Skip to content

Commit

Permalink
Search specific aadm and rm warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@zoevas
zoevas committed Feb 3, 2021
1 parent a6aa34f commit 78e3fdd
Show file tree
Hide file tree
Showing 9 changed files with 1,666 additions and 1,932 deletions.
57 changes: 38 additions & 19 deletions tosca/core/src/main/java/nl/jads/tosca/DefectPredictorKBApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.*;

public class DefectPredictorKBApi {
Expand Down Expand Up @@ -56,7 +57,11 @@ public DefectPredictorKBApi(KB kb, String homeLoc) {
public static void main(String[] args) throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(new KB());
FindBugInput findBugInput = new FindBugInput();
long startTime = Instant.now().toEpochMilli();
BugReport bugReport = kbApi.findBugs(findBugInput);
long endTime = Instant.now().toEpochMilli();
long timeElapsed = endTime - startTime;
System.out.println("findBugs in milliseconds: " + timeElapsed);
for (BugRecord r : bugReport.getBugs()) {
System.out.println(r.getBugName());
System.out.println(r.getContext());
Expand Down Expand Up @@ -86,29 +91,35 @@ private String fileToString(String file) throws IOException {
return IOUtils.toString(inputStream, StandardCharsets.UTF_8.name());
}

public Set<Feature> getAllAttributes(RepositoryConnection connection, String aadmid) throws IOException {
public Set<Feature> getAllAttributes(RepositoryConnection connection, String aadmid, String rmid) throws IOException {
Set<Feature> attributes = new HashSet<>();
String sparql;
String sparql = null;
if (aadmid != null) {
sparql = "select distinct ?concept ?attribute\n" +
"\twhere {\n" +
"\t\t{\n" +
"\t\t#tier2\n" +
"\t\t?aadm soda:includesTemplate ?resource .\n" +
"\t\tFILTER (contains(str(?aadm), \"" + aadmid + "\")).\n" +
"\t\t?resource soda:hasContext ?context .\n" +
"\t\t?context tosca:attributes ?concept .\n" +
"\t\t?concept DUL:classifies ?attribute .\n" +
"\t\t} UNION {\n" +
"\t\t#tier 1\n" +
"\t\t}\n";
} else if (rmid != null) {
sparql = "select distinct ?concept ?attribute\n" +
"\twhere {\n" +
"\t\t#tier1\n" +
"\t\t?rm soda:includesType ?resource .\n" +
"\t\tFILTER (contains(str(?rm), \"" + rmid + "\")).\n" +
"\t\t?resource soda:hasContext ?context .\t\n" +
"\t\t?context tosca:attributes ?concept .\n" +
"\t\t?concept DUL:classifies ?attribute .\n" +
"?concept DUL:hasParameter ?p .\n" +
"\t\t}\n" +
"\t\t?concept DUL:hasParameter ?p .\n" +
"\t\t\n" +
"\t}";
} else {
sparql = fileToString("sparql/getAllAttributes.sparql");
sparql = fileToString("sparql/getAllAttributes.sparql");
}

if (sparql == null) {
return attributes;
}
Expand All @@ -132,32 +143,39 @@ public Set<Feature> getAllAttributes(RepositoryConnection connection, String aad
return attributes;
}

public Set<Feature> getProperties(RepositoryConnection connection, String aadmid) throws IOException {
public Set<Feature> getProperties(RepositoryConnection connection, String aadmid, String rmid) throws IOException {
Set<Feature> properties = new HashSet<>();
String sparql;
String sparql = null;
if (aadmid != null) {
sparql = "select distinct ?concept ?property\n" +
"\twhere {\n" +
"\t\t{\n" +
"\t\t#tier2\n" +
"\t\t?aadm soda:includesTemplate ?resource .\n" +
"\t\tFILTER (contains(str(?aadm), \"" + aadmid + "\")).\n" +
"\t\t?resource soda:hasContext ?context .\t\n" +
"\t\t?context tosca:properties ?concept .\n" +
"\t\t?concept DUL:classifies ?property .\n" +
"\t\t} UNION {\n" +
"\t\t#tier 1\n" +
"\t}";
} else if (rmid != null) {
sparql = "select distinct ?concept ?property\n" +
"\twhere {\n" +
"\t\t#tier1\n" +
"\t\t?rm soda:includesType ?resource .\n" +
"\t\tFILTER (contains(str(?rm), \"" + rmid + "\")).\n" +
"\t\t?resource soda:hasContext ?context .\t\n" +
"\t\t?context tosca:properties ?concept .\n" +
"\t\t?concept DUL:classifies ?property .\n" +
"?concept DUL:hasParameter ?p .\n" +
"\t\t}\n" +
"\t\t?concept DUL:hasParameter ?p .\n" +
"\t\t\n" +
"\t}";
} else {
sparql = fileToString("sparql/getAllProperties.sparql");
sparql = fileToString("sparql/getAllProperties.sparql");
}

if (sparql == null) {
return properties;
}

String query = PREFIXES + sparql;
TupleQueryResult result = QueryUtil.evaluateSelectQuery(connection, query);

Expand Down Expand Up @@ -359,10 +377,11 @@ public BugReport findBugs(FindBugInput bugInput) throws IOException {
fillContext(bugRecord, c, connection);
bugs.add(bugRecord);
}
Set<Feature> parameters = getProperties(connection, bugInput.getAadmid());
Set<Feature> parameters = getProperties(connection, bugInput.getAadmid(), bugInput.getRmid());
checkSmells(parameters, connection, bugs);
Set<Feature> attributes = getAllAttributes(connection, bugInput.getAadmid());
checkSmells(attributes, connection, bugs);
Set<Feature> attributes = getAllAttributes(connection, bugInput.getAadmid(), bugInput.getRmid());
checkSmells(attributes, connection, bugs);

bugReport.setActionId(bugInput.getActionId());
bugReport.setDeploymentId(bugInput.getDeploymentId());
bugReport.setBugs(bugs);
Expand Down
9 changes: 9 additions & 0 deletions tosca/core/src/main/java/nl/jads/tosca/dto/FindBugInput.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public class FindBugInput {
private String repository;
private String server;
private String aadmid;
private String rmid;

public String getActionId() {
return actionId;
Expand Down Expand Up @@ -68,4 +69,12 @@ public String getAadmid() {
public void setAadmid(String aadmid) {
this.aadmid = aadmid;
}

public String getRmid() {
return rmid;
}

public void setRmid(String rmid) {
this.rmid = rmid;
}
}
10 changes: 5 additions & 5 deletions tosca/core/src/test/java/ClinicalSecuritySmellTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public class ClinicalSecuritySmellTest {

@BeforeAll
static void beforeAll() throws IOException {
repositoryManager = new SodaliteRepository(".", "/config_clinical.ttl");
repositoryManager = new SodaliteRepository("target/", "/config_clinical.ttl");
kb = new KB(repositoryManager, "Clinical");
repository = repositoryManager.getRepository("Clinical");
RepositoryConnection repositoryConnection = repository.getConnection();
Expand All @@ -48,7 +48,7 @@ static void afterAll() {
void testAdminBYyDefault() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getAllAttributes(connection, null);
Set<Feature> parameters = kbApi.getAllAttributes(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -73,7 +73,7 @@ void testSuspiciousComment() throws IOException {
void testWeakCryptoAlgo() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getAllAttributes(connection, null);
Set<Feature> parameters = kbApi.getAllAttributes(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -90,7 +90,7 @@ void testWeakCryptoAlgo() throws IOException {
void testInvalidPortRange() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getAllAttributes(connection, null);
Set<Feature> parameters = kbApi.getAllAttributes(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -107,7 +107,7 @@ void testInvalidPortRange() throws IOException {
void testWeakKeySize() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getAllAttributes(connection, null);
Set<Feature> parameters = kbApi.getAllAttributes(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand Down
10 changes: 5 additions & 5 deletions tosca/core/src/test/java/SecuritySmellAADMTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public class SecuritySmellAADMTest {

@BeforeAll
static void beforeAll() throws IOException {
repositoryManager = new SodaliteRepository(".", "/config.ttl");
repositoryManager = new SodaliteRepository("target/", "/config.ttl");
kb = new KB(repositoryManager, "TOSCA");
repository = repositoryManager.getRepository("TOSCA");
RepositoryConnection repositoryConnection = repository.getConnection();
Expand All @@ -49,7 +49,7 @@ static void afterAll() {
void testAdminBYyDefault() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, "AADM_as9oa3dfppj6q7irhn6lsl6p16");
Set<Feature> parameters = kbApi.getProperties(connection, "AADM_as9oa3dfppj6q7irhn6lsl6p16", null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -59,15 +59,15 @@ void testAdminBYyDefault() throws IOException {
properties.add(p);
}
}
assertEquals(2, properties.size());
assertEquals(1, properties.size());
}


@Test
void testHardcodedSecret() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, "234333");
Set<Feature> parameters = kbApi.getProperties(connection, "AADM_pf62lush4v2gvg24unpl62bktq", null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -77,7 +77,7 @@ void testHardcodedSecret() throws IOException {
properties.add(p);
}
}
assertEquals(4, properties.size());
assertEquals(1, properties.size());
}

}
20 changes: 10 additions & 10 deletions tosca/core/src/test/java/SecuritySmellTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public class SecuritySmellTest {

@BeforeAll
static void beforeAll() throws IOException {
repositoryManager = new SodaliteRepository(".", "/config.ttl");
repositoryManager = new SodaliteRepository("target/", "/config.ttl");
kb = new KB(repositoryManager, "TOSCA");
repository = repositoryManager.getRepository("TOSCA");
RepositoryConnection repositoryConnection = repository.getConnection();
Expand Down Expand Up @@ -61,7 +61,7 @@ void testSuspiciousComment() throws IOException {
void testAdminBYyDefault() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -78,7 +78,7 @@ void testAdminBYyDefault() throws IOException {
void testDashCaseViolation() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
List<Feature> properties2 = new ArrayList<>();
for (Feature p : parameters) {
Expand All @@ -99,7 +99,7 @@ void testDashCaseViolation() throws IOException {
void testSnakeCaseViolation() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
List<Feature> properties2 = new ArrayList<>();
for (Feature p : parameters) {
Expand All @@ -120,7 +120,7 @@ void testSnakeCaseViolation() throws IOException {
void testCamelCaseViolation() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
List<Feature> properties2 = new ArrayList<>();
for (Feature p : parameters) {
Expand All @@ -142,7 +142,7 @@ void testCamelCaseViolation() throws IOException {
void testEmptyPassword() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -159,7 +159,7 @@ void testEmptyPassword() throws IOException {
void testHardcodedSecret() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -176,7 +176,7 @@ void testHardcodedSecret() throws IOException {
void testUseOfHTTPWithoutTLS() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -193,7 +193,7 @@ void testUseOfHTTPWithoutTLS() throws IOException {
void testWeakCryptoAlgo() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand All @@ -210,7 +210,7 @@ void testWeakCryptoAlgo() throws IOException {
void testInvalidIPAddressBinding() throws IOException {
DefectPredictorKBApi kbApi = new DefectPredictorKBApi(kb);
RepositoryConnection connection = repository.getConnection();
Set<Feature> parameters = kbApi.getProperties(connection, null);
Set<Feature> parameters = kbApi.getProperties(connection, null, null);
List<Feature> properties = new ArrayList<>();
for (Feature p : parameters) {
if (p.getParameters() == null) {
Expand Down
2 changes: 1 addition & 1 deletion tosca/core/src/test/resources/config.ttl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
owlim:in-memory-literal-properties "true" ;
owlim:enable-literal-index "true" ;
owlim:check-for-inconsistencies "false" ;
owlim:disable-sameAs "false" ;
owlim:disable-sameAs "true" ;
owlim:query-timeout "0" ;
owlim:query-limit-results "0" ;
owlim:throw-QueryEvaluationException-on-timeout "false" ;
Expand Down
2 changes: 1 addition & 1 deletion tosca/core/src/test/resources/config_clinical.ttl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
owlim:in-memory-literal-properties "true" ;
owlim:enable-literal-index "true" ;
owlim:check-for-inconsistencies "false" ;
owlim:disable-sameAs "false" ;
owlim:disable-sameAs "true" ;
owlim:query-timeout "0" ;
owlim:query-limit-results "0" ;
owlim:throw-QueryEvaluationException-on-timeout "false" ;
Expand Down
Loading

0 comments on commit 78e3fdd

Please sign in to comment.