistedCount++; + break; + default: + break; // Should not happen + } + } + } + + /** + *

uploadInformation.

+ * + * @param _exe a {@link com.sap.psr.vulas.goals.AbstractGoal} object. + * @param batchSize a int. + */ + public synchronized void uploadInformation(AbstractGoal _exe, int batchSize) { + this.exe = _exe; + if (batchSize > -1) { + this.uploadPaths(10); + this.uploadTraces(batchSize); + } else { + this.uploadPaths(); + this.uploadTraces(); + } + } + + /** + *

awaitUpload.

+ */ + public void awaitUpload() { + if (this.pool != null) { + this.pool.shutdown(); + try { + // Once we're all through, let's wait for them to finish + while (!this.pool.awaitTermination(10, TimeUnit.SECONDS)) + this.getLog().info("Awaiting completion of archive analysis threads"); + } catch (InterruptedException e) { + this.getLog() + .error( + "Got interruped while waiting for the completion of archive analysis threads: " + + e.getMessage()); + } + } + } + + /** + * Uploads all trace information collected during JVM execution to the central collector. + */ + private synchronized void uploadTraces() { + this.uploadTraces(-1); + } + + /** + * Uploads trace information collected during JVM execution to the central collector. + * If batch size is equal to -1, all traces will be uploaded. + */ + private synchronized void uploadTraces(int _batch_size) { + if (this.constructUsage.isEmpty()) TraceCollector.getLog().info("No traces collected"); + else { + try { + BackendConnector.getInstance() + .uploadTraces( + CoreConfiguration.buildGoalContextFromGlobalConfiguration(), + CoreConfiguration.getAppContext(), + this.toJSON(_batch_size)); + } catch (Exception e) { + this.getLog().error("Error while uploaded traces: " + e.getMessage()); + } + } + } + + /** + * Upload all paths gathered from stacktrace information. + * @return + */ + private synchronized void uploadPaths() { + this.uploadPaths(-1); + } + + /** + * Upload _batch_size paths gathered from stack trace information (all if _batch_size is negative). + * + * @param _batch_size a int. + */ + public synchronized void uploadPaths(int _batch_size) { + // No paths collected since last call + if (this.constructUsagePaths.isEmpty()) { + TraceCollector.getLog().info("No paths collected"); + return; + } + + Application app_ctx = null; + try { + app_ctx = CoreConfiguration.getAppContext(); + } catch (ConfigurationException e) { + TraceCollector.getLog().error("Application context could not be determined"); + return; + } + + TraceCollector.getLog().info(this.constructUsagePaths.size() + " paths collected"); + final StringBuilder json = new StringBuilder(); + + List path = null; + final HashMap>> paths_per_bug = + new HashMap>>(); + + // Get _batch_size paths and sort them after bugid + ConstructId cle = null; + int count = 0; + boolean match = false; + while (!this.constructUsagePaths.isEmpty() && (_batch_size < 0 || count++ < _batch_size)) { + path = this.constructUsagePaths.poll(); + + // Get change list element (1st node) + cle = path.get(path.size() - 1).getConstructId(); + + // Get the bug id for the change list element + match = false; + Map> change_lists = null; + try { + change_lists = + BackendConnector.getInstance() + .getAppBugs(CoreConfiguration.buildGoalContextFromGlobalConfiguration(), app_ctx); + } catch (BackendConnectionException e) { + TraceCollector.getLog().error("Error while reading app bugs: " + e.getMessage(), e); + change_lists = new HashMap>(); + } + for (String b : change_lists.keySet()) { + if (change_lists.get(b).contains(ConstructId.toSharedType(cle))) { + if (!paths_per_bug.containsKey(b)) paths_per_bug.put(b, new ArrayList>()); + paths_per_bug.get(b).add(path); + match = true; + TraceCollector.getLog() + .info( + "Path for bug [" + + b + + "]: length " + + path.size() + + ", change list element " + + cle); + } + } + + // No match? Can happen because we collect traces for all methods of a class + if (!match) + TraceCollector.getLog() + .info("No bug for path: length " + path.size() + ", change list element " + cle); + } + + URL jar_url = null; + String jar_path = null; + JarAnalyzer ja = null; + ClassPoolUpdater cpu = new ClassPoolUpdater(); + // Upload per bug (as in ReachabilityAnalyzer) + for (String bugid : paths_per_bug.keySet()) { + json.delete(0, json.length()); + json.append("["); + int n = 0; + + // Build JSON + for (List path1 : paths_per_bug.get(bugid)) { + if ((n++) > 0) json.append(","); + json.append("{"); + json.append("\"app\":").append(JacksonUtil.asJsonString(app_ctx)).append(","); + json.append("\"bug\":\"").append(bugid).append("\","); + json.append("\"executionId\":\"").append(exe.getId()).append("\","); + json.append("\"source\":\"").append(PathSource.X2C).append("\","); + json.append("\"path\":["); + int m = 0; + // Path node + for (PathNode cid : path1) { + if ((m++) > 0) json.append(","); + json.append("{"); + json.append("\"constructId\":").append(cid.getConstructId().toJSON()); + + // If existing, put the SHA1 of the lib from which the construct was loaded + if (cid.hasSha1()) { + json.append(",\"lib\":\"").append(cid.getSha1()).append("\""); + } + // If not existing, find it + else { + // + jar_url = cpu.getJarResourcePath(cid.getConstructId()); + /*if(jar_url==null) { + try { + jar_url = new URL(((JavaId)cid.getConstructId()).getJARUrl()); + } catch (MalformedURLException e) { + this.getLog().warn("Cannot create JAR URL: " + e.getMessage()); + } + }*/ + + jar_path = (jar_url == null ? null : FileUtil.getJARFilePath(jar_url.toString())); + if (jar_path != null && this.jarFiles.containsKey(jar_path)) { + ja = this.jarFiles.get(jar_path); + json.append(",\"lib\":\"").append(ja.getSHA1()).append("\""); + } else { + // Print warning, if the SHA1 of a JAR cannot be determined + if (jar_path != null && jar_path.endsWith("jar")) + this.getLog() + .warn( + "Library ignored: Construct " + + cid.getConstructId() + + " and JAR URL [" + + jar_url + + "]"); + json.append(",\"lib\":null"); + } + } + json.append("}"); + } + json.append("]}"); + } + json.append("]"); + + // Upload JSON + TraceCollector.getLog() + .info("Upload [" + paths_per_bug.get(bugid).size() + "] path(s) for bug [" + bugid + "]"); + try { + BackendConnector.getInstance() + .uploadPaths( + CoreConfiguration.buildGoalContextFromGlobalConfiguration(), + app_ctx, + json.toString()); + } catch (BackendConnectionException e) { + TraceCollector.getLog().error("Error while uploading paths: " + e.getMessage(), e); + } + } + } + + private String toJSON(int _batch_size) throws ConcurrentModificationException { + final StringBuilder b = new StringBuilder(); + + // Append construct usage by apps + String jar_path = null; + JarAnalyzer ja = null; + int trace_count = 0; + b.append("["); + ConstructUsage u = null, v = null; + Application ctx = null; + + // The traces to be uploaded (polled one after the other) + final Map traces_to_upload = + new HashMap(); + while ((_batch_size == -1 || traces_to_upload.size() < _batch_size) + && !this.constructUsage.isEmpty()) { + + // Next one from queue + u = this.constructUsage.poll(); + if (u != null) { + + // Only upload the trace of accepted class loaders (= not filtered) + // if(this.loaderFilter==null || this.loaderFilter.accept(u.getLoader())) { + + // Establish the app context + ctx = u.getAppContext(); // Hard-coded through static instrumentation + if (ctx == null) { + try { + ctx = CoreConfiguration.getAppContext(); // Via configuration + } catch (ConfigurationException e) { + log.error(e.getMessage()); + } + } + + // Continue only if that succeeded + if (ctx != null && ctx.isComplete()) { + u.setAppContext(ctx); + u.setExecutionId(this.exe.getId()); + + // Update counter if it has been prepared already + if (traces_to_upload.containsKey(u)) { + v = traces_to_upload.get(u); + // ExecutionMonitor.log.info("Merge " + v.toString() + " and " + u.toString()); + v.merge(u); + traces_to_upload.put(u, v); + } else { + // ExecutionMonitor.log.info("Add " + u.toString()); + traces_to_upload.put(u, u); + } + } + } + } + + // Now prepare the JSON for the selected traces + for (ConstructUsage usage : traces_to_upload.values()) { + + try { + // Get the URL of the JAR from which the construct has been loaded (if any) + jar_path = usage.getResourceURL(); + + // It has been loaded from a JAR, now check whether archive digest and file name are already + // known + if (jar_path != null) { + + // Yes, already known + if (usage.getArchiveDigest() != null && usage.getArchiveFileName() != null) { + } + // No, we need to get it from the JAR analyzer (created in method addUsedConstruct) + else { + + if (this.jarFiles.containsKey(jar_path)) { + ja = this.jarFiles.get(jar_path); + + // Yes, but could the SHA1 be computed (which seems to fail sometimes)? + if (ja.getSHA1() != null) { + // Ok, let's update the trace with SHA1 and file name + usage.setArchiveFileName(this.jarFiles.get(jar_path).getFileName()); + usage.setArchiveDigest(this.jarFiles.get(jar_path).getSHA1()); + } + // No, SHA1 could not be computed, do add to JSON + else + throw new IllegalStateException( + "SHA1 for construct [" + usage.toString() + "] not known"); + } else throw new IllegalStateException("JAR analyzer not found for [" + jar_path + "]"); + } + } + + // Append the trace to the JSON (hopefully all information has been completed) + if (trace_count++ > 0) b.append(","); + b.append(usage.toJSON()); + } catch (IllegalStateException e) { + TraceCollector.getLog().error(e.getMessage()); + // this.constructUsage.add(u); + } + } + b.append("]"); + + TraceCollector.getLog() + .info( + "[" + + trace_count + + " traces] prepared for upload, [" + + this.constructUsage.size() + + " traces] remain in queue"); + return b.toString(); + } + + /** + *

getStatistics.

+ * + * @return a {@link java.util.Map} object. + */ + public Map getStatistics() { + final Map stats = new HashMap(); + stats.put("archivesAnalyzed", new Long(this.jarFiles.size())); + stats.put("tracesCollectedMethod", this.methodTraceCount); + stats.put("tracesCollectedConstructor", this.constructorTraceCount); + stats.put("tracesCollectedClinit", this.clinitTraceCount); + stats.put("tracesCollectedMethodBlacklisted", this.methodBlacklistedCount); + stats.put("tracesCollectedConstructorBlacklisted", this.constructorBlacklistedCount); + stats.put("tracesCollectedClinitBlacklisted", this.clinitBlacklistedCount); + return stats; + } } diff --git a/lang-java/src/test/java/ClassWithoutPackage.java b/lang-java/src/test/java/ClassWithoutPackage.java index cfa967a66..3516c1569 100644 --- a/lang-java/src/test/java/ClassWithoutPackage.java +++ b/lang-java/src/test/java/ClassWithoutPackage.java @@ -23,7 +23,7 @@ * Test class for {@link JavaFileAnalyzer2}. */ public class ClassWithoutPackage { - public ClassWithoutPackage() {} - public void foo() {} - + public ClassWithoutPackage() {} + + public void foo() {} } diff --git a/lang-java/src/test/java/NestedDeclarationMess.java b/lang-java/src/test/java/NestedDeclarationMess.java index 978801243..3e67f3e6b 100644 --- a/lang-java/src/test/java/NestedDeclarationMess.java +++ b/lang-java/src/test/java/NestedDeclarationMess.java @@ -21,75 +21,83 @@ public class NestedDeclarationMess { - // Member interface - interface DoSomethingElse { - - // Member class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - - public void doSomethingElse(); - } - - // Member class (anon) - final DoSomethingElse doSomethingElse = new DoSomethingElse() { - public void doSomethingElse() {} - }; - - // Member class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - - public void doSomething() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doSomething() {} - }; - - // Named class - class DoThat { - - void doThat() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThis() {} - }; - } - } - } - - public enum Foo { - A, B; - void bar() { - // Named class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - } - }; + // Member interface + interface DoSomethingElse { + + // Member class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + + public void doSomethingElse(); + } + + // Member class (anon) + final DoSomethingElse doSomethingElse = + new DoSomethingElse() { + public void doSomethingElse() {} + }; + + // Member class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + + public void doSomething() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doSomething() {} + }; + + // Named class + class DoThat { + + void doThat() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThis() {} + }; + } + } + } + + public enum Foo { + A, + B; + + void bar() { + // Named class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + } + }; } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/AarAnalyzerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/AarAnalyzerTest.java index 94c3f4b5f..71e994218 100755 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/AarAnalyzerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/AarAnalyzerTest.java @@ -31,16 +31,16 @@ public class AarAnalyzerTest { - @Test - public void testAarAnalyzer() { - try { - final AarAnalyzer aa = new AarAnalyzer(); - aa.analyze(new File("./src/test/resources/cucumber-android-4.3.0.aar")); - final Set cids = aa.getConstructIds(); - assertTrue(!cids.isEmpty()); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } -} \ No newline at end of file + @Test + public void testAarAnalyzer() { + try { + final AarAnalyzer aa = new AarAnalyzer(); + aa.analyze(new File("./src/test/resources/cucumber-android-4.3.0.aar")); + final Set cids = aa.getConstructIds(); + assertTrue(!cids.isEmpty()); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } +} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/ClassFileAnalyzerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/ClassFileAnalyzerTest.java index 740186178..f627f5d4a 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/ClassFileAnalyzerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/ClassFileAnalyzerTest.java @@ -30,29 +30,35 @@ import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; import com.sap.psr.vulas.FileAnalyzerFactory; + public class ClassFileAnalyzerTest { - - /** - * Test that certain constructs are correctly found in a give class file. - */ - @Test - public void classFileAnalyzerTest () { - try { - // Analyze a test class file - ClassFileAnalyzer cfa = (ClassFileAnalyzer)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/resources/Callgraph.class")); - final Map c = cfa.getConstructs(); - - // Check that certain constructs have been found - JavaConstructorId cid = JavaId.parseConstructorQName("com.sap.psr.vulas.cg.Callgraph(Graph)"); - assertEquals(true, cfa.containsConstruct(cid)); - - JavaMethodId mid = JavaId.parseMethodQName("com.sap.psr.vulas.cg.Callgraph.getAllEdges(String)"); - assertEquals(true, cfa.containsConstruct(cid)); - - JavaMethodId not_existing_method = JavaId.parseMethodQName("com.sap.psr.vulas.cg.Callgraph.1234(String)"); - assertEquals(false, cfa.containsConstruct(not_existing_method)); - } catch (FileAnalysisException e) { - System.err.println(e.getMessage()); - } - } + + /** + * Test that certain constructs are correctly found in a give class file. + */ + @Test + public void classFileAnalyzerTest() { + try { + // Analyze a test class file + ClassFileAnalyzer cfa = + (ClassFileAnalyzer) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./src/test/resources/Callgraph.class")); + final Map c = cfa.getConstructs(); + + // Check that certain constructs have been found + JavaConstructorId cid = JavaId.parseConstructorQName("com.sap.psr.vulas.cg.Callgraph(Graph)"); + assertEquals(true, cfa.containsConstruct(cid)); + + JavaMethodId mid = + JavaId.parseMethodQName("com.sap.psr.vulas.cg.Callgraph.getAllEdges(String)"); + assertEquals(true, cfa.containsConstruct(cid)); + + JavaMethodId not_existing_method = + JavaId.parseMethodQName("com.sap.psr.vulas.cg.Callgraph.1234(String)"); + assertEquals(false, cfa.containsConstruct(not_existing_method)); + } catch (FileAnalysisException e) { + System.err.println(e.getMessage()); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/ClassPoolUpdaterTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/ClassPoolUpdaterTest.java index 808303346..e3d217910 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/ClassPoolUpdaterTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/ClassPoolUpdaterTest.java @@ -35,89 +35,94 @@ import javassist.CtConstructor; public class ClassPoolUpdaterTest { - - @Test - public void testClassPoolUpdater() { - try { - // Relative path: Should not be appended, since the package structure does not exist in the file path - final File f = new File("./src/test/resources/classpath/OuterClass$InnerClass.class"); - final CtClass ctclass = ClassPool.getDefault().makeClass(new FileInputStream(f)); - boolean appended1 = ClassPoolUpdater.getInstance().updateClasspath(ctclass, f); - assertFalse(appended1); - - // Relative path: Should be appended - final File f2 = new File("./src/test/resources/com/sap/psr/vulas/java/test/OuterClass$InnerClass.class"); - final CtClass ctclass2 = ClassPool.getDefault().makeClass(new FileInputStream(f2)); - boolean appended2 = ClassPoolUpdater.getInstance().updateClasspath(ctclass2, f2); - assertTrue(appended2); - - // Relative path: Should not be appended, since already done - boolean appended3 = ClassPoolUpdater.getInstance().updateClasspath(ctclass2, f2); - assertFalse(appended3); - - // Absolute path - final File f3 = new File("./src/test/resources/com/sap/psr/vulas/java/test/OuterClass$InnerClass.class"); - final Path abs_path = f3.toPath().toAbsolutePath().normalize(); - final Path classpath = ClassPoolUpdater.getInstance().getClasspath(abs_path.toFile()); - assertTrue(classpath.toFile().exists()); - } catch (Exception e) { - e.printStackTrace(); - } - } - - @Test - public void checkForClint() { - try { - // Analyze normal class without anything static - final File basic = new File("./src/test/resources/classpath/BasicClass.class"); - final CtClass basicCtclass = ClassPool.getDefault().makeClass(new FileInputStream(basic)); - System.out.println("---------------- Basic Class -----------------"); - System.out.println(basicCtclass.getClassInitializer()); - for(CtConstructor ctc : basicCtclass.getConstructors()){ - System.out.println(ctc.getMethodInfo()); - } - - // Analyze class with static fields - final File staticFields = new File("./src/test/resources/classpath/StaticFields.class"); - final CtClass staticFieldsCtclass = ClassPool.getDefault().makeClass(new FileInputStream(staticFields)); - System.out.println("---------------- Static Fields -----------------"); - System.out.println(staticFieldsCtclass.getClassInitializer()); - for(CtConstructor ctc : staticFieldsCtclass.getConstructors()){ - System.out.println(ctc.getMethodInfo()); - } - - // Analyze class with no static fields but with a static block - final File staticBlock = new File("./src/test/resources/classpath/StaticBlock.class"); - final CtClass staticBlockCtclass = ClassPool.getDefault().makeClass(new FileInputStream(staticBlock)); - System.out.println("---------------- Static Block -----------------"); - System.out.println(staticBlockCtclass.getClassInitializer()); - for(CtConstructor ctc : staticBlockCtclass.getConstructors()){ - System.out.println(ctc.getMethodInfo()); - } - - // Analyze class with static final fields - final File staticFinal = new File("./src/test/resources/classpath/StaticFinal.class"); - final CtClass staticFinalCtclass = ClassPool.getDefault().makeClass(new FileInputStream(staticFinal)); - System.out.println("---------------- static final fields -----------------"); - System.out.println(staticFinalCtclass.getClassInitializer()); - for(CtConstructor ctc : staticFinalCtclass.getConstructors()){ - System.out.println(ctc.getMethodInfo()); - } - - // Analyze class with static method - final File staticMethod = new File("./src/test/resources/classpath/StaticMethod.class"); - final CtClass staticMethodCtclass = ClassPool.getDefault().makeClass(new FileInputStream(staticMethod)); - System.out.println("---------------- static final fields -----------------"); - System.out.println(staticMethodCtclass.getClassInitializer()); - for(CtConstructor ctc : staticMethodCtclass.getConstructors()){ - System.out.println(ctc.getMethodInfo()); - } - - - assertFalse(false); - } catch (Exception e) { - e.printStackTrace(); - } - } - + + @Test + public void testClassPoolUpdater() { + try { + // Relative path: Should not be appended, since the package structure does not exist in the + // file path + final File f = new File("./src/test/resources/classpath/OuterClass$InnerClass.class"); + final CtClass ctclass = ClassPool.getDefault().makeClass(new FileInputStream(f)); + boolean appended1 = ClassPoolUpdater.getInstance().updateClasspath(ctclass, f); + assertFalse(appended1); + + // Relative path: Should be appended + final File f2 = + new File("./src/test/resources/com/sap/psr/vulas/java/test/OuterClass$InnerClass.class"); + final CtClass ctclass2 = ClassPool.getDefault().makeClass(new FileInputStream(f2)); + boolean appended2 = ClassPoolUpdater.getInstance().updateClasspath(ctclass2, f2); + assertTrue(appended2); + + // Relative path: Should not be appended, since already done + boolean appended3 = ClassPoolUpdater.getInstance().updateClasspath(ctclass2, f2); + assertFalse(appended3); + + // Absolute path + final File f3 = + new File("./src/test/resources/com/sap/psr/vulas/java/test/OuterClass$InnerClass.class"); + final Path abs_path = f3.toPath().toAbsolutePath().normalize(); + final Path classpath = ClassPoolUpdater.getInstance().getClasspath(abs_path.toFile()); + assertTrue(classpath.toFile().exists()); + } catch (Exception e) { + e.printStackTrace(); + } + } + + @Test + public void checkForClint() { + try { + // Analyze normal class without anything static + final File basic = new File("./src/test/resources/classpath/BasicClass.class"); + final CtClass basicCtclass = ClassPool.getDefault().makeClass(new FileInputStream(basic)); + System.out.println("---------------- Basic Class -----------------"); + System.out.println(basicCtclass.getClassInitializer()); + for (CtConstructor ctc : basicCtclass.getConstructors()) { + System.out.println(ctc.getMethodInfo()); + } + + // Analyze class with static fields + final File staticFields = new File("./src/test/resources/classpath/StaticFields.class"); + final CtClass staticFieldsCtclass = + ClassPool.getDefault().makeClass(new FileInputStream(staticFields)); + System.out.println("---------------- Static Fields -----------------"); + System.out.println(staticFieldsCtclass.getClassInitializer()); + for (CtConstructor ctc : staticFieldsCtclass.getConstructors()) { + System.out.println(ctc.getMethodInfo()); + } + + // Analyze class with no static fields but with a static block + final File staticBlock = new File("./src/test/resources/classpath/StaticBlock.class"); + final CtClass staticBlockCtclass = + ClassPool.getDefault().makeClass(new FileInputStream(staticBlock)); + System.out.println("---------------- Static Block -----------------"); + System.out.println(staticBlockCtclass.getClassInitializer()); + for (CtConstructor ctc : staticBlockCtclass.getConstructors()) { + System.out.println(ctc.getMethodInfo()); + } + + // Analyze class with static final fields + final File staticFinal = new File("./src/test/resources/classpath/StaticFinal.class"); + final CtClass staticFinalCtclass = + ClassPool.getDefault().makeClass(new FileInputStream(staticFinal)); + System.out.println("---------------- static final fields -----------------"); + System.out.println(staticFinalCtclass.getClassInitializer()); + for (CtConstructor ctc : staticFinalCtclass.getConstructors()) { + System.out.println(ctc.getMethodInfo()); + } + + // Analyze class with static method + final File staticMethod = new File("./src/test/resources/classpath/StaticMethod.class"); + final CtClass staticMethodCtclass = + ClassPool.getDefault().makeClass(new FileInputStream(staticMethod)); + System.out.println("---------------- static final fields -----------------"); + System.out.println(staticMethodCtclass.getClassInitializer()); + for (CtConstructor ctc : staticMethodCtclass.getConstructors()) { + System.out.println(ctc.getMethodInfo()); + } + + assertFalse(false); + } catch (Exception e) { + e.printStackTrace(); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalysisManagerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalysisManagerTest.java index 14ec55e6d..44b09ba5c 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalysisManagerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalysisManagerTest.java @@ -33,18 +33,18 @@ public class JarAnalysisManagerTest { - @Test - @Category(Slow.class) - public void testStartAnalysis() { - try { - final ArchiveAnalysisManager jam = new ArchiveAnalysisManager(4, -1, false, null); - final FileSearch fs = new FileSearch(new String[] { "war" }); - jam.startAnalysis(fs.search(Paths.get("./src/test/resources")), null); - final Set analyzers = jam.getAnalyzers(); - assertEquals(16, analyzers.size()); // 1 for the WAR and 15 for JARs in WEB-INF/lib - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } + @Test + @Category(Slow.class) + public void testStartAnalysis() { + try { + final ArchiveAnalysisManager jam = new ArchiveAnalysisManager(4, -1, false, null); + final FileSearch fs = new FileSearch(new String[] {"war"}); + jam.startAnalysis(fs.search(Paths.get("./src/test/resources")), null); + final Set analyzers = jam.getAnalyzers(); + assertEquals(16, analyzers.size()); // 1 for the WAR and 15 for JARs in WEB-INF/lib + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalyzerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalyzerTest.java index ad3f50fb8..6b94a0a40 100755 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalyzerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/JarAnalyzerTest.java @@ -18,6 +18,7 @@ * Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. */ package com.sap.psr.vulas.java; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -35,130 +36,133 @@ public class JarAnalyzerTest { - @Test - public void testGetFqClassname() { - String je = "Foo.class"; - String fqn = JarAnalyzer.getFqClassname(je); - assertEquals("Foo", fqn); - - je = "1.0/com/sun/tools/xjc/grammar/IgnoreItem.class"; - fqn = JarAnalyzer.getFqClassname(je); - assertEquals(null, fqn); - - je = "com/sun/tools/xjc/grammar/IgnoreItem.class"; - fqn = JarAnalyzer.getFqClassname(je); - assertEquals("com.sun.tools.xjc.grammar.IgnoreItem", fqn); - } - - @Test - public void testIsJavaIdentifier() { - assertEquals(false, JarAnalyzer.isJavaIdentifier("1.0")); - assertEquals(true, JarAnalyzer.isJavaIdentifier("Foo")); - assertEquals(false, JarAnalyzer.isJavaIdentifier("{Foo")); - } - - /** - * Test the analysis of Junit 4.12, which caused a NPE in Vulas releases before 1.0.2 and 1.1.0. - */ - @Test - public void testJunitAnalysis() { - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(new File("./src/test/resources/junit-4.12.jar")); - ja.setWorkDir(Paths.get("./target")); - ja.setRename(true); - JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); - ja.call(); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * The archive "org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar" contains 932 class files below directory 1.0 (900 have been deleted). - * Those cannot be transformed into {@link JavaClassId}s, and corresponding warning messages are printed. - * - * @see Jira VULAS-737 - */ - @Test - public void testInvalidClassEntries() { - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.setWorkDir(Paths.get("./target")); - ja.setRename(true); - JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); - ja.analyze(new File("./src/test/resources/org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar")); - ja.call(); - assertEquals(8984, ja.getConstructIds().size()); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Test - public void testCommonsFileUploadAnalysis() { - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(new File("./src/test/resources/commons-fileupload-1.3.1.jar")); - ja.setWorkDir(Paths.get("./target")); - ja.setRename(true); - JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); - ja.call(); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Test - public void jarAnalyzerTest() { - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(new File("./src/test/resources/examples.jar")); - ja.setWorkDir(Paths.get("./target")); - ja.setRename(true); - JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); - ja.call(); - - // Check bundled library IDs - final Collection blibids = ja.getLibrary().getBundledLibraryIds(); - assertEquals(2, blibids.size()); - assertTrue(blibids.contains(new LibraryId("org.apache.commons", "commons-compress", "1.10"))); - assertTrue(blibids.contains(new LibraryId("commons-fileupload", "commons-fileupload", "1.3.1"))); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Test - public void testParamNormalization() { - String t11 = "a.b.Class.method(foo.bar.Test, String, int)"; - String t12 = "a.b.Class.method(Test, String, int)"; - assertEquals(ClassVisitor.removeParameterQualification(t11), t12); - - String t21 = "method(Set,String,java.lang.Boolean)"; - String t22 = "method(Set,String,Boolean)"; - assertEquals(ClassVisitor.removeParameterQualification(t21), t22); - - String qname1 = "foo.bar.Test(Map< Object, Test>,String , Boolean,Map>)"; - JavaConstructorId cid = JavaId.parseConstructorQName(qname1); - String qname2 = cid.getQualifiedName(); - String qname3 = "foo.bar.Test(Map,String,Boolean,Map>)"; - assertEquals(qname2, qname3); - } - - @Test - public void testNonStaticMemberClass() { - try { - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(new File("./src/test/resources/commons-fileupload-1.3.1.jar")); - final Set constructs = ja.getConstructIds(); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } + @Test + public void testGetFqClassname() { + String je = "Foo.class"; + String fqn = JarAnalyzer.getFqClassname(je); + assertEquals("Foo", fqn); + + je = "1.0/com/sun/tools/xjc/grammar/IgnoreItem.class"; + fqn = JarAnalyzer.getFqClassname(je); + assertEquals(null, fqn); + + je = "com/sun/tools/xjc/grammar/IgnoreItem.class"; + fqn = JarAnalyzer.getFqClassname(je); + assertEquals("com.sun.tools.xjc.grammar.IgnoreItem", fqn); + } + + @Test + public void testIsJavaIdentifier() { + assertEquals(false, JarAnalyzer.isJavaIdentifier("1.0")); + assertEquals(true, JarAnalyzer.isJavaIdentifier("Foo")); + assertEquals(false, JarAnalyzer.isJavaIdentifier("{Foo")); + } + + /** + * Test the analysis of Junit 4.12, which caused a NPE in Vulas releases before 1.0.2 and 1.1.0. + */ + @Test + public void testJunitAnalysis() { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(new File("./src/test/resources/junit-4.12.jar")); + ja.setWorkDir(Paths.get("./target")); + ja.setRename(true); + JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); + ja.call(); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * The archive "org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar" contains 932 class files below directory 1.0 (900 have been deleted). + * Those cannot be transformed into {@link JavaClassId}s, and corresponding warning messages are printed. + * + * @see Jira VULAS-737 + */ + @Test + public void testInvalidClassEntries() { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.setWorkDir(Paths.get("./target")); + ja.setRename(true); + JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); + ja.analyze( + new File("./src/test/resources/org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar")); + ja.call(); + assertEquals(8984, ja.getConstructIds().size()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Test + public void testCommonsFileUploadAnalysis() { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(new File("./src/test/resources/commons-fileupload-1.3.1.jar")); + ja.setWorkDir(Paths.get("./target")); + ja.setRename(true); + JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); + ja.call(); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Test + public void jarAnalyzerTest() { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(new File("./src/test/resources/examples.jar")); + ja.setWorkDir(Paths.get("./target")); + ja.setRename(true); + JarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); + ja.call(); + + // Check bundled library IDs + final Collection blibids = ja.getLibrary().getBundledLibraryIds(); + assertEquals(2, blibids.size()); + assertTrue(blibids.contains(new LibraryId("org.apache.commons", "commons-compress", "1.10"))); + assertTrue( + blibids.contains(new LibraryId("commons-fileupload", "commons-fileupload", "1.3.1"))); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Test + public void testParamNormalization() { + String t11 = "a.b.Class.method(foo.bar.Test, String, int)"; + String t12 = "a.b.Class.method(Test, String, int)"; + assertEquals(ClassVisitor.removeParameterQualification(t11), t12); + + String t21 = "method(Set,String,java.lang.Boolean)"; + String t22 = "method(Set,String,Boolean)"; + assertEquals(ClassVisitor.removeParameterQualification(t21), t22); + + String qname1 = + "foo.bar.Test(Map< Object, Test>,String , Boolean,Map>)"; + JavaConstructorId cid = JavaId.parseConstructorQName(qname1); + String qname2 = cid.getQualifiedName(); + String qname3 = "foo.bar.Test(Map,String,Boolean,Map>)"; + assertEquals(qname2, qname3); + } + + @Test + public void testNonStaticMemberClass() { + try { + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(new File("./src/test/resources/commons-fileupload-1.3.1.jar")); + final Set constructs = ja.getConstructIds(); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/JarWriterTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/JarWriterTest.java index 9d0873625..c07ee5dbb 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/JarWriterTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/JarWriterTest.java @@ -37,122 +37,129 @@ import com.sap.psr.vulas.shared.util.StringUtil; public class JarWriterTest implements JarEntryWriter { - - private int countCallbacks = 0; - - /** - * Set callback counter to 0 before every instrumentation. - * @throws Exception - */ - @Before - public void setup() throws Exception { - this.countCallbacks = 0; - } - @Test - public void testRewrite() { - try { - // Create a JarWriter and do some settings - final JarWriter jw = new JarWriter(Paths.get("./src/test/resources/examples.jar")); - jw.addManifestEntry("Test", "JUnit test entry"); - jw.setClassifier(StringUtil.getRandonString(6)); - jw.addFile("", Paths.get("./src/test/resources/Callgraph.class"), true); - jw.addFile("WEB-INF/lib", Paths.get("./src/test/resources/examples.jar"), true); - - assertEquals("F22A5E25F37455867B5C2CF476BAC25189AC2B28", jw.getSHA1()); - - // Callback for .class files and rewrite - jw.register(".*.class$", this); - final Path rewritten = jw.rewrite(Paths.get("./target")); - - // Callbacks for 6 class files - assertEquals(6, this.countCallbacks); - - // Create a new JarWriter and check whether is recognized as rewritten (the original SHA1 is taken from the manifest) - final JarWriter jw2 = new JarWriter(rewritten); - assertTrue(jw2.isRewrittenByVulas()); - assertEquals("F22A5E25F37455867B5C2CF476BAC25189AC2B28", jw2.getSHA1()); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Test(expected=SecurityException.class) - public void testRewriteVerifyError() throws Throwable { - try { - // Create a JarWriter and do some settings - System.setProperty(CoreConfiguration.VERIFY_JARS, "true"); - JarWriter jw = new JarWriter(Paths.get("./src/test/resources/org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar")); - jw.addManifestEntry("Test", "JUnit test entry"); - jw.setClassifier("dummy"); - - // Callback for .class files - jw.register(".*.class$", this); - - // Throws exception - jw.rewrite(null); - } catch (IOException e) { - e.printStackTrace(); - assertTrue(false); - } catch (JarAnalysisException e) { - throw e.getCause(); - } - } - - @Test - public void testRewriteVerifySkip() { - try { - // Create a JarWriter and do some settings - System.setProperty(CoreConfiguration.VERIFY_JARS, "false"); - JarWriter jw = new JarWriter(Paths.get("./src/test/resources/org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar")); - jw.addManifestEntry("Test", "JUnit test entry"); - jw.setClassifier("dummy"); - - // Callback for .class files - jw.register(".*.class$", this); - - // Rewrite the file - final Path rewritten = jw.rewrite(null); - - // Callbacks for 29 class files - assertEquals(29, this.countCallbacks); - - // Create a new JarWriter and check whether is recognized as rewritten - JarWriter jw2 = new JarWriter(rewritten); - assertTrue(jw2.isRewrittenByVulas()); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Test - public void testAppendToClasspath() { - try { - final Set cp = new HashSet(); - - // Needs rewriting - final Path with_mf_entry = Paths.get("./src/test/resources/org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar"); - Path appended_path = JarWriter.appendToClasspath(cp, with_mf_entry, true); - assertTrue(!cp.contains(with_mf_entry)); - assertTrue(!with_mf_entry.equals(appended_path)); - - // Does not need rewriting - final Path without_mf_entry = Paths.get("./src/test/resources/junit-4.12.jar"); - appended_path = JarWriter.appendToClasspath(cp, without_mf_entry, true); - assertTrue(cp.contains(without_mf_entry)); - assertTrue(without_mf_entry.equals(appended_path)); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Override - public InputStream getInputStream(String _regex, JarEntry _entry) { - //System.out.println("Callback for regex [" + _regex + "], jar entry [" + _entry.getName() + "]"); - this.countCallbacks++; - return null; - } + private int countCallbacks = 0; + + /** + * Set callback counter to 0 before every instrumentation. + * @throws Exception + */ + @Before + public void setup() throws Exception { + this.countCallbacks = 0; + } + + @Test + public void testRewrite() { + try { + // Create a JarWriter and do some settings + final JarWriter jw = new JarWriter(Paths.get("./src/test/resources/examples.jar")); + jw.addManifestEntry("Test", "JUnit test entry"); + jw.setClassifier(StringUtil.getRandonString(6)); + jw.addFile("", Paths.get("./src/test/resources/Callgraph.class"), true); + jw.addFile("WEB-INF/lib", Paths.get("./src/test/resources/examples.jar"), true); + + assertEquals("F22A5E25F37455867B5C2CF476BAC25189AC2B28", jw.getSHA1()); + + // Callback for .class files and rewrite + jw.register(".*.class$", this); + final Path rewritten = jw.rewrite(Paths.get("./target")); + + // Callbacks for 6 class files + assertEquals(6, this.countCallbacks); + + // Create a new JarWriter and check whether is recognized as rewritten (the original SHA1 is + // taken from the manifest) + final JarWriter jw2 = new JarWriter(rewritten); + assertTrue(jw2.isRewrittenByVulas()); + assertEquals("F22A5E25F37455867B5C2CF476BAC25189AC2B28", jw2.getSHA1()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Test(expected = SecurityException.class) + public void testRewriteVerifyError() throws Throwable { + try { + // Create a JarWriter and do some settings + System.setProperty(CoreConfiguration.VERIFY_JARS, "true"); + JarWriter jw = + new JarWriter( + Paths.get("./src/test/resources/org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar")); + jw.addManifestEntry("Test", "JUnit test entry"); + jw.setClassifier("dummy"); + + // Callback for .class files + jw.register(".*.class$", this); + + // Throws exception + jw.rewrite(null); + } catch (IOException e) { + e.printStackTrace(); + assertTrue(false); + } catch (JarAnalysisException e) { + throw e.getCause(); + } + } + + @Test + public void testRewriteVerifySkip() { + try { + // Create a JarWriter and do some settings + System.setProperty(CoreConfiguration.VERIFY_JARS, "false"); + JarWriter jw = + new JarWriter( + Paths.get("./src/test/resources/org.eclipse.equinox.cm_1.0.400.v20120319-2029.jar")); + jw.addManifestEntry("Test", "JUnit test entry"); + jw.setClassifier("dummy"); + + // Callback for .class files + jw.register(".*.class$", this); + + // Rewrite the file + final Path rewritten = jw.rewrite(null); + + // Callbacks for 29 class files + assertEquals(29, this.countCallbacks); + + // Create a new JarWriter and check whether is recognized as rewritten + JarWriter jw2 = new JarWriter(rewritten); + assertTrue(jw2.isRewrittenByVulas()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Test + public void testAppendToClasspath() { + try { + final Set cp = new HashSet(); + + // Needs rewriting + final Path with_mf_entry = + Paths.get("./src/test/resources/org.apache.servicemix.bundles.jaxb-xjc-2.2.4_1.jar"); + Path appended_path = JarWriter.appendToClasspath(cp, with_mf_entry, true); + assertTrue(!cp.contains(with_mf_entry)); + assertTrue(!with_mf_entry.equals(appended_path)); + + // Does not need rewriting + final Path without_mf_entry = Paths.get("./src/test/resources/junit-4.12.jar"); + appended_path = JarWriter.appendToClasspath(cp, without_mf_entry, true); + assertTrue(cp.contains(without_mf_entry)); + assertTrue(without_mf_entry.equals(appended_path)); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Override + public InputStream getInputStream(String _regex, JarEntry _entry) { + // System.out.println("Callback for regex [" + _regex + "], jar entry [" + _entry.getName() + + // "]"); + this.countCallbacks++; + return null; + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/JavaFileAnalyzer2Test.java b/lang-java/src/test/java/com/sap/psr/vulas/java/JavaFileAnalyzer2Test.java index 983145818..477aaf2e2 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/JavaFileAnalyzer2Test.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/JavaFileAnalyzer2Test.java @@ -39,490 +39,643 @@ import com.sap.psr.vulas.shared.util.FileSearch; public class JavaFileAnalyzer2Test { - - /** - * Tests the analysis of java and class files that contain a class w/o package - */ - @Test - public void testClassWithoutPackage() { - try { - final JavaFileAnalyzer2 jfa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/java/ClassWithoutPackage.java")); - final Map constructs_from_java = jfa.getConstructs(); - - final ClassFileAnalyzer cfa = (ClassFileAnalyzer)FileAnalyzerFactory.buildFileAnalyzer(new File("./target/test-classes/ClassWithoutPackage.class")); - final Map constructs_from_class = cfa.getConstructs(); - - // The parsing should produce the following 3 elements: - final JavaClassId cl = JavaId.parseClassQName("ClassWithoutPackage"); - final JavaConstructorId co = JavaId.parseConstructorQName("ClassWithoutPackage()"); - final JavaMethodId m = JavaId.parseMethodQName("ClassWithoutPackage.foo()"); - - // Assertions - assertEquals(3, constructs_from_java.size()); - assertTrue(constructs_from_java.containsKey(cl)); - assertTrue(constructs_from_java.containsKey(co)); - assertTrue(constructs_from_java.containsKey(m)); - - assertEquals(3, constructs_from_class.size()); - assertTrue(constructs_from_class.containsKey(cl)); - assertTrue(constructs_from_java.containsKey(co)); - assertTrue(constructs_from_class.containsKey(m)); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * Two anonymous classes in Interface initializer. - */ - @Test - public void testAnonClassInInterfaceInit() { - try { - final JavaFileAnalyzer2 jfa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/java/com/sap/psr/vulas/java/test/ConfigurationKey.java")); - final Map constructs = jfa.getConstructs(); - - // The parsing should produce the following 5 elements: - final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); - final JavaClassId anon1 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigurationKey$1"); - final JavaMethodId anon1_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigurationKey$1.compare(ConfigurationKey,ConfigurationKey)"); - final JavaClassId anon2 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigurationKey$2"); - final JavaMethodId anon2_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigurationKey$2.compare(ConfigurationKey,ConfigurationKey)"); - - // Assertions - assertEquals(5, constructs.size()); - assertTrue(constructs.containsKey(p)); - assertTrue(constructs.containsKey(anon1)); - assertTrue(constructs.containsKey(anon1_m)); - assertTrue(constructs.containsKey(anon2)); - assertTrue(constructs.containsKey(anon2_m)); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * One named inner class declared in an interface, and one anonymous class in method. - */ - @Test - public void testNamedClassInInterfaceAndAnonClassInConstructor() { - try { - final JavaFileAnalyzer2 jfa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/java/com/sap/psr/vulas/java/test/HttpRequestCompletionLog.java")); - final Map constructs = jfa.getConstructs(); - - // The parsing should produce the following 5 elements: - final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); - - // Named inner class - final JavaClassId named_class = JavaId.parseClassQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder"); - final JavaConstructorId named_class_cons = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder(String,String)"); - final JavaMethodId named_class_m1 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.forTarget(String,String)"); - final JavaMethodId named_class_m2 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withStartTimeInMillis(long)"); - final JavaMethodId named_class_m3 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withDurationInMillis(long)"); - final JavaMethodId named_class_m4 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withRequestEntitySizeInBytes(long)"); - final JavaMethodId named_class_m5 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseEntitySizeInBytes(long)"); - final JavaMethodId named_class_m6 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseStatus(int)"); - final JavaMethodId named_class_m7 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseReasonPhrase(String)"); - final JavaMethodId named_class_m8 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseContentType(String)"); - final JavaMethodId named_class_m9 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.build()"); - - // Anon. class - final JavaClassId anon_class = JavaId.parseClassQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1"); - final JavaMethodId anon_class_m1 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.toString()"); - final JavaMethodId anon_class_m2 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getDestination()"); - final JavaMethodId anon_class_m3 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getTargetPath()"); - final JavaMethodId anon_class_m4 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getStartTimeInMillis()"); - final JavaMethodId anon_class_m5 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getDurationInMillis()"); - final JavaMethodId anon_class_m6 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getRequestEntitySizeInBytes()"); - final JavaMethodId anon_class_m7 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseEntitySizeInBytes()"); - final JavaMethodId anon_class_m8 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseStatus()"); - final JavaMethodId anon_class_m9 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseReasonPhrase()"); - final JavaMethodId anon_class_m10 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseContentType()"); - - // Assertions - assertEquals(23, constructs.size()); - assertTrue(constructs.containsKey(p)); - - assertTrue(constructs.containsKey(named_class)); - assertTrue(constructs.containsKey(named_class_cons)); - assertTrue(constructs.containsKey(named_class_m1)); - assertTrue(constructs.containsKey(named_class_m2)); - assertTrue(constructs.containsKey(named_class_m3)); - assertTrue(constructs.containsKey(named_class_m4)); - assertTrue(constructs.containsKey(named_class_m5)); - assertTrue(constructs.containsKey(named_class_m6)); - assertTrue(constructs.containsKey(named_class_m7)); - assertTrue(constructs.containsKey(named_class_m8)); - assertTrue(constructs.containsKey(named_class_m9)); - - assertTrue(constructs.containsKey(anon_class)); - assertTrue(constructs.containsKey(anon_class_m1)); - assertTrue(constructs.containsKey(anon_class_m2)); - assertTrue(constructs.containsKey(anon_class_m3)); - assertTrue(constructs.containsKey(anon_class_m4)); - assertTrue(constructs.containsKey(anon_class_m5)); - assertTrue(constructs.containsKey(anon_class_m6)); - assertTrue(constructs.containsKey(anon_class_m7)); - assertTrue(constructs.containsKey(anon_class_m8)); - assertTrue(constructs.containsKey(anon_class_m9)); - assertTrue(constructs.containsKey(anon_class_m10)); - - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * Enum with constructor and methods, an anon class in one method, and 3 named spread accross different other methods. - */ - @Test - public void testEnumAndNamedClassesInMethod() { - try { - final JavaFileAnalyzer2 jfa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/java/com/sap/psr/vulas/java/test/ConfigKey.java")); - final Map constructs = jfa.getConstructs(); - - // The parsing should produce the following 5 elements: - final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); - - // The enum and its methods - final JavaEnumId e = JavaId.parseEnumQName("com.sap.psr.vulas.java.test.ConfigKey"); - final JavaConstructorId enum_c1 = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.ConfigKey(Class,String,String)"); - final JavaMethodId enum_m1 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.getType()"); - final JavaMethodId enum_m2 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.getKey()"); - final JavaMethodId enum_m3 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.getDefaultValue()"); - final JavaMethodId enum_m4 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.fromKey(String)"); - - // The anon class and its method - final JavaClassId anon_class = JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$1"); - final JavaMethodId anon_class_m1 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$1.foo()"); - - // The named classes - final JavaClassId nc1 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass1"); - final JavaConstructorId nc1_c = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass1()"); - final JavaMethodId nc1_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass1.foo()"); - - final JavaClassId nc2 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass2"); - final JavaMethodId nc2_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass2.foo()"); - - final JavaClassId nc3 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$2InnerClass1"); - final JavaConstructorId nc3_c = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.ConfigKey$2InnerClass1()"); - final JavaMethodId nc3_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$2InnerClass1.foo()"); - - // Assertions - assertEquals(17, constructs.size()); - assertTrue(constructs.containsKey(p)); - assertTrue(constructs.containsKey(e)); - assertTrue(constructs.containsKey(enum_c1)); - assertTrue(constructs.containsKey(enum_m1)); - assertTrue(constructs.containsKey(enum_m2)); - assertTrue(constructs.containsKey(enum_m3)); - assertTrue(constructs.containsKey(enum_m4)); - assertTrue(constructs.containsKey(anon_class)); - assertTrue(constructs.containsKey(anon_class_m1)); - assertTrue(constructs.containsKey(nc1)); - assertTrue(constructs.containsKey(nc1_c)); - assertTrue(constructs.containsKey(nc1_m)); - assertTrue(constructs.containsKey(nc2)); - assertTrue(constructs.containsKey(nc2_m)); - assertTrue(constructs.containsKey(nc3)); - assertTrue(constructs.containsKey(nc3_c)); - assertTrue(constructs.containsKey(nc3_m)); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * A plain vanilla class. - */ - @Test - public void testVanilla() { - try { - final JavaFileAnalyzer2 jfa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/java/com/sap/psr/vulas/java/test/Vanilla.java")); - final Map constructs = jfa.getConstructs(); - - // The parsing should produce the following 5 elements: - final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); - final JavaClassId cl = JavaId.parseClassQName("com.sap.psr.vulas.java.test.Vanilla"); - final JavaConstructorId cons = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.Vanilla(String)"); - final JavaMethodId meth = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.Vanilla.foo(String)"); - final JavaMethodId meth2 = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.Vanilla.vuln(String)"); - - // Assertions - assertEquals(5, constructs.size()); - assertTrue(constructs.containsKey(p)); - assertTrue(constructs.containsKey(cl)); - assertTrue(constructs.containsKey(cons)); - assertTrue(constructs.containsKey(meth)); - assertTrue(constructs.containsKey(meth2)); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * A bunch of files from Apache CXF. - */ - @Test - public void testCxfClasses() throws FileAnalysisException { - final FileAnalyzer fv = FileAnalyzerFactory.buildFileAnalyzer(Paths.get("./src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/cache").toFile()); - final Map constructs = fv.getConstructs(); - assertEquals(35, constructs.size()); - } - - /** - * A bunch of awfully nested classes (named and anonymous). - */ - @Test - public void testNestedDeclarationMess() { - try { - final File file = new File("./src/test/java/com/sap/psr/vulas/java/test/NestedDeclarations.java"); - final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(file); - final Map constructs = fa.getConstructs(); - - // The parsing should produce the following 5 elements: - final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); - - final JavaClassId cl1 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations"); // line 5 - final JavaMethodId cl1_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations.doSomething()"); // line 42 - - final JavaClassId cl2 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis"); // line 11 - final JavaMethodId cl2_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis.doThis()"); // line 13 - - final JavaClassId cl3 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis$1"); // line 16 - final JavaMethodId cl3_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis$1.doThat()"); // line 17 - - final JavaClassId cl4 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$1"); // line 26 - final JavaMethodId cl4_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$1.doSomethingElse()"); // line 27 - - final JavaClassId cl5 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoThis"); // line 31 - final JavaMethodId cl5_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoThis.doThis()"); // line 33 - - final JavaClassId cl6 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoThis$1"); // line 36 - final JavaMethodId cl6_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$DoThis$1.doThat()"); // line 37 - - final JavaClassId cl7 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$2"); // line 45 - final JavaMethodId cl7_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$2.doSomething()"); // line 46 - - final JavaClassId cl8 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat"); // line 50 - final JavaMethodId cl8_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat.doThat()"); // line 52 - - final JavaClassId cl9 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat$1"); // line 55 - final JavaMethodId cl9_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat$1.doThis()"); // line 56 - - final JavaEnumId e = JavaId.parseEnumQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo"); // line 62 - final JavaMethodId e_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo.bar()"); // line 64 - - final JavaClassId cl10 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis"); // line 66 - final JavaMethodId cl10_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis.doThis()"); // line 68 - - final JavaClassId cl11 = JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis$1"); // line 71 - final JavaMethodId cl11_m = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis$1.doThat()"); // line 72 - - // Assertions - assertEquals(25, constructs.size()); - assertTrue(constructs.containsKey(p)); - assertTrue(constructs.containsKey(cl1)); - assertTrue(constructs.containsKey(cl1_m)); - - assertTrue(constructs.containsKey(cl2)); - assertTrue(constructs.containsKey(cl2_m)); - - assertTrue(constructs.containsKey(cl3)); - assertTrue(constructs.containsKey(cl3_m)); - - assertTrue(constructs.containsKey(cl4)); - assertTrue(constructs.containsKey(cl4_m)); - - assertTrue(constructs.containsKey(cl5)); - assertTrue(constructs.containsKey(cl5_m)); - - assertTrue(constructs.containsKey(cl6)); - assertTrue(constructs.containsKey(cl6_m)); - - assertTrue(constructs.containsKey(cl7)); - assertTrue(constructs.containsKey(cl7_m)); - - assertTrue(constructs.containsKey(cl8)); - assertTrue(constructs.containsKey(cl8_m)); - - assertTrue(constructs.containsKey(cl9)); - assertTrue(constructs.containsKey(cl9_m)); - - assertTrue(constructs.containsKey(e)); - assertTrue(constructs.containsKey(e_m)); - - assertTrue(constructs.containsKey(cl10)); - assertTrue(constructs.containsKey(cl10_m)); - - assertTrue(constructs.containsKey(cl11)); - assertTrue(constructs.containsKey(cl11_m)); - } catch (FileAnalysisException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } - } - - /** - * A simple class with different parameterized arguments. - */ - @Test - public void testGenerics() { - try { - final JavaFileAnalyzer2 jfa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(new File("./src/test/java/com/sap/psr/vulas/java/test/Generics.java")); - final Map constructs = jfa.getConstructs(); - - // The parsing should produce the following 5 elements: - final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); - final JavaClassId cl = JavaId.parseClassQName("com.sap.psr.vulas.java.test.Generics"); - final JavaConstructorId cons = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.Generics(Map)"); - final JavaMethodId meth = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.Generics.foo(String,Collection,List)"); - - // Assertions - assertEquals(4, constructs.size()); - assertTrue(constructs.containsKey(p)); - assertTrue(constructs.containsKey(cl)); - assertTrue(constructs.containsKey(cons)); - assertTrue(constructs.containsKey(meth)); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - - /** - * Attention: The class SAMLUtils overloads the method parseRolesInAssertion using the types "org.opensaml.saml1.core.Assertion" - * and "parseRolesInAssertion(org.opensaml.saml2.core.Assertion". Since we remove the parameter qualification, the class only - * has 13 rather than 14 methods. - * TODO: Discuss the case - */ - @Test - public void testCxfClass() { - try { - final File file = new File("./src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java"); - final FileAnalyzer fa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(file); - final Map constructs = fa.getConstructs(); - assertEquals(13, constructs.size()); - } - catch (FileAnalysisException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } - } - - /** - * See Jira VULAS-739 - */ - @Test - public void testSunClass() { - try { - final File file = new File("./src/test/resources/Collector.java"); - final FileAnalyzer fa = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(file); - final Map constructs = fa.getConstructs(); - assertEquals(2, constructs.size()); - } - catch (FileAnalysisException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } - } - - /** - * Tests whether the constructs extracted from a Java file correspond to the ones obtained from the compiled file. - */ - @Test - public void testCompareConstructCreation() { - FileSearch fs = new FileSearch(new String[] { "class" }); - Set class_files = fs.search(Paths.get("./target/test-classes/com/sap/psr/vulas/java/test/"), 1); - Set c_from_class = new HashSet(); - String filename = null; - for (Path p : class_files) { - filename = p.getFileName().toString(); - if(filename.startsWith("TestAnon")) { - FileAnalyzer fa; - try { - fa = FileAnalyzerFactory.buildFileAnalyzer(p.toFile()); - c_from_class.addAll(fa.getConstructs().keySet()); - } catch (FileAnalysisException e) { - e.printStackTrace(); - assertTrue(false); - } - } - } - - Set c_from_java = new HashSet(); - File p = null; - try { - p = Paths.get("./src/test/java/com/sap/psr/vulas/java/test/TestAnon.java").toFile(); - FileAnalyzer fa2 = (JavaFileAnalyzer2)FileAnalyzerFactory.buildFileAnalyzer(p); - c_from_java.addAll(fa2.getConstructs().keySet()); - } catch (FileAnalysisException e) { - e.printStackTrace(); - } - - assertTrue(this.compareConstructSets(c_from_class, c_from_java)); - } - - private boolean compareConstructSets(Set _bytecode_constructs, Set _sourcecode_constructs) { - final Set bytecode_constructs = new HashSet(_bytecode_constructs); - final Set sourcecode_constructs = new HashSet(_sourcecode_constructs); - - System.out.println("Matching constructs from bytecode (" + bytecode_constructs.size() + ") against source code (" + sourcecode_constructs.size() + "):\n"); - int matches = 0; - - // Remove constructs found in both sources - for (ConstructId f : _bytecode_constructs) { - for (ConstructId s : _sourcecode_constructs) { - if(f.equals(s)) { - matches++; - bytecode_constructs.remove(f); - sourcecode_constructs.remove(s); - } - } - } - - // Remove constructs created at compile time - - // For enums: constructor(String,int) and values() and valueOf - JavaConstructorId cons = JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.TestAnon$Foo(String,int)"); - JavaMethodId values = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.TestAnon$Foo.values()"); - JavaMethodId value_of = JavaId.parseMethodQName("com.sap.psr.vulas.java.test.TestAnon$Foo.valueOf(String)"); - bytecode_constructs.remove(cons); - bytecode_constructs.remove(values); - bytecode_constructs.remove(value_of); - - // For classes: Remove all default constructors (w/o arguments) - JavaId jid = null; - JavaConstructorId jcid = null; - for(ConstructId c: _bytecode_constructs) { - jid = (JavaId)c; - if(bytecode_constructs.contains(c) && jid.getType().equals(JavaId.Type.CONSTRUCTOR)) { - jcid = (JavaConstructorId)jid; - if(!jcid.hasParams()) { - bytecode_constructs.remove(c); - } - } - } - - if (!bytecode_constructs.isEmpty()) { - System.out.println(bytecode_constructs.size() + " unmatched constructs in first set (from bytecode):"); - for(ConstructId c: bytecode_constructs) { - System.out.println(" " + c); - } - } - - if (!sourcecode_constructs.isEmpty()) { - System.out.println(sourcecode_constructs.size() + " unmatched constructs in second set (from source code):"); - for(ConstructId c: sourcecode_constructs) { - System.out.println(" " + c); - } - } - - // Both should be empty by now (all matches and compiler-added constructs have been removed) - return bytecode_constructs.isEmpty() && sourcecode_constructs.isEmpty(); - } + + /** + * Tests the analysis of java and class files that contain a class w/o package + */ + @Test + public void testClassWithoutPackage() { + try { + final JavaFileAnalyzer2 jfa = + (JavaFileAnalyzer2) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./src/test/java/ClassWithoutPackage.java")); + final Map constructs_from_java = jfa.getConstructs(); + + final ClassFileAnalyzer cfa = + (ClassFileAnalyzer) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./target/test-classes/ClassWithoutPackage.class")); + final Map constructs_from_class = cfa.getConstructs(); + + // The parsing should produce the following 3 elements: + final JavaClassId cl = JavaId.parseClassQName("ClassWithoutPackage"); + final JavaConstructorId co = JavaId.parseConstructorQName("ClassWithoutPackage()"); + final JavaMethodId m = JavaId.parseMethodQName("ClassWithoutPackage.foo()"); + + // Assertions + assertEquals(3, constructs_from_java.size()); + assertTrue(constructs_from_java.containsKey(cl)); + assertTrue(constructs_from_java.containsKey(co)); + assertTrue(constructs_from_java.containsKey(m)); + + assertEquals(3, constructs_from_class.size()); + assertTrue(constructs_from_class.containsKey(cl)); + assertTrue(constructs_from_java.containsKey(co)); + assertTrue(constructs_from_class.containsKey(m)); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * Two anonymous classes in Interface initializer. + */ + @Test + public void testAnonClassInInterfaceInit() { + try { + final JavaFileAnalyzer2 jfa = + (JavaFileAnalyzer2) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./src/test/java/com/sap/psr/vulas/java/test/ConfigurationKey.java")); + final Map constructs = jfa.getConstructs(); + + // The parsing should produce the following 5 elements: + final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); + final JavaClassId anon1 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigurationKey$1"); + final JavaMethodId anon1_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.ConfigurationKey$1.compare(ConfigurationKey,ConfigurationKey)"); + final JavaClassId anon2 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigurationKey$2"); + final JavaMethodId anon2_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.ConfigurationKey$2.compare(ConfigurationKey,ConfigurationKey)"); + + // Assertions + assertEquals(5, constructs.size()); + assertTrue(constructs.containsKey(p)); + assertTrue(constructs.containsKey(anon1)); + assertTrue(constructs.containsKey(anon1_m)); + assertTrue(constructs.containsKey(anon2)); + assertTrue(constructs.containsKey(anon2_m)); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * One named inner class declared in an interface, and one anonymous class in method. + */ + @Test + public void testNamedClassInInterfaceAndAnonClassInConstructor() { + try { + final JavaFileAnalyzer2 jfa = + (JavaFileAnalyzer2) + FileAnalyzerFactory.buildFileAnalyzer( + new File( + "./src/test/java/com/sap/psr/vulas/java/test/HttpRequestCompletionLog.java")); + final Map constructs = jfa.getConstructs(); + + // The parsing should produce the following 5 elements: + final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); + + // Named inner class + final JavaClassId named_class = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder"); + final JavaConstructorId named_class_cons = + JavaId.parseConstructorQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder(String,String)"); + final JavaMethodId named_class_m1 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.forTarget(String,String)"); + final JavaMethodId named_class_m2 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withStartTimeInMillis(long)"); + final JavaMethodId named_class_m3 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withDurationInMillis(long)"); + final JavaMethodId named_class_m4 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withRequestEntitySizeInBytes(long)"); + final JavaMethodId named_class_m5 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseEntitySizeInBytes(long)"); + final JavaMethodId named_class_m6 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseStatus(int)"); + final JavaMethodId named_class_m7 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseReasonPhrase(String)"); + final JavaMethodId named_class_m8 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.withResponseContentType(String)"); + final JavaMethodId named_class_m9 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder.build()"); + + // Anon. class + final JavaClassId anon_class = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1"); + final JavaMethodId anon_class_m1 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.toString()"); + final JavaMethodId anon_class_m2 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getDestination()"); + final JavaMethodId anon_class_m3 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getTargetPath()"); + final JavaMethodId anon_class_m4 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getStartTimeInMillis()"); + final JavaMethodId anon_class_m5 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getDurationInMillis()"); + final JavaMethodId anon_class_m6 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getRequestEntitySizeInBytes()"); + final JavaMethodId anon_class_m7 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseEntitySizeInBytes()"); + final JavaMethodId anon_class_m8 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseStatus()"); + final JavaMethodId anon_class_m9 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseReasonPhrase()"); + final JavaMethodId anon_class_m10 = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.HttpRequestCompletionLog$Builder$1.getResponseContentType()"); + + // Assertions + assertEquals(23, constructs.size()); + assertTrue(constructs.containsKey(p)); + + assertTrue(constructs.containsKey(named_class)); + assertTrue(constructs.containsKey(named_class_cons)); + assertTrue(constructs.containsKey(named_class_m1)); + assertTrue(constructs.containsKey(named_class_m2)); + assertTrue(constructs.containsKey(named_class_m3)); + assertTrue(constructs.containsKey(named_class_m4)); + assertTrue(constructs.containsKey(named_class_m5)); + assertTrue(constructs.containsKey(named_class_m6)); + assertTrue(constructs.containsKey(named_class_m7)); + assertTrue(constructs.containsKey(named_class_m8)); + assertTrue(constructs.containsKey(named_class_m9)); + + assertTrue(constructs.containsKey(anon_class)); + assertTrue(constructs.containsKey(anon_class_m1)); + assertTrue(constructs.containsKey(anon_class_m2)); + assertTrue(constructs.containsKey(anon_class_m3)); + assertTrue(constructs.containsKey(anon_class_m4)); + assertTrue(constructs.containsKey(anon_class_m5)); + assertTrue(constructs.containsKey(anon_class_m6)); + assertTrue(constructs.containsKey(anon_class_m7)); + assertTrue(constructs.containsKey(anon_class_m8)); + assertTrue(constructs.containsKey(anon_class_m9)); + assertTrue(constructs.containsKey(anon_class_m10)); + + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * Enum with constructor and methods, an anon class in one method, and 3 named spread accross different other methods. + */ + @Test + public void testEnumAndNamedClassesInMethod() { + try { + final JavaFileAnalyzer2 jfa = + (JavaFileAnalyzer2) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./src/test/java/com/sap/psr/vulas/java/test/ConfigKey.java")); + final Map constructs = jfa.getConstructs(); + + // The parsing should produce the following 5 elements: + final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); + + // The enum and its methods + final JavaEnumId e = JavaId.parseEnumQName("com.sap.psr.vulas.java.test.ConfigKey"); + final JavaConstructorId enum_c1 = + JavaId.parseConstructorQName( + "com.sap.psr.vulas.java.test.ConfigKey(Class,String,String)"); + final JavaMethodId enum_m1 = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.getType()"); + final JavaMethodId enum_m2 = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.getKey()"); + final JavaMethodId enum_m3 = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.getDefaultValue()"); + final JavaMethodId enum_m4 = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey.fromKey(String)"); + + // The anon class and its method + final JavaClassId anon_class = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$1"); + final JavaMethodId anon_class_m1 = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$1.foo()"); + + // The named classes + final JavaClassId nc1 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass1"); + final JavaConstructorId nc1_c = + JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass1()"); + final JavaMethodId nc1_m = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass1.foo()"); + + final JavaClassId nc2 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass2"); + final JavaMethodId nc2_m = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$1InnerClass2.foo()"); + + final JavaClassId nc3 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.ConfigKey$2InnerClass1"); + final JavaConstructorId nc3_c = + JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.ConfigKey$2InnerClass1()"); + final JavaMethodId nc3_m = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.ConfigKey$2InnerClass1.foo()"); + + // Assertions + assertEquals(17, constructs.size()); + assertTrue(constructs.containsKey(p)); + assertTrue(constructs.containsKey(e)); + assertTrue(constructs.containsKey(enum_c1)); + assertTrue(constructs.containsKey(enum_m1)); + assertTrue(constructs.containsKey(enum_m2)); + assertTrue(constructs.containsKey(enum_m3)); + assertTrue(constructs.containsKey(enum_m4)); + assertTrue(constructs.containsKey(anon_class)); + assertTrue(constructs.containsKey(anon_class_m1)); + assertTrue(constructs.containsKey(nc1)); + assertTrue(constructs.containsKey(nc1_c)); + assertTrue(constructs.containsKey(nc1_m)); + assertTrue(constructs.containsKey(nc2)); + assertTrue(constructs.containsKey(nc2_m)); + assertTrue(constructs.containsKey(nc3)); + assertTrue(constructs.containsKey(nc3_c)); + assertTrue(constructs.containsKey(nc3_m)); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * A plain vanilla class. + */ + @Test + public void testVanilla() { + try { + final JavaFileAnalyzer2 jfa = + (JavaFileAnalyzer2) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./src/test/java/com/sap/psr/vulas/java/test/Vanilla.java")); + final Map constructs = jfa.getConstructs(); + + // The parsing should produce the following 5 elements: + final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); + final JavaClassId cl = JavaId.parseClassQName("com.sap.psr.vulas.java.test.Vanilla"); + final JavaConstructorId cons = + JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.Vanilla(String)"); + final JavaMethodId meth = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.Vanilla.foo(String)"); + final JavaMethodId meth2 = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.Vanilla.vuln(String)"); + + // Assertions + assertEquals(5, constructs.size()); + assertTrue(constructs.containsKey(p)); + assertTrue(constructs.containsKey(cl)); + assertTrue(constructs.containsKey(cons)); + assertTrue(constructs.containsKey(meth)); + assertTrue(constructs.containsKey(meth2)); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * A bunch of files from Apache CXF. + */ + @Test + public void testCxfClasses() throws FileAnalysisException { + final FileAnalyzer fv = + FileAnalyzerFactory.buildFileAnalyzer( + Paths.get( + "./src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/cache") + .toFile()); + final Map constructs = fv.getConstructs(); + assertEquals(35, constructs.size()); + } + + /** + * A bunch of awfully nested classes (named and anonymous). + */ + @Test + public void testNestedDeclarationMess() { + try { + final File file = + new File("./src/test/java/com/sap/psr/vulas/java/test/NestedDeclarations.java"); + final FileAnalyzer fa = FileAnalyzerFactory.buildFileAnalyzer(file); + final Map constructs = fa.getConstructs(); + + // The parsing should produce the following 5 elements: + final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); + + final JavaClassId cl1 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations"); // line 5 + final JavaMethodId cl1_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations.doSomething()"); // line 42 + + final JavaClassId cl2 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis"); // line 11 + final JavaMethodId cl2_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis.doThis()"); // line 13 + + final JavaClassId cl3 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis$1"); // line 16 + final JavaMethodId cl3_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoSomethingElse$DoThis$1.doThat()"); // line 17 + + final JavaClassId cl4 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$1"); // line 26 + final JavaMethodId cl4_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$1.doSomethingElse()"); // line 27 + + final JavaClassId cl5 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoThis"); // line 31 + final JavaMethodId cl5_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoThis.doThis()"); // line 33 + + final JavaClassId cl6 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoThis$1"); // line 36 + final JavaMethodId cl6_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$DoThis$1.doThat()"); // line 37 + + final JavaClassId cl7 = + JavaId.parseClassQName("com.sap.psr.vulas.java.test.NestedDeclarations$2"); // line 45 + final JavaMethodId cl7_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$2.doSomething()"); // line 46 + + final JavaClassId cl8 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat"); // line 50 + final JavaMethodId cl8_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat.doThat()"); // line 52 + + final JavaClassId cl9 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat$1"); // line 55 + final JavaMethodId cl9_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$1DoThat$1.doThis()"); // line 56 + + final JavaEnumId e = + JavaId.parseEnumQName("com.sap.psr.vulas.java.test.NestedDeclarations$Foo"); // line 62 + final JavaMethodId e_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$Foo.bar()"); // line 64 + + final JavaClassId cl10 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis"); // line 66 + final JavaMethodId cl10_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis.doThis()"); // line 68 + + final JavaClassId cl11 = + JavaId.parseClassQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis$1"); // line 71 + final JavaMethodId cl11_m = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.NestedDeclarations$Foo$1DoThis$1.doThat()"); // line 72 + + // Assertions + assertEquals(25, constructs.size()); + assertTrue(constructs.containsKey(p)); + assertTrue(constructs.containsKey(cl1)); + assertTrue(constructs.containsKey(cl1_m)); + + assertTrue(constructs.containsKey(cl2)); + assertTrue(constructs.containsKey(cl2_m)); + + assertTrue(constructs.containsKey(cl3)); + assertTrue(constructs.containsKey(cl3_m)); + + assertTrue(constructs.containsKey(cl4)); + assertTrue(constructs.containsKey(cl4_m)); + + assertTrue(constructs.containsKey(cl5)); + assertTrue(constructs.containsKey(cl5_m)); + + assertTrue(constructs.containsKey(cl6)); + assertTrue(constructs.containsKey(cl6_m)); + + assertTrue(constructs.containsKey(cl7)); + assertTrue(constructs.containsKey(cl7_m)); + + assertTrue(constructs.containsKey(cl8)); + assertTrue(constructs.containsKey(cl8_m)); + + assertTrue(constructs.containsKey(cl9)); + assertTrue(constructs.containsKey(cl9_m)); + + assertTrue(constructs.containsKey(e)); + assertTrue(constructs.containsKey(e_m)); + + assertTrue(constructs.containsKey(cl10)); + assertTrue(constructs.containsKey(cl10_m)); + + assertTrue(constructs.containsKey(cl11)); + assertTrue(constructs.containsKey(cl11_m)); + } catch (FileAnalysisException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } + } + + /** + * A simple class with different parameterized arguments. + */ + @Test + public void testGenerics() { + try { + final JavaFileAnalyzer2 jfa = + (JavaFileAnalyzer2) + FileAnalyzerFactory.buildFileAnalyzer( + new File("./src/test/java/com/sap/psr/vulas/java/test/Generics.java")); + final Map constructs = jfa.getConstructs(); + + // The parsing should produce the following 5 elements: + final JavaPackageId p = new JavaPackageId("com.sap.psr.vulas.java.test"); + final JavaClassId cl = JavaId.parseClassQName("com.sap.psr.vulas.java.test.Generics"); + final JavaConstructorId cons = + JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.Generics(Map)"); + final JavaMethodId meth = + JavaId.parseMethodQName( + "com.sap.psr.vulas.java.test.Generics.foo(String,Collection,List)"); + + // Assertions + assertEquals(4, constructs.size()); + assertTrue(constructs.containsKey(p)); + assertTrue(constructs.containsKey(cl)); + assertTrue(constructs.containsKey(cons)); + assertTrue(constructs.containsKey(meth)); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + + /** + * Attention: The class SAMLUtils overloads the method parseRolesInAssertion using the types "org.opensaml.saml1.core.Assertion" + * and "parseRolesInAssertion(org.opensaml.saml2.core.Assertion". Since we remove the parameter qualification, the class only + * has 13 rather than 14 methods. + * TODO: Discuss the case + */ + @Test + public void testCxfClass() { + try { + final File file = + new File( + "./src/test/resources/ws_security_1438423/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java"); + final FileAnalyzer fa = (JavaFileAnalyzer2) FileAnalyzerFactory.buildFileAnalyzer(file); + final Map constructs = fa.getConstructs(); + assertEquals(13, constructs.size()); + } catch (FileAnalysisException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } + } + + /** + * See Jira VULAS-739 + */ + @Test + public void testSunClass() { + try { + final File file = new File("./src/test/resources/Collector.java"); + final FileAnalyzer fa = (JavaFileAnalyzer2) FileAnalyzerFactory.buildFileAnalyzer(file); + final Map constructs = fa.getConstructs(); + assertEquals(2, constructs.size()); + } catch (FileAnalysisException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } + } + + /** + * Tests whether the constructs extracted from a Java file correspond to the ones obtained from the compiled file. + */ + @Test + public void testCompareConstructCreation() { + FileSearch fs = new FileSearch(new String[] {"class"}); + Set class_files = + fs.search(Paths.get("./target/test-classes/com/sap/psr/vulas/java/test/"), 1); + Set c_from_class = new HashSet(); + String filename = null; + for (Path p : class_files) { + filename = p.getFileName().toString(); + if (filename.startsWith("TestAnon")) { + FileAnalyzer fa; + try { + fa = FileAnalyzerFactory.buildFileAnalyzer(p.toFile()); + c_from_class.addAll(fa.getConstructs().keySet()); + } catch (FileAnalysisException e) { + e.printStackTrace(); + assertTrue(false); + } + } + } + + Set c_from_java = new HashSet(); + File p = null; + try { + p = Paths.get("./src/test/java/com/sap/psr/vulas/java/test/TestAnon.java").toFile(); + FileAnalyzer fa2 = (JavaFileAnalyzer2) FileAnalyzerFactory.buildFileAnalyzer(p); + c_from_java.addAll(fa2.getConstructs().keySet()); + } catch (FileAnalysisException e) { + e.printStackTrace(); + } + + assertTrue(this.compareConstructSets(c_from_class, c_from_java)); + } + + private boolean compareConstructSets( + Set _bytecode_constructs, Set _sourcecode_constructs) { + final Set bytecode_constructs = new HashSet(_bytecode_constructs); + final Set sourcecode_constructs = new HashSet(_sourcecode_constructs); + + System.out.println( + "Matching constructs from bytecode (" + + bytecode_constructs.size() + + ") against source code (" + + sourcecode_constructs.size() + + "):\n"); + int matches = 0; + + // Remove constructs found in both sources + for (ConstructId f : _bytecode_constructs) { + for (ConstructId s : _sourcecode_constructs) { + if (f.equals(s)) { + matches++; + bytecode_constructs.remove(f); + sourcecode_constructs.remove(s); + } + } + } + + // Remove constructs created at compile time + + // For enums: constructor(String,int) and values() and valueOf + JavaConstructorId cons = + JavaId.parseConstructorQName("com.sap.psr.vulas.java.test.TestAnon$Foo(String,int)"); + JavaMethodId values = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.TestAnon$Foo.values()"); + JavaMethodId value_of = + JavaId.parseMethodQName("com.sap.psr.vulas.java.test.TestAnon$Foo.valueOf(String)"); + bytecode_constructs.remove(cons); + bytecode_constructs.remove(values); + bytecode_constructs.remove(value_of); + + // For classes: Remove all default constructors (w/o arguments) + JavaId jid = null; + JavaConstructorId jcid = null; + for (ConstructId c : _bytecode_constructs) { + jid = (JavaId) c; + if (bytecode_constructs.contains(c) && jid.getType().equals(JavaId.Type.CONSTRUCTOR)) { + jcid = (JavaConstructorId) jid; + if (!jcid.hasParams()) { + bytecode_constructs.remove(c); + } + } + } + + if (!bytecode_constructs.isEmpty()) { + System.out.println( + bytecode_constructs.size() + " unmatched constructs in first set (from bytecode):"); + for (ConstructId c : bytecode_constructs) { + System.out.println(" " + c); + } + } + + if (!sourcecode_constructs.isEmpty()) { + System.out.println( + sourcecode_constructs.size() + " unmatched constructs in second set (from source code):"); + for (ConstructId c : sourcecode_constructs) { + System.out.println(" " + c); + } + } + + // Both should be empty by now (all matches and compiler-added constructs have been removed) + return bytecode_constructs.isEmpty() && sourcecode_constructs.isEmpty(); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/JavaIdTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/JavaIdTest.java index 613c8ea5b..60c18d50b 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/JavaIdTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/JavaIdTest.java @@ -39,239 +39,259 @@ */ public class JavaIdTest { - @Rule public ExpectedException thrown = ExpectedException.none(); - - @Test - public void packageIdTest() { - final JavaPackageId p = new JavaPackageId("com.sap.research"); - assertEquals("com.sap.research", p.getQualifiedName()); - assertEquals("com.sap.research", p.getName()); - assertEquals("com.sap.research", p.getSimpleName()); - assertEquals(null, p.getDefinitionContext()); - assertEquals(null, p.getJavaPackageId()); - } - - @Test - public void classIdTest() { - final JavaPackageId p = new JavaPackageId("com.sap.research"); - final JavaClassId c = new JavaClassId(p, "TestClass"); - assertEquals("com.sap.research.TestClass", c.getQualifiedName()); - assertEquals("TestClass", c.getName()); - assertEquals("TestClass", c.getSimpleName()); - assertEquals(p, c.getDefinitionContext()); - assertEquals(p, c.getJavaPackageId()); - } - - @Test - public void nestedClassIdTest() { - final JavaPackageId p = new JavaPackageId("com.sap.research"); - final JavaClassId c = new JavaClassId(p, "TestClass"); - final JavaClassId nc = new JavaClassId(c, "NestedClass"); - assertEquals("com.sap.research.TestClass$NestedClass", nc.getQualifiedName()); - assertEquals("TestClass$NestedClass", nc.getName()); - assertEquals("NestedClass", nc.getSimpleName()); - assertEquals(c, nc.getDefinitionContext()); - assertEquals(p, nc.getJavaPackageId()); - } - - @Test - public void methodIdTest() { - final JavaPackageId p = new JavaPackageId("com.sap.research"); - final JavaClassId c = new JavaClassId(p, "TestClass"); - final JavaClassId nc = new JavaClassId(c, "NestedClass"); - final JavaMethodId m = new JavaMethodId(nc, "foo", Arrays.asList("java.lang.String", "int")); - assertEquals("com.sap.research.TestClass$NestedClass.foo(String,int)", m.getQualifiedName()); - assertEquals("foo(String,int)", m.getName()); - assertEquals("foo", m.getSimpleName()); - assertEquals(nc, m.getDefinitionContext()); - assertEquals(p, m.getJavaPackageId()); - } - - @Test - public void testMethodParser() { - final JavaPackageId p = new JavaPackageId("com.sap.research"); - final JavaClassId c = new JavaClassId(p, "TestClass"); - final JavaClassId nc = new JavaClassId(c, "NestedClass"); - final JavaMethodId m1 = new JavaMethodId(nc, "foo", Arrays.asList("java.lang.String", "int")); - final JavaMethodId m2 = JavaId.parseMethodQName("com.sap.research.TestClass$NestedClass.foo(String,int)"); - assertEquals(m1, m2); - } - - @Test - public void testRemovePackageContext() { - assertTrue(JavaId.removePackageContext("a.b.c.Class").equals("Class")); - assertTrue(JavaId.removePackageContext("a.b.c.Class$NestedClass").equals("NestedClass")); - assertTrue(JavaId.removePackageContext("Class").equals("Class")); - } - - @Test - public void typeFromStringInputNotNullOutputIllegalArgumentException() { - - // Arrange - final String _t = ""; - - // Act - thrown.expect(IllegalArgumentException.class); - JavaId.typeFromString(_t); - - // Method is not expected to return due to exception thrown - } - - @Test - public void typeFromStringInputNotNullOutputNotNull() { - - // Arrange - final String _t = "ENUM"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.ENUM, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull2() { - - // Arrange - final String _t = "pACK"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.PACKAGE, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull3() { - - // Arrange - final String _t = "iNIT"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.CLASSINIT, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull4() { - - // Arrange - final String _t = "CLAS"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.CLASS, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull5() { - - // Arrange - final String _t = "InTF"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.INTERFACE, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull6() { - - // Arrange - final String _t = "CoNs"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.CONSTRUCTOR, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull7() { - - // Arrange - final String _t = "NCla"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.NESTED_CLASS, retval); - } - - @Test - public void typeFromStringInputNotNullOutputNotNull8() { - - // Arrange - final String _t = "MEtH"; - - // Act - final JavaId.Type retval = JavaId.typeFromString(_t); - - // Assert result - assertEquals(JavaId.Type.METHOD, retval); - } - - @Test - public void filterInputNotNull0Output0() { - - // Arrange - final HashSet _set = new HashSet(); - final JavaId.Type[] _filter = {}; - - // Act - final Set retval = JavaId.filter(_set, _filter); - - // Assert result - final HashSet hashSet = new HashSet(); - assertEquals(hashSet, retval); - } - - @Test - public void filterInputNotNullNotNullOutput0() { - - // Arrange - final HashSet _set = new HashSet(); - final String _filter = ""; - - // Act - final Set retval = JavaId.filter(_set, _filter); - - // Assert result - final HashSet hashSet = new HashSet(); - assertEquals(hashSet, retval); - } - - @Test - public void testGetJarUrl() { - try { - URL u = Class.forName("org.junit.Assert").getResource('/' + "org.junit.Assert".replace('.', '/') + ".class");//new URL("jar:file:/test/foo.jar!bar.class"); - URL uj = JavaId.getJarUrl(u); - assertTrue(uj.toString().matches("^file:/.*/\\.m2/repository/junit/junit/.*/junit-.*\\.jar$")); - - u = Class.forName("java.util.jar.JarFile").getResource('/' + "java.util.jar.JarFile".replace('.', '/') + ".class");//new URL("jar:file:/test/foo.jar!bar.class"); - uj = JavaId.getJarUrl(u); - assertTrue(uj!=null); - - u = new URL("jar", "", "file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar"); - uj = JavaId.getJarUrl(u); - assertEquals("file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar", uj.toString()); - - u = new URL("jar", "", "file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar!bar.class"); - uj = JavaId.getJarUrl(u); - assertEquals("file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar", uj.toString()); - } catch (Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } + @Rule public ExpectedException thrown = ExpectedException.none(); + + @Test + public void packageIdTest() { + final JavaPackageId p = new JavaPackageId("com.sap.research"); + assertEquals("com.sap.research", p.getQualifiedName()); + assertEquals("com.sap.research", p.getName()); + assertEquals("com.sap.research", p.getSimpleName()); + assertEquals(null, p.getDefinitionContext()); + assertEquals(null, p.getJavaPackageId()); + } + + @Test + public void classIdTest() { + final JavaPackageId p = new JavaPackageId("com.sap.research"); + final JavaClassId c = new JavaClassId(p, "TestClass"); + assertEquals("com.sap.research.TestClass", c.getQualifiedName()); + assertEquals("TestClass", c.getName()); + assertEquals("TestClass", c.getSimpleName()); + assertEquals(p, c.getDefinitionContext()); + assertEquals(p, c.getJavaPackageId()); + } + + @Test + public void nestedClassIdTest() { + final JavaPackageId p = new JavaPackageId("com.sap.research"); + final JavaClassId c = new JavaClassId(p, "TestClass"); + final JavaClassId nc = new JavaClassId(c, "NestedClass"); + assertEquals("com.sap.research.TestClass$NestedClass", nc.getQualifiedName()); + assertEquals("TestClass$NestedClass", nc.getName()); + assertEquals("NestedClass", nc.getSimpleName()); + assertEquals(c, nc.getDefinitionContext()); + assertEquals(p, nc.getJavaPackageId()); + } + + @Test + public void methodIdTest() { + final JavaPackageId p = new JavaPackageId("com.sap.research"); + final JavaClassId c = new JavaClassId(p, "TestClass"); + final JavaClassId nc = new JavaClassId(c, "NestedClass"); + final JavaMethodId m = new JavaMethodId(nc, "foo", Arrays.asList("java.lang.String", "int")); + assertEquals("com.sap.research.TestClass$NestedClass.foo(String,int)", m.getQualifiedName()); + assertEquals("foo(String,int)", m.getName()); + assertEquals("foo", m.getSimpleName()); + assertEquals(nc, m.getDefinitionContext()); + assertEquals(p, m.getJavaPackageId()); + } + + @Test + public void testMethodParser() { + final JavaPackageId p = new JavaPackageId("com.sap.research"); + final JavaClassId c = new JavaClassId(p, "TestClass"); + final JavaClassId nc = new JavaClassId(c, "NestedClass"); + final JavaMethodId m1 = new JavaMethodId(nc, "foo", Arrays.asList("java.lang.String", "int")); + final JavaMethodId m2 = + JavaId.parseMethodQName("com.sap.research.TestClass$NestedClass.foo(String,int)"); + assertEquals(m1, m2); + } + + @Test + public void testRemovePackageContext() { + assertTrue(JavaId.removePackageContext("a.b.c.Class").equals("Class")); + assertTrue(JavaId.removePackageContext("a.b.c.Class$NestedClass").equals("NestedClass")); + assertTrue(JavaId.removePackageContext("Class").equals("Class")); + } + + @Test + public void typeFromStringInputNotNullOutputIllegalArgumentException() { + + // Arrange + final String _t = ""; + + // Act + thrown.expect(IllegalArgumentException.class); + JavaId.typeFromString(_t); + + // Method is not expected to return due to exception thrown + } + + @Test + public void typeFromStringInputNotNullOutputNotNull() { + + // Arrange + final String _t = "ENUM"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.ENUM, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull2() { + + // Arrange + final String _t = "pACK"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.PACKAGE, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull3() { + + // Arrange + final String _t = "iNIT"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.CLASSINIT, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull4() { + + // Arrange + final String _t = "CLAS"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.CLASS, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull5() { + + // Arrange + final String _t = "InTF"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.INTERFACE, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull6() { + + // Arrange + final String _t = "CoNs"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.CONSTRUCTOR, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull7() { + + // Arrange + final String _t = "NCla"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.NESTED_CLASS, retval); + } + + @Test + public void typeFromStringInputNotNullOutputNotNull8() { + + // Arrange + final String _t = "MEtH"; + + // Act + final JavaId.Type retval = JavaId.typeFromString(_t); + + // Assert result + assertEquals(JavaId.Type.METHOD, retval); + } + + @Test + public void filterInputNotNull0Output0() { + + // Arrange + final HashSet _set = new HashSet(); + final JavaId.Type[] _filter = {}; + + // Act + final Set retval = JavaId.filter(_set, _filter); + + // Assert result + final HashSet hashSet = new HashSet(); + assertEquals(hashSet, retval); + } + + @Test + public void filterInputNotNullNotNullOutput0() { + + // Arrange + final HashSet _set = new HashSet(); + final String _filter = ""; + + // Act + final Set retval = JavaId.filter(_set, _filter); + + // Assert result + final HashSet hashSet = new HashSet(); + assertEquals(hashSet, retval); + } + + @Test + public void testGetJarUrl() { + try { + URL u = + Class.forName("org.junit.Assert") + .getResource( + '/' + + "org.junit.Assert".replace('.', '/') + + ".class"); // new URL("jar:file:/test/foo.jar!bar.class"); + URL uj = JavaId.getJarUrl(u); + assertTrue( + uj.toString().matches("^file:/.*/\\.m2/repository/junit/junit/.*/junit-.*\\.jar$")); + + u = + Class.forName("java.util.jar.JarFile") + .getResource( + '/' + + "java.util.jar.JarFile".replace('.', '/') + + ".class"); // new URL("jar:file:/test/foo.jar!bar.class"); + uj = JavaId.getJarUrl(u); + assertTrue(uj != null); + + u = + new URL( + "jar", "", "file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar"); + uj = JavaId.getJarUrl(u); + assertEquals( + "file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar", uj.toString()); + + u = + new URL( + "jar", + "", + "file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar!bar.class"); + uj = JavaId.getJarUrl(u); + assertEquals( + "file:/org.eclipse.equinox.p2.jarprocessor_1.0.300.v20130327-2119.jar", uj.toString()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/JsonHelperTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/JsonHelperTest.java index 06bf1313a..0d7604308 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/JsonHelperTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/JsonHelperTest.java @@ -35,57 +35,58 @@ public class JsonHelperTest { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - /** - * Analyzes a given JAR twice and checks whether the produced JSON is equal. - */ - @Test - public void jarToJsonEqualityTest() throws FileAnalysisException { - try { - // Create JSON for the same JAR - final JarAnalyzer ja1 = new JarAnalyzer(); - ja1.analyze(new File("./src/test/resources/poi-ooxml-schemas-3.11-beta1.jar")); - final String json1 = JacksonUtil.asJsonString(ja1.getLibrary()); - final JarAnalyzer ja2 = new JarAnalyzer(); - ja2.analyze(new File("./src/test/resources/poi-ooxml-schemas-3.11-beta1.jar")); - final String json2 = JacksonUtil.asJsonString(ja1.getLibrary()); + /** + * Analyzes a given JAR twice and checks whether the produced JSON is equal. + */ + @Test + public void jarToJsonEqualityTest() throws FileAnalysisException { + try { + // Create JSON for the same JAR + final JarAnalyzer ja1 = new JarAnalyzer(); + ja1.analyze(new File("./src/test/resources/poi-ooxml-schemas-3.11-beta1.jar")); + final String json1 = JacksonUtil.asJsonString(ja1.getLibrary()); + final JarAnalyzer ja2 = new JarAnalyzer(); + ja2.analyze(new File("./src/test/resources/poi-ooxml-schemas-3.11-beta1.jar")); + final String json2 = JacksonUtil.asJsonString(ja1.getLibrary()); - // The JSON should be equal. If not, write it to files so that it can be compared - if(!json1.equals(json2)) { - final Path p1 = FileUtil.writeToTmpFile(null, "json", json1); - final Path p2 = FileUtil.writeToTmpFile(null, "json", json2); - JsonHelperTest.log.info("JSON written to [" + p1.toAbsolutePath()+ "] and [" + p2.toAbsolutePath() + "]"); - } + // The JSON should be equal. If not, write it to files so that it can be compared + if (!json1.equals(json2)) { + final Path p1 = FileUtil.writeToTmpFile(null, "json", json1); + final Path p2 = FileUtil.writeToTmpFile(null, "json", json2); + JsonHelperTest.log.info( + "JSON written to [" + p1.toAbsolutePath() + "] and [" + p2.toAbsolutePath() + "]"); + } - assertEquals(json1, json2); - } catch (IllegalStateException ise) { - // TODO Auto-generated catch block - ise.printStackTrace(); - } catch (IOException ioe) { - // TODO Auto-generated catch block - ioe.printStackTrace(); - } - } + assertEquals(json1, json2); + } catch (IllegalStateException ise) { + // TODO Auto-generated catch block + ise.printStackTrace(); + } catch (IOException ioe) { + // TODO Auto-generated catch block + ioe.printStackTrace(); + } + } - /** - * Analyzes a JAR that contains nested classes (having a $ in their name), but not the surrounding class. - * In fact, a $ is a permitted character in class names. It is only a convention to not use it. - */ - @Test - public void nestedClassesTest() throws FileAnalysisException { - try { - final JarAnalyzer ja3 = new JarAnalyzer(); - ja3.analyze(new File("./src/test/resources/diverse.jar")); - final String pretty_json3 = JacksonUtil.asJsonString(ja3.getLibrary()); - final Path p3 = FileUtil.writeToTmpFile(null, "json",pretty_json3); - JsonHelperTest.log.info("JSON written to [" + p3.toAbsolutePath() + "]"); - } catch (IllegalStateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + /** + * Analyzes a JAR that contains nested classes (having a $ in their name), but not the surrounding class. + * In fact, a $ is a permitted character in class names. It is only a convention to not use it. + */ + @Test + public void nestedClassesTest() throws FileAnalysisException { + try { + final JarAnalyzer ja3 = new JarAnalyzer(); + ja3.analyze(new File("./src/test/resources/diverse.jar")); + final String pretty_json3 = JacksonUtil.asJsonString(ja3.getLibrary()); + final Path p3 = FileUtil.writeToTmpFile(null, "json", pretty_json3); + JsonHelperTest.log.info("JSON written to [" + p3.toAbsolutePath() + "]"); + } catch (IllegalStateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/PomParserTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/PomParserTest.java index ff26d8be3..037ac2e5e 100755 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/PomParserTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/PomParserTest.java @@ -34,21 +34,21 @@ public class PomParserTest { - @Test - public void testParsePom() { - try { - final PomParser pp = new PomParser(); - final SAXParserFactory spf = SAXParserFactory.newInstance(); - spf.setNamespaceAware(true); - final SAXParser saxParser = spf.newSAXParser(); - final XMLReader xmlReader = saxParser.getXMLReader(); - xmlReader.setContentHandler(pp); - xmlReader.parse(new InputSource(new FileReader(new File("pom.xml")))); - assertEquals("com.sap.research.security.vulas", pp.getLibraryId().getMvnGroup()); - assertEquals("lang-java", pp.getLibraryId().getArtifact()); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } + @Test + public void testParsePom() { + try { + final PomParser pp = new PomParser(); + final SAXParserFactory spf = SAXParserFactory.newInstance(); + spf.setNamespaceAware(true); + final SAXParser saxParser = spf.newSAXParser(); + final XMLReader xmlReader = saxParser.getXMLReader(); + xmlReader.setContentHandler(pp); + xmlReader.parse(new InputSource(new FileReader(new File("pom.xml")))); + assertEquals("com.sap.research.security.vulas", pp.getLibraryId().getMvnGroup()); + assertEquals("lang-java", pp.getLibraryId().getArtifact()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/WarAnalyzerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/WarAnalyzerTest.java index 8d1b637b6..42fff6da3 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/WarAnalyzerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/WarAnalyzerTest.java @@ -38,49 +38,49 @@ public class WarAnalyzerTest { - @Test - @Category(Slow.class) - public void testAnalyze() { - try { - final WarAnalyzer wa = new WarAnalyzer(); - wa.analyze(new File("./src/test/resources/examples.war")); - wa.setWorkDir(Paths.get("./target")); - wa.setRename(true); - WarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); - wa.call(); - - // 15 archives in WEB-INF/lib - final Set fas = wa.getChilds(true); - assertEquals(15, fas.size()); - - // 15 constructs in classes in WEB-INF/classes - final Set cids = wa.getConstructIds(); - assertEquals(15, cids.size()); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } - - @Test - @Category(Slow.class) - public void testInstrument() { - try { - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.INSTR_WRITE_CODE, "true"); - final WarAnalyzer wa = new WarAnalyzer(); - wa.analyze(new File("./src/test/resources/examples.war")); - wa.setWorkDir(Paths.get("./target")); - wa.setRename(true); - wa.setInstrument(true); - WarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); - wa.call(); - - // Check instrumented WAR - final File new_war = wa.getInstrumentedArchive(); - assertTrue(new_war.exists()); - } catch(Exception e) { - e.printStackTrace(); - assertTrue(false); - } - } + @Test + @Category(Slow.class) + public void testAnalyze() { + try { + final WarAnalyzer wa = new WarAnalyzer(); + wa.analyze(new File("./src/test/resources/examples.war")); + wa.setWorkDir(Paths.get("./target")); + wa.setRename(true); + WarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); + wa.call(); + + // 15 archives in WEB-INF/lib + final Set fas = wa.getChilds(true); + assertEquals(15, fas.size()); + + // 15 constructs in classes in WEB-INF/classes + final Set cids = wa.getConstructIds(); + assertEquals(15, cids.size()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } + + @Test + @Category(Slow.class) + public void testInstrument() { + try { + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.INSTR_WRITE_CODE, "true"); + final WarAnalyzer wa = new WarAnalyzer(); + wa.analyze(new File("./src/test/resources/examples.war")); + wa.setWorkDir(Paths.get("./target")); + wa.setRename(true); + wa.setInstrument(true); + WarAnalyzer.setAppContext(new Application("dummy-group", "dummy-artifact", "0.0.1-SNAPSHOT")); + wa.call(); + + // Check instrumented WAR + final File new_war = wa.getInstrumentedArchive(); + assertTrue(new_war.exists()); + } catch (Exception e) { + e.printStackTrace(); + assertTrue(false); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/decompiler/IDecompilerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/decompiler/IDecompilerTest.java index 293ef59e6..5cebaa51e 100755 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/decompiler/IDecompilerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/decompiler/IDecompilerTest.java @@ -36,37 +36,45 @@ public class IDecompilerTest { - /** Test class to be decompiled. */ - class NonStaticInner { - NonStaticInner() {} - void foo() {} - } + /** Test class to be decompiled. */ + class NonStaticInner { + NonStaticInner() {} - /** Test class to be decompiled. */ - static class StaticInner { - StaticInner() {} - void foo() {} - } + void foo() {} + } - /** - * Test whether the decompiler properly constructs the names of inner classes (in the form Outer$Inner). - * As explained in the Procyon ticket #283 (https://bitbucket.org/mstrobel/procyon/issues/283), this - * does not work for an inner class from Apache FileUpload. - */ - @Test - public void testDecompileAnonClass() { - try { - // Decompile and get constructs - final IDecompiler decompiler = new ProcyonDecompiler(); - final File java_source_file = decompiler.decompileClassFile(new File("./target/test-classes/com/sap/psr/vulas/java/decompiler/IDecompilerTest$NonStaticInner.class")); - final FileAnalyzer jfa = FileAnalyzerFactory.buildFileAnalyzer(java_source_file); - final Map constructs = jfa.getConstructs(); + /** Test class to be decompiled. */ + static class StaticInner { + StaticInner() {} - // Expected construct - JavaClassId inner_class = JavaId.parseClassQName("com.sap.psr.vulas.sign.decompiler.IDecompilerTest$NonStaticInner"); + void foo() {} + } - //TODO: Change as soon (if ever) this is fixed - assertTrue(!constructs.containsKey(inner_class)); - } catch (FileAnalysisException e) {} - } + /** + * Test whether the decompiler properly constructs the names of inner classes (in the form Outer$Inner). + * As explained in the Procyon ticket #283 (https://bitbucket.org/mstrobel/procyon/issues/283), this + * does not work for an inner class from Apache FileUpload. + */ + @Test + public void testDecompileAnonClass() { + try { + // Decompile and get constructs + final IDecompiler decompiler = new ProcyonDecompiler(); + final File java_source_file = + decompiler.decompileClassFile( + new File( + "./target/test-classes/com/sap/psr/vulas/java/decompiler/IDecompilerTest$NonStaticInner.class")); + final FileAnalyzer jfa = FileAnalyzerFactory.buildFileAnalyzer(java_source_file); + final Map constructs = jfa.getConstructs(); + + // Expected construct + JavaClassId inner_class = + JavaId.parseClassQName( + "com.sap.psr.vulas.sign.decompiler.IDecompilerTest$NonStaticInner"); + + // TODO: Change as soon (if ever) this is fixed + assertTrue(!constructs.containsKey(inner_class)); + } catch (FileAnalysisException e) { + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/ASTSignatureComparatorTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/ASTSignatureComparatorTest.java index b0220402d..39f117e92 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/ASTSignatureComparatorTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/ASTSignatureComparatorTest.java @@ -40,7 +40,6 @@ import org.junit.Test; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; -import com.google.gson.Gson; import com.google.gson.JsonSyntaxException; import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; @@ -52,7 +51,6 @@ import com.sap.psr.vulas.java.JavaId; import com.sap.psr.vulas.java.sign.gson.ASTConstructBodySignatureDeserializer; import com.sap.psr.vulas.java.sign.gson.ASTSignatureChangeDeserializer; -import com.sap.psr.vulas.java.sign.gson.GsonHelper; import com.sap.psr.vulas.shared.json.JacksonUtil; import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.sign.Signature; @@ -65,203 +63,343 @@ */ public class ASTSignatureComparatorTest { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - Map,StdDeserializer> custom_deserializers = new HashMap,StdDeserializer>(); - - private static final String TEST_DATA = "./src/test/resources/methodBody/"; - - private String _constructQName = "org.apache.commons.fileupload.MultipartStream(InputStream,byte[],int,ProgressNotifier)"; - private String _fixedJavaFile = "MultipartStreamFix.java"; - private String _defectiveJavaFile = "MultipartStreamDef.java"; - private String _underTestJavaFile = "MultipartStream121.java"; - - //Def and Fix Signatures - private Signature signatureFix = null; - private Signature signatureDef = null; - private Signature signatureUnderTest = null; - - //"Diff" patch - Signature Change - SignatureChange astChange = null; - - private void setupDefectiveConstruct() throws FileAnalysisException{ - - FileAnalyzer jfa2 = FileAnalyzerFactory.buildFileAnalyzer(new File(TEST_DATA+_defectiveJavaFile)); - // Create a construct for testing and check that it exists in the set - JavaConstructorId cDefid = JavaId.parseConstructorQName(_constructQName); - assertEquals(jfa2.containsConstruct(cDefid), true); - - final Construct _cDef = jfa2.getConstruct(cDefid); - //log.info("DEF CONSTRUCT CONTENT\n"+_cDef.getContent()); - SignatureFactory signFactory = CoreConfiguration.getSignatureFactory(ConstructId.toSharedType(cDefid)); - signatureDef = signFactory.createSignature(_cDef); - log.info("AST of FIXED construct: [" + signatureDef.toJson()+ "]"); - } - - private void setupFixedConstruct() throws FileAnalysisException{ - FileAnalyzer jfa2 = FileAnalyzerFactory.buildFileAnalyzer(new File(TEST_DATA+_fixedJavaFile)); - - // Create a construct for testing and check that it exists in the set - JavaConstructorId cFixid = JavaId.parseConstructorQName(_constructQName); - assertEquals(jfa2.containsConstruct(cFixid), true); - - final Construct _cFix = jfa2.getConstruct(cFixid); - SignatureFactory signFactory = CoreConfiguration.getSignatureFactory(ConstructId.toSharedType(cFixid)); - signatureFix = signFactory.createSignature(_cFix); - log.info("AST of DEFECTIVE construct: [" + signatureFix.toJson()+ "]"); - - } - - private void setupConstructUnderTest() throws FileAnalysisException{ - - FileAnalyzer jfa2 = FileAnalyzerFactory.buildFileAnalyzer(new File(TEST_DATA+_underTestJavaFile)); - - // Create a construct for testing and check that it exists in the set - JavaConstructorId cFixid = JavaId.parseConstructorQName(_constructQName); - assertEquals(jfa2.containsConstruct(cFixid), true); - - final Construct _cFix = jfa2.getConstruct(cFixid); - SignatureFactory signFactory = CoreConfiguration.getSignatureFactory(ConstructId.toSharedType(cFixid)); - signatureUnderTest = signFactory.createSignature(_cFix); - log.info("AST of TESTED construct: [" + signatureUnderTest.toJson()+ "]"); - - } - - @Before - public void setup() throws FileAnalysisException{ - this.setupFixedConstruct(); - this.setupDefectiveConstruct(); - this.setupConstructUnderTest(); - custom_deserializers.put(ASTSignatureChange.class, new ASTSignatureChangeDeserializer()); - custom_deserializers.put(ASTConstructBodySignature.class, new ASTConstructBodySignatureDeserializer()); - } - - @Test - public void testChangeComparison() throws FileAnalysisException, IOException { - - // Read previous change from disk and check equality - final String sig_chg_json = FileUtil.readFile(Paths.get("./src/test/resources/methodBody/deserialize/signatureChange.json")); - final SignatureChange ddf = (ASTSignatureChange) JacksonUtil.asObject(sig_chg_json, custom_deserializers, ASTSignatureChange.class); - - SignatureComparator signComparator = new ASTSignatureComparator(); - SignatureChange ddt = signComparator.computeChange(signatureDef, signatureUnderTest); - - this.setupDefectiveConstruct(); - this.setupFixedConstruct(); - this.setupConstructUnderTest(); - SignatureChange dtf = signComparator.computeChange(signatureUnderTest, signatureFix); - - final Set i_dt = ASTUtil.intersectSourceCodeChanges(ddt.getModifications(), ddf.getModifications(), false); - final Set i_tf = ASTUtil.intersectSourceCodeChanges(dtf.getModifications(), ddf.getModifications(), false); - - this.setupConstructUnderTest(); - } - - @Test - @Ignore - public void testSignComparatorContainsChange2() throws FileAnalysisException { - - SignatureComparator signComparator = new ASTSignatureComparator(); - SignatureChange astSignChange = signComparator.computeChange(signatureDef, signatureFix); - - /*//Fixed Version Must have the SourceCode change Elements - log.info("Signature Under Test : Known to be a Fixed Version \n"); - assertTrue(signComparator.containsChange(signatureFix, astSignChange)); - log.info("YES, Signature contains Fix " + "\n" ); - - *//** - * LAZY SOLUTION : The call in class ASTSignatureChange :getModifications(){ mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode);} - * Changes the defective version into the fixed one, (No pass by Reference), Until I find a better solution, compute Signature of the defective construct again - *//* - this.setupDefectiveConstruct(); - - //Defective Version Must NOT have the SourceCode change Elements - log.info("Signature Under Test : Known to be a Defective Version \n"); - assertFalse(signComparator.containsChange(signatureDef, astSignChange)); - log.info("NO, Signature Doesn't contain Fix" ); - */ - log.info("DIFF JSON"); - System.out.println(astSignChange.toJSON()); - //System.out.println(astSignChange.toString()); - - //Random Signature Under Test (Test should pass if the signature under test is close to the fixed version) - log.info("Random Signature Under Test \n"); - //assertTrue(signComparator.containsChange(signatureUnderTest, astSignChange)); - assertTrue(signComparator.containsChange(signatureFix, astSignChange)); - log.info("YES, Signature contains Fix " + "\n" ); - } - - @Test - @Ignore - public void testSignComparatorContainsChange() throws FileAnalysisException{ - - // Compute signature change - final SignatureComparator comparator = new ASTSignatureComparator(); - final SignatureChange change = comparator.computeChange(signatureDef, signatureFix); - log.info("Signature change: [" + change.toJSON() + "]"); - - // Check change containment for FIXED construct: should be TRUE - assertTrue(comparator.containsChange(signatureFix, change)); - - /** - * LAZY SOLUTION : The call in class ASTSignatureChange :getModifications(){ mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode);} - * Changes the defective version into the fixed one, (No pass by Reference), Until I find a better solution, compute Signature of the defective construct again - */ - - this.setupDefectiveConstruct(); - - // Check change containment for VULNERABLE construct: should be FALSE - assertFalse(comparator.containsChange(signatureDef, change)); - - // Random Signature Under Test (Test should pass if the signature under test is close to the fixed version) - assertFalse(comparator.containsChange(signatureUnderTest, change)); - } - - @Test - @Ignore - public void testSearchForEntity(){ - final ASTSignatureComparator signComparator = new ASTSignatureComparator(); - final boolean found = signComparator.searchForEntity("this.boundary = new byte[(boundary.length + BOUNDARY_PREFIX.length)];", ((ASTSignature)signatureDef).getRoot()); - assertTrue(found); - } - - private static final String vulSigJson = "{\"ast\":[ {\"Value\" : \"MultipartStream\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 19,\"End\" : 861}},\"EntityType\" : \"METHOD\",\"C\" : [{\"Value\" : \"this.input = input;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 162,\"End\" : 180}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.bufSize = bufSize;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 191,\"End\" : 213}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.buffer = new byte[bufSize];\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 224,\"End\" : 255}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.notifier = pNotifier;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 266,\"End\" : 291}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.boundary = new byte[(boundary.length + BOUNDARY_PREFIX.length)];\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 407,\"End\" : 473}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.boundaryLength = (boundary.length + BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 484,\"End\" : 546}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.keepRegion = this.boundary.length;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 557,\"End\" : 595}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 606,\"End\" : 701}},\"EntityType\" : \"METHOD_INVOCATION\"},{\"Value\" : \"System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length, boundary.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 712,\"End\" : 814}},\"EntityType\" : \"METHOD_INVOCATION\"},{\"Value\" : \"head = 0;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 827,\"End\" : 835}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"tail = 0;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 846,\"End\" : 854}},\"EntityType\" : \"ASSIGNMENT\"}]}]}"; - private static final String fixSigJson = "{\"ast\":[ {\"Value\" : \"MultipartStream\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 19,\"End\" : 1040}},\"EntityType\" : \"METHOD\",\"C\" : [{\"Value\" : \"this.input = input;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 162,\"End\" : 180}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.bufSize = bufSize;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 191,\"End\" : 213}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.buffer = new byte[bufSize];\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 224,\"End\" : 255}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.notifier = pNotifier;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 266,\"End\" : 291}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.boundaryLength = (boundary.length + BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 407,\"End\" : 469}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"(bufSize < (this.boundaryLength + 1))\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 480,\"End\" : 667}},\"EntityType\" : \"IF_STATEMENT\",\"C\" : [{\"Value\" : \"(bufSize < (this.boundaryLength + 1))\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 519,\"End\" : 667}},\"EntityType\" : \"THEN_STATEMENT\",\"C\" : [{\"Value\" : \"new IllegalArgumentException(\\\"The buffer size specified for the MultipartStream is too small\\\");\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 534,\"End\" : 656}},\"EntityType\" : \"THROW_STATEMENT\"}]}]},{\"Value\" : \"this.boundary = new byte[this.boundaryLength];\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 678,\"End\" : 723}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.keepRegion = this.boundary.length;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 734,\"End\" : 772}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 785,\"End\" : 880}},\"EntityType\" : \"METHOD_INVOCATION\"},{\"Value\" : \"System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length, boundary.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 891,\"End\" : 993}},\"EntityType\" : \"METHOD_INVOCATION\"},{\"Value\" : \"head = 0;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 1006,\"End\" : 1014}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"tail = 0;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 1025,\"End\" : 1033}},\"EntityType\" : \"ASSIGNMENT\"}]}]}"; - private static final String sigChange = "{\"StructureEntity\" :{ \"UniqueName\" : \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" : \"0\",\"changes\" :[{\"OperationType\" : \"Insert\",\"changeType\" : \"STATEMENT_INSERT\",\"InsertedEntity\" : {\"UniqueName\" : \"(bufSize < (this.boundaryLength + 1))\",\"EntityType\" : \"IF_STATEMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"480\",\"End\" : \"667\"}},\"ParentEntity\" : {\"UniqueName\" : \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" : \"861\"}}},{\"OperationType\" : \"Move\",\"changeType\" : \"STATEMENT_ORDERING_CHANGE\",\"OldParentEntity\" : {\"UniqueName\" : \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" : \"861\"}},\"MovedEntity\" : {\"UniqueName\" : \"this.boundaryLength = (boundary.length + BOUNDARY_PREFIX.length);\",\"EntityType\" : \"ASSIGNMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"484\",\"End\" : \"546\"}},\"NewParentEntity\" : {\"UniqueName\" : \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" : \"861\"}},\"NewEntity\" : {\"UniqueName\" : \"this.boundaryLength = (boundary.length + BOUNDARY_PREFIX.length);\",\"EntityType\" : \"ASSIGNMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"407\",\"End\" : \"469\"}}},{\"OperationType\" : \"Update\",\"changeType\" : \"STATEMENT_UPDATE\",\"NewEntity\" : {\"UniqueName\" : \"this.boundary = new byte[this.boundaryLength];\",\"EntityType\" : \"ASSIGNMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"678\",\"End\" : \"723\"}},\"UpdatedEntity\" : {\"UniqueName\" : \"this.boundary = new byte[(boundary.length + BOUNDARY_PREFIX.length)];\",\"EntityType\" : \"ASSIGNMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"407\",\"End\" : \"473\"}},\"ParentEntity\" : {\"UniqueName\" : \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" : \"861\"}}},{\"OperationType\" : \"Insert\",\"changeType\" : \"STATEMENT_INSERT\",\"InsertedEntity\" : {\"UniqueName\" : \"new IllegalArgumentException(\\\"The buffer size specified for the MultipartStream is too small\\\");\",\"EntityType\" : \"THROW_STATEMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"534\",\"End\" : \"656\"}},\"ParentEntity\" : {\"UniqueName\" : \"(bufSize < (this.boundaryLength + 1))\",\"EntityType\" : \"THEN_STATEMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"519\",\"End\" : \"667\"}}}]}}"; - - /** - * Deserializes signatures from file and creates a signature change from the those. - */ - @Test - public void testCompareFromJson() { - try { - // Read JSON - final String vul_sig_json = FileUtil.readFile(Paths.get("./src/test/resources/methodBody/deserialize/signatureDef.json")); - final String fix_sig_json = FileUtil.readFile(Paths.get("./src/test/resources/methodBody/deserialize/signatureFix.json")); - assertEquals(vul_sig_json, vulSigJson); - assertEquals(fix_sig_json, fixSigJson); - - // Deserialize - final Signature vul_sig = (Signature) JacksonUtil.asObject(vul_sig_json, custom_deserializers, ASTConstructBodySignature.class); - final Signature fix_sig = (Signature) JacksonUtil.asObject(fix_sig_json, custom_deserializers, ASTConstructBodySignature.class); - - // Create signature change - final SignatureComparator comparator = new ASTSignatureComparator(); - SignatureChange chg = comparator.computeChange(vul_sig, fix_sig); - - // Read previous change from disk and check equality - final String sig_chg_json = FileUtil.readFile(Paths.get("./src/test/resources/methodBody/deserialize/signatureChange.json")); - assertEquals(sig_chg_json, sigChange); - final SignatureChange sig_chg = (ASTSignatureChange) JacksonUtil.asObject(sig_chg_json, custom_deserializers, ASTSignatureChange.class); - assertEquals(chg, sig_chg); - - } catch (JsonSyntaxException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + Map, StdDeserializer> custom_deserializers = + new HashMap, StdDeserializer>(); + + private static final String TEST_DATA = "./src/test/resources/methodBody/"; + + private String _constructQName = + "org.apache.commons.fileupload.MultipartStream(InputStream,byte[],int,ProgressNotifier)"; + private String _fixedJavaFile = "MultipartStreamFix.java"; + private String _defectiveJavaFile = "MultipartStreamDef.java"; + private String _underTestJavaFile = "MultipartStream121.java"; + + // Def and Fix Signatures + private Signature signatureFix = null; + private Signature signatureDef = null; + private Signature signatureUnderTest = null; + + // "Diff" patch - Signature Change + SignatureChange astChange = null; + + private void setupDefectiveConstruct() throws FileAnalysisException { + + FileAnalyzer jfa2 = + FileAnalyzerFactory.buildFileAnalyzer(new File(TEST_DATA + _defectiveJavaFile)); + // Create a construct for testing and check that it exists in the set + JavaConstructorId cDefid = JavaId.parseConstructorQName(_constructQName); + assertEquals(jfa2.containsConstruct(cDefid), true); + + final Construct _cDef = jfa2.getConstruct(cDefid); + // log.info("DEF CONSTRUCT CONTENT\n"+_cDef.getContent()); + SignatureFactory signFactory = + CoreConfiguration.getSignatureFactory(ConstructId.toSharedType(cDefid)); + signatureDef = signFactory.createSignature(_cDef); + log.info("AST of FIXED construct: [" + signatureDef.toJson() + "]"); + } + + private void setupFixedConstruct() throws FileAnalysisException { + FileAnalyzer jfa2 = FileAnalyzerFactory.buildFileAnalyzer(new File(TEST_DATA + _fixedJavaFile)); + + // Create a construct for testing and check that it exists in the set + JavaConstructorId cFixid = JavaId.parseConstructorQName(_constructQName); + assertEquals(jfa2.containsConstruct(cFixid), true); + + final Construct _cFix = jfa2.getConstruct(cFixid); + SignatureFactory signFactory = + CoreConfiguration.getSignatureFactory(ConstructId.toSharedType(cFixid)); + signatureFix = signFactory.createSignature(_cFix); + log.info("AST of DEFECTIVE construct: [" + signatureFix.toJson() + "]"); + } + + private void setupConstructUnderTest() throws FileAnalysisException { + + FileAnalyzer jfa2 = + FileAnalyzerFactory.buildFileAnalyzer(new File(TEST_DATA + _underTestJavaFile)); + + // Create a construct for testing and check that it exists in the set + JavaConstructorId cFixid = JavaId.parseConstructorQName(_constructQName); + assertEquals(jfa2.containsConstruct(cFixid), true); + + final Construct _cFix = jfa2.getConstruct(cFixid); + SignatureFactory signFactory = + CoreConfiguration.getSignatureFactory(ConstructId.toSharedType(cFixid)); + signatureUnderTest = signFactory.createSignature(_cFix); + log.info("AST of TESTED construct: [" + signatureUnderTest.toJson() + "]"); + } + + @Before + public void setup() throws FileAnalysisException { + this.setupFixedConstruct(); + this.setupDefectiveConstruct(); + this.setupConstructUnderTest(); + custom_deserializers.put(ASTSignatureChange.class, new ASTSignatureChangeDeserializer()); + custom_deserializers.put( + ASTConstructBodySignature.class, new ASTConstructBodySignatureDeserializer()); + } + + @Test + public void testChangeComparison() throws FileAnalysisException, IOException { + + // Read previous change from disk and check equality + final String sig_chg_json = + FileUtil.readFile( + Paths.get("./src/test/resources/methodBody/deserialize/signatureChange.json")); + final SignatureChange ddf = + (ASTSignatureChange) + JacksonUtil.asObject(sig_chg_json, custom_deserializers, ASTSignatureChange.class); + + SignatureComparator signComparator = new ASTSignatureComparator(); + SignatureChange ddt = signComparator.computeChange(signatureDef, signatureUnderTest); + + this.setupDefectiveConstruct(); + this.setupFixedConstruct(); + this.setupConstructUnderTest(); + SignatureChange dtf = signComparator.computeChange(signatureUnderTest, signatureFix); + + final Set i_dt = + ASTUtil.intersectSourceCodeChanges(ddt.getModifications(), ddf.getModifications(), false); + final Set i_tf = + ASTUtil.intersectSourceCodeChanges(dtf.getModifications(), ddf.getModifications(), false); + + this.setupConstructUnderTest(); + } + + @Test + @Ignore + public void testSignComparatorContainsChange2() throws FileAnalysisException { + + SignatureComparator signComparator = new ASTSignatureComparator(); + SignatureChange astSignChange = signComparator.computeChange(signatureDef, signatureFix); + + /*//Fixed Version Must have the SourceCode change Elements + log.info("Signature Under Test : Known to be a Fixed Version \n"); + assertTrue(signComparator.containsChange(signatureFix, astSignChange)); + log.info("YES, Signature contains Fix " + "\n" ); + + */ + /** + * LAZY SOLUTION : The call in class ASTSignatureChange :getModifications(){ mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode);} + * Changes the defective version into the fixed one, (No pass by Reference), Until I find a better solution, compute Signature of the defective construct again + */ + /* + this.setupDefectiveConstruct(); + + //Defective Version Must NOT have the SourceCode change Elements + log.info("Signature Under Test : Known to be a Defective Version \n"); + assertFalse(signComparator.containsChange(signatureDef, astSignChange)); + log.info("NO, Signature Doesn't contain Fix" ); + */ + log.info("DIFF JSON"); + System.out.println(astSignChange.toJSON()); + // System.out.println(astSignChange.toString()); + + // Random Signature Under Test (Test should pass if the signature under test is close to the + // fixed version) + log.info("Random Signature Under Test \n"); + // assertTrue(signComparator.containsChange(signatureUnderTest, astSignChange)); + assertTrue(signComparator.containsChange(signatureFix, astSignChange)); + log.info("YES, Signature contains Fix " + "\n"); + } + + @Test + @Ignore + public void testSignComparatorContainsChange() throws FileAnalysisException { + + // Compute signature change + final SignatureComparator comparator = new ASTSignatureComparator(); + final SignatureChange change = comparator.computeChange(signatureDef, signatureFix); + log.info("Signature change: [" + change.toJSON() + "]"); + + // Check change containment for FIXED construct: should be TRUE + assertTrue(comparator.containsChange(signatureFix, change)); + + /** + * LAZY SOLUTION : The call in class ASTSignatureChange :getModifications(){ mDistiller.extractClassifiedSourceCodeChanges(defSignatureNode, fixSignatureNode);} + * Changes the defective version into the fixed one, (No pass by Reference), Until I find a better solution, compute Signature of the defective construct again + */ + this.setupDefectiveConstruct(); + + // Check change containment for VULNERABLE construct: should be FALSE + assertFalse(comparator.containsChange(signatureDef, change)); + + // Random Signature Under Test (Test should pass if the signature under test is close to the + // fixed version) + assertFalse(comparator.containsChange(signatureUnderTest, change)); + } + + @Test + @Ignore + public void testSearchForEntity() { + final ASTSignatureComparator signComparator = new ASTSignatureComparator(); + final boolean found = + signComparator.searchForEntity( + "this.boundary = new byte[(boundary.length + BOUNDARY_PREFIX.length)];", + ((ASTSignature) signatureDef).getRoot()); + assertTrue(found); + } + + private static final String vulSigJson = + "{\"ast\":[ {\"Value\" : \"MultipartStream\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 19,\"End\" : 861}},\"EntityType\" :" + + " \"METHOD\",\"C\" : [{\"Value\" : \"this.input = input;\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 162,\"End\" :" + + " 180}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.bufSize =" + + " bufSize;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" :" + + " {\"Start\" : 191,\"End\" : 213}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" :" + + " \"this.buffer = new byte[bufSize];\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 224,\"End\" : 255}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"this.notifier = pNotifier;\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 266,\"End\" :" + + " 291}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.boundary = new" + + " byte[(boundary.length + BOUNDARY_PREFIX.length)];\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 407,\"End\" :" + + " 473}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.boundaryLength =" + + " (boundary.length + BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\"" + + " : \"0\",\"SourceRange\" : {\"Start\" : 484,\"End\" : 546}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"this.keepRegion =" + + " this.boundary.length;\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 557,\"End\" : 595}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary," + + " 0, BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 606,\"End\" : 701}},\"EntityType\" :" + + " \"METHOD_INVOCATION\"},{\"Value\" : \"System.arraycopy(boundary, 0, this.boundary," + + " BOUNDARY_PREFIX.length, boundary.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 712,\"End\" : 814}},\"EntityType\" :" + + " \"METHOD_INVOCATION\"},{\"Value\" : \"head = 0;\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 827,\"End\" :" + + " 835}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"tail =" + + " 0;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" :" + + " 846,\"End\" : 854}},\"EntityType\" : \"ASSIGNMENT\"}]}]}"; + private static final String fixSigJson = + "{\"ast\":[ {\"Value\" : \"MultipartStream\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 19,\"End\" : 1040}},\"EntityType\" :" + + " \"METHOD\",\"C\" : [{\"Value\" : \"this.input = input;\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 162,\"End\" :" + + " 180}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.bufSize =" + + " bufSize;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" :" + + " {\"Start\" : 191,\"End\" : 213}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" :" + + " \"this.buffer = new byte[bufSize];\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 224,\"End\" : 255}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"this.notifier = pNotifier;\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 266,\"End\" :" + + " 291}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"this.boundaryLength =" + + " (boundary.length + BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\"" + + " : \"0\",\"SourceRange\" : {\"Start\" : 407,\"End\" : 469}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"(bufSize < (this.boundaryLength +" + + " 1))\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" :" + + " 480,\"End\" : 667}},\"EntityType\" : \"IF_STATEMENT\",\"C\" : [{\"Value\" :" + + " \"(bufSize < (this.boundaryLength + 1))\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 519,\"End\" : 667}},\"EntityType\" :" + + " \"THEN_STATEMENT\",\"C\" : [{\"Value\" : \"new IllegalArgumentException(\\\"The" + + " buffer size specified for the MultipartStream is too" + + " small\\\");\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" :" + + " {\"Start\" : 534,\"End\" : 656}},\"EntityType\" :" + + " \"THROW_STATEMENT\"}]}]},{\"Value\" : \"this.boundary = new" + + " byte[this.boundaryLength];\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 678,\"End\" : 723}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"this.keepRegion =" + + " this.boundary.length;\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 734,\"End\" : 772}},\"EntityType\" :" + + " \"ASSIGNMENT\"},{\"Value\" : \"System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary," + + " 0, BOUNDARY_PREFIX.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 785,\"End\" : 880}},\"EntityType\" :" + + " \"METHOD_INVOCATION\"},{\"Value\" : \"System.arraycopy(boundary, 0, this.boundary," + + " BOUNDARY_PREFIX.length, boundary.length);\",\"SourceCodeEntity\" :{ \"Modifiers\" :" + + " \"0\",\"SourceRange\" : {\"Start\" : 891,\"End\" : 993}},\"EntityType\" :" + + " \"METHOD_INVOCATION\"},{\"Value\" : \"head = 0;\",\"SourceCodeEntity\" :{" + + " \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" : 1006,\"End\" :" + + " 1014}},\"EntityType\" : \"ASSIGNMENT\"},{\"Value\" : \"tail =" + + " 0;\",\"SourceCodeEntity\" :{ \"Modifiers\" : \"0\",\"SourceRange\" : {\"Start\" :" + + " 1025,\"End\" : 1033}},\"EntityType\" : \"ASSIGNMENT\"}]}]}"; + private static final String sigChange = + "{\"StructureEntity\" :{ \"UniqueName\" : \"MultipartStream\",\"EntityType\" :" + + " \"METHOD\",\"Modifiers\" : \"0\",\"changes\" :[{\"OperationType\" :" + + " \"Insert\",\"changeType\" : \"STATEMENT_INSERT\",\"InsertedEntity\" :" + + " {\"UniqueName\" : \"(bufSize < (this.boundaryLength + 1))\",\"EntityType\" :" + + " \"IF_STATEMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" :" + + " \"480\",\"End\" : \"667\"}},\"ParentEntity\" : {\"UniqueName\" :" + + " \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" :" + + " \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" :" + + " \"861\"}}},{\"OperationType\" : \"Move\",\"changeType\" :" + + " \"STATEMENT_ORDERING_CHANGE\",\"OldParentEntity\" : {\"UniqueName\" :" + + " \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" :" + + " \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" : \"861\"}},\"MovedEntity\"" + + " : {\"UniqueName\" : \"this.boundaryLength = (boundary.length +" + + " BOUNDARY_PREFIX.length);\",\"EntityType\" : \"ASSIGNMENT\",\"Modifiers\" :" + + " \"0\",\"SourceCodeRange\" : {\"Start\" : \"484\",\"End\" :" + + " \"546\"}},\"NewParentEntity\" : {\"UniqueName\" : \"MultipartStream\",\"EntityType\"" + + " : \"METHOD\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\"" + + " : \"861\"}},\"NewEntity\" : {\"UniqueName\" : \"this.boundaryLength =" + + " (boundary.length + BOUNDARY_PREFIX.length);\",\"EntityType\" :" + + " \"ASSIGNMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" :" + + " \"407\",\"End\" : \"469\"}}},{\"OperationType\" : \"Update\",\"changeType\" :" + + " \"STATEMENT_UPDATE\",\"NewEntity\" : {\"UniqueName\" : \"this.boundary = new" + + " byte[this.boundaryLength];\",\"EntityType\" : \"ASSIGNMENT\",\"Modifiers\" :" + + " \"0\",\"SourceCodeRange\" : {\"Start\" : \"678\",\"End\" :" + + " \"723\"}},\"UpdatedEntity\" : {\"UniqueName\" : \"this.boundary = new" + + " byte[(boundary.length + BOUNDARY_PREFIX.length)];\",\"EntityType\" :" + + " \"ASSIGNMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\" : {\"Start\" :" + + " \"407\",\"End\" : \"473\"}},\"ParentEntity\" : {\"UniqueName\" :" + + " \"MultipartStream\",\"EntityType\" : \"METHOD\",\"Modifiers\" :" + + " \"0\",\"SourceCodeRange\" : {\"Start\" : \"19\",\"End\" :" + + " \"861\"}}},{\"OperationType\" : \"Insert\",\"changeType\" :" + + " \"STATEMENT_INSERT\",\"InsertedEntity\" : {\"UniqueName\" : \"new" + + " IllegalArgumentException(\\\"The buffer size specified for the MultipartStream is" + + " too small\\\");\",\"EntityType\" : \"THROW_STATEMENT\",\"Modifiers\" :" + + " \"0\",\"SourceCodeRange\" : {\"Start\" : \"534\",\"End\" :" + + " \"656\"}},\"ParentEntity\" : {\"UniqueName\" : \"(bufSize < (this.boundaryLength +" + + " 1))\",\"EntityType\" : \"THEN_STATEMENT\",\"Modifiers\" : \"0\",\"SourceCodeRange\"" + + " : {\"Start\" : \"519\",\"End\" : \"667\"}}}]}}"; + + /** + * Deserializes signatures from file and creates a signature change from the those. + */ + @Test + public void testCompareFromJson() { + try { + // Read JSON + final String vul_sig_json = + FileUtil.readFile( + Paths.get("./src/test/resources/methodBody/deserialize/signatureDef.json")); + final String fix_sig_json = + FileUtil.readFile( + Paths.get("./src/test/resources/methodBody/deserialize/signatureFix.json")); + assertEquals(vul_sig_json, vulSigJson); + assertEquals(fix_sig_json, fixSigJson); + + // Deserialize + final Signature vul_sig = + (Signature) + JacksonUtil.asObject( + vul_sig_json, custom_deserializers, ASTConstructBodySignature.class); + final Signature fix_sig = + (Signature) + JacksonUtil.asObject( + fix_sig_json, custom_deserializers, ASTConstructBodySignature.class); + + // Create signature change + final SignatureComparator comparator = new ASTSignatureComparator(); + SignatureChange chg = comparator.computeChange(vul_sig, fix_sig); + + // Read previous change from disk and check equality + final String sig_chg_json = + FileUtil.readFile( + Paths.get("./src/test/resources/methodBody/deserialize/signatureChange.json")); + assertEquals(sig_chg_json, sigChange); + final SignatureChange sig_chg = + (ASTSignatureChange) + JacksonUtil.asObject(sig_chg_json, custom_deserializers, ASTSignatureChange.class); + assertEquals(chg, sig_chg); + + } catch (JsonSyntaxException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarity.java b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarity.java index ce0432c14..6fc81aabd 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarity.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarity.java @@ -19,7 +19,6 @@ */ package com.sap.psr.vulas.java.sign; - import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; @@ -27,16 +26,15 @@ public abstract class StringSimilarity { - protected abstract double calculateSimilarity(String left, String right); - - @Test - public void emptyStringsShouldBeSimilar() throws Exception { - assertThat(calculateSimilarity("", ""), is(1.0)); - } + protected abstract double calculateSimilarity(String left, String right); - @Test - public void identicalStringsShouldBeSimilar() throws Exception { - assertThat(calculateSimilarity("change distiller", "change distiller"), is(1.0)); - } + @Test + public void emptyStringsShouldBeSimilar() throws Exception { + assertThat(calculateSimilarity("", ""), is(1.0)); + } + @Test + public void identicalStringsShouldBeSimilar() throws Exception { + assertThat(calculateSimilarity("change distiller", "change distiller"), is(1.0)); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityLevenshtein.java b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityLevenshtein.java index b649936fb..69764139b 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityLevenshtein.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityLevenshtein.java @@ -19,7 +19,6 @@ */ package com.sap.psr.vulas.java.sign; - import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; @@ -29,42 +28,48 @@ public class StringSimilarityLevenshtein { - private LevenshteinSimilarityCalculator fLevenshtein = new LevenshteinSimilarityCalculator(); - - //@Ignore - @Test - public void checkWithSimpackConformance() throws Exception { - String sa1 = new String("Language"); - String sa2 = new String("Languages"); - String sa3 = new String("Levenshtein"); - String sa4 = new String("shteinLeven"); - assertThat(getSimilarity(sa1, sa1), is(1d)); - assertThat(getSimilarity(sa1, sa2), is(1d - (1d / 9d))); - assertThat(getSimilarity(sa2, sa1), is(1d - (1d / 9d))); - assertThat(getSimilarity("", sa1), is(1d - (8d / 8d))); - assertThat(getSimilarity(sa3, sa4), is((11d - 8d) / 11d)); - assertThat(getSimilarity(sa1, sa3), is((2d) / 11d)); - } - - private Double getSimilarity(String sa1, String sa2) { - return fLevenshtein.calculateSimilarity(sa1, sa2); - } - - @Test - public void testLevenshteinSimilarity(){ + private LevenshteinSimilarityCalculator fLevenshtein = new LevenshteinSimilarityCalculator(); - String sa1 = new String("HttpRoutedConnection conn = (HttpRoutedConnection)context.getAttribute(\"http.connection\");"); - String sa2 = new String("HttpRoutedConnection conn = (HttpRoutedConnection) context.getAttribute(ExecutionContext.HTTP_CONNECTION);"); - String sa3 = new String("verticalDrawAction"); - String sa4 = new String("drawV erticalAction"); - String sa5 = new String(" throw new IllegalArgumentException(\"The buffer size specified for the MultipartStream is too small\");"); - String sa6 = new String("throw new IllegalArgumentException(\"boundary may not be null\");"); + // @Ignore + @Test + public void checkWithSimpackConformance() throws Exception { + String sa1 = new String("Language"); + String sa2 = new String("Languages"); + String sa3 = new String("Levenshtein"); + String sa4 = new String("shteinLeven"); + assertThat(getSimilarity(sa1, sa1), is(1d)); + assertThat(getSimilarity(sa1, sa2), is(1d - (1d / 9d))); + assertThat(getSimilarity(sa2, sa1), is(1d - (1d / 9d))); + assertThat(getSimilarity("", sa1), is(1d - (8d / 8d))); + assertThat(getSimilarity(sa3, sa4), is((11d - 8d) / 11d)); + assertThat(getSimilarity(sa1, sa3), is((2d) / 11d)); + } - System.out.println(fLevenshtein.calculateSimilarity(sa1, sa2)); - System.out.println(fLevenshtein.calculateSimilarity(sa3, sa4)); - System.out.println(fLevenshtein.calculateSimilarity(sa5, sa6)); + private Double getSimilarity(String sa1, String sa2) { + return fLevenshtein.calculateSimilarity(sa1, sa2); + } + @Test + public void testLevenshteinSimilarity() { - } + String sa1 = + new String( + "HttpRoutedConnection conn =" + + " (HttpRoutedConnection)context.getAttribute(\"http.connection\");"); + String sa2 = + new String( + "HttpRoutedConnection conn = (HttpRoutedConnection)" + + " context.getAttribute(ExecutionContext.HTTP_CONNECTION);"); + String sa3 = new String("verticalDrawAction"); + String sa4 = new String("drawV erticalAction"); + String sa5 = + new String( + " throw new IllegalArgumentException(\"The buffer size specified for the" + + " MultipartStream is too small\");"); + String sa6 = new String("throw new IllegalArgumentException(\"boundary may not be null\");"); + System.out.println(fLevenshtein.calculateSimilarity(sa1, sa2)); + System.out.println(fLevenshtein.calculateSimilarity(sa3, sa4)); + System.out.println(fLevenshtein.calculateSimilarity(sa5, sa6)); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityNGrams.java b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityNGrams.java index d8d14e696..ce2f65a38 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityNGrams.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/StringSimilarityNGrams.java @@ -23,10 +23,9 @@ public class StringSimilarityNGrams extends StringSimilarity { - //bi-grams are used here - @Override - protected double calculateSimilarity(String left, String right) { - return new NGramsCalculator(2).calculateSimilarity(left, right); - } - + // bi-grams are used here + @Override + protected double calculateSimilarity(String left, String right) { + return new NGramsCalculator(2).calculateSimilarity(left, right); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/UniqueNamePreprocessorTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/UniqueNamePreprocessorTest.java index a52b6357a..b060e1652 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/UniqueNamePreprocessorTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/UniqueNamePreprocessorTest.java @@ -30,75 +30,87 @@ import com.sap.psr.vulas.java.JarAnalyzer; public class UniqueNamePreprocessorTest { - - /** - * Example statement from BZip2CompressorOutputStream(final OutputStream out, final int blockSize), revision 1333522. - */ - private static final int BASEBLOCKSIZE = 100000; - private static final String BZIP2_BEFORE = "this.allowableBlockSize = ((this.blockSize100k * BZip2Constants.BASEBLOCKSIZE) - 20);"; - private static final String BZIP2_NORMALIZED = "allowableBlockSize = ((blockSize100k * 100000) - 20);"; - - /** - * String example. - */ - private static final String BAR = "BAR"; - private static final String EXAMPLE_BEFORE = "this.foo = UniqueNamePreprocessorTest.BAR;"; - private static final String EXAMPLE_NORMALIZED = "foo = \"BAR\";"; - - /** - * Nested class example. - */ - static class InnerClass { - private static final String FOO = "FOO"; - } - private static final String IC_BEFORE = "this.foo = UniqueNamePreprocessorTest.InnerClass.FOO;"; - private static final String IC_NORMALIZED = "foo = \"FOO\";"; - - /** - * Tests the normalization of Java statement, including a constant of type int. - * Make sure to have commons-compress as test dependency. - * @throws IOException - */ - @Test - public void testUniqueNamePreprocessorWithInt() throws FileAnalysisException { - // Get all the class names from the Java archive (the archive must also be included as test scope dependency so that it can be loaded) - final JarAnalyzer ja = new JarAnalyzer(); - ja.analyze(new File("./src/test/resources/commons-compress-1.10.jar")); - final UniqueNameNormalizer prep = UniqueNameNormalizer.getInstance(); - prep.addStrings(ja.getClassNames()); - - // Normalize and check - final String normalized = prep.normalizeUniqueName(BZIP2_BEFORE); - assertEquals(BZIP2_NORMALIZED, normalized); - } - - /** - * Tests the normalization of Java statement, including a constant of type String. - * @throws IOException - */ - @Test - public void testUniqueNamePreprocessorWithString() throws IOException { - // Add the class name of this Junit test class (which is anyways in the classpath, no hazzle with dependencies necessary) - final UniqueNameNormalizer prep = UniqueNameNormalizer.getInstance(); - prep.addStrings(new String[] {"com.sap.psr.vulas.java.sign.UniqueNamePreprocessorTest"} ); - - // Normalize and check - final String normalized = prep.normalizeUniqueName(EXAMPLE_BEFORE); - assertEquals(EXAMPLE_NORMALIZED, normalized); - } - - /** - * Tests the normalization of Java statement, including a constant of type String contained in an inner class. - * @throws IOException - */ - @Test - public void testUniqueNamePreprocessorWithInnerClass() throws IOException { - // Add the class name of this Junit test class (which is anyways in the classpath, no hazzle with dependencies necessary) - final UniqueNameNormalizer prep = UniqueNameNormalizer.getInstance(); - prep.addStrings(new String[] {"com.sap.psr.vulas.java.sign.UniqueNamePreprocessorTest", "com.sap.psr.vulas.java.sign.UniqueNamePreprocessorTest$InnerClass"} ); - - // Normalize and check - final String normalized = prep.normalizeUniqueName(IC_BEFORE); - assertEquals(IC_NORMALIZED, normalized); - } + + /** + * Example statement from BZip2CompressorOutputStream(final OutputStream out, final int blockSize), revision 1333522. + */ + private static final int BASEBLOCKSIZE = 100000; + + private static final String BZIP2_BEFORE = + "this.allowableBlockSize = ((this.blockSize100k * BZip2Constants.BASEBLOCKSIZE) - 20);"; + private static final String BZIP2_NORMALIZED = + "allowableBlockSize = ((blockSize100k * 100000) - 20);"; + + /** + * String example. + */ + private static final String BAR = "BAR"; + + private static final String EXAMPLE_BEFORE = "this.foo = UniqueNamePreprocessorTest.BAR;"; + private static final String EXAMPLE_NORMALIZED = "foo = \"BAR\";"; + + /** + * Nested class example. + */ + static class InnerClass { + private static final String FOO = "FOO"; + } + + private static final String IC_BEFORE = "this.foo = UniqueNamePreprocessorTest.InnerClass.FOO;"; + private static final String IC_NORMALIZED = "foo = \"FOO\";"; + + /** + * Tests the normalization of Java statement, including a constant of type int. + * Make sure to have commons-compress as test dependency. + * @throws IOException + */ + @Test + public void testUniqueNamePreprocessorWithInt() throws FileAnalysisException { + // Get all the class names from the Java archive (the archive must also be included as test + // scope dependency so that it can be loaded) + final JarAnalyzer ja = new JarAnalyzer(); + ja.analyze(new File("./src/test/resources/commons-compress-1.10.jar")); + final UniqueNameNormalizer prep = UniqueNameNormalizer.getInstance(); + prep.addStrings(ja.getClassNames()); + + // Normalize and check + final String normalized = prep.normalizeUniqueName(BZIP2_BEFORE); + assertEquals(BZIP2_NORMALIZED, normalized); + } + + /** + * Tests the normalization of Java statement, including a constant of type String. + * @throws IOException + */ + @Test + public void testUniqueNamePreprocessorWithString() throws IOException { + // Add the class name of this Junit test class (which is anyways in the classpath, no hazzle + // with dependencies necessary) + final UniqueNameNormalizer prep = UniqueNameNormalizer.getInstance(); + prep.addStrings(new String[] {"com.sap.psr.vulas.java.sign.UniqueNamePreprocessorTest"}); + + // Normalize and check + final String normalized = prep.normalizeUniqueName(EXAMPLE_BEFORE); + assertEquals(EXAMPLE_NORMALIZED, normalized); + } + + /** + * Tests the normalization of Java statement, including a constant of type String contained in an inner class. + * @throws IOException + */ + @Test + public void testUniqueNamePreprocessorWithInnerClass() throws IOException { + // Add the class name of this Junit test class (which is anyways in the classpath, no hazzle + // with dependencies necessary) + final UniqueNameNormalizer prep = UniqueNameNormalizer.getInstance(); + prep.addStrings( + new String[] { + "com.sap.psr.vulas.java.sign.UniqueNamePreprocessorTest", + "com.sap.psr.vulas.java.sign.UniqueNamePreprocessorTest$InnerClass" + }); + + // Normalize and check + final String normalized = prep.normalizeUniqueName(IC_BEFORE); + assertEquals(IC_NORMALIZED, normalized); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/gson/ASTDeserializeSignComparatorTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/gson/ASTDeserializeSignComparatorTest.java index ea2762ba2..b670c04d0 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/sign/gson/ASTDeserializeSignComparatorTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/sign/gson/ASTDeserializeSignComparatorTest.java @@ -20,7 +20,7 @@ /** * */ -//package ch.uzh.ifi.seal.changedistiller.distilling; +// package ch.uzh.ifi.seal.changedistiller.distilling; package com.sap.psr.vulas.java.sign.gson; import static org.junit.Assert.assertFalse; @@ -44,90 +44,102 @@ public class ASTDeserializeSignComparatorTest { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - final Gson gson = GsonHelper.getCustomGsonBuilder().create(); - - //JSON objects representing the SignatureChange, Defective Signature, Fixed Signature and Unknown Version Signature - // Current content of the files have the CVE-2014-0050, MultipartStream - Constructor - private static final String SIGNATURE_CHANGE_JSON_OBJECT = "./src/test/resources/methodBody/deserialize/signatureChange.json"; - private final static String SIGNATURE_JSON_OBJECT_DEF= "./src/test/resources/methodBody/deserialize/signatureDef.json"; - private final static String SIGNATURE_JSON_OBJECT_FIXED = "./src/test/resources/methodBody/deserialize/signatureFix.json"; - private final static String SIGNATURE_JSON_OBJECT_UNKNOWN = "./src/test/resources/methodBody/deserialize/signatureUnknown.json"; - - //Signature Deserializer - //private ASTSignatureDeserializer astSignDeserializer = null; - - //SignatureChage Deserializer - //private ASTSignatureChangeDeserializer astSignChangeDeserializer = null; - - //SignatureComparator for fix containment check - private ASTSignatureComparator astSignComparator = null; - - - //Fixed and Defective JSON Strings - private String JsonSignDef = null; - private String JsonSignFix = null; - - //Read from the DB, here hardcoded for testing purposes - private String JsonSignUnderTest = null; - private Signature astSignUnderTest = null; //Random Signature of a construct found in an archive - - private String JsonSignChange = null; - private SignatureChange astSignChange = null; - - //Know versions of a construct - private Signature astSignFix = null; //Fixed version of a construct - private Signature astSignDef = null; //Vulnerable version of a construct - - @Before - public void setup() throws IOException{ - - //Create instance of Deserializers and ASTSignatureCompartor - //astSignDeserializer = new ASTSignatureDeserializer(); - //astSignChangeDeserializer = new ASTSignatureChangeDeserializer(); - astSignComparator = new ASTSignatureComparator(); - - //Read in the JSON string into Strings (TODO : Check the validity of json objects) - JsonSignDef = FileUtil.readFile(SIGNATURE_JSON_OBJECT_DEF); - JsonSignFix = FileUtil.readFile(SIGNATURE_JSON_OBJECT_FIXED); - JsonSignChange = FileUtil.readFile(SIGNATURE_CHANGE_JSON_OBJECT); - JsonSignUnderTest = FileUtil.readFile(SIGNATURE_JSON_OBJECT_UNKNOWN); - } - - @Test - @Ignore - public void testDeserializeAndFixContainmentCheck(){ - - //Deserialize the "Signature"s and the set of "SignatureChange"s (JSON - to -Java) - //astSignUnderTest = astSignDeserializer.fromJson(JsonSignUnderTest); - - astSignFix = this.gson.fromJson(JsonSignFix, ASTConstructBodySignature.class); - astSignDef = this.gson.fromJson(JsonSignDef, ASTConstructBodySignature.class); - //astSignFix = astSignDeserializer.fromJson(JsonSignFix); - //astSignDef = astSignDeserializer.fromJson(JsonSignDef); - - astSignChange = this.gson.fromJson(JsonSignChange, ASTSignatureChange.class); - //astSignChange = astSignChangeDeserializer.fromJson(JsonSignChange); - - //Fixed Version Must have the SourceCode change Elements - log.info("Signature Under Test : Known to be a Fixed Version \n"); - boolean status = astSignComparator.containsChange(astSignFix, astSignChange); - log.info("(Found/Total) Fixes : " + astSignComparator.getMatchedNumChanges()+ "/" + astSignComparator.getTotalNumChanges()); - assertTrue(status); - log.info("YES, Signature contains Fix " + "\n" ); - - //Defective Version Must NOT have the SourceCode change Elements - log.info("Signature Under Test : Known to be a Defective Version \n"); - assertFalse(astSignComparator.containsChange(astSignDef, astSignChange)); - log.info("(Found/Total) Fixes : " + astSignComparator.getMatchedNumChanges()+ "/" + astSignComparator.getTotalNumChanges()); - log.info("NO, Signature Doesn't contain Fix" ); - - //Random Signature Under Test (Test should pass if the signature under test is close to the fixed version) - /*log.info("Random Signature Under Test \n"); - assertTrue(astSignComparator.containsChange(astSignUnderTest, astSignChange)); - log.info("YES, Signature contains Fix " + "\n" );*/ - - } - + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + final Gson gson = GsonHelper.getCustomGsonBuilder().create(); + + // JSON objects representing the SignatureChange, Defective Signature, Fixed Signature and Unknown + // Version Signature + // Current content of the files have the CVE-2014-0050, MultipartStream - Constructor + private static final String SIGNATURE_CHANGE_JSON_OBJECT = + "./src/test/resources/methodBody/deserialize/signatureChange.json"; + private static final String SIGNATURE_JSON_OBJECT_DEF = + "./src/test/resources/methodBody/deserialize/signatureDef.json"; + private static final String SIGNATURE_JSON_OBJECT_FIXED = + "./src/test/resources/methodBody/deserialize/signatureFix.json"; + private static final String SIGNATURE_JSON_OBJECT_UNKNOWN = + "./src/test/resources/methodBody/deserialize/signatureUnknown.json"; + + // Signature Deserializer + // private ASTSignatureDeserializer astSignDeserializer = null; + + // SignatureChage Deserializer + // private ASTSignatureChangeDeserializer astSignChangeDeserializer = null; + + // SignatureComparator for fix containment check + private ASTSignatureComparator astSignComparator = null; + + // Fixed and Defective JSON Strings + private String JsonSignDef = null; + private String JsonSignFix = null; + + // Read from the DB, here hardcoded for testing purposes + private String JsonSignUnderTest = null; + private Signature astSignUnderTest = null; // Random Signature of a construct found in an archive + + private String JsonSignChange = null; + private SignatureChange astSignChange = null; + + // Know versions of a construct + private Signature astSignFix = null; // Fixed version of a construct + private Signature astSignDef = null; // Vulnerable version of a construct + + @Before + public void setup() throws IOException { + + // Create instance of Deserializers and ASTSignatureCompartor + // astSignDeserializer = new ASTSignatureDeserializer(); + // astSignChangeDeserializer = new ASTSignatureChangeDeserializer(); + astSignComparator = new ASTSignatureComparator(); + + // Read in the JSON string into Strings (TODO : Check the validity of json objects) + JsonSignDef = FileUtil.readFile(SIGNATURE_JSON_OBJECT_DEF); + JsonSignFix = FileUtil.readFile(SIGNATURE_JSON_OBJECT_FIXED); + JsonSignChange = FileUtil.readFile(SIGNATURE_CHANGE_JSON_OBJECT); + JsonSignUnderTest = FileUtil.readFile(SIGNATURE_JSON_OBJECT_UNKNOWN); + } + + @Test + @Ignore + public void testDeserializeAndFixContainmentCheck() { + + // Deserialize the "Signature"s and the set of "SignatureChange"s (JSON - to -Java) + // astSignUnderTest = astSignDeserializer.fromJson(JsonSignUnderTest); + + astSignFix = this.gson.fromJson(JsonSignFix, ASTConstructBodySignature.class); + astSignDef = this.gson.fromJson(JsonSignDef, ASTConstructBodySignature.class); + // astSignFix = astSignDeserializer.fromJson(JsonSignFix); + // astSignDef = astSignDeserializer.fromJson(JsonSignDef); + + astSignChange = this.gson.fromJson(JsonSignChange, ASTSignatureChange.class); + // astSignChange = astSignChangeDeserializer.fromJson(JsonSignChange); + + // Fixed Version Must have the SourceCode change Elements + log.info("Signature Under Test : Known to be a Fixed Version \n"); + boolean status = astSignComparator.containsChange(astSignFix, astSignChange); + log.info( + "(Found/Total) Fixes : " + + astSignComparator.getMatchedNumChanges() + + "/" + + astSignComparator.getTotalNumChanges()); + assertTrue(status); + log.info("YES, Signature contains Fix " + "\n"); + + // Defective Version Must NOT have the SourceCode change Elements + log.info("Signature Under Test : Known to be a Defective Version \n"); + assertFalse(astSignComparator.containsChange(astSignDef, astSignChange)); + log.info( + "(Found/Total) Fixes : " + + astSignComparator.getMatchedNumChanges() + + "/" + + astSignComparator.getTotalNumChanges()); + log.info("NO, Signature Doesn't contain Fix"); + + // Random Signature Under Test (Test should pass if the signature under test is close to the + // fixed version) + /*log.info("Random Signature Under Test \n"); + assertTrue(astSignComparator.containsChange(astSignUnderTest, astSignChange)); + log.info("YES, Signature contains Fix " + "\n" );*/ + + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigKey.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigKey.java index d7b9d4407..955f25595 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigKey.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigKey.java @@ -27,66 +27,69 @@ */ @SuppressWarnings("nls") public enum ConfigKey implements ConfigurationKey { + MEMBER_MANAGEMENT(Boolean.class, "featureMemberManagementEnabled", "true"), + MEMBER_METADATA_UPDATE(Boolean.class, "featureMemberMetadata", "false"); + private final Class type; - MEMBER_MANAGEMENT(Boolean.class, "featureMemberManagementEnabled", "true"), - MEMBER_METADATA_UPDATE(Boolean.class, "featureMemberMetadata", "false"); - - private final Class type; - - - private final String key; - private final String defaultValue; - - ConfigKey(final Class type, final String literal, final String defaultValue) { - this.type = type; - this.key = literal; - this.defaultValue = defaultValue; - } - - @Override - public final Class getType() { - return type; - } - - @Override - public final String getKey() { - - class InnerClass1 { - InnerClass1() {} - void foo() {} - }; - - class InnerClass2 { - void foo() {} - }; - - return key; - } - - @Override - public final String getDefaultValue() { - - class InnerClass1 { - InnerClass1() {} - void foo() {} - }; - - Serializable s = new Serializable() { - void foo() {} - }; - - return defaultValue; - } - - public static ConfigurationKey fromKey(final String key) { - for (final ConfigurationKey configKey : ConfigKey.values()) { - if (configKey.getKey().equals(key)) { - return configKey; - } - } - - throw new NoSuchElementException(String.format("No API configuration key found with key '%s'", key)); - } + private final String key; + private final String defaultValue; + ConfigKey(final Class type, final String literal, final String defaultValue) { + this.type = type; + this.key = literal; + this.defaultValue = defaultValue; + } + + @Override + public final Class getType() { + return type; + } + + @Override + public final String getKey() { + + class InnerClass1 { + InnerClass1() {} + + void foo() {} + } + ; + + class InnerClass2 { + void foo() {} + } + ; + + return key; + } + + @Override + public final String getDefaultValue() { + + class InnerClass1 { + InnerClass1() {} + + void foo() {} + } + ; + + Serializable s = + new Serializable() { + void foo() {} + }; + + return defaultValue; + } + + public static ConfigurationKey fromKey(final String key) { + for (final ConfigurationKey configKey : ConfigKey.values()) { + if (configKey.getKey().equals(key)) { + return configKey; + } + } + + throw new NoSuchElementException( + String.format("No API configuration key found with key '%s'", key)); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigurationKey.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigurationKey.java index c62ab5bcb..93126bb8c 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigurationKey.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/ConfigurationKey.java @@ -26,24 +26,25 @@ */ public interface ConfigurationKey { - Comparator CONFIG_KEY_BY_LITERAL_COMPARATOR = new Comparator() { - @Override - public int compare(final ConfigurationKey key1, final ConfigurationKey key2) { - return key1.getKey().compareTo(key2.getKey()); - } - }; - - Comparator CONFIG_KEY_BY_LITERAL_COMPARATOR_2 = new Comparator() { - @Override - public int compare(final ConfigurationKey key1, final ConfigurationKey key2) { - return key1.getKey().compareTo(key2.getKey()); - } - }; + Comparator CONFIG_KEY_BY_LITERAL_COMPARATOR = + new Comparator() { + @Override + public int compare(final ConfigurationKey key1, final ConfigurationKey key2) { + return key1.getKey().compareTo(key2.getKey()); + } + }; - Class getType(); + Comparator CONFIG_KEY_BY_LITERAL_COMPARATOR_2 = + new Comparator() { + @Override + public int compare(final ConfigurationKey key1, final ConfigurationKey key2) { + return key1.getKey().compareTo(key2.getKey()); + } + }; - String getKey(); + Class getType(); - String getDefaultValue(); + String getKey(); -} \ No newline at end of file + String getDefaultValue(); +} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/DrinkEnumExample.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/DrinkEnumExample.java index 2fa1f6c9b..8d6937434 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/DrinkEnumExample.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/DrinkEnumExample.java @@ -21,42 +21,41 @@ public final class DrinkEnumExample { - public interface DrinkTypeInterface { - - String getDisplayableType(); - } - - public static enum DrinkType implements DrinkTypeInterface { - - COFFEE("Coffee"), TEA("Tea"); - private final String type; - - private DrinkType(final String type) { - this.type = type; - } - - public String getDisplayableType() { - return type; - } - } - - public static enum Drink implements DrinkTypeInterface { - - COLUMBIAN("Columbian Blend", DrinkType.COFFEE), - ETHIOPIAN("Ethiopian Blend", DrinkType.COFFEE), - MINT_TEA("Mint", DrinkType.TEA), - HERBAL_TEA("Herbal", DrinkType.TEA), - EARL_GREY("Earl Grey", DrinkType.TEA); - private final String label; - private final DrinkType type; - - private Drink(String label, DrinkType type) { - this.label = label; - this.type = type; - } - - public String getDisplayableType() { - return label; - } - } -} \ No newline at end of file + public interface DrinkTypeInterface { + + String getDisplayableType(); + } + + public static enum DrinkType implements DrinkTypeInterface { + COFFEE("Coffee"), + TEA("Tea"); + private final String type; + + private DrinkType(final String type) { + this.type = type; + } + + public String getDisplayableType() { + return type; + } + } + + public static enum Drink implements DrinkTypeInterface { + COLUMBIAN("Columbian Blend", DrinkType.COFFEE), + ETHIOPIAN("Ethiopian Blend", DrinkType.COFFEE), + MINT_TEA("Mint", DrinkType.TEA), + HERBAL_TEA("Herbal", DrinkType.TEA), + EARL_GREY("Earl Grey", DrinkType.TEA); + private final String label; + private final DrinkType type; + + private Drink(String label, DrinkType type) { + this.label = label; + this.type = type; + } + + public String getDisplayableType() { + return label; + } + } +} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/EnumTest.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/EnumTest.java index 5537cbfa7..fdac501c9 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/EnumTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/EnumTest.java @@ -19,4 +19,4 @@ */ package com.sap.psr.vulas.java.test; -public enum EnumTest { } +public enum EnumTest {} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/Generics.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/Generics.java index 908c2f53c..ddc21beae 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/Generics.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/Generics.java @@ -24,6 +24,7 @@ import java.util.Map; public class Generics { - public Generics(Map> _arg) {} - public void foo(String _string, Collection _arg, List> _list) {} + public Generics(Map> _arg) {} + + public void foo(String _string, Collection _arg, List> _list) {} } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/HelloWorldAnonymousClasses.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/HelloWorldAnonymousClasses.java index 036bed91f..b63db5ef2 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/HelloWorldAnonymousClasses.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/HelloWorldAnonymousClasses.java @@ -20,62 +20,69 @@ package com.sap.psr.vulas.java.test; public class HelloWorldAnonymousClasses { - - interface HelloWorld { - public void greet(); - public void greetSomeone(String someone); + + interface HelloWorld { + public void greet(); + + public void greetSomeone(String someone); + } + + public void sayHello() { + + class EnglishGreeting implements HelloWorld { + String name = "world"; + + public void greet() { + greetSomeone("world"); + } + + public void greetSomeone(String someone) { + name = someone; + System.out.println("Hello " + name); + } } - - public void sayHello() { - - class EnglishGreeting implements HelloWorld { - String name = "world"; - public void greet() { - greetSomeone("world"); - } - public void greetSomeone(String someone) { - name = someone; - System.out.println("Hello " + name); - } - } - - HelloWorld englishGreeting = new EnglishGreeting(); - - HelloWorld frenchGreeting = new HelloWorld() { - String name = "tout le monde"; - public void greet() { - greetSomeone("tout le monde"); - } - - public void greetSomeone(String someone) { - String nameChanged = someone; - System.out.println("Salut " + nameChanged); - } + + HelloWorld englishGreeting = new EnglishGreeting(); + + HelloWorld frenchGreeting = + new HelloWorld() { + String name = "tout le monde"; + + public void greet() { + greetSomeone("tout le monde"); + } + + public void greetSomeone(String someone) { + String nameChanged = someone; + System.out.println("Salut " + nameChanged); + } }; - - HelloWorld spanishGreeting = new HelloWorld() { - String name = "mundo"; - public void greet() { - greetSomeone("mundo"); - } - public void greetSomeone(String someone) { - name = someone; - System.out.println("Hola, " + name); - } - public void addedGreetSomeone(String someone) { - name = someone; - System.out.println("Hola, " + name); - } + + HelloWorld spanishGreeting = + new HelloWorld() { + String name = "mundo"; + + public void greet() { + greetSomeone("mundo"); + } + + public void greetSomeone(String someone) { + name = someone; + System.out.println("Hola, " + name); + } + + public void addedGreetSomeone(String someone) { + name = someone; + System.out.println("Hola, " + name); + } }; - englishGreeting.greet(); - frenchGreeting.greetSomeone("Fred"); - spanishGreeting.greet(); - } + englishGreeting.greet(); + frenchGreeting.greetSomeone("Fred"); + spanishGreeting.greet(); + } - public static void main(String... args) { - HelloWorldAnonymousClasses myApp = - new HelloWorldAnonymousClasses(); - myApp.sayHello(); - } - + public static void main(String... args) { + HelloWorldAnonymousClasses myApp = new HelloWorldAnonymousClasses(); + myApp.sayHello(); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/HttpRequestCompletionLog.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/HttpRequestCompletionLog.java index bafb89b42..7bb6e67e0 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/HttpRequestCompletionLog.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/HttpRequestCompletionLog.java @@ -25,159 +25,169 @@ */ public interface HttpRequestCompletionLog { - /* - * Use builder pattern for extensibility and to avoid complaints from Checkstyle (more than 7 params for a method or - * construct is frowned upon). - */ - class Builder { - - private final String destination; - private final String targetPath; - private long startTimeInMillis = -1L; - private long durationInMillis = -1L; - private long requestEntitySizeInBytes = -1L; - private long responseEntitySizeInBytes = -1L; - private int responseStatus = -1; - private String responseReasonPhrase; - private String responseContentType; - - public static Builder forTarget(final String destination, final String targetPath) { - return new Builder(destination, targetPath); - } - - public Builder(final String destination, final String targetPath) { - this.destination = destination; - this.targetPath = targetPath; - } - - public Builder withStartTimeInMillis(final long startTimeInMillis) { - this.startTimeInMillis = startTimeInMillis; - return this; - } - - public Builder withDurationInMillis(final long durationInMillis) { - this.durationInMillis = durationInMillis; - return this; - } - - public Builder withRequestEntitySizeInBytes(final long requestEntitySizeInBytes) { - this.requestEntitySizeInBytes = requestEntitySizeInBytes; - return this; - } - - public Builder withResponseEntitySizeInBytes(final long responseEntitySizeInBytes) { - this.responseEntitySizeInBytes = responseEntitySizeInBytes; - return this; - } - - public Builder withResponseStatus(final int responseStatus) { - this.responseStatus = responseStatus; - return this; - } - - public Builder withResponseReasonPhrase(final String responseReasonPhrase) { - this.responseReasonPhrase = responseReasonPhrase; - return this; - } - - public Builder withResponseContentType(final String responseContentType) { - this.responseContentType = responseContentType; - return this; - } - - public HttpRequestCompletionLog build() { - /* - * Avoid side-effects when reusing the builder, e.g., for tests - */ - final String destination = this.destination; - final String targetPath = this.targetPath; - final long startTimeInMillis = this.startTimeInMillis; - final long durationInMillis = this.durationInMillis; - final long requestEntitySizeInBytes = this.requestEntitySizeInBytes; - final long responseEntitySizeInBytes = this.responseEntitySizeInBytes; - final int responseStatus = this.responseStatus; - final String responseReasonPhrase = this.responseReasonPhrase; - final String responseContentType = this.responseContentType; - - return new HttpRequestCompletionLog() { - - @SuppressWarnings("nls") - @Override - public String toString() { - return "HttpRequestCompletionLog [destination=" + destination + ", targetPath=" + targetPath - + ", startTimeInMillis=" + startTimeInMillis + ", durationInMillis=" + durationInMillis - + ", requestEntitySizeInBytes=" + requestEntitySizeInBytes + ", responseEntitySizeInBytes=" - + responseEntitySizeInBytes + ", responseStatus=" + responseStatus - + ", responseReasonPhrase=" + responseReasonPhrase + ", responseContentType=" - + responseContentType + "]"; - } - - @Override - public String getDestination() { - return destination; - } - - @Override - public String getTargetPath() { - return targetPath; - } - - @Override - public long getStartTimeInMillis() { - return startTimeInMillis; - } - - @Override - public long getDurationInMillis() { - return durationInMillis; - } - - @Override - public long getRequestEntitySizeInBytes() { - return requestEntitySizeInBytes; - } - - @Override - public long getResponseEntitySizeInBytes() { - return responseEntitySizeInBytes; - } - - @Override - public int getResponseStatus() { - return responseStatus; - } - - @Override - public String getResponseReasonPhrase() { - return responseReasonPhrase; - } - - @Override - public String getResponseContentType() { - return responseContentType; - } - - }; - } - - } - - String getDestination(); - - String getTargetPath(); - - long getStartTimeInMillis(); - - long getDurationInMillis(); - - long getRequestEntitySizeInBytes(); - - long getResponseEntitySizeInBytes(); - - int getResponseStatus(); - - String getResponseReasonPhrase(); - - String getResponseContentType(); - -} \ No newline at end of file + /* + * Use builder pattern for extensibility and to avoid complaints from Checkstyle (more than 7 params for a method or + * construct is frowned upon). + */ + class Builder { + + private final String destination; + private final String targetPath; + private long startTimeInMillis = -1L; + private long durationInMillis = -1L; + private long requestEntitySizeInBytes = -1L; + private long responseEntitySizeInBytes = -1L; + private int responseStatus = -1; + private String responseReasonPhrase; + private String responseContentType; + + public static Builder forTarget(final String destination, final String targetPath) { + return new Builder(destination, targetPath); + } + + public Builder(final String destination, final String targetPath) { + this.destination = destination; + this.targetPath = targetPath; + } + + public Builder withStartTimeInMillis(final long startTimeInMillis) { + this.startTimeInMillis = startTimeInMillis; + return this; + } + + public Builder withDurationInMillis(final long durationInMillis) { + this.durationInMillis = durationInMillis; + return this; + } + + public Builder withRequestEntitySizeInBytes(final long requestEntitySizeInBytes) { + this.requestEntitySizeInBytes = requestEntitySizeInBytes; + return this; + } + + public Builder withResponseEntitySizeInBytes(final long responseEntitySizeInBytes) { + this.responseEntitySizeInBytes = responseEntitySizeInBytes; + return this; + } + + public Builder withResponseStatus(final int responseStatus) { + this.responseStatus = responseStatus; + return this; + } + + public Builder withResponseReasonPhrase(final String responseReasonPhrase) { + this.responseReasonPhrase = responseReasonPhrase; + return this; + } + + public Builder withResponseContentType(final String responseContentType) { + this.responseContentType = responseContentType; + return this; + } + + public HttpRequestCompletionLog build() { + /* + * Avoid side-effects when reusing the builder, e.g., for tests + */ + final String destination = this.destination; + final String targetPath = this.targetPath; + final long startTimeInMillis = this.startTimeInMillis; + final long durationInMillis = this.durationInMillis; + final long requestEntitySizeInBytes = this.requestEntitySizeInBytes; + final long responseEntitySizeInBytes = this.responseEntitySizeInBytes; + final int responseStatus = this.responseStatus; + final String responseReasonPhrase = this.responseReasonPhrase; + final String responseContentType = this.responseContentType; + + return new HttpRequestCompletionLog() { + + @SuppressWarnings("nls") + @Override + public String toString() { + return "HttpRequestCompletionLog [destination=" + + destination + + ", targetPath=" + + targetPath + + ", startTimeInMillis=" + + startTimeInMillis + + ", durationInMillis=" + + durationInMillis + + ", requestEntitySizeInBytes=" + + requestEntitySizeInBytes + + ", responseEntitySizeInBytes=" + + responseEntitySizeInBytes + + ", responseStatus=" + + responseStatus + + ", responseReasonPhrase=" + + responseReasonPhrase + + ", responseContentType=" + + responseContentType + + "]"; + } + + @Override + public String getDestination() { + return destination; + } + + @Override + public String getTargetPath() { + return targetPath; + } + + @Override + public long getStartTimeInMillis() { + return startTimeInMillis; + } + + @Override + public long getDurationInMillis() { + return durationInMillis; + } + + @Override + public long getRequestEntitySizeInBytes() { + return requestEntitySizeInBytes; + } + + @Override + public long getResponseEntitySizeInBytes() { + return responseEntitySizeInBytes; + } + + @Override + public int getResponseStatus() { + return responseStatus; + } + + @Override + public String getResponseReasonPhrase() { + return responseReasonPhrase; + } + + @Override + public String getResponseContentType() { + return responseContentType; + } + }; + } + } + + String getDestination(); + + String getTargetPath(); + + long getStartTimeInMillis(); + + long getDurationInMillis(); + + long getRequestEntitySizeInBytes(); + + long getResponseEntitySizeInBytes(); + + int getResponseStatus(); + + String getResponseReasonPhrase(); + + String getResponseContentType(); +} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarationMess2.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarationMess2.java index e18d9cc8a..1a167b3e6 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarationMess2.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarationMess2.java @@ -23,75 +23,83 @@ public class NestedDeclarationMess2 { - // Member interface - interface DoSomethingElse { - - // Member class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - - public void doSomethingElse(); - } - - // Member class (anon) - final DoSomethingElse doSomethingElse = new DoSomethingElse() { - public void doSomethingElse() {} - }; - - // Member class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - - public void doSomething() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doSomething() {} - }; - - // Named class - class DoThat { - - void doThat() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThis() {} - }; - } - } - } - - public enum Foo { - A, B; - void bar() { - // Named class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - } - }; + // Member interface + interface DoSomethingElse { + + // Member class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + + public void doSomethingElse(); + } + + // Member class (anon) + final DoSomethingElse doSomethingElse = + new DoSomethingElse() { + public void doSomethingElse() {} + }; + + // Member class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + + public void doSomething() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doSomething() {} + }; + + // Named class + class DoThat { + + void doThat() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThis() {} + }; + } + } + } + + public enum Foo { + A, + B; + + void bar() { + // Named class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + } + }; } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarations.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarations.java index 881fa3d8f..5066f95e9 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarations.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/NestedDeclarations.java @@ -21,77 +21,86 @@ import java.io.Serializable; -public class NestedDeclarations { // Do not change this class, the corresponding test case (testNestedDeclarationMess) refers to the line numbers!!!!!!!!!!!!!!! - - // Member interface - interface DoSomethingElse { - - // Member class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - - public void doSomethingElse(); - } - - // Member class (anon) - final DoSomethingElse doSomethingElse = new DoSomethingElse() { - public void doSomethingElse() {} - }; - - // Member class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - - public void doSomething() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doSomething() {} - }; - - // Named class - class DoThat { - - void doThat() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThis() {} - }; - } - } - } - - public enum Foo { - A, B; - void bar() { - // Named class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() {} - }; - } - } - } - }; +public class NestedDeclarations { // Do not change this class, the corresponding test case + // (testNestedDeclarationMess) refers to the line numbers!!!!!!!!!!!!!!! + + // Member interface + interface DoSomethingElse { + + // Member class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + + public void doSomethingElse(); + } + + // Member class (anon) + final DoSomethingElse doSomethingElse = + new DoSomethingElse() { + public void doSomethingElse() {} + }; + + // Member class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + + public void doSomething() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doSomething() {} + }; + + // Named class + class DoThat { + + void doThat() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThis() {} + }; + } + } + } + + public enum Foo { + A, + B; + + void bar() { + // Named class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + } + }; } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/OuterClass.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/OuterClass.java index 262af490e..5211a5f6c 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/OuterClass.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/OuterClass.java @@ -20,5 +20,5 @@ package com.sap.psr.vulas.java.test; public class OuterClass { - class InnerClass {} + class InnerClass {} } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAgainAnon.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAgainAnon.java index 79de9b6cb..50769562c 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAgainAnon.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAgainAnon.java @@ -23,69 +23,70 @@ public class TestAgainAnon { - // Member class - class Class_A { + // Member class + class Class_A { - void method_A() { + void method_A() { - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void method_B() { - } - }; - } + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void method_B() {} + }; + } - void method_C() { + void method_C() { - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void method_D() { - } - }; - } - } - - ////////////////////////////////// - + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void method_D() {} + }; + } + } - public void method_E() { + ////////////////////////////////// - int i = 0; + public void method_E() { - // // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void method_F() { - final Serializable anon1 = new Serializable() { - void method_G() { - return; - } - }; - final Serializable anon2 = new Serializable() { - void method_H() { - return; - } - }; - } - }; - // - // Named class - class Class_B { + int i = 0; - void method_L() { + // // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void method_F() { + final Serializable anon1 = + new Serializable() { + void method_G() { + return; + } + }; + final Serializable anon2 = + new Serializable() { + void method_H() { + return; + } + }; + } + }; + // + // Named class + class Class_B { - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void method_M() { - // Anon inside anon - final Serializable anon2 = new Serializable() { - void method_N() { - } - }; - } - }; - } - } + void method_L() { - } - -} \ No newline at end of file + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void method_M() { + // Anon inside anon + final Serializable anon2 = + new Serializable() { + void method_N() {} + }; + } + }; + } + } + } +} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAnon.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAnon.java index 24bdb638a..bedebfcc1 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAnon.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestAnon.java @@ -23,96 +23,98 @@ public class TestAnon { - // Member interface - interface Interface_A { - - // Member class - class Class_A { - - void Method_A() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void Method_B() { - } - }; - } - } - - public void Method_C(); - } - - // Member class (anon) - final Interface_A doSomethingElse = new Interface_A() { - public void Method_C() { - } - }; - - // Member class - class Class_B { - - void Method_E() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void Method_F() { - } - }; - } - } - - public void Method_G() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void Method_H() { - } - }; - - // Named class - class Class_C { - - void Method_L() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void Method_M() { - } - }; - } - } - } - - public void Method_H() { - // Named class - class Class_C { - - void Method_L() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void Method_M() { - } - }; - } - } - } - - public enum Foo { - A, B; - void bar() { - // Named class - class DoThis { - - void doThis() { - - // Anonymous class (as method variable) - final Serializable anon = new Serializable() { - void doThat() { - } - }; - } - } - } - }; + // Member interface + interface Interface_A { + + // Member class + class Class_A { + + void Method_A() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void Method_B() {} + }; + } + } + + public void Method_C(); + } + + // Member class (anon) + final Interface_A doSomethingElse = + new Interface_A() { + public void Method_C() {} + }; + + // Member class + class Class_B { + + void Method_E() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void Method_F() {} + }; + } + } + + public void Method_G() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void Method_H() {} + }; + + // Named class + class Class_C { + + void Method_L() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void Method_M() {} + }; + } + } + } + + public void Method_H() { + // Named class + class Class_C { + + void Method_L() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void Method_M() {} + }; + } + } + } + + public enum Foo { + A, + B; + + void bar() { + // Named class + class DoThis { + + void doThis() { + + // Anonymous class (as method variable) + final Serializable anon = + new Serializable() { + void doThat() {} + }; + } + } + } + }; } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestClass$NoNestedClass.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestClass$NoNestedClass.java index 00b5e7a98..a47ab726e 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestClass$NoNestedClass.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestClass$NoNestedClass.java @@ -19,6 +19,4 @@ */ package com.sap.psr.vulas.java.test; -public class TestClass$NoNestedClass { - -} +public class TestClass$NoNestedClass {} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestInterface.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestInterface.java index 9db087fed..49492e2a0 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestInterface.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/TestInterface.java @@ -19,6 +19,4 @@ */ package com.sap.psr.vulas.java.test; -public interface TestInterface { - -} +public interface TestInterface {} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/java/test/Vanilla.java b/lang-java/src/test/java/com/sap/psr/vulas/java/test/Vanilla.java index f2994e3e8..e82cf0c0e 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/java/test/Vanilla.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/java/test/Vanilla.java @@ -22,19 +22,19 @@ import com.sap.psr.vulas.monitor.ClassVisitorTest; public class Vanilla { - public Vanilla(String _string) { - for(int i=0; i<2; i++) {} - } - - public void foo(String _string) { - for(int i=0; i<2; i++) {} - } - - /** - * Flagged as vulnerable in {@link ClassVisitorTest#testVisitMethodsInstr}. - * @param _string - */ - public void vuln(String _string) { - for(int i=0; i<2; i++) {} - } + public Vanilla(String _string) { + for (int i = 0; i < 2; i++) {} + } + + public void foo(String _string) { + for (int i = 0; i < 2; i++) {} + } + + /** + * Flagged as vulnerable in {@link ClassVisitorTest#testVisitMethodsInstr}. + * @param _string + */ + public void vuln(String _string) { + for (int i = 0; i < 2; i++) {} + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/monitor/AbstractGoalTest.java b/lang-java/src/test/java/com/sap/psr/vulas/monitor/AbstractGoalTest.java index f8c631ab5..9d5febad1 100755 --- a/lang-java/src/test/java/com/sap/psr/vulas/monitor/AbstractGoalTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/monitor/AbstractGoalTest.java @@ -34,66 +34,69 @@ public class AbstractGoalTest { - protected StubServer server; - - protected Tenant testTenant; - protected Space testSpace; - protected Application testApp; - - @Before - public void start() { - server = new StubServer().run(); - RestAssured.port = server.getPort(); - - testTenant = this.buildTestTenant(); - testSpace = this.buildTestSpace(); - testApp = this.buildTestApplication(); - - // App context - System.setProperty(CoreConfiguration.APP_CTX_GROUP, testApp.getMvnGroup()); - System.setProperty(CoreConfiguration.APP_CTX_ARTIF, testApp.getArtifact()); - System.setProperty(CoreConfiguration.APP_CTX_VERSI, testApp.getVersion()); - - // Identify app code - System.setProperty(CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.READ_WRITE.toString()); - - // Identify app code - System.setProperty(CoreConfiguration.APP_PREFIXES, "com.acme"); - } - - @After - public void stop() { - server.stop(); - System.clearProperty(CoreConfiguration.APP_CTX_GROUP); - System.clearProperty(CoreConfiguration.APP_CTX_ARTIF); - System.clearProperty(CoreConfiguration.APP_CTX_VERSI); - System.clearProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND)); - - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_GROUP, null, null, false); - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_ARTIF, null, null, false); - VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_VERSI, null, null, false); - VulasConfiguration.getGlobal().setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), null, null, false); - } - - protected Tenant buildTestTenant() { - final String rnd = StringUtil.getRandonString(6); - return new Tenant("tenant-token-" + rnd, "tenant-name-" + rnd); - } - - protected Space buildTestSpace() { - final String rnd = StringUtil.getRandonString(6); - return new Space("space-token-" + rnd, "space-name-" + rnd, "space-description"); - } - - protected Application buildTestApplication() { - final String rnd = StringUtil.getRandonString(6); - return new Application("app-group-" + rnd, "app-artifact-" + rnd, "app-version"); - } - - protected void configureBackendServiceUrl(StubServer _ss) { - final StringBuffer b = new StringBuffer(); - b.append("http://localhost:").append(_ss.getPort()).append("/backend"); - VulasConfiguration.getGlobal().setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), b.toString()); - System.setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), b.toString()); - } + protected StubServer server; + + protected Tenant testTenant; + protected Space testSpace; + protected Application testApp; + + @Before + public void start() { + server = new StubServer().run(); + RestAssured.port = server.getPort(); + + testTenant = this.buildTestTenant(); + testSpace = this.buildTestSpace(); + testApp = this.buildTestApplication(); + + // App context + System.setProperty(CoreConfiguration.APP_CTX_GROUP, testApp.getMvnGroup()); + System.setProperty(CoreConfiguration.APP_CTX_ARTIF, testApp.getArtifact()); + System.setProperty(CoreConfiguration.APP_CTX_VERSI, testApp.getVersion()); + + // Identify app code + System.setProperty( + CoreConfiguration.BACKEND_CONNECT, CoreConfiguration.ConnectType.READ_WRITE.toString()); + + // Identify app code + System.setProperty(CoreConfiguration.APP_PREFIXES, "com.acme"); + } + + @After + public void stop() { + server.stop(); + System.clearProperty(CoreConfiguration.APP_CTX_GROUP); + System.clearProperty(CoreConfiguration.APP_CTX_ARTIF); + System.clearProperty(CoreConfiguration.APP_CTX_VERSI); + System.clearProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND)); + + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_GROUP, null, null, false); + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_ARTIF, null, null, false); + VulasConfiguration.getGlobal().setProperty(CoreConfiguration.APP_CTX_VERSI, null, null, false); + VulasConfiguration.getGlobal() + .setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), null, null, false); + } + + protected Tenant buildTestTenant() { + final String rnd = StringUtil.getRandonString(6); + return new Tenant("tenant-token-" + rnd, "tenant-name-" + rnd); + } + + protected Space buildTestSpace() { + final String rnd = StringUtil.getRandonString(6); + return new Space("space-token-" + rnd, "space-name-" + rnd, "space-description"); + } + + protected Application buildTestApplication() { + final String rnd = StringUtil.getRandonString(6); + return new Application("app-group-" + rnd, "app-artifact-" + rnd, "app-version"); + } + + protected void configureBackendServiceUrl(StubServer _ss) { + final StringBuffer b = new StringBuffer(); + b.append("http://localhost:").append(_ss.getPort()).append("/backend"); + VulasConfiguration.getGlobal() + .setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), b.toString()); + System.setProperty(VulasConfiguration.getServiceUrlKey(Service.BACKEND), b.toString()); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/monitor/ClassVisitorTest.java b/lang-java/src/test/java/com/sap/psr/vulas/monitor/ClassVisitorTest.java index 2394cbd71..923cf36f5 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/monitor/ClassVisitorTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/monitor/ClassVisitorTest.java @@ -19,7 +19,6 @@ */ package com.sap.psr.vulas.monitor; -import static com.xebialabs.restito.builder.verify.VerifyHttp.verifyHttp; import static com.xebialabs.restito.builder.stub.StubHttp.whenHttp; import static com.xebialabs.restito.semantics.Action.charset; import static com.xebialabs.restito.semantics.Action.contentType; @@ -60,151 +59,177 @@ public class ClassVisitorTest extends AbstractGoalTest { - /** - * Calls performed by the instrumentators used in {@link #testVisitMethodsInstr()}. - */ - private void setupMockServices(Application _a) throws IOException { - // GET app constructs - whenHttp(server). - match(get("/backend" + PathBuilder.appConstructIds(_a))). - then( - stringContent(FileUtil.readFile("./src/test/resources/constructIds.json")), - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.OK_200)); - - // GET app bugs - whenHttp(server). - match(get("/backend" + PathBuilder.appBugs(_a))). - then( - stringContent(FileUtil.readFile("./src/test/resources/bugs.json")), - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.OK_200)); - - // OPTIONS app - whenHttp(server). - match(composite(method(Method.OPTIONS), uri("/backend" + PathBuilder.app(_a)))). - then( - contentType("application/json"), - charset("UTF-8"), - status(HttpStatus.OK_200)); - } - - /** - * Test class required for {@link ClassVisitorTest#testNonStaticInnerClassConstructor()}. - */ - private class NonStaticInner { - NonStaticInner(Map _arg) {} - }; - - @Test - public void testPrettyPrint() { - final String src = "try {if(!VUL_TRC_XGETALIGNMENT_635905){Class vul_cls = null;if(vul_cls==null) { try { vul_cls=$0.getClass(); } catch(Exception e) {} }if(vul_cls==null) { try { vul_cls=java.lang.invoke.MethodHandles.lookup().lookupClass(); } catch(Exception e) {} }if(vul_cls==null) { try { vul_cls=$class; } catch(Exception e) {} }final ClassLoader vul_cls_ldr=vul_cls.getClassLoader();java.net.URL vul_cls_res = null;if(vul_cls_ldr!=null)vul_cls_res=vul_cls_ldr.getResource(vul_cls.getName().replace('.', '/') + \".class\");java.util.Map params = new java.util.HashMap();params.put(\"junit\", \"false\");params.put(\"counter\", new Integer(1));VUL_TRC_XGETALIGNMENT_635905=com.sap.psr.vulas.monitor.trace.TraceCollector.callback(\"METHOD\",\"org.openxmlformats.schemas.wordprocessingml.x2006.main.impl.CTPTabImpl.xgetAlignment()\",vul_cls_ldr,vul_cls_res,\"BF0D37E25A643FD4527731790F174BE26AB74A07\",\"com.acme\",\"vulas-testapp\",\"2.1.0-SNAPSHOT\",params);}} catch(Throwable e) { System.err.println(e.getClass().getName() + \" occured during execution of instrumentation code in JAVA METH [org.openxmlformats.schemas.wordprocessingml.x2006.main.impl.CTPTabImpl.xgetAlignment()]: \" + e.getMessage()); }"; - final String pretty = ClassVisitor.prettyPrint(src); - } - - @Test - public void testVisitMethodsInstr() { - try { - // Mock REST services - this.configureBackendServiceUrl(server); - this.setupMockServices(this.testApp); - - // The instrumentors to be used - System.setProperty(CoreConfiguration.INSTR_CHOOSEN_INSTR, "com.sap.psr.vulas.monitor.trace.SingleStackTraceInstrumentor,com.sap.psr.vulas.monitor.touch.TouchPointInstrumentor"); - - // Set before static block in ClassVisitor - System.setProperty(CoreConfiguration.INSTR_WRITE_CODE, "true"); - - // Test field annotations - System.setProperty(CoreConfiguration.INSTR_FLD_ANNOS, "javax.persistence.Transient, com.fasterxml.jackson.annotation.JsonIgnore"); - - // Directory with instr code - System.setProperty(VulasConfiguration.TMP_DIR, "./target/tmp"); - - // The test class - final JavaClassId cid = JavaId.parseClassQName("com.sap.psr.vulas.java.test.Vanilla"); - - // Get a CtClass and identify its constructors - final ClassPool cp = ClassPool.getDefault(); - final CtClass ctclass = cp.get(cid.getQualifiedName()); - final ClassVisitor cv = new ClassVisitor(ctclass); - - // Instrument the methods - final Set methods = cv.visitMethods(true); - - // Check that the methods have been instrumented - final Path tmp = VulasConfiguration.getGlobal().getTmpDir(); - final Path p1 = Paths.get("./target/tmp/com/sap/psr/vulas/java/test/Vanilla.foo(String).java"); - final Path p2 = Paths.get("./target/tmp/com/sap/psr/vulas/java/test/Vanilla.vuln(String).java"); - System.out.println("Expecting files [" + p1 + "] and [" + p2 + "]"); - assertTrue(FileUtil.isAccessibleFile(p1)); - assertTrue(FileUtil.isAccessibleFile(p2)); - - // Write class - cv.finalizeInstrumentation(); - new File("./target/tmp/com/sap/psr/vulas/java/test").mkdirs(); - final File vanilla_class_file = new File("./target/tmp/com/sap/psr/vulas/java/test/Vanilla.class"); - FileUtil.writeToFile(vanilla_class_file, cv.getBytecode()); - assertTrue(FileUtil.isAccessibleFile(vanilla_class_file.toPath())); - - // Check the HTTP calls made - /*verifyHttp(server).times(1, - method(Method.GET), - uri("/backend" + PathBuilder.appBugs(this.testApp))); - verifyHttp(server).times(1, - method(Method.GET), - uri("/backend" + PathBuilder.appConstructIds(this.testApp))); - verifyHttp(server).times(1, - method(Method.OPTIONS), - uri("/backend" + PathBuilder.app(this.testApp)));*/ - } catch (NotFoundException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } catch (CannotCompileException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } catch (Exception e) { - System.err.println(e.getMessage()); - assertTrue(false); - } - } - - /** - * Test the handling of (1) the first constructor of non-static inner classes, (2) the handling of generics as method parameters. - */ - @Test - public void testNonStaticInnerClassConstructor () { - try { - // The test class - final JavaClassId cid = JavaId.parseClassQName("com.sap.psr.vulas.monitor.ClassVisitorTest$NonStaticInner"); - - // Get a CtClass and identify its constructors - final ClassPool cp = ClassPool.getDefault(); - final CtClass ctclass = cp.get(cid.getQualifiedName()); - final ClassVisitor cv = new ClassVisitor(ctclass); - final Set constructors = cv.visitConstructors(false); - - // Expected result (no first parameter of type outer class, no diamond for type parameters) - final JavaConstructorId expected = JavaId.parseConstructorQName("com.sap.psr.vulas.monitor.ClassVisitorTest$NonStaticInner(Map)"); - - // Check that certain constructs have been found - assertEquals(expected, constructors.iterator().next()); - } catch (NotFoundException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } catch (CannotCompileException e) { - System.err.println(e.getMessage()); - assertTrue(false); - } - } - - @Test - public void testFixQName() { - assertTrue(ClassVisitor.removeParameterQualification("a.b.c.Class()").equals("a.b.c.Class()")); - assertTrue(ClassVisitor.removeParameterQualification("a.b.c.Class(int)").equals("a.b.c.Class(int)")); - assertTrue(ClassVisitor.removeParameterQualification("a.b.c.Class(int,a.b.C)").equals("a.b.c.Class(int,C)")); - assertTrue(ClassVisitor.removeParameterQualification("a.b.c.Class(int,C,boolean,a.b.c.ddd.Test)").equals("a.b.c.Class(int,C,boolean,Test)")); - } + /** + * Calls performed by the instrumentators used in {@link #testVisitMethodsInstr()}. + */ + private void setupMockServices(Application _a) throws IOException { + // GET app constructs + whenHttp(server) + .match(get("/backend" + PathBuilder.appConstructIds(_a))) + .then( + stringContent(FileUtil.readFile("./src/test/resources/constructIds.json")), + contentType("application/json"), + charset("UTF-8"), + status(HttpStatus.OK_200)); + + // GET app bugs + whenHttp(server) + .match(get("/backend" + PathBuilder.appBugs(_a))) + .then( + stringContent(FileUtil.readFile("./src/test/resources/bugs.json")), + contentType("application/json"), + charset("UTF-8"), + status(HttpStatus.OK_200)); + + // OPTIONS app + whenHttp(server) + .match(composite(method(Method.OPTIONS), uri("/backend" + PathBuilder.app(_a)))) + .then(contentType("application/json"), charset("UTF-8"), status(HttpStatus.OK_200)); + } + + /** + * Test class required for {@link ClassVisitorTest#testNonStaticInnerClassConstructor()}. + */ + private class NonStaticInner { + NonStaticInner(Map _arg) {} + } + ; + + @Test + public void testPrettyPrint() { + final String src = + "try {if(!VUL_TRC_XGETALIGNMENT_635905){Class vul_cls = null;if(vul_cls==null) { try {" + + " vul_cls=$0.getClass(); } catch(Exception e) {} }if(vul_cls==null) { try {" + + " vul_cls=java.lang.invoke.MethodHandles.lookup().lookupClass(); } catch(Exception" + + " e) {} }if(vul_cls==null) { try { vul_cls=$class; } catch(Exception e) {} }final" + + " ClassLoader vul_cls_ldr=vul_cls.getClassLoader();java.net.URL vul_cls_res =" + + " null;if(vul_cls_ldr!=null)vul_cls_res=vul_cls_ldr.getResource(vul_cls.getName().replace('.'," + + " '/') + \".class\");java.util.Map params = new" + + " java.util.HashMap();params.put(\"junit\", \"false\");params.put(\"counter\", new" + + " Integer(1));VUL_TRC_XGETALIGNMENT_635905=com.sap.psr.vulas.monitor.trace.TraceCollector.callback(\"METHOD\",\"org.openxmlformats.schemas.wordprocessingml.x2006.main.impl.CTPTabImpl.xgetAlignment()\",vul_cls_ldr,vul_cls_res,\"BF0D37E25A643FD4527731790F174BE26AB74A07\",\"com.acme\",\"vulas-testapp\",\"2.1.0-SNAPSHOT\",params);}}" + + " catch(Throwable e) { System.err.println(e.getClass().getName() + \" occured during" + + " execution of instrumentation code in JAVA METH" + + " [org.openxmlformats.schemas.wordprocessingml.x2006.main.impl.CTPTabImpl.xgetAlignment()]:" + + " \" + e.getMessage()); }"; + final String pretty = ClassVisitor.prettyPrint(src); + } + + @Test + public void testVisitMethodsInstr() { + try { + // Mock REST services + this.configureBackendServiceUrl(server); + this.setupMockServices(this.testApp); + + // The instrumentors to be used + System.setProperty( + CoreConfiguration.INSTR_CHOOSEN_INSTR, + "com.sap.psr.vulas.monitor.trace.SingleStackTraceInstrumentor,com.sap.psr.vulas.monitor.touch.TouchPointInstrumentor"); + + // Set before static block in ClassVisitor + System.setProperty(CoreConfiguration.INSTR_WRITE_CODE, "true"); + + // Test field annotations + System.setProperty( + CoreConfiguration.INSTR_FLD_ANNOS, + "javax.persistence.Transient, com.fasterxml.jackson.annotation.JsonIgnore"); + + // Directory with instr code + System.setProperty(VulasConfiguration.TMP_DIR, "./target/tmp"); + + // The test class + final JavaClassId cid = JavaId.parseClassQName("com.sap.psr.vulas.java.test.Vanilla"); + + // Get a CtClass and identify its constructors + final ClassPool cp = ClassPool.getDefault(); + final CtClass ctclass = cp.get(cid.getQualifiedName()); + final ClassVisitor cv = new ClassVisitor(ctclass); + + // Instrument the methods + final Set methods = cv.visitMethods(true); + + // Check that the methods have been instrumented + final Path tmp = VulasConfiguration.getGlobal().getTmpDir(); + final Path p1 = + Paths.get("./target/tmp/com/sap/psr/vulas/java/test/Vanilla.foo(String).java"); + final Path p2 = + Paths.get("./target/tmp/com/sap/psr/vulas/java/test/Vanilla.vuln(String).java"); + System.out.println("Expecting files [" + p1 + "] and [" + p2 + "]"); + assertTrue(FileUtil.isAccessibleFile(p1)); + assertTrue(FileUtil.isAccessibleFile(p2)); + + // Write class + cv.finalizeInstrumentation(); + new File("./target/tmp/com/sap/psr/vulas/java/test").mkdirs(); + final File vanilla_class_file = + new File("./target/tmp/com/sap/psr/vulas/java/test/Vanilla.class"); + FileUtil.writeToFile(vanilla_class_file, cv.getBytecode()); + assertTrue(FileUtil.isAccessibleFile(vanilla_class_file.toPath())); + + // Check the HTTP calls made + /*verifyHttp(server).times(1, + method(Method.GET), + uri("/backend" + PathBuilder.appBugs(this.testApp))); + verifyHttp(server).times(1, + method(Method.GET), + uri("/backend" + PathBuilder.appConstructIds(this.testApp))); + verifyHttp(server).times(1, + method(Method.OPTIONS), + uri("/backend" + PathBuilder.app(this.testApp)));*/ + } catch (NotFoundException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } catch (CannotCompileException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } catch (Exception e) { + System.err.println(e.getMessage()); + assertTrue(false); + } + } + + /** + * Test the handling of (1) the first constructor of non-static inner classes, (2) the handling of generics as method parameters. + */ + @Test + public void testNonStaticInnerClassConstructor() { + try { + // The test class + final JavaClassId cid = + JavaId.parseClassQName("com.sap.psr.vulas.monitor.ClassVisitorTest$NonStaticInner"); + + // Get a CtClass and identify its constructors + final ClassPool cp = ClassPool.getDefault(); + final CtClass ctclass = cp.get(cid.getQualifiedName()); + final ClassVisitor cv = new ClassVisitor(ctclass); + final Set constructors = cv.visitConstructors(false); + + // Expected result (no first parameter of type outer class, no diamond for type parameters) + final JavaConstructorId expected = + JavaId.parseConstructorQName( + "com.sap.psr.vulas.monitor.ClassVisitorTest$NonStaticInner(Map)"); + + // Check that certain constructs have been found + assertEquals(expected, constructors.iterator().next()); + } catch (NotFoundException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } catch (CannotCompileException e) { + System.err.println(e.getMessage()); + assertTrue(false); + } + } + + @Test + public void testFixQName() { + assertTrue(ClassVisitor.removeParameterQualification("a.b.c.Class()").equals("a.b.c.Class()")); + assertTrue( + ClassVisitor.removeParameterQualification("a.b.c.Class(int)").equals("a.b.c.Class(int)")); + assertTrue( + ClassVisitor.removeParameterQualification("a.b.c.Class(int,a.b.C)") + .equals("a.b.c.Class(int,C)")); + assertTrue( + ClassVisitor.removeParameterQualification("a.b.c.Class(int,C,boolean,a.b.c.ddd.Test)") + .equals("a.b.c.Class(int,C,boolean,Test)")); + } } diff --git a/lang-java/src/test/java/com/sap/psr/vulas/monitor/ConstructTransformerTest.java b/lang-java/src/test/java/com/sap/psr/vulas/monitor/ConstructTransformerTest.java index 730ed3b0c..f3e31d499 100644 --- a/lang-java/src/test/java/com/sap/psr/vulas/monitor/ConstructTransformerTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/monitor/ConstructTransformerTest.java @@ -29,33 +29,33 @@ import com.sap.psr.vulas.monitor.trace.StackTraceUtil; public class ConstructTransformerTest { - - @Test - public void testLoaderHierarchy() { - final LoaderHierarchy h = new LoaderHierarchy(); - final Loader l = h.add(this.getClass().getClassLoader()); - assertEquals(l.isLeaf(), true); - assertEquals(l.isRoot(), false); - } - - /** - * This method overloads the other method having the same name, which allows testing whether StackTraceUtil can successfully identify the right method based on line numbers. - * @param _i - */ - public Throwable stacktraceTest(int _i) { - return new Throwable(); - } - - @Test - public void stacktraceTest() { - StackTraceUtil util = new StackTraceUtil(); - - util.setStopAtJUnit(true); - List path = util.transformStackTrace(this.stacktraceTest(1).getStackTrace(), null); - assertEquals(true, path.size()==2); - - util.setStopAtJUnit(false); - path = util.transformStackTrace(this.stacktraceTest(1).getStackTrace(), null); - assertEquals(true, path.size()>1); - } -} \ No newline at end of file + + @Test + public void testLoaderHierarchy() { + final LoaderHierarchy h = new LoaderHierarchy(); + final Loader l = h.add(this.getClass().getClassLoader()); + assertEquals(l.isLeaf(), true); + assertEquals(l.isRoot(), false); + } + + /** + * This method overloads the other method having the same name, which allows testing whether StackTraceUtil can successfully identify the right method based on line numbers. + * @param _i + */ + public Throwable stacktraceTest(int _i) { + return new Throwable(); + } + + @Test + public void stacktraceTest() { + StackTraceUtil util = new StackTraceUtil(); + + util.setStopAtJUnit(true); + List path = util.transformStackTrace(this.stacktraceTest(1).getStackTrace(), null); + assertEquals(true, path.size() == 2); + + util.setStopAtJUnit(false); + path = util.transformStackTrace(this.stacktraceTest(1).getStackTrace(), null); + assertEquals(true, path.size() > 1); + } +} diff --git a/lang-java/src/test/java/com/sap/psr/vulas/sign/SignatureFactoryTest.java b/lang-java/src/test/java/com/sap/psr/vulas/sign/SignatureFactoryTest.java index 580a06057..9945572f4 100755 --- a/lang-java/src/test/java/com/sap/psr/vulas/sign/SignatureFactoryTest.java +++ b/lang-java/src/test/java/com/sap/psr/vulas/sign/SignatureFactoryTest.java @@ -31,13 +31,19 @@ import com.sap.psr.vulas.shared.enums.ProgrammingLanguage; import com.sap.psr.vulas.shared.json.model.ConstructId; - public class SignatureFactoryTest { - @Test - public void createSignature() throws Exception { - final SignatureFactory f = new JavaSignatureFactory(); - final ASTConstructBodySignature s = (ASTConstructBodySignature) f.createSignature(new ConstructId(ProgrammingLanguage.JAVA, ConstructType.METH, "org.foo.Filter.doFilter(Boolean,String,String)"), new File("./src/test/resources/Filter.java")); - assertTrue(s.toJson().length()>0); - } -} \ No newline at end of file + @Test + public void createSignature() throws Exception { + final SignatureFactory f = new JavaSignatureFactory(); + final ASTConstructBodySignature s = + (ASTConstructBodySignature) + f.createSignature( + new ConstructId( + ProgrammingLanguage.JAVA, + ConstructType.METH, + "org.foo.Filter.doFilter(Boolean,String,String)"), + new File("./src/test/resources/Filter.java")); + assertTrue(s.toJson().length() > 0); + } +} diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapper.java b/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapper.java index e016f9f68..e5de9a30a 100755 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapper.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapper.java @@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.shared.util.StringUtil; @@ -38,173 +37,178 @@ * */ public class ProcessWrapper implements Runnable { - - private static Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - private static final Pattern ALLOWED = Pattern.compile("[\\.\\-\\w=]+"); - - private String id = null; - - private Path exe = null; - - private String[] args = null; - - private Path outPath = null; - - private Path outFile = null; - - private Path errFile; - - private int exitCode = -1; - - /** - *

Constructor for ProcessWrapper.

- */ - public ProcessWrapper() { - this.id = StringUtil.getRandonString(10); - } - - /** - *

Constructor for ProcessWrapper.

- * - * @param _id a {@link java.lang.String} object. - */ - public ProcessWrapper(String _id) { - this.id = _id; - } - - /** - *

Getter for the field id.

- * - * @return a {@link java.lang.String} object. - */ - public String getId() { return this.id; } - - /** - *

setCommand.

- * - * @param _executable a {@link java.nio.file.Path} object. - * @param _args a {@link java.lang.String} object. - * @return a {@link com.sap.psr.vulas.python.ProcessWrapper} object. - * @throws com.sap.psr.vulas.python.ProcessWrapperException if any. - */ - public ProcessWrapper setCommand(Path _executable, String... _args) throws ProcessWrapperException { - //if(_executable==null || FileUtil.isAccessibleFile(_executable)) - // throw new ProcessWrapperException("Illegal executable [" + _executable + "]"); - - for(int i=0; i<_args.length; i++) { - final Matcher m = ALLOWED.matcher(_args[i]); - if(!m.matches() && !FileUtil.isAccessibleFile(_args[i]) && !FileUtil.isAccessibleDirectory(_args[i])) - throw new ProcessWrapperException("Illegal characters in argument [" + i + "], allowed are: a-zA-Z_0-9-.="); - } - - this.exe = _executable; - this.args = _args; - return this; - } - - /** - *

setPath.

- * - * @param _p a {@link java.nio.file.Path} object. - * @return a {@link com.sap.psr.vulas.python.ProcessWrapper} object. - */ - public ProcessWrapper setPath(Path _p) { - this.outPath = _p; - return this; - } - - /** {@inheritDoc} */ - @Override - public void run() { - String name = null; - if(FileUtil.isAccessibleFile(this.exe)) - name = this.exe.getFileName().toString(); - else if(this.exe.toString().indexOf(System.getProperty("file.separator"))!=-1) - name = this.exe.toString().substring(this.exe.toString().lastIndexOf(System.getProperty("file.separator"))+1); - else - name = this.exe.toString(); - final String rnd = StringUtil.getRandonString(6); - final String out_name = name + "-" + this.getId() + "-" + rnd + "-out.txt"; - final String err_name = name + "-" + this.getId() + "-" + rnd + "-err.txt"; - - // Create temp. directory for out and err streams - this.outFile = Paths.get(this.outPath.toString(), out_name); - this.errFile = Paths.get(this.outPath.toString(), err_name); - - try { - final ArrayList cmd = new ArrayList(); - cmd.add(this.exe.toString()); - cmd.addAll(Arrays.asList(this.args)); - final ProcessBuilder pb = new ProcessBuilder(cmd); - - // Redirect out and err - pb.redirectOutput(this.outFile.toFile()); - pb.redirectError(this.errFile.toFile()); - - // Start and wait - final Process process = pb.start(); - this.exitCode = process.waitFor(); - - if(this.exitCode!=0) { - final String error_msg = FileUtil.readFile(this.errFile); - log.error("Error running [" + this.getCommand() + "]: " + error_msg); - } - - } - catch(IOException ioe) { - log.error("Error running [" + this.getCommand() + "]: " + ioe.getMessage()); - } - catch(InterruptedException ie) { - log.error("Error running [" + this.getCommand() + "]: " + ie.getMessage()); - } - } - - /** - *

Getter for the field outFile.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getOutFile() { - return outFile; - } - - /** - *

Getter for the field errFile.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getErrFile() { - return errFile; - } - - /** - *

Getter for the field exitCode.

- * - * @return a int. - */ - public int getExitCode() { - return exitCode; - } - - /** - *

terminatedWithSuccess.

- * - * @return a boolean. - */ - public boolean terminatedWithSuccess() { - return this.exitCode==0; - } - - /** - *

getCommand.

- * - * @return a {@link java.lang.String} object. - */ - public String getCommand() { - final ArrayList cmd = new ArrayList(); - cmd.add(this.exe.toString()); - cmd.addAll(Arrays.asList(this.args)); - return StringUtil.join(cmd, " "); - } + + private static Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private static final Pattern ALLOWED = Pattern.compile("[\\.\\-\\w=]+"); + + private String id = null; + + private Path exe = null; + + private String[] args = null; + + private Path outPath = null; + + private Path outFile = null; + + private Path errFile; + + private int exitCode = -1; + + /** + *

Constructor for ProcessWrapper.

+ */ + public ProcessWrapper() { + this.id = StringUtil.getRandonString(10); + } + + /** + *

Constructor for ProcessWrapper.

+ * + * @param _id a {@link java.lang.String} object. + */ + public ProcessWrapper(String _id) { + this.id = _id; + } + + /** + *

Getter for the field id.

+ * + * @return a {@link java.lang.String} object. + */ + public String getId() { + return this.id; + } + + /** + *

setCommand.

+ * + * @param _executable a {@link java.nio.file.Path} object. + * @param _args a {@link java.lang.String} object. + * @return a {@link com.sap.psr.vulas.python.ProcessWrapper} object. + * @throws com.sap.psr.vulas.python.ProcessWrapperException if any. + */ + public ProcessWrapper setCommand(Path _executable, String... _args) + throws ProcessWrapperException { + // if(_executable==null || FileUtil.isAccessibleFile(_executable)) + // throw new ProcessWrapperException("Illegal executable [" + _executable + "]"); + + for (int i = 0; i < _args.length; i++) { + final Matcher m = ALLOWED.matcher(_args[i]); + if (!m.matches() + && !FileUtil.isAccessibleFile(_args[i]) + && !FileUtil.isAccessibleDirectory(_args[i])) + throw new ProcessWrapperException( + "Illegal characters in argument [" + i + "], allowed are: a-zA-Z_0-9-.="); + } + + this.exe = _executable; + this.args = _args; + return this; + } + + /** + *

setPath.

+ * + * @param _p a {@link java.nio.file.Path} object. + * @return a {@link com.sap.psr.vulas.python.ProcessWrapper} object. + */ + public ProcessWrapper setPath(Path _p) { + this.outPath = _p; + return this; + } + + /** {@inheritDoc} */ + @Override + public void run() { + String name = null; + if (FileUtil.isAccessibleFile(this.exe)) name = this.exe.getFileName().toString(); + else if (this.exe.toString().indexOf(System.getProperty("file.separator")) != -1) + name = + this.exe + .toString() + .substring(this.exe.toString().lastIndexOf(System.getProperty("file.separator")) + 1); + else name = this.exe.toString(); + final String rnd = StringUtil.getRandonString(6); + final String out_name = name + "-" + this.getId() + "-" + rnd + "-out.txt"; + final String err_name = name + "-" + this.getId() + "-" + rnd + "-err.txt"; + + // Create temp. directory for out and err streams + this.outFile = Paths.get(this.outPath.toString(), out_name); + this.errFile = Paths.get(this.outPath.toString(), err_name); + + try { + final ArrayList cmd = new ArrayList(); + cmd.add(this.exe.toString()); + cmd.addAll(Arrays.asList(this.args)); + final ProcessBuilder pb = new ProcessBuilder(cmd); + + // Redirect out and err + pb.redirectOutput(this.outFile.toFile()); + pb.redirectError(this.errFile.toFile()); + + // Start and wait + final Process process = pb.start(); + this.exitCode = process.waitFor(); + + if (this.exitCode != 0) { + final String error_msg = FileUtil.readFile(this.errFile); + log.error("Error running [" + this.getCommand() + "]: " + error_msg); + } + + } catch (IOException ioe) { + log.error("Error running [" + this.getCommand() + "]: " + ioe.getMessage()); + } catch (InterruptedException ie) { + log.error("Error running [" + this.getCommand() + "]: " + ie.getMessage()); + } + } + + /** + *

Getter for the field outFile.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getOutFile() { + return outFile; + } + + /** + *

Getter for the field errFile.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getErrFile() { + return errFile; + } + + /** + *

Getter for the field exitCode.

+ * + * @return a int. + */ + public int getExitCode() { + return exitCode; + } + + /** + *

terminatedWithSuccess.

+ * + * @return a boolean. + */ + public boolean terminatedWithSuccess() { + return this.exitCode == 0; + } + + /** + *

getCommand.

+ * + * @return a {@link java.lang.String} object. + */ + public String getCommand() { + final ArrayList cmd = new ArrayList(); + cmd.add(this.exe.toString()); + cmd.addAll(Arrays.asList(this.args)); + return StringUtil.join(cmd, " "); + } } diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapperException.java b/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapperException.java index 22d3f026a..5c194c51c 100644 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapperException.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/ProcessWrapperException.java @@ -19,31 +19,29 @@ */ package com.sap.psr.vulas.python; -import java.net.URI; - /** * Thrown to indicate a problem when calling OS-level services. */ public class ProcessWrapperException extends Exception { - private static final long serialVersionUID = 1L; - - /** - *

Constructor for ProcessWrapperException.

- * - * @param _message a {@link java.lang.String} object. - */ - public ProcessWrapperException(String _message) { - super(_message); - } - - /** - *

Constructor for ProcessWrapperException.

- * - * @param _message a {@link java.lang.String} object. - * @param _cause a {@link java.lang.Throwable} object. - */ - public ProcessWrapperException(String _message, Throwable _cause) { - super(_message, _cause); - } + private static final long serialVersionUID = 1L; + + /** + *

Constructor for ProcessWrapperException.

+ * + * @param _message a {@link java.lang.String} object. + */ + public ProcessWrapperException(String _message) { + super(_message); + } + + /** + *

Constructor for ProcessWrapperException.

+ * + * @param _message a {@link java.lang.String} object. + * @param _cause a {@link java.lang.Throwable} object. + */ + public ProcessWrapperException(String _message, Throwable _cause) { + super(_message, _cause); + } } diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/Python335FileAnalyzer.java b/lang-python/src/main/java/com/sap/psr/vulas/python/Python335FileAnalyzer.java index 2900c4bb7..cd887e12d 100644 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/Python335FileAnalyzer.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/Python335FileAnalyzer.java @@ -26,7 +26,6 @@ import java.io.InputStream; import java.util.ArrayList; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -40,7 +39,6 @@ import org.antlr.v4.runtime.tree.ParseTreeWalker; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; @@ -52,318 +50,357 @@ import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.shared.util.StringUtil; -//TODO: Decide what to do with default arg values in functions and methods? Right now, they are part of the qname, which is probably wrong. +// TODO: Decide what to do with default arg values in functions and methods? Right now, they are +// part of the qname, which is probably wrong. /** *

Python335FileAnalyzer class.

* */ -public class Python335FileAnalyzer extends Python335BaseListener implements FileAnalyzer { - - private final static Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - protected Map constructs = null; - - /** Nested definitions. */ - protected final Stack context = new Stack(); - - /** Scripting statements, i.e., all statements outside of functions and classes. */ - protected final List stmts = new ArrayList(); - - /** Number of times a given function has been defined in the given context. */ - protected final Map> countPerContext = new HashMap>(); - - private PythonId module = null; - - private File file = null; - - /** - * {@inheritDoc} - * - * Will not be instantiated by the {@link FileAnalyzerFactory}, but by {@link PythonFileAnalyzer}. - */ - @Override - public String[] getSupportedFileExtensions() { - return new String[] {}; - } - - /** - *

Constructor for Python335FileAnalyzer.

- */ - public Python335FileAnalyzer() { - super(); - } - - /** - * Sets context information in case an {@link InputStream} is parsed using {@link Python3FileAnalyzer#getConstructs(InputStream)}. - * In this case, package and module information cannot be obtained from the file and file system. - * The method is called by {@link PythonArchiveAnalyzer}. - * - * @param _module a {@link com.sap.psr.vulas.python.PythonId} object. - * @param _pack a {@link com.sap.psr.vulas.python.PythonId} object. - */ - public void setContext(PythonId _module, PythonId _pack) { - this.constructs = new TreeMap(); - if(_pack!=null){ - this.context.push(_pack); - this.constructs.put(_pack, new Construct(_pack, "")); - } - this.context.push(_module); - this.module = _module; - this.constructs.put(module, new Construct(module, "")); - } - - /** {@inheritDoc} */ - @Override - public boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - if(!FileUtil.isAccessibleFile(_file.toPath())) - throw new IllegalArgumentException("[" + _file + "] does not exist or is not readable"); - this.file = _file; - } - - /** - * {@inheritDoc} - * - * Enter a parse tree produced by {@link Python335Parser#stmt}. - */ - @Override - public void enterStmt(Python335Parser.StmtContext ctx) { // TODO reads stmts before class defs and func defs are entered - final String stmt = ctx.getText(); - if (!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.MODULE) - || stmt.startsWith("def") - || stmt.startsWith("class") - // || stmt.startsWith("import") - // || stmt.startsWith("from") - ) - return; - stmts.add(stmt); - } - - /** {@inheritDoc} */ - @Override - public void enterClassdef(Python335Parser.ClassdefContext ctx) { - // Happens if class name is 'async', due to the Python grammar's problem with the ASYNC keyword, cf. testPythonFileWithAsync - if (ctx.NAME()==null) - throw new IllegalStateException("Parser error: Class without name in context " + this.context + ", line [" + ctx.getStart().getLine() + "]"); - - final String name = ctx.NAME().toString(); - String parent_classes = ""; - if(ctx.arglist()!=null) - parent_classes = ctx.arglist().getText().toString(); - - // Create construct and add to context - final PythonId id = new PythonId(this.context.peek(), PythonId.Type.CLASS, name + "(" + parent_classes + ")"); - final Construct c = new Construct(id, ctx.getText()); - this.constructs.put(id, c); - this.context.push(id); - } - - /** {@inheritDoc} */ - @Override - public void exitClassdef(Python335Parser.ClassdefContext ctx) { - if(!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.CLASS)) - log.error("Top most element in stack is not of type [" + PythonId.Type.CLASS + "], line [" + ctx.getStart().getLine() + "]"); - else - context.pop(); - } - - /** {@inheritDoc} */ - @Override - public void enterFuncdef(Python335Parser.FuncdefContext ctx) { - // Happens if method or function name is 'async', due to the Python grammar's problem with the ASYNC keyword, cf. testPythonFileWithAsync - if(ctx.NAME()==null) - throw new IllegalStateException("Parser error: Construct without name in context " + this.context + ", line [" + ctx.getStart().getLine() + "]"); - - PythonId id; - String name = ctx.NAME().toString(); - String args = ctx.parameters().getText(); - - // Identical construct names can be used within a single context (e.g., the same function in a module) - name = this.getNameForCurrentContext(name); - - // New type depends on context type - final PythonId.Type ctx_type = this.context.peek().getType(); - - if(ctx_type==PythonId.Type.CLASS && name.equals("__init__")) - id = new PythonId(this.context.peek(), PythonId.Type.CONSTRUCTOR, name + args); - - else if(ctx_type==PythonId.Type.CLASS) - id = new PythonId(this.context.peek(), PythonId.Type.METHOD, name + args); - - else if(ctx_type==PythonId.Type.MODULE || ctx_type==PythonId.Type.FUNCTION || ctx_type==PythonId.Type.METHOD || ctx_type==PythonId.Type.CONSTRUCTOR) - id = new PythonId(this.context.peek(), PythonId.Type.FUNCTION, name + args); - - else { - log.error("Cannot create method, constructor or class due to wrong context: " + this.context + ", line [" + ctx.getStart().getLine() + "]"); - throw new IllegalStateException("Error when parsing [" + this.file + "]: Cannot create method or class due to wrong context: " + this.context); - } - - final Construct c = new Construct(id, ctx.getText()); - this.constructs.put(id, c); - this.context.push(id); - } - - /** {@inheritDoc} */ - @Override - public void exitFuncdef(Python335Parser.FuncdefContext _ctx) { - final PythonId.Type[] types = new PythonId.Type[] { PythonId.Type.FUNCTION, PythonId.Type.CONSTRUCTOR, PythonId.Type.METHOD }; - if(!PythonFileAnalyzer.isTopOfType(this.context, types)) - log.error("Top most element in stack is not of the following types [" + StringUtil.join((Object[])types, ", ") + "]" + ", line [" + _ctx.getStart().getLine() + "]"); - else - context.pop(); - } - - /** - * - * @param _name - * @return - */ - private String getNameForCurrentContext(String _name) { - final PythonId ctx = this.context.peek(); - - if(this.countPerContext.get(ctx)==null) - this.countPerContext.put(ctx, new HashMap()); - - if(this.countPerContext.get(ctx).get(_name)==null) - this.countPerContext.get(ctx).put(_name, new Integer(0)); - - int count = this.countPerContext.get(ctx).get(_name).intValue(); - this.countPerContext.get(ctx).put(_name, new Integer(++count)); - - if(count==1) - return _name; - else - return _name + "$" + count; - } - - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { - return this.constructs.containsKey(_id); - } - - /** - * Maybe promote this method, which uses the shared type as argument, to the interface. - * Alternatively, make all core-internal interfaces work with core types, not with shared - * types. Example to be changed: SignatureFactory. - * - * @param _id a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a {@link com.sap.psr.vulas.Construct} object. - * @throws com.sap.psr.vulas.FileAnalysisException if any. - */ - public Construct getConstruct(com.sap.psr.vulas.shared.json.model.ConstructId _id) throws FileAnalysisException { - for(ConstructId cid: this.constructs.keySet()) - if(ConstructId.toSharedType(cid).equals(_id)) - return this.constructs.get(cid); - return null; - } - - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { - return this.constructs.get(_id); - } - - /** - *

Getter for the field constructs.

- * - * @param m a {@link java.io.InputStream} object. - * @return a {@link java.util.Map} object. - * @throws com.sap.psr.vulas.FileAnalysisException if any. - * @throws java.io.IOException if any. - * @throws org.antlr.v4.runtime.RecognitionException if any. - */ - public Map getConstructs(InputStream m) throws FileAnalysisException, IOException, RecognitionException { - final ANTLRInputStream input = new ANTLRInputStream(m); - final Python335Lexer lexer = new Python335Lexer(input); - final CommonTokenStream tokens = new CommonTokenStream(lexer); - final Python335Parser parser = new Python335Parser(tokens); - final ParseTree root = parser.file_input(); - final ParseTreeWalker walker = new ParseTreeWalker(); - - try { - walker.walk(this, root); - } - catch(IllegalStateException ise) { - throw new FileAnalysisException("Parser error", ise); - } - - // Update module body after the parsing of the entire file - if(this.stmts!=null && this.stmts.size()>0) { - final StringBuffer b = new StringBuffer(); - for(String stmt: this.stmts) - if(!stmt.trim().equals("")) - b.append(stmt); - this.constructs.get(this.module).setContent(b.toString()); - } - - return this.constructs; - } - - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructs==null) { - try { - this.constructs = new TreeMap(); - - // Create module and add to constructs - this.module = PythonFileAnalyzer.getModule(this.file); - this.constructs.put(this.module, new Construct(this.module, "")); - - // Get package, if any, and add to constructs - final PythonId pack = this.module.getPackage(); - if(pack!=null) - this.constructs.put(pack, new Construct(pack, "")); - - // Use package and module as context - if(pack!=null) - this.context.push(pack); - this.context.push(module); - - // Parse the file - log.debug("Parsing [" + this.file + "]"); - try(FileInputStream fis = new FileInputStream(this.file)) { - this.getConstructs(fis); - } - } catch (FileNotFoundException e) { - throw new FileAnalysisException(e.getMessage(), e); - } catch (RecognitionException e) { - throw new FileAnalysisException("ANTLR exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } catch (IOException e) { - throw new FileAnalysisException("IO exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } - } - return this.constructs; - } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { - return false; - } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { - return null; - } - - /** {@inheritDoc} */ - @Override - public String toString() { - return "Python335 parser for [" + this.file + "]"; - } +public class Python335FileAnalyzer extends Python335BaseListener implements FileAnalyzer { + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + protected Map constructs = null; + + /** Nested definitions. */ + protected final Stack context = new Stack(); + + /** Scripting statements, i.e., all statements outside of functions and classes. */ + protected final List stmts = new ArrayList(); + + /** Number of times a given function has been defined in the given context. */ + protected final Map> countPerContext = + new HashMap>(); + + private PythonId module = null; + + private File file = null; + + /** + * {@inheritDoc} + * + * Will not be instantiated by the {@link FileAnalyzerFactory}, but by {@link PythonFileAnalyzer}. + */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {}; + } + + /** + *

Constructor for Python335FileAnalyzer.

+ */ + public Python335FileAnalyzer() { + super(); + } + + /** + * Sets context information in case an {@link InputStream} is parsed using {@link Python3FileAnalyzer#getConstructs(InputStream)}. + * In this case, package and module information cannot be obtained from the file and file system. + * The method is called by {@link PythonArchiveAnalyzer}. + * + * @param _module a {@link com.sap.psr.vulas.python.PythonId} object. + * @param _pack a {@link com.sap.psr.vulas.python.PythonId} object. + */ + public void setContext(PythonId _module, PythonId _pack) { + this.constructs = new TreeMap(); + if (_pack != null) { + this.context.push(_pack); + this.constructs.put(_pack, new Construct(_pack, "")); + } + this.context.push(_module); + this.module = _module; + this.constructs.put(module, new Construct(module, "")); + } + + /** {@inheritDoc} */ + @Override + public boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + if (!FileUtil.isAccessibleFile(_file.toPath())) + throw new IllegalArgumentException("[" + _file + "] does not exist or is not readable"); + this.file = _file; + } + + /** + * {@inheritDoc} + * + * Enter a parse tree produced by {@link Python335Parser#stmt}. + */ + @Override + public void enterStmt( + Python335Parser.StmtContext + ctx) { // TODO reads stmts before class defs and func defs are entered + final String stmt = ctx.getText(); + if (!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.MODULE) + || stmt.startsWith("def") + || stmt.startsWith("class") + // || stmt.startsWith("import") + // || stmt.startsWith("from") + ) return; + stmts.add(stmt); + } + + /** {@inheritDoc} */ + @Override + public void enterClassdef(Python335Parser.ClassdefContext ctx) { + // Happens if class name is 'async', due to the Python grammar's problem with the ASYNC keyword, + // cf. testPythonFileWithAsync + if (ctx.NAME() == null) + throw new IllegalStateException( + "Parser error: Class without name in context " + + this.context + + ", line [" + + ctx.getStart().getLine() + + "]"); + + final String name = ctx.NAME().toString(); + String parent_classes = ""; + if (ctx.arglist() != null) parent_classes = ctx.arglist().getText().toString(); + + // Create construct and add to context + final PythonId id = + new PythonId(this.context.peek(), PythonId.Type.CLASS, name + "(" + parent_classes + ")"); + final Construct c = new Construct(id, ctx.getText()); + this.constructs.put(id, c); + this.context.push(id); + } + + /** {@inheritDoc} */ + @Override + public void exitClassdef(Python335Parser.ClassdefContext ctx) { + if (!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.CLASS)) + log.error( + "Top most element in stack is not of type [" + + PythonId.Type.CLASS + + "], line [" + + ctx.getStart().getLine() + + "]"); + else context.pop(); + } + + /** {@inheritDoc} */ + @Override + public void enterFuncdef(Python335Parser.FuncdefContext ctx) { + // Happens if method or function name is 'async', due to the Python grammar's problem with the + // ASYNC keyword, cf. testPythonFileWithAsync + if (ctx.NAME() == null) + throw new IllegalStateException( + "Parser error: Construct without name in context " + + this.context + + ", line [" + + ctx.getStart().getLine() + + "]"); + + PythonId id; + String name = ctx.NAME().toString(); + String args = ctx.parameters().getText(); + + // Identical construct names can be used within a single context (e.g., the same function in a + // module) + name = this.getNameForCurrentContext(name); + + // New type depends on context type + final PythonId.Type ctx_type = this.context.peek().getType(); + + if (ctx_type == PythonId.Type.CLASS && name.equals("__init__")) + id = new PythonId(this.context.peek(), PythonId.Type.CONSTRUCTOR, name + args); + else if (ctx_type == PythonId.Type.CLASS) + id = new PythonId(this.context.peek(), PythonId.Type.METHOD, name + args); + else if (ctx_type == PythonId.Type.MODULE + || ctx_type == PythonId.Type.FUNCTION + || ctx_type == PythonId.Type.METHOD + || ctx_type == PythonId.Type.CONSTRUCTOR) + id = new PythonId(this.context.peek(), PythonId.Type.FUNCTION, name + args); + else { + log.error( + "Cannot create method, constructor or class due to wrong context: " + + this.context + + ", line [" + + ctx.getStart().getLine() + + "]"); + throw new IllegalStateException( + "Error when parsing [" + + this.file + + "]: Cannot create method or class due to wrong context: " + + this.context); + } + + final Construct c = new Construct(id, ctx.getText()); + this.constructs.put(id, c); + this.context.push(id); + } + + /** {@inheritDoc} */ + @Override + public void exitFuncdef(Python335Parser.FuncdefContext _ctx) { + final PythonId.Type[] types = + new PythonId.Type[] { + PythonId.Type.FUNCTION, PythonId.Type.CONSTRUCTOR, PythonId.Type.METHOD + }; + if (!PythonFileAnalyzer.isTopOfType(this.context, types)) + log.error( + "Top most element in stack is not of the following types [" + + StringUtil.join((Object[]) types, ", ") + + "]" + + ", line [" + + _ctx.getStart().getLine() + + "]"); + else context.pop(); + } + + /** + * + * @param _name + * @return + */ + private String getNameForCurrentContext(String _name) { + final PythonId ctx = this.context.peek(); + + if (this.countPerContext.get(ctx) == null) + this.countPerContext.put(ctx, new HashMap()); + + if (this.countPerContext.get(ctx).get(_name) == null) + this.countPerContext.get(ctx).put(_name, new Integer(0)); + + int count = this.countPerContext.get(ctx).get(_name).intValue(); + this.countPerContext.get(ctx).put(_name, new Integer(++count)); + + if (count == 1) return _name; + else return _name + "$" + count; + } + + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.constructs.containsKey(_id); + } + + /** + * Maybe promote this method, which uses the shared type as argument, to the interface. + * Alternatively, make all core-internal interfaces work with core types, not with shared + * types. Example to be changed: SignatureFactory. + * + * @param _id a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a {@link com.sap.psr.vulas.Construct} object. + * @throws com.sap.psr.vulas.FileAnalysisException if any. + */ + public Construct getConstruct(com.sap.psr.vulas.shared.json.model.ConstructId _id) + throws FileAnalysisException { + for (ConstructId cid : this.constructs.keySet()) + if (ConstructId.toSharedType(cid).equals(_id)) return this.constructs.get(cid); + return null; + } + + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.constructs.get(_id); + } + + /** + *

Getter for the field constructs.

+ * + * @param m a {@link java.io.InputStream} object. + * @return a {@link java.util.Map} object. + * @throws com.sap.psr.vulas.FileAnalysisException if any. + * @throws java.io.IOException if any. + * @throws org.antlr.v4.runtime.RecognitionException if any. + */ + public Map getConstructs(InputStream m) + throws FileAnalysisException, IOException, RecognitionException { + final ANTLRInputStream input = new ANTLRInputStream(m); + final Python335Lexer lexer = new Python335Lexer(input); + final CommonTokenStream tokens = new CommonTokenStream(lexer); + final Python335Parser parser = new Python335Parser(tokens); + final ParseTree root = parser.file_input(); + final ParseTreeWalker walker = new ParseTreeWalker(); + + try { + walker.walk(this, root); + } catch (IllegalStateException ise) { + throw new FileAnalysisException("Parser error", ise); + } + + // Update module body after the parsing of the entire file + if (this.stmts != null && this.stmts.size() > 0) { + final StringBuffer b = new StringBuffer(); + for (String stmt : this.stmts) if (!stmt.trim().equals("")) b.append(stmt); + this.constructs.get(this.module).setContent(b.toString()); + } + + return this.constructs; + } + + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructs == null) { + try { + this.constructs = new TreeMap(); + + // Create module and add to constructs + this.module = PythonFileAnalyzer.getModule(this.file); + this.constructs.put(this.module, new Construct(this.module, "")); + + // Get package, if any, and add to constructs + final PythonId pack = this.module.getPackage(); + if (pack != null) this.constructs.put(pack, new Construct(pack, "")); + + // Use package and module as context + if (pack != null) this.context.push(pack); + this.context.push(module); + + // Parse the file + log.debug("Parsing [" + this.file + "]"); + try (FileInputStream fis = new FileInputStream(this.file)) { + this.getConstructs(fis); + } + } catch (FileNotFoundException e) { + throw new FileAnalysisException(e.getMessage(), e); + } catch (RecognitionException e) { + throw new FileAnalysisException( + "ANTLR exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } catch (IOException e) { + throw new FileAnalysisException( + "IO exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } + } + return this.constructs; + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return false; + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + return null; + } + + /** {@inheritDoc} */ + @Override + public String toString() { + return "Python335 parser for [" + this.file + "]"; + } } diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/Python3FileAnalyzer.java b/lang-python/src/main/java/com/sap/psr/vulas/python/Python3FileAnalyzer.java index f9cb8942e..974b203ab 100644 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/Python3FileAnalyzer.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/Python3FileAnalyzer.java @@ -39,7 +39,6 @@ import org.antlr.v4.runtime.tree.ParseTreeWalker; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; @@ -51,318 +50,357 @@ import com.sap.psr.vulas.shared.util.FileUtil; import com.sap.psr.vulas.shared.util.StringUtil; -//TODO: Decide what to do with default arg values in functions and methods? Right now, they are part of the qname, which is probably wrong. +// TODO: Decide what to do with default arg values in functions and methods? Right now, they are +// part of the qname, which is probably wrong. /** *

Python3FileAnalyzer class.

* */ -public class Python3FileAnalyzer extends Python3BaseListener implements FileAnalyzer { - - private final static Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - protected Map constructs = null; - - /** Nested definitions. */ - protected final Stack context = new Stack(); - - /** Scripting statements, i.e., all statements outside of functions and classes. */ - protected final List stmts = new ArrayList(); - - /** Number of times a given function has been defined in the given context. */ - protected final Map> countPerContext = new HashMap>(); - - private PythonId module = null; - - private File file = null; - - /** - * {@inheritDoc} - * - * Will not be instantiated by the {@link FileAnalyzerFactory}, but by {@link PythonFileAnalyzer}. - */ - @Override - public String[] getSupportedFileExtensions() { - return new String[] {}; - } - - /** - *

Constructor for Python3FileAnalyzer.

- */ - public Python3FileAnalyzer() { - super(); - } - - /** - * Sets context information in case an {@link InputStream} is parsed using {@link Python3FileAnalyzer#getConstructs(InputStream)}. - * In this case, package and module information cannot be obtained from the file and file system. - * The method is called by {@link PythonArchiveAnalyzer}. - * - * @param _module a {@link com.sap.psr.vulas.python.PythonId} object. - * @param _pack a {@link com.sap.psr.vulas.python.PythonId} object. - */ - public void setContext(PythonId _module, PythonId _pack) { - this.constructs = new TreeMap(); - if(_pack!=null){ - this.context.push(_pack); - this.constructs.put(_pack, new Construct(_pack, "")); - } - this.context.push(_module); - this.module = _module; - this.constructs.put(module, new Construct(module, "")); - } - - /** {@inheritDoc} */ - @Override - public boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - if(!FileUtil.isAccessibleFile(_file.toPath())) - throw new IllegalArgumentException("[" + _file + "] does not exist or is not readable"); - this.file = _file; - } - - /** - * {@inheritDoc} - * - * Enter a parse tree produced by {@link Python3Parser#stmt}. - */ - @Override - public void enterStmt(Python3Parser.StmtContext ctx) { // TODO reads stmts before class defs and func defs are entered - final String stmt = ctx.getText(); - if (!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.MODULE) - || stmt.startsWith("def") - || stmt.startsWith("class") - // || stmt.startsWith("import") - // || stmt.startsWith("from") - ) - return; - stmts.add(stmt); - } - - /** {@inheritDoc} */ - @Override - public void enterClassdef(Python3Parser.ClassdefContext ctx) { - // Happens if class name is 'async', due to the Python grammar's problem with the ASYNC keyword, cf. testPythonFileWithAsync - if (ctx.NAME()==null) - throw new IllegalStateException("Parser error: Class without name in context " + this.context + ", line [" + ctx.getStart().getLine() + "]"); - - final String name = ctx.NAME().toString(); - String parent_classes = ""; - if(ctx.arglist()!=null) - parent_classes = ctx.arglist().getText().toString(); - - // Create construct and add to context - final PythonId id = new PythonId(this.context.peek(), PythonId.Type.CLASS, name + "(" + parent_classes + ")"); - final Construct c = new Construct(id, ctx.getText()); - this.constructs.put(id, c); - this.context.push(id); - } - - /** {@inheritDoc} */ - @Override - public void exitClassdef(Python3Parser.ClassdefContext ctx) { - if(!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.CLASS)) - log.error("Top most element in stack is not of type [" + PythonId.Type.CLASS + "], line [" + ctx.getStart().getLine() + "]"); - else - context.pop(); - } - - /** {@inheritDoc} */ - @Override - public void enterFuncdef(Python3Parser.FuncdefContext ctx) { - // Happens if method or function name is 'async', due to the Python grammar's problem with the ASYNC keyword, cf. testPythonFileWithAsync - if(ctx.NAME()==null) - throw new IllegalStateException("Parser error: Construct without name in context " + this.context + ", line [" + ctx.getStart().getLine() + "]"); - - PythonId id; - String name = ctx.NAME().toString(); - String args = ctx.parameters().getText(); - - // Identical construct names can be used within a single context (e.g., the same function in a module) - name = this.getNameForCurrentContext(name); - - // New type depends on context type - final PythonId.Type ctx_type = this.context.peek().getType(); - - if(ctx_type==PythonId.Type.CLASS && name.equals("__init__")) - id = new PythonId(this.context.peek(), PythonId.Type.CONSTRUCTOR, name + args); - - else if(ctx_type==PythonId.Type.CLASS) - id = new PythonId(this.context.peek(), PythonId.Type.METHOD, name + args); - - else if(ctx_type==PythonId.Type.MODULE || ctx_type==PythonId.Type.FUNCTION || ctx_type==PythonId.Type.METHOD || ctx_type==PythonId.Type.CONSTRUCTOR) - id = new PythonId(this.context.peek(), PythonId.Type.FUNCTION, name + args); - - else { - log.error("Cannot create method, constructor or class due to wrong context: " + this.context + ", line [" + ctx.getStart().getLine() + "]"); - throw new IllegalStateException("Error when parsing [" + this.file + "]: Cannot create method or class due to wrong context: " + this.context); - } - - final Construct c = new Construct(id, ctx.getText()); - this.constructs.put(id, c); - this.context.push(id); - } - - /** {@inheritDoc} */ - @Override - public void exitFuncdef(Python3Parser.FuncdefContext _ctx) { - final PythonId.Type[] types = new PythonId.Type[] { PythonId.Type.FUNCTION, PythonId.Type.CONSTRUCTOR, PythonId.Type.METHOD }; - if(!PythonFileAnalyzer.isTopOfType(this.context, types)) - log.error("Top most element in stack is not of the following types [" + StringUtil.join((Object[])types, ", ") + "]" + ", line [" + _ctx.getStart().getLine() + "]"); - else - context.pop(); - } - - /** - * - * @param _name - * @return - */ - private String getNameForCurrentContext(String _name) { - final PythonId ctx = this.context.peek(); - - if(this.countPerContext.get(ctx)==null) - this.countPerContext.put(ctx, new HashMap()); - - if(this.countPerContext.get(ctx).get(_name)==null) - this.countPerContext.get(ctx).put(_name, new Integer(0)); - - int count = this.countPerContext.get(ctx).get(_name).intValue(); - this.countPerContext.get(ctx).put(_name, new Integer(++count)); - - if(count==1) - return _name; - else - return _name + "$" + count; - } - - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { - return this.constructs.containsKey(_id); - } - - /** - * Maybe promote this method, which uses the shared type as argument, to the interface. - * Alternatively, make all core-internal interfaces work with core types, not with shared - * types. Example to be changed: SignatureFactory. - * - * @param _id a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. - * @return a {@link com.sap.psr.vulas.Construct} object. - * @throws com.sap.psr.vulas.FileAnalysisException if any. - */ - public Construct getConstruct(com.sap.psr.vulas.shared.json.model.ConstructId _id) throws FileAnalysisException { - for(ConstructId cid: this.constructs.keySet()) - if(ConstructId.toSharedType(cid).equals(_id)) - return this.constructs.get(cid); - return null; - } - - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { - return this.constructs.get(_id); - } - - /** - *

Getter for the field constructs.

- * - * @param m a {@link java.io.InputStream} object. - * @return a {@link java.util.Map} object. - * @throws com.sap.psr.vulas.FileAnalysisException if any. - * @throws java.io.IOException if any. - * @throws org.antlr.v4.runtime.RecognitionException if any. - */ - public Map getConstructs(InputStream m) throws FileAnalysisException, IOException, RecognitionException { - final ANTLRInputStream input = new ANTLRInputStream(m); - final Python3Lexer lexer = new Python3Lexer(input); - final CommonTokenStream tokens = new CommonTokenStream(lexer); - final Python3Parser parser = new Python3Parser(tokens); - final ParseTree root = parser.file_input(); - final ParseTreeWalker walker = new ParseTreeWalker(); - - try { - walker.walk(this, root); - } - catch(IllegalStateException ise) { - throw new FileAnalysisException(ise.getMessage(), ise); - } - - // Update module body after the parsing of the entire file - if(this.stmts!=null && this.stmts.size()>0) { - final StringBuffer b = new StringBuffer(); - for(String stmt: this.stmts) - if(!stmt.trim().equals("")) - b.append(stmt); - this.constructs.get(this.module).setContent(b.toString()); - } - - return this.constructs; - } - - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructs==null) { - try { - this.constructs = new TreeMap(); - - // Create module and add to constructs - this.module = PythonFileAnalyzer.getModule(this.file); - this.constructs.put(this.module, new Construct(this.module, "")); - - // Get package, if any, and add to constructs - final PythonId pack = this.module.getPackage(); - if(pack!=null) - this.constructs.put(pack, new Construct(pack, "")); - - // Use package and module as context - if(pack!=null) - this.context.push(pack); - this.context.push(module); - - // Parse the file - log.debug("Parsing [" + this.file + "]"); - try(FileInputStream fis = new FileInputStream(this.file)) { - this.getConstructs(fis); - } - } catch (FileNotFoundException e) { - throw new FileAnalysisException(e.getMessage(), e); - } catch (RecognitionException e) { - throw new FileAnalysisException("ANTLR exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } catch (IOException e) { - throw new FileAnalysisException("IO exception while analysing class file [" + this.file.getName() + "]: " + e.getMessage(), e); - } - } - return this.constructs; - } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { - return false; - } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { - return null; - } - - /** {@inheritDoc} */ - @Override - public String toString() { - return "Python3 parser for [" + this.file + "]"; - } +public class Python3FileAnalyzer extends Python3BaseListener implements FileAnalyzer { + + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + protected Map constructs = null; + + /** Nested definitions. */ + protected final Stack context = new Stack(); + + /** Scripting statements, i.e., all statements outside of functions and classes. */ + protected final List stmts = new ArrayList(); + + /** Number of times a given function has been defined in the given context. */ + protected final Map> countPerContext = + new HashMap>(); + + private PythonId module = null; + + private File file = null; + + /** + * {@inheritDoc} + * + * Will not be instantiated by the {@link FileAnalyzerFactory}, but by {@link PythonFileAnalyzer}. + */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {}; + } + + /** + *

Constructor for Python3FileAnalyzer.

+ */ + public Python3FileAnalyzer() { + super(); + } + + /** + * Sets context information in case an {@link InputStream} is parsed using {@link Python3FileAnalyzer#getConstructs(InputStream)}. + * In this case, package and module information cannot be obtained from the file and file system. + * The method is called by {@link PythonArchiveAnalyzer}. + * + * @param _module a {@link com.sap.psr.vulas.python.PythonId} object. + * @param _pack a {@link com.sap.psr.vulas.python.PythonId} object. + */ + public void setContext(PythonId _module, PythonId _pack) { + this.constructs = new TreeMap(); + if (_pack != null) { + this.context.push(_pack); + this.constructs.put(_pack, new Construct(_pack, "")); + } + this.context.push(_module); + this.module = _module; + this.constructs.put(module, new Construct(module, "")); + } + + /** {@inheritDoc} */ + @Override + public boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + if (!FileUtil.isAccessibleFile(_file.toPath())) + throw new IllegalArgumentException("[" + _file + "] does not exist or is not readable"); + this.file = _file; + } + + /** + * {@inheritDoc} + * + * Enter a parse tree produced by {@link Python3Parser#stmt}. + */ + @Override + public void enterStmt( + Python3Parser.StmtContext + ctx) { // TODO reads stmts before class defs and func defs are entered + final String stmt = ctx.getText(); + if (!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.MODULE) + || stmt.startsWith("def") + || stmt.startsWith("class") + // || stmt.startsWith("import") + // || stmt.startsWith("from") + ) return; + stmts.add(stmt); + } + + /** {@inheritDoc} */ + @Override + public void enterClassdef(Python3Parser.ClassdefContext ctx) { + // Happens if class name is 'async', due to the Python grammar's problem with the ASYNC keyword, + // cf. testPythonFileWithAsync + if (ctx.NAME() == null) + throw new IllegalStateException( + "Parser error: Class without name in context " + + this.context + + ", line [" + + ctx.getStart().getLine() + + "]"); + + final String name = ctx.NAME().toString(); + String parent_classes = ""; + if (ctx.arglist() != null) parent_classes = ctx.arglist().getText().toString(); + + // Create construct and add to context + final PythonId id = + new PythonId(this.context.peek(), PythonId.Type.CLASS, name + "(" + parent_classes + ")"); + final Construct c = new Construct(id, ctx.getText()); + this.constructs.put(id, c); + this.context.push(id); + } + + /** {@inheritDoc} */ + @Override + public void exitClassdef(Python3Parser.ClassdefContext ctx) { + if (!PythonFileAnalyzer.isTopOfType(this.context, PythonId.Type.CLASS)) + log.error( + "Top most element in stack is not of type [" + + PythonId.Type.CLASS + + "], line [" + + ctx.getStart().getLine() + + "]"); + else context.pop(); + } + + /** {@inheritDoc} */ + @Override + public void enterFuncdef(Python3Parser.FuncdefContext ctx) { + // Happens if method or function name is 'async', due to the Python grammar's problem with the + // ASYNC keyword, cf. testPythonFileWithAsync + if (ctx.NAME() == null) + throw new IllegalStateException( + "Parser error: Construct without name in context " + + this.context + + ", line [" + + ctx.getStart().getLine() + + "]"); + + PythonId id; + String name = ctx.NAME().toString(); + String args = ctx.parameters().getText(); + + // Identical construct names can be used within a single context (e.g., the same function in a + // module) + name = this.getNameForCurrentContext(name); + + // New type depends on context type + final PythonId.Type ctx_type = this.context.peek().getType(); + + if (ctx_type == PythonId.Type.CLASS && name.equals("__init__")) + id = new PythonId(this.context.peek(), PythonId.Type.CONSTRUCTOR, name + args); + else if (ctx_type == PythonId.Type.CLASS) + id = new PythonId(this.context.peek(), PythonId.Type.METHOD, name + args); + else if (ctx_type == PythonId.Type.MODULE + || ctx_type == PythonId.Type.FUNCTION + || ctx_type == PythonId.Type.METHOD + || ctx_type == PythonId.Type.CONSTRUCTOR) + id = new PythonId(this.context.peek(), PythonId.Type.FUNCTION, name + args); + else { + log.error( + "Cannot create method, constructor or class due to wrong context: " + + this.context + + ", line [" + + ctx.getStart().getLine() + + "]"); + throw new IllegalStateException( + "Error when parsing [" + + this.file + + "]: Cannot create method or class due to wrong context: " + + this.context); + } + + final Construct c = new Construct(id, ctx.getText()); + this.constructs.put(id, c); + this.context.push(id); + } + + /** {@inheritDoc} */ + @Override + public void exitFuncdef(Python3Parser.FuncdefContext _ctx) { + final PythonId.Type[] types = + new PythonId.Type[] { + PythonId.Type.FUNCTION, PythonId.Type.CONSTRUCTOR, PythonId.Type.METHOD + }; + if (!PythonFileAnalyzer.isTopOfType(this.context, types)) + log.error( + "Top most element in stack is not of the following types [" + + StringUtil.join((Object[]) types, ", ") + + "]" + + ", line [" + + _ctx.getStart().getLine() + + "]"); + else context.pop(); + } + + /** + * + * @param _name + * @return + */ + private String getNameForCurrentContext(String _name) { + final PythonId ctx = this.context.peek(); + + if (this.countPerContext.get(ctx) == null) + this.countPerContext.put(ctx, new HashMap()); + + if (this.countPerContext.get(ctx).get(_name) == null) + this.countPerContext.get(ctx).put(_name, new Integer(0)); + + int count = this.countPerContext.get(ctx).get(_name).intValue(); + this.countPerContext.get(ctx).put(_name, new Integer(++count)); + + if (count == 1) return _name; + else return _name + "$" + count; + } + + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.constructs.containsKey(_id); + } + + /** + * Maybe promote this method, which uses the shared type as argument, to the interface. + * Alternatively, make all core-internal interfaces work with core types, not with shared + * types. Example to be changed: SignatureFactory. + * + * @param _id a {@link com.sap.psr.vulas.shared.json.model.ConstructId} object. + * @return a {@link com.sap.psr.vulas.Construct} object. + * @throws com.sap.psr.vulas.FileAnalysisException if any. + */ + public Construct getConstruct(com.sap.psr.vulas.shared.json.model.ConstructId _id) + throws FileAnalysisException { + for (ConstructId cid : this.constructs.keySet()) + if (ConstructId.toSharedType(cid).equals(_id)) return this.constructs.get(cid); + return null; + } + + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.constructs.get(_id); + } + + /** + *

Getter for the field constructs.

+ * + * @param m a {@link java.io.InputStream} object. + * @return a {@link java.util.Map} object. + * @throws com.sap.psr.vulas.FileAnalysisException if any. + * @throws java.io.IOException if any. + * @throws org.antlr.v4.runtime.RecognitionException if any. + */ + public Map getConstructs(InputStream m) + throws FileAnalysisException, IOException, RecognitionException { + final ANTLRInputStream input = new ANTLRInputStream(m); + final Python3Lexer lexer = new Python3Lexer(input); + final CommonTokenStream tokens = new CommonTokenStream(lexer); + final Python3Parser parser = new Python3Parser(tokens); + final ParseTree root = parser.file_input(); + final ParseTreeWalker walker = new ParseTreeWalker(); + + try { + walker.walk(this, root); + } catch (IllegalStateException ise) { + throw new FileAnalysisException(ise.getMessage(), ise); + } + + // Update module body after the parsing of the entire file + if (this.stmts != null && this.stmts.size() > 0) { + final StringBuffer b = new StringBuffer(); + for (String stmt : this.stmts) if (!stmt.trim().equals("")) b.append(stmt); + this.constructs.get(this.module).setContent(b.toString()); + } + + return this.constructs; + } + + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructs == null) { + try { + this.constructs = new TreeMap(); + + // Create module and add to constructs + this.module = PythonFileAnalyzer.getModule(this.file); + this.constructs.put(this.module, new Construct(this.module, "")); + + // Get package, if any, and add to constructs + final PythonId pack = this.module.getPackage(); + if (pack != null) this.constructs.put(pack, new Construct(pack, "")); + + // Use package and module as context + if (pack != null) this.context.push(pack); + this.context.push(module); + + // Parse the file + log.debug("Parsing [" + this.file + "]"); + try (FileInputStream fis = new FileInputStream(this.file)) { + this.getConstructs(fis); + } + } catch (FileNotFoundException e) { + throw new FileAnalysisException(e.getMessage(), e); + } catch (RecognitionException e) { + throw new FileAnalysisException( + "ANTLR exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } catch (IOException e) { + throw new FileAnalysisException( + "IO exception while analysing class file [" + + this.file.getName() + + "]: " + + e.getMessage(), + e); + } + } + return this.constructs; + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return false; + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + return null; + } + + /** {@inheritDoc} */ + @Override + public String toString() { + return "Python3 parser for [" + this.file + "]"; + } } diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/PythonArchiveAnalyzer.java b/lang-python/src/main/java/com/sap/psr/vulas/python/PythonArchiveAnalyzer.java index b3913832e..eb6e8a95a 100644 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/PythonArchiveAnalyzer.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/PythonArchiveAnalyzer.java @@ -19,9 +19,7 @@ */ package com.sap.psr.vulas.python; -import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -42,7 +40,6 @@ import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.DirAnalyzer; @@ -61,364 +58,375 @@ */ public class PythonArchiveAnalyzer implements FileAnalyzer { - private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); - - Map constructs = new TreeMap(); - - private File archive = null; - - private LibraryId libraryId = null; - - /** PythonArchiveAnalyzers to deal with nested archives. */ - private Set nestedAnalyzers = new HashSet(); - - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { - return new String[] { "egg", "whl", "gz" }; - } - - /** {@inheritDoc} */ - @Override - public boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext.equals("gz") && !_file.getAbsolutePath().endsWith("tar.gz")) - return false; - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } - - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) { - this.archive = _file; - } - - /** - *

getArchivePath.

- * - * @return a {@link java.nio.file.Path} object. - */ - public Path getArchivePath() { - return this.archive!=null ? this.archive.toPath() : null; - } - - /** - *

getDigest.

- * - * @return a {@link java.lang.String} object. - */ - public String getDigest() { - return this.archive!=null ? FileUtil.getDigest(this.archive, DigestAlgorithm.MD5) : null; - } - - private InputStream getArchiveInputStream() throws IOException { - //final String ext = FileUtil.getFileExtension(this.archive); - InputStream is = null; - try { - if(FileUtil.isZipped(this.archive)) { - is = new ZipInputStream(new FileInputStream(this.archive)); - } else { - final GzipCompressorInputStream gzis = new GzipCompressorInputStream(new FileInputStream(this.archive)); - is = new TarArchiveInputStream(gzis); - } - - } catch (FileNotFoundException e) { - log.error("Cannot find Pyhton archive to analyze ["+ this.archive.getAbsolutePath() +"]", e); - } - return is; - } - - private String getModuleName(String _name){ - if(_name.lastIndexOf("/")>-1) { - String module_name_with_ext = _name.substring(_name.lastIndexOf("/") + 1, _name.length()); - return module_name_with_ext.substring(0, module_name_with_ext.indexOf(".")); - } - else{ - return _name.substring(0, _name.indexOf(".")); - } - } - - private List getPackageName(String _name, List _inits){ - final List package_name = new ArrayList(); - if(_name.lastIndexOf("/")>-1){ - String packToFind = _name.substring(0, _name.lastIndexOf("/")); - - while(_inits.contains(packToFind.concat("/__init__.py"))){ - if(packToFind.lastIndexOf("/")>-1){ - package_name.add(0,packToFind.substring(packToFind.lastIndexOf("/")+1, packToFind.length())); - packToFind = packToFind.substring(0,packToFind.lastIndexOf("/")); - } - else{ - package_name.add(0,packToFind); - break; - } - } - } - return package_name; - } - - private Boolean isPackage(String _en){ - return _en.endsWith("__init__.py"); - } - - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructs.isEmpty()) { - - // list of __init__.py files (to become packages) - final List inits = new ArrayList(); - boolean pre_processed = false; - try(InputStream is = this.getArchiveInputStream()) { - - // Read archive to look for __init__.py - if(is instanceof ZipInputStream){ - ZipEntry en=null; - while ((en=((ZipInputStream)is).getNextEntry())!=null){ - //loop over the archive to understand which files has an __init__.py - if (!en.isDirectory()) { - if (this.isPackage(en.getName())) { - inits.add(en.getName()); - } - } - } - } - else if(is instanceof TarArchiveInputStream) { - ArchiveEntry en=null; - while ((en=((TarArchiveInputStream)is).getNextEntry())!=null){ - // Loop over the archive to understand which files has an __init__.py - if (!en.isDirectory()) { - if (this.isPackage(en.getName())) { - inits.add(en.getName()); - } - } - } - } - pre_processed = true; - } catch (IOException e) { - log.error("IOException analyzing Python archive ["+ this.archive.getAbsolutePath() +"]", e); - } - - // Re-read archive to create constructs - try(InputStream is = this.getArchiveInputStream()) { - - if(is instanceof ZipInputStream && pre_processed) { - ZipEntry en = null; - while ((en=((ZipInputStream)is).getNextEntry())!=null){ - - if(!en.isDirectory()){ - //check if it is a tar (wheel egg), then extract and analyze it (here or where??) !!! - if(en.getName().endsWith(".whl") || en.getName().endsWith(".egg")|| en.getName().endsWith(".gz")) { - final FileAnalyzer fa = DirAnalyzer.createAnalyzerForArchiveEntry(is, en.getName()); - if(fa!=null) - this.nestedAnalyzers.add(fa); - } - else if (en.getName().endsWith(".py")) { - - // Create the package (if any) - final List package_name = this.getPackageName(en.getName(), inits); - PythonId pack = null; - if(!package_name.isEmpty()) - pack = new PythonId(null, PythonId.Type.PACKAGE, StringUtil.join(package_name, ".")); - - // Create module - final String module_name = this.getModuleName(en.getName()); - final PythonId module = new PythonId(pack, PythonId.Type.MODULE, module_name); - - // We put everything into a byte[] to avoid that the stream gets closed when read by antlr - final byte[] py_bytes = FileUtil.readInputStream(is); - - final FileAnalyzer fa = PythonFileAnalyzer.createAnalyzer(new ByteArrayInputStream(py_bytes)); - if(fa instanceof Python3FileAnalyzer) { - ((Python3FileAnalyzer)fa).setContext(module, pack); - this.constructs.putAll(((Python3FileAnalyzer)fa).getConstructs(new ByteArrayInputStream(py_bytes))); - } - else if(fa instanceof Python335FileAnalyzer) { - ((Python335FileAnalyzer)fa).setContext(module, pack); - this.constructs.putAll(((Python335FileAnalyzer)fa).getConstructs(new ByteArrayInputStream(py_bytes))); - } - } - - } - } - } - //almost duplicated code from the alternative above as we have another type for the entry (ArchiveEntry from commons compress instead of ZipEntry from java.util.zip) - else if (is instanceof TarArchiveInputStream){ - ArchiveEntry en=null; - while ((en=((TarArchiveInputStream)is).getNextEntry())!=null){ - if(!en.isDirectory()){ - //check if it is a tar (wheel egg), then extract and analyze it (here or where??) !!! - if(en.getName().endsWith(".whl") || en.getName().endsWith(".egg")|| en.getName().endsWith(".gz")) { - final FileAnalyzer fa = DirAnalyzer.createAnalyzerForArchiveEntry(is, en.getName()); - if(fa!=null) - this.nestedAnalyzers.add(fa); - } - else if (en.getName().endsWith(".py")) { - - // Create the package (if any) - final List package_name = this.getPackageName(en.getName(), inits); - PythonId pack = null; - if(!package_name.isEmpty()) - pack = new PythonId(null, PythonId.Type.PACKAGE, StringUtil.join(package_name, ".")); - - // Create module - final String module_name = this.getModuleName(en.getName()); - final PythonId module = new PythonId(pack, PythonId.Type.MODULE, module_name); - - // We put everything into a byte[] to avoid that the stream gets closed when read by antlr - final byte[] py_bytes = FileUtil.readInputStream(is); - - final FileAnalyzer fa = PythonFileAnalyzer.createAnalyzer(new ByteArrayInputStream(py_bytes)); - if(fa instanceof Python3FileAnalyzer) { - ((Python3FileAnalyzer)fa).setContext(module, pack); - this.constructs.putAll(((Python3FileAnalyzer)fa).getConstructs(new ByteArrayInputStream(py_bytes))); - } - else if(fa instanceof Python335FileAnalyzer) { - ((Python335FileAnalyzer)fa).setContext(module, pack); - this.constructs.putAll(((Python335FileAnalyzer)fa).getConstructs(new ByteArrayInputStream(py_bytes))); - } - } - - } - } - } - } - catch (IOException e) { - log.error("IOException analyzing Python archive ["+ this.archive.getAbsolutePath() +"]", e); - } - } - - return constructs; - } - - /** - * Sets the Maven Id for the JAR to be analyzed. The Maven ID is already known in some contexts (e.g., during Maven plugin execution). - * - * @param _id a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. - */ - public void setLibraryId(LibraryId _id) { this.libraryId = _id; } - - /** - * Returns a {@link Library} representing the analyzed Java archive. - * - * @throws com.sap.psr.vulas.FileAnalysisException - * @return a {@link com.sap.psr.vulas.shared.json.model.Library} object. - */ - public Library getLibrary() throws FileAnalysisException { - final Library lib = new Library(); - - if(this.getDigest()!=null) { - lib.setDigest(this.getDigest()); - lib.setDigestAlgorithm(DigestAlgorithm.MD5); - } - - lib.setConstructs(this.getSharedConstructs()); - - // No properties are set - - return lib; - } - - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { - return this.constructs.containsKey(_id); - } - - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { - return this.constructs.get(_id); - } - - /** {@inheritDoc} */ - @Override - public boolean hasChilds() { - return this.nestedAnalyzers!=null && !this.nestedAnalyzers.isEmpty(); - } - - /** {@inheritDoc} */ - @Override - public Set getChilds(boolean _recursive) { - final Set nested_fa = new HashSet(); - if(!_recursive) { - nested_fa.addAll(this.nestedAnalyzers); - } - else { - for(FileAnalyzer fa: this.nestedAnalyzers) { - nested_fa.add(fa); - final Set nfas = fa.getChilds(true); - if(nfas!=null && !nfas.isEmpty()) - nested_fa.addAll(nfas); - } - } - return nested_fa; - } - - /*private static File unTarGz(final File _gz, File _out_dir) { - if(_gz.isDirectory()) - return _gz; - - if(!_gz.toString().endsWith("tar.gz")) - throw new IllegalArgumentException("File [" + _gz + "] does not end with tar.gz"); - - try { - TarArchiveInputStream zis = new TarArchiveInputStream(new GzipCompressorInputStream(new BufferedInputStream(new FileInputStream(_gz)))); - - TarArchiveEntry entry = null; - while((entry=zis.getNextTarEntry())!= null) { - - // ZipSlip: Do not extract - if(!DirUtil.isBelowDestinationPath(_out_dir.toPath(), entry.getName())) { - log.warn("Entry [" + entry + "] of archive [" + _gz + "] will not be extracted, as it would be outside of destination directory"); - } - // Extract - else { - final File file = new File(_out_dir, entry.getName()); - if (entry.isDirectory()) { - file.mkdirs(); - } - else { - // Create parent if not existing - if (!file.getParentFile().exists()) - file.getParentFile().mkdirs(); - - // Extract file - final BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file)); - final byte[] bytes = new byte[1024]; - int len = 0; - while((len = zis.read(bytes)) != -1) - bos.write(bytes,0,len); - bos.close(); - } - } - } - zis.close(); - } catch (FileNotFoundException e) { - log.error("Error extracting tar.gz file ["+_gz+"] not found : " + e); - } catch (IOException e) { - log.error("Error extracting tar.gz file ["+_gz+"] : " + e); - } - return _out_dir; - }*/ - - /** - *

getSharedConstructs.

- * - * @return a {@link java.util.List} object. - * @throws com.sap.psr.vulas.FileAnalysisException if any. - */ - public List getSharedConstructs() throws FileAnalysisException { - List l= new ArrayList(); - for(ConstructId c: this.getConstructs().keySet()) { - l.add(new com.sap.psr.vulas.shared.json.model.ConstructId(ProgrammingLanguage.PY, c.getSharedType(),c.getQualifiedName())); - } - return l; - } + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + Map constructs = new TreeMap(); + + private File archive = null; + + private LibraryId libraryId = null; + + /** PythonArchiveAnalyzers to deal with nested archives. */ + private Set nestedAnalyzers = new HashSet(); + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"egg", "whl", "gz"}; + } + + /** {@inheritDoc} */ + @Override + public boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext.equals("gz") && !_file.getAbsolutePath().endsWith("tar.gz")) return false; + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } + + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) { + this.archive = _file; + } + + /** + *

getArchivePath.

+ * + * @return a {@link java.nio.file.Path} object. + */ + public Path getArchivePath() { + return this.archive != null ? this.archive.toPath() : null; + } + + /** + *

getDigest.

+ * + * @return a {@link java.lang.String} object. + */ + public String getDigest() { + return this.archive != null ? FileUtil.getDigest(this.archive, DigestAlgorithm.MD5) : null; + } + + private InputStream getArchiveInputStream() throws IOException { + // final String ext = FileUtil.getFileExtension(this.archive); + InputStream is = null; + try { + if (FileUtil.isZipped(this.archive)) { + is = new ZipInputStream(new FileInputStream(this.archive)); + } else { + final GzipCompressorInputStream gzis = + new GzipCompressorInputStream(new FileInputStream(this.archive)); + is = new TarArchiveInputStream(gzis); + } + + } catch (FileNotFoundException e) { + log.error( + "Cannot find Pyhton archive to analyze [" + this.archive.getAbsolutePath() + "]", e); + } + return is; + } + + private String getModuleName(String _name) { + if (_name.lastIndexOf("/") > -1) { + String module_name_with_ext = _name.substring(_name.lastIndexOf("/") + 1, _name.length()); + return module_name_with_ext.substring(0, module_name_with_ext.indexOf(".")); + } else { + return _name.substring(0, _name.indexOf(".")); + } + } + + private List getPackageName(String _name, List _inits) { + final List package_name = new ArrayList(); + if (_name.lastIndexOf("/") > -1) { + String packToFind = _name.substring(0, _name.lastIndexOf("/")); + + while (_inits.contains(packToFind.concat("/__init__.py"))) { + if (packToFind.lastIndexOf("/") > -1) { + package_name.add( + 0, packToFind.substring(packToFind.lastIndexOf("/") + 1, packToFind.length())); + packToFind = packToFind.substring(0, packToFind.lastIndexOf("/")); + } else { + package_name.add(0, packToFind); + break; + } + } + } + return package_name; + } + + private Boolean isPackage(String _en) { + return _en.endsWith("__init__.py"); + } + + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructs.isEmpty()) { + + // list of __init__.py files (to become packages) + final List inits = new ArrayList(); + boolean pre_processed = false; + try (InputStream is = this.getArchiveInputStream()) { + + // Read archive to look for __init__.py + if (is instanceof ZipInputStream) { + ZipEntry en = null; + while ((en = ((ZipInputStream) is).getNextEntry()) != null) { + // loop over the archive to understand which files has an __init__.py + if (!en.isDirectory()) { + if (this.isPackage(en.getName())) { + inits.add(en.getName()); + } + } + } + } else if (is instanceof TarArchiveInputStream) { + ArchiveEntry en = null; + while ((en = ((TarArchiveInputStream) is).getNextEntry()) != null) { + // Loop over the archive to understand which files has an __init__.py + if (!en.isDirectory()) { + if (this.isPackage(en.getName())) { + inits.add(en.getName()); + } + } + } + } + pre_processed = true; + } catch (IOException e) { + log.error( + "IOException analyzing Python archive [" + this.archive.getAbsolutePath() + "]", e); + } + + // Re-read archive to create constructs + try (InputStream is = this.getArchiveInputStream()) { + + if (is instanceof ZipInputStream && pre_processed) { + ZipEntry en = null; + while ((en = ((ZipInputStream) is).getNextEntry()) != null) { + + if (!en.isDirectory()) { + // check if it is a tar (wheel egg), then extract and analyze it (here or where??) !!! + if (en.getName().endsWith(".whl") + || en.getName().endsWith(".egg") + || en.getName().endsWith(".gz")) { + final FileAnalyzer fa = DirAnalyzer.createAnalyzerForArchiveEntry(is, en.getName()); + if (fa != null) this.nestedAnalyzers.add(fa); + } else if (en.getName().endsWith(".py")) { + + // Create the package (if any) + final List package_name = this.getPackageName(en.getName(), inits); + PythonId pack = null; + if (!package_name.isEmpty()) + pack = + new PythonId(null, PythonId.Type.PACKAGE, StringUtil.join(package_name, ".")); + + // Create module + final String module_name = this.getModuleName(en.getName()); + final PythonId module = new PythonId(pack, PythonId.Type.MODULE, module_name); + + // We put everything into a byte[] to avoid that the stream gets closed when read by + // antlr + final byte[] py_bytes = FileUtil.readInputStream(is); + + final FileAnalyzer fa = + PythonFileAnalyzer.createAnalyzer(new ByteArrayInputStream(py_bytes)); + if (fa instanceof Python3FileAnalyzer) { + ((Python3FileAnalyzer) fa).setContext(module, pack); + this.constructs.putAll( + ((Python3FileAnalyzer) fa).getConstructs(new ByteArrayInputStream(py_bytes))); + } else if (fa instanceof Python335FileAnalyzer) { + ((Python335FileAnalyzer) fa).setContext(module, pack); + this.constructs.putAll( + ((Python335FileAnalyzer) fa) + .getConstructs(new ByteArrayInputStream(py_bytes))); + } + } + } + } + } + // almost duplicated code from the alternative above as we have another type for the entry + // (ArchiveEntry from commons compress instead of ZipEntry from java.util.zip) + else if (is instanceof TarArchiveInputStream) { + ArchiveEntry en = null; + while ((en = ((TarArchiveInputStream) is).getNextEntry()) != null) { + if (!en.isDirectory()) { + // check if it is a tar (wheel egg), then extract and analyze it (here or where??) !!! + if (en.getName().endsWith(".whl") + || en.getName().endsWith(".egg") + || en.getName().endsWith(".gz")) { + final FileAnalyzer fa = DirAnalyzer.createAnalyzerForArchiveEntry(is, en.getName()); + if (fa != null) this.nestedAnalyzers.add(fa); + } else if (en.getName().endsWith(".py")) { + + // Create the package (if any) + final List package_name = this.getPackageName(en.getName(), inits); + PythonId pack = null; + if (!package_name.isEmpty()) + pack = + new PythonId(null, PythonId.Type.PACKAGE, StringUtil.join(package_name, ".")); + + // Create module + final String module_name = this.getModuleName(en.getName()); + final PythonId module = new PythonId(pack, PythonId.Type.MODULE, module_name); + + // We put everything into a byte[] to avoid that the stream gets closed when read by + // antlr + final byte[] py_bytes = FileUtil.readInputStream(is); + + final FileAnalyzer fa = + PythonFileAnalyzer.createAnalyzer(new ByteArrayInputStream(py_bytes)); + if (fa instanceof Python3FileAnalyzer) { + ((Python3FileAnalyzer) fa).setContext(module, pack); + this.constructs.putAll( + ((Python3FileAnalyzer) fa).getConstructs(new ByteArrayInputStream(py_bytes))); + } else if (fa instanceof Python335FileAnalyzer) { + ((Python335FileAnalyzer) fa).setContext(module, pack); + this.constructs.putAll( + ((Python335FileAnalyzer) fa) + .getConstructs(new ByteArrayInputStream(py_bytes))); + } + } + } + } + } + } catch (IOException e) { + log.error( + "IOException analyzing Python archive [" + this.archive.getAbsolutePath() + "]", e); + } + } + + return constructs; + } + + /** + * Sets the Maven Id for the JAR to be analyzed. The Maven ID is already known in some contexts (e.g., during Maven plugin execution). + * + * @param _id a {@link com.sap.psr.vulas.shared.json.model.LibraryId} object. + */ + public void setLibraryId(LibraryId _id) { + this.libraryId = _id; + } + + /** + * Returns a {@link Library} representing the analyzed Java archive. + * + * @throws com.sap.psr.vulas.FileAnalysisException + * @return a {@link com.sap.psr.vulas.shared.json.model.Library} object. + */ + public Library getLibrary() throws FileAnalysisException { + final Library lib = new Library(); + + if (this.getDigest() != null) { + lib.setDigest(this.getDigest()); + lib.setDigestAlgorithm(DigestAlgorithm.MD5); + } + + lib.setConstructs(this.getSharedConstructs()); + + // No properties are set + + return lib; + } + + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.constructs.containsKey(_id); + } + + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.constructs.get(_id); + } + + /** {@inheritDoc} */ + @Override + public boolean hasChilds() { + return this.nestedAnalyzers != null && !this.nestedAnalyzers.isEmpty(); + } + + /** {@inheritDoc} */ + @Override + public Set getChilds(boolean _recursive) { + final Set nested_fa = new HashSet(); + if (!_recursive) { + nested_fa.addAll(this.nestedAnalyzers); + } else { + for (FileAnalyzer fa : this.nestedAnalyzers) { + nested_fa.add(fa); + final Set nfas = fa.getChilds(true); + if (nfas != null && !nfas.isEmpty()) nested_fa.addAll(nfas); + } + } + return nested_fa; + } + + /*private static File unTarGz(final File _gz, File _out_dir) { + if(_gz.isDirectory()) + return _gz; + + if(!_gz.toString().endsWith("tar.gz")) + throw new IllegalArgumentException("File [" + _gz + "] does not end with tar.gz"); + + try { + TarArchiveInputStream zis = new TarArchiveInputStream(new GzipCompressorInputStream(new BufferedInputStream(new FileInputStream(_gz)))); + + TarArchiveEntry entry = null; + while((entry=zis.getNextTarEntry())!= null) { + + // ZipSlip: Do not extract + if(!DirUtil.isBelowDestinationPath(_out_dir.toPath(), entry.getName())) { + log.warn("Entry [" + entry + "] of archive [" + _gz + "] will not be extracted, as it would be outside of destination directory"); + } + // Extract + else { + final File file = new File(_out_dir, entry.getName()); + if (entry.isDirectory()) { + file.mkdirs(); + } + else { + // Create parent if not existing + if (!file.getParentFile().exists()) + file.getParentFile().mkdirs(); + + // Extract file + final BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file)); + final byte[] bytes = new byte[1024]; + int len = 0; + while((len = zis.read(bytes)) != -1) + bos.write(bytes,0,len); + bos.close(); + } + } + } + zis.close(); + } catch (FileNotFoundException e) { + log.error("Error extracting tar.gz file ["+_gz+"] not found : " + e); + } catch (IOException e) { + log.error("Error extracting tar.gz file ["+_gz+"] : " + e); + } + return _out_dir; + }*/ + + /** + *

getSharedConstructs.

+ * + * @return a {@link java.util.List} object. + * @throws com.sap.psr.vulas.FileAnalysisException if any. + */ + public List getSharedConstructs() + throws FileAnalysisException { + List l = + new ArrayList(); + for (ConstructId c : this.getConstructs().keySet()) { + l.add( + new com.sap.psr.vulas.shared.json.model.ConstructId( + ProgrammingLanguage.PY, c.getSharedType(), c.getQualifiedName())); + } + return l; + } } diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/PythonFileAnalyzer.java b/lang-python/src/main/java/com/sap/psr/vulas/python/PythonFileAnalyzer.java index 7d07429f2..a620a976b 100644 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/PythonFileAnalyzer.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/PythonFileAnalyzer.java @@ -35,7 +35,6 @@ import org.apache.logging.log4j.Logger; - import com.sap.psr.vulas.Construct; import com.sap.psr.vulas.ConstructId; import com.sap.psr.vulas.FileAnalysisException; @@ -50,209 +49,223 @@ */ public class PythonFileAnalyzer implements FileAnalyzer { - private final static Logger log = org.apache.logging.log4j.LogManager.getLogger(); + private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(); + + private FileAnalyzer analyzer = null; + + private File file = null; + + private Map constructs = null; + + /** {@inheritDoc} */ + @Override + public String[] getSupportedFileExtensions() { + return new String[] {"py"}; + } + + /** {@inheritDoc} */ + @Override + public boolean canAnalyze(File _file) { + final String ext = FileUtil.getFileExtension(_file); + if (ext == null || ext.equals("")) return false; + for (String supported_ext : this.getSupportedFileExtensions()) { + if (supported_ext.equalsIgnoreCase(ext)) return true; + } + return false; + } - private FileAnalyzer analyzer = null; + /** {@inheritDoc} */ + @Override + public void analyze(final File _file) throws FileAnalysisException { + if (!FileUtil.isAccessibleFile(_file.toPath())) + throw new IllegalArgumentException("[" + _file + "] does not exist or is not readable"); + this.file = _file; + } - private File file = null; + /** + * Returns true if the top-most element of the stack is of type {@link ConstructType#MODU}, false otherwise. + */ + static boolean isTopOfType(Stack _context, PythonId.Type _type) { + if (_context == null) throw new IllegalArgumentException("Stack argument is null"); + if (_context.isEmpty()) return false; + final PythonId id = (PythonId) _context.peek(); + return id.getType().equals(_type); + } - private Map constructs = null; + /** + * Returns true if the top-most element of the stack is of any of the given {@link PythonId#Type}s, false otherwise. + */ + static boolean isTopOfType(Stack _context, PythonId.Type[] _types) { + if (_context == null) throw new IllegalArgumentException("Stack argument is null"); + if (_context.isEmpty()) return false; + final PythonId id = (PythonId) _context.peek(); + for (PythonId.Type t : _types) if (id.getType().equals(t)) return true; + return false; + } - /** {@inheritDoc} */ - @Override - public String[] getSupportedFileExtensions() { - return new String[] { "py" }; - } + /** {@inheritDoc} */ + @Override + public Map getConstructs() throws FileAnalysisException { + if (this.constructs == null) { + analyzer = PythonFileAnalyzer.createAnalyzer(this.file); + analyzer.analyze(this.file); + this.constructs = analyzer.getConstructs(); + } + return analyzer.getConstructs(); + } - /** {@inheritDoc} */ - @Override - public boolean canAnalyze(File _file) { - final String ext = FileUtil.getFileExtension(_file); - if(ext == null || ext.equals("")) - return false; - for(String supported_ext: this.getSupportedFileExtensions()) { - if(supported_ext.equalsIgnoreCase(ext)) - return true; - } - return false; - } + /** {@inheritDoc} */ + @Override + public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().containsKey(_id); + } - /** {@inheritDoc} */ - @Override - public void analyze(final File _file) throws FileAnalysisException { - if(!FileUtil.isAccessibleFile(_file.toPath())) - throw new IllegalArgumentException("[" + _file + "] does not exist or is not readable"); - this.file = _file; - } + /** {@inheritDoc} */ + @Override + public Construct getConstruct(ConstructId _id) throws FileAnalysisException { + return this.getConstructs().get(_id); + } - /** - * Returns true if the top-most element of the stack is of type {@link ConstructType#MODU}, false otherwise. - */ - static boolean isTopOfType(Stack _context, PythonId.Type _type) { - if(_context==null) - throw new IllegalArgumentException("Stack argument is null"); - if(_context.isEmpty()) - return false; - final PythonId id = (PythonId)_context.peek(); - return id.getType().equals(_type); - } + /** + * {@inheritDoc} + * + * The nested {@link Python3FileAnalyzer} is completely hidden. + */ + @Override + public boolean hasChilds() { + return false; + } - /** - * Returns true if the top-most element of the stack is of any of the given {@link PythonId#Type}s, false otherwise. - */ - static boolean isTopOfType(Stack _context, PythonId.Type[] _types) { - if(_context==null) - throw new IllegalArgumentException("Stack argument is null"); - if(_context.isEmpty()) - return false; - final PythonId id = (PythonId)_context.peek(); - for(PythonId.Type t: _types) - if(id.getType().equals(t)) - return true; - return false; - } + /** + * {@inheritDoc} + * + * The nested {@link Python3FileAnalyzer} is completely hidden. + */ + @Override + public Set getChilds(boolean _recursive) { + return null; + } - /** {@inheritDoc} */ - @Override - public Map getConstructs() throws FileAnalysisException { - if(this.constructs==null) { - analyzer = PythonFileAnalyzer.createAnalyzer(this.file); - analyzer.analyze(this.file); - this.constructs = analyzer.getConstructs(); - } - return analyzer.getConstructs(); - } + /** + * Creates a {@link PythonId} of type {@link ConstructType#MODU} for the given py file. + * + * @param _file a {@link java.io.File} object. + * @return a {@link com.sap.psr.vulas.python.PythonId} object. + * @throws java.lang.IllegalArgumentException if any. + */ + public static PythonId getModule(File _file) throws IllegalArgumentException { + if (!FileUtil.hasFileExtension(_file.toPath(), new String[] {"py"})) { + throw new IllegalArgumentException( + "Expected file with file extension [py], got [" + _file.toString() + "]"); + } - /** {@inheritDoc} */ - @Override - public boolean containsConstruct(ConstructId _id) throws FileAnalysisException { - return this.getConstructs().containsKey(_id); - } + final Path p = _file.toPath().toAbsolutePath(); - /** {@inheritDoc} */ - @Override - public Construct getConstruct(ConstructId _id) throws FileAnalysisException { - return this.getConstructs().get(_id); - } + // Add file name w/o extension to qname components + final String module_name = FileUtil.getFileName(p.toString(), false); - /** - * {@inheritDoc} - * - * The nested {@link Python3FileAnalyzer} is completely hidden. - */ - @Override - public boolean hasChilds() { - return false; - } + // Search upwards until there's no __init__.py anymore, and add directory names to the qname + // components + final List package_name = new ArrayList(); + Path search_path = p.getParent(); + while (DirUtil.containsFile(search_path.toFile(), "__init__.py") + && search_path.getNameCount() > 1) { + package_name.add(0, search_path.getFileName().toString()); + search_path = search_path.getParent(); + } - /** - * {@inheritDoc} - * - * The nested {@link Python3FileAnalyzer} is completely hidden. - */ - @Override - public Set getChilds(boolean _recursive) { - return null; - } + // Create the package (if any), the module and return the latter + PythonId pack = null; + if (!package_name.isEmpty()) + pack = new PythonId(null, PythonId.Type.PACKAGE, StringUtil.join(package_name, ".")); + return new PythonId(pack, PythonId.Type.MODULE, module_name); + } - /** - * Creates a {@link PythonId} of type {@link ConstructType#MODU} for the given py file. - * - * @param _file a {@link java.io.File} object. - * @return a {@link com.sap.psr.vulas.python.PythonId} object. - * @throws java.lang.IllegalArgumentException if any. - */ - public static PythonId getModule(File _file) throws IllegalArgumentException { - if(!FileUtil.hasFileExtension(_file.toPath(), new String[] { "py" })) { - throw new IllegalArgumentException("Expected file with file extension [py], got [" + _file.toString() + "]"); - } + /** + * Checks for syntax that is specific to Python2. + * + * TODO: To be completed according to https://docs.python.org/release/3.0.1/whatsnew/3.0.html. + * + * As of today, the method searches for the following: + * - print statement becomes a function: print "bla" --> print("bla") + * - raw_input does not exist anymore: raw_input() --> input("bla: ") + */ + static final Pattern[] PY2_PATTERNS = + new Pattern[] {Pattern.compile("^\\s*print\\s+\".*$"), Pattern.compile("^.*raw_input\\(.*$")}; - final Path p = _file.toPath().toAbsolutePath(); + static final Pattern[] PY35_ASYNC_PATTERNS = + new Pattern[] {Pattern.compile("^.*async\\s*def.*$")}; - // Add file name w/o extension to qname components - final String module_name = FileUtil.getFileName(p.toString(), false); + static final Pattern[] COMMENT_PATTERNS = new Pattern[] {Pattern.compile("^\\s*#.*$")}; - // Search upwards until there's no __init__.py anymore, and add directory names to the qname components - final List package_name = new ArrayList(); - Path search_path = p.getParent(); - while(DirUtil.containsFile(search_path.toFile(), "__init__.py") && search_path.getNameCount() > 1) { - package_name.add(0, search_path.getFileName().toString()); - search_path = search_path.getParent(); - } + /** + *

createAnalyzer.

+ * + * @param _file a {@link java.io.File} object. + * @return a {@link com.sap.psr.vulas.FileAnalyzer} object. + */ + public static FileAnalyzer createAnalyzer(final File _file) { + try (final InputStream is = new FileInputStream(_file)) { + return PythonFileAnalyzer.createAnalyzer(is); + } catch (IOException e) { + log.error( + e.getClass().getSimpleName() + + " when creating analyzer for file [" + + _file.toPath().toAbsolutePath() + + "]: " + + e.getMessage(), + e); + } + return null; + } - // Create the package (if any), the module and return the latter - PythonId pack = null; - if(!package_name.isEmpty()) - pack = new PythonId(null, PythonId.Type.PACKAGE, StringUtil.join(package_name, ".")); - return new PythonId(pack, PythonId.Type.MODULE, module_name); - } - - /** - * Checks for syntax that is specific to Python2. - * - * TODO: To be completed according to https://docs.python.org/release/3.0.1/whatsnew/3.0.html. - * - * As of today, the method searches for the following: - * - print statement becomes a function: print "bla" --> print("bla") - * - raw_input does not exist anymore: raw_input() --> input("bla: ") - */ - final static Pattern[] PY2_PATTERNS = new Pattern[] { Pattern.compile("^\\s*print\\s+\".*$"), Pattern.compile("^.*raw_input\\(.*$") }; + /** + * Reads the input stream line by line in order to decide which {@link FileAnalyzer} to take. + * Defaults to {@link Python335FileAnalyzer}. + * + * @param _is a {@link java.io.InputStream} object. + * @return a {@link com.sap.psr.vulas.FileAnalyzer} object. + * @throws java.io.IOException if any. + */ + public static FileAnalyzer createAnalyzer(InputStream _is) throws IOException { + FileAnalyzer fa = null; + final BufferedReader isr = new BufferedReader(new InputStreamReader(_is)); + String line = null; + int line_count = 0; + while ((line = isr.readLine()) != null) { + line_count++; + // No comment + if (!StringUtil.matchesPattern(line, COMMENT_PATTERNS)) { + // Py2 + if (StringUtil.matchesPattern(line, PY2_PATTERNS)) { + log.info( + "Found one of the Python 2 patterns [" + + StringUtil.join(PY2_PATTERNS, ", ") + + "] in line [" + + line_count + + "]: " + + line.trim()); + fa = new Python335FileAnalyzer(); + break; + } + // Py 35+ + else if (StringUtil.matchesPattern(line, PY35_ASYNC_PATTERNS)) { + log.info( + "Found one of the Python 3.5 patterns [" + + StringUtil.join(PY35_ASYNC_PATTERNS, ", ") + + "] in line [" + + line_count + + "]: " + + line.trim()); + fa = new Python3FileAnalyzer(); + break; + } + } + } - final static Pattern[] PY35_ASYNC_PATTERNS = new Pattern[] { Pattern.compile("^.*async\\s*def.*$") }; - - final static Pattern[] COMMENT_PATTERNS = new Pattern[] { Pattern.compile("^\\s*#.*$") }; - - /** - *

createAnalyzer.

- * - * @param _file a {@link java.io.File} object. - * @return a {@link com.sap.psr.vulas.FileAnalyzer} object. - */ - public static FileAnalyzer createAnalyzer(final File _file) { - try(final InputStream is = new FileInputStream(_file)) { - return PythonFileAnalyzer.createAnalyzer(is); - } catch(IOException e) { - log.error(e.getClass().getSimpleName() + " when creating analyzer for file [" + _file.toPath().toAbsolutePath() + "]: " + e.getMessage(), e); - } - return null; - } + // Default to 335 + if (fa == null) fa = new Python335FileAnalyzer(); - /** - * Reads the input stream line by line in order to decide which {@link FileAnalyzer} to take. - * Defaults to {@link Python335FileAnalyzer}. - * - * @param _is a {@link java.io.InputStream} object. - * @return a {@link com.sap.psr.vulas.FileAnalyzer} object. - * @throws java.io.IOException if any. - */ - public static FileAnalyzer createAnalyzer(InputStream _is) throws IOException { - FileAnalyzer fa = null; - final BufferedReader isr = new BufferedReader(new InputStreamReader(_is)); - String line = null; - int line_count = 0; - while( (line=isr.readLine())!=null ) { - line_count++; - // No comment - if(!StringUtil.matchesPattern(line, COMMENT_PATTERNS)) { - // Py2 - if(StringUtil.matchesPattern(line, PY2_PATTERNS)) { - log.info("Found one of the Python 2 patterns [" + StringUtil.join(PY2_PATTERNS, ", ") + "] in line [" + line_count + "]: " + line.trim()); - fa = new Python335FileAnalyzer(); - break; - } - // Py 35+ - else if(StringUtil.matchesPattern(line, PY35_ASYNC_PATTERNS)) { - log.info("Found one of the Python 3.5 patterns [" + StringUtil.join(PY35_ASYNC_PATTERNS, ", ") + "] in line [" + line_count + "]: " + line.trim()); - fa = new Python3FileAnalyzer(); - break; - } - } - } - - // Default to 335 - if(fa==null) - fa = new Python335FileAnalyzer(); - - return fa; - } + return fa; + } } diff --git a/lang-python/src/main/java/com/sap/psr/vulas/python/PythonId.java b/lang-python/src/main/java/com/sap/psr/vulas/python/PythonId.java index e75705de9..71118068d 100644 --- a/lang-python/src/main/java/com/sap/psr/vulas/python/PythonId.java +++ b/lang-python/src/main/java/com/sap/psr/vulas/python/PythonId.java @@ -30,158 +30,174 @@ * */ public class PythonId extends ConstructId { - - /** Supported Python construct types. */ - public static enum Type { PACKAGE, MODULE, CLASS, CONSTRUCTOR, METHOD, FUNCTION }; - - /** Constant <script>. */ - public static final String SCRIPT_NAME = "