Merge pull request #508 from Timbals/annotations

Add GitHub action to run CogniCrypt
CROSSINGTUD · Jan 12, 2024 · c9f0895 · c9f0895
2 parents 43c4c57 + 7ace2b1
commit c9f0895
Show file tree

Hide file tree

Showing 9 changed files with 497 additions and 31 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,16 @@
+name: Test Internal Action
+
+on: push
+
+jobs:
+  internal_action:
+    runs-on: ubuntu-latest
+    name: Test CryptoAnalysis Action
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v3
+      - name: Run CogniCrypt
+        uses: ./
+        with:
+          appPath: "CryptoAnalysisTargets/HelloWorld/HelloWorld.jar"
+          basePath: "CryptoAnalysisTargets/HelloWorld"
diff --git a/CryptoAnalysis/src/main/java/crypto/HeadlessCryptoScanner.java b/CryptoAnalysis/src/main/java/crypto/HeadlessCryptoScanner.java
@@ -22,6 +22,7 @@
 import crypto.reporting.CSVReporter;
 import crypto.reporting.CSVSummaryReporter;
 import crypto.reporting.CommandLineReporter;
+import crypto.reporting.GitHubAnnotationReporter;
 import crypto.reporting.Reporter;
 import crypto.reporting.SARIFReporter;
 import crypto.reporting.TXTReporter;
@@ -63,10 +64,13 @@ public abstract class HeadlessCryptoScanner {
 	private static String rulesetRootPath;
 	private static final CrySLRuleReader ruleReader = new CrySLRuleReader();
 	private boolean hasSeeds;
-
+
+	public static int exitCode = 0;
+
 	public static void main(String[] args) {
 		HeadlessCryptoScanner scanner = createFromCLISettings(args);
 		scanner.exec();
+		System.exit(exitCode);
 	}
 
 	public static HeadlessCryptoScanner createFromCLISettings(String[] args) {
@@ -89,16 +93,18 @@ protected List<CrySLRule> getRules() {
 				switch(settings.getRulesetPathType()) {
 					case DIR:
 						try {
-							rules.addAll(ruleReader.readFromDirectory(new File(settings.getRulesetPathDir())));
-							rulesetRootPath = settings.getRulesetPathDir().substring(0, settings.getRulesetPathDir().lastIndexOf(File.separator));
+							File ruleSetDir = new File(settings.getRulesetPathDir());
+							rules.addAll(ruleReader.readFromDirectory(ruleSetDir));
+							rulesetRootPath = ruleSetDir.getParent();
 						} catch (CryptoAnalysisException e) {
 							LOGGER.error("Error happened when getting the CrySL rules from the specified directory: " + settings.getRulesetPathDir(), e);
 						}
 						break;
 					case ZIP:
 						try {
-							rules.addAll(ruleReader.readFromZipFile(new File(settings.getRulesetPathDir())));
-							rulesetRootPath = settings.getRulesetPathDir().substring(0, settings.getRulesetPathDir().lastIndexOf(File.separator));
+							File ruleSetZip = new File(settings.getRulesetPathDir());
+							rules.addAll(ruleReader.readFromZipFile(ruleSetZip));
+							rulesetRootPath = ruleSetZip.getParent();
 						} catch (CryptoAnalysisException e) {
 							LOGGER.error("Error happened when getting the CrySL rules from the specified file: " + settings.getRulesetPathDir(), e);
 						}
@@ -218,6 +224,10 @@ protected void internalTransform(String phaseName, Map<String, String> options)
 								fileReporter = new CSVSummaryReporter(getOutputFolder(), softwareIdentifier(), rules, callgraphConstructionTime, includeStatistics());
 								reporter.addReportListener(fileReporter);
 								break;
+							case GITHUB_ANNOTATION:
+								fileReporter = new GitHubAnnotationReporter(softwareIdentifier(), rules, callgraphConstructionTime, includeStatistics());
+								reporter.addReportListener(fileReporter);
+								break;
 							default:
 								fileReporter = new CommandLineReporter(softwareIdentifier(), rules, callgraphConstructionTime, includeStatistics());
 								reporter.addReportListener(fileReporter);
@@ -259,7 +269,7 @@ public Debugger<TransitionFunction> debugger(IDEALSeedSolver<TransitionFunction>
 						}
 						return super.debugger(solver, seed);
 					}
-					
+
 					@Override
 					public Collection<String> getForbiddenPredicates() {
 						return forbiddenPredicates();
@@ -269,7 +279,7 @@ public Collection<String> getForbiddenPredicates() {
 					public Collection<String> getIgnoredSections() {
 						return ignoredSections();
 					}
-					
+
 				};
 
 				if (providerDetection()) {
@@ -435,7 +445,7 @@ protected Collection<String> forbiddenPredicates() {
 	protected Collection<String> ignoredSections() {
 		return settings.getIgnoredSections();
 	}
-	
+
 	private static String pathToJCE() {
 		// When whole program mode is disabled, the classpath misses jce.jar
 		return System.getProperty("java.home") + File.separator + "lib" + File.separator + "jce.jar";

diff --git a/CryptoAnalysis/src/main/java/crypto/analysis/CryptoScannerSettings.java b/CryptoAnalysis/src/main/java/crypto/analysis/CryptoScannerSettings.java
@@ -31,17 +31,17 @@ public class CryptoScannerSettings implements Callable<Integer> {
 					+ "using a ZIP file, please make sure that the path ends with '.zip'",
 			required = true)
 	private String rulesDir = null;
-	
+
 	@CommandLine.Option(
 			names = {"--cg"},
 			description = "The call graph to resolve method calls. Possible values are CHA, SPARK and SPARKLIB (default: CHA)")
 	private String cg = null;
-	
+
 	@CommandLine.Option(
 			names = {"--sootPath"},
 			description = "The absolute path of the whole project")
 	private String sootPath = "";
-	
+
 	@CommandLine.Option(
 			names = {"--identifier"},
 			description = "An identifier for the analysis to label output files")
@@ -51,29 +51,29 @@ public class CryptoScannerSettings implements Callable<Integer> {
 			names = {"--reportPath"},
 			description = "Path for a directory to write the reports into")
 	private String reportPath = null;
-	
+
 	@CommandLine.Option(
 			names = {"--reportFormat"},
 			split = ",",
 			description = "The format of the report. Possible values are CMD, TXT, SARIF, CSV and CSV_SUMMARY (default: CMD)."
 					+ " Multiple formats should be split with a comma (e.g. CMD,TXT,CSV)")
 	private String[] reportFormat = null;
-	
+
 	@CommandLine.Option(
 			names = {"--preanalysis"},
 			description = "Enable a preanalysis")
 	private boolean preanalysis = false;
-	
+
 	@CommandLine.Option(
 			names = {"--visualization"},
 			description = "Enable visualization")
 	private boolean visualization = false;
-	
+
 	@CommandLine.Option(
 			names = {"--providerdetection"},
 			description = "Enable provider detection")
 	private boolean providerdetection = false;
-	
+
 	@CommandLine.Option(
 			names = {"--dstats"},
 			description = "Disable the output of analysis statistics in the reports")
@@ -96,7 +96,7 @@ public class CryptoScannerSettings implements Callable<Integer> {
 					+ "Note that constructors are methods that can be specified with '<init>'."
 	)
 	private String ignoreSectionsPath = null;
-	
+
 	private ControlGraph controlGraph;
 	private RulesetPathType rulesetPathType;
 	private Set<ReportFormat> reportFormats;
@@ -108,7 +108,7 @@ public enum ControlGraph {
 	}
 
 	public enum ReportFormat {
-		CMD, TXT, SARIF, CSV, CSV_SUMMARY
+		CMD, TXT, SARIF, CSV, CSV_SUMMARY, GITHUB_ANNOTATION
 	}
 
 	public enum RulesetPathType {
@@ -133,7 +133,7 @@ public void parseSettingsFromCLI(String[] settings) throws CryptoAnalysisParserE
 		} else {
 			this.rulesetPathType = RulesetPathType.DIR;
 		}
-		
+
 		if (cg != null) {
 			parseControlGraphValue(cg);
 		}
@@ -149,7 +149,7 @@ public void parseSettingsFromCLI(String[] settings) throws CryptoAnalysisParserE
 		if (ignoreSectionsPath != null) {
 			parseIgnoredSections(ignoreSectionsPath);
 		}
-		
+
 		if (exitCode != ExitCode.OK) {
 			throw new CryptoAnalysisParserException("Error while parsing the CLI arguments");
 		}
@@ -253,16 +253,19 @@ private void parseReportFormatValues(String[] settings) throws CryptoAnalysisPar
 				case "csv_summary":
 					reportFormats.add(ReportFormat.CSV_SUMMARY);
 					break;
+				case "github_annotation":
+					reportFormats.add(ReportFormat.GITHUB_ANNOTATION);
+					break;
 				default:
 					throw new CryptoAnalysisParserException("Incorrect value " + reportFormatValue + " for --reportFormat option. "
 							+ "Available options are: CMD, TXT, SARIF, CSV and CSV_SUMMARY.\n");
 			}
 		}
 	}
-	
+
 	private boolean isZipFile(String path) throws CryptoAnalysisParserException {
 		File file = new File(path);
-		
+
 		// Copied from https://stackoverflow.com/questions/33934178/how-to-identify-a-zip-file-in-java
 		int fileSignature = 0;
 

diff --git a/CryptoAnalysis/src/main/java/crypto/cryslhandler/CrySLModelReader.java b/CryptoAnalysis/src/main/java/crypto/cryslhandler/CrySLModelReader.java
@@ -150,11 +150,15 @@ public List<CrySLRule> readRulesFromFiles(List<File> files) throws CryptoAnalysi
 			if (!(resource instanceof LazyLinkingResource)) {
 				continue;
 			}
-
-			CrySLRule rule = createRuleFromResource(resource);
-
-			if (!ruleMap.containsKey(rule.getClassName())) {
-				ruleMap.put(rule.getClassName(), rule);
+
+			try {
+				CrySLRule rule = createRuleFromResource(resource);
+
+				if (!ruleMap.containsKey(rule.getClassName())) {
+					ruleMap.put(rule.getClassName(), rule);
+				}
+			} catch (CryptoAnalysisException e) {
+				LOGGER.error(e.toString());
 			}
 		}