rename plugins

Fraunhofer-AISEC · Jan 8, 2024 · 6c20d1f · 6c20d1f
1 parent d063573
commit 6c20d1f
Show file tree

Hide file tree

Showing 13 changed files with 135 additions and 83 deletions.
diff --git a/...ec/codyze/plugins/aggregator/Aggregate.kt → ...sec/codyze/plugin/aggregator/Aggregate.kt b/...ec/codyze/plugins/aggregator/Aggregate.kt → ...sec/codyze/plugin/aggregator/Aggregate.kt
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.plugins.aggregator
+package de.fraunhofer.aisec.codyze.plugin.aggregator
 
 import io.github.detekt.sarif4k.*
 import io.github.oshai.kotlinlogging.KotlinLogging

diff --git a/...aisec/codyze/plugins/aggregator/Parser.kt → .../aisec/codyze/plugin/aggregator/Parser.kt b/...aisec/codyze/plugins/aggregator/Parser.kt → .../aisec/codyze/plugin/aggregator/Parser.kt
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.plugins.aggregator
+package de.fraunhofer.aisec.codyze.plugin.aggregator
 
 import io.github.detekt.sarif4k.Run
 import io.github.detekt.sarif4k.SarifSchema210

diff --git a/...e/plugins/executor/FindSecBugsExecutor.kt → ...odyze/plugin/plugins/FindSecBugsPlugin.kt b/...e/plugins/executor/FindSecBugsExecutor.kt → ...odyze/plugin/plugins/FindSecBugsPlugin.kt
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.plugins.executor
+package de.fraunhofer.aisec.codyze.plugin.plugins
 
 import edu.umd.cs.findbugs.BugReporter
 import edu.umd.cs.findbugs.DetectorFactoryCollection
@@ -29,7 +29,8 @@ import java.nio.file.Path
 import kotlin.io.path.absolute
 
 // FIXME: copy-paste from SpotBugs-Executor with added FindSecBugs-Plugin
-class FindSecBugsExecutor: Executor {
+class FindSecBugsPlugin: de.fraunhofer.aisec.codyze.plugin.plugins.Plugin {
+    override val cliName = "findsecbugs"
     val pluginFile = File("src/main/resources/spotbugs-plugins/findsecbugs-plugin-1.12.0.jar")
 
     // NOTE: this Executor will very likely mark the invocation as failed

diff --git a/...ec/codyze/plugins/executor/PMDExecutor.kt → .../aisec/codyze/plugin/plugins/PMDPlugin.kt b/...ec/codyze/plugins/executor/PMDExecutor.kt → .../aisec/codyze/plugin/plugins/PMDPlugin.kt
@@ -13,14 +13,16 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.plugins.executor
+package de.fraunhofer.aisec.codyze.plugin.plugins
 
+import de.fraunhofer.aisec.codyze.plugin.plugins.Plugin
 import java.io.File
 import java.nio.file.Path
 import net.sourceforge.pmd.PMDConfiguration
 import net.sourceforge.pmd.PmdAnalysis
 
-class PMDExecutor: Executor {
+class PMDPlugin: Plugin {
+    override val cliName = "pmd"
     override fun execute(target: List<Path>, output: File) {
         val config = PMDConfiguration()
         for (path in target) {

diff --git a/...aisec/codyze/plugins/executor/Executor.kt → ...fer/aisec/codyze/plugin/plugins/Plugin.kt b/...aisec/codyze/plugins/executor/Executor.kt → ...fer/aisec/codyze/plugin/plugins/Plugin.kt
@@ -13,16 +13,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.plugins.executor
+package de.fraunhofer.aisec.codyze.plugin.plugins
 
 import java.io.File
 import java.nio.file.Path
 
-interface Executor {
+interface Plugin {
+    /** the name this output format has in the codyze-cli. */
+    val cliName: String
+
     /**
      * Executes the respective analysis tool.
      * @param target The files to be analyzed
      * @param output The location of the results
      */
-    fun execute(target: List<Path>, output: File)
+    fun execute(target: List<Path>, output: File = File("$cliName.sarif"))
 }
diff --git a/...s/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/FindSecBugsExecutorTest.kt b/...s/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/FindSecBugsExecutorTest.kt
diff --git a/.../aisec/codyze/aggregator/AggregateTest.kt → ...codyze/plugin/aggregator/AggregateTest.kt b/.../aisec/codyze/aggregator/AggregateTest.kt → ...codyze/plugin/aggregator/AggregateTest.kt
@@ -13,10 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.aggregator
+package de.fraunhofer.aisec.codyze.plugin.aggregator
 
-import de.fraunhofer.aisec.codyze.plugins.aggregator.Aggregate
-import de.fraunhofer.aisec.codyze.plugins.aggregator.Parser
 import io.github.detekt.sarif4k.Run
 import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.BeforeAll

diff --git a/...fer/aisec/codyze/aggregator/ParserTest.kt → ...ec/codyze/plugin/aggregator/ParserTest.kt b/...fer/aisec/codyze/aggregator/ParserTest.kt → ...ec/codyze/plugin/aggregator/ParserTest.kt
@@ -13,9 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.aggregator
+package de.fraunhofer.aisec.codyze.plugin.aggregator
 
-import de.fraunhofer.aisec.codyze.plugins.aggregator.Parser
 import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.BeforeAll
 import org.junit.jupiter.api.Test

diff --git a/...fer/aisec/codyze/executor/ExecutorTest.kt → ...aisec/codyze/plugin/plugins/PluginTest.kt b/...fer/aisec/codyze/executor/ExecutorTest.kt → ...aisec/codyze/plugin/plugins/PluginTest.kt
@@ -13,10 +13,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.executor
+package de.fraunhofer.aisec.codyze.plugin.plugins
 
-import de.fraunhofer.aisec.codyze.plugins.aggregator.Parser
-import de.fraunhofer.aisec.codyze.plugins.executor.Executor
+import de.fraunhofer.aisec.codyze.plugin.aggregator.Parser
 import io.github.detekt.sarif4k.Result
 import org.junit.jupiter.api.AfterEach
 import org.junit.jupiter.api.Test
@@ -26,8 +25,8 @@ import kotlin.test.assertEquals
 import kotlin.test.assertNotNull
 import kotlin.test.assertTrue
 
-abstract class ExecutorTest {
-    abstract val executor: Executor
+abstract class PluginTest {
+    abstract val plugin: Plugin
     abstract val resultFileName: String
     abstract val expectedResults: List<Result>
 

diff --git a/...executor/compiled/CompiledExecutorTest.kt → ...in/plugins/compiled/CompiledPluginTest.kt b/...executor/compiled/CompiledExecutorTest.kt → ...in/plugins/compiled/CompiledPluginTest.kt
@@ -13,15 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.executor.compiled
+package de.fraunhofer.aisec.codyze.plugin.plugins.compiled
 
-import de.fraunhofer.aisec.codyze.executor.ExecutorTest
+import de.fraunhofer.aisec.codyze.plugin.plugins.PluginTest
 import java.io.File
 import java.nio.file.Path
 
-abstract class CompiledExecutorTest: ExecutorTest() {
+abstract class CompiledPluginTest: PluginTest() {
     override fun scanFiles() {
-        executor.execute(
+        plugin.execute(
             listOf(Path.of("src/test/resources/targets/libs/demo-cloud-service-1.0.0.jar")),
             File("src/test/resources/generatedReports/$resultFileName")
         )

diff --git a/...c/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/FindSecBugsPluginTest.kt b/...c/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/FindSecBugsPluginTest.kt
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2023, Fraunhofer AISEC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.fraunhofer.aisec.codyze.plugin.plugins.compiled
+
+
+import de.fraunhofer.aisec.codyze.plugin.plugins.FindSecBugsPlugin
+import io.github.detekt.sarif4k.*
+
+class FindSecBugsPluginTest : CompiledPluginTest() {
+    override val plugin = FindSecBugsPlugin()
+    override val resultFileName = "findsecbugs.sarif"
+    override val expectedResults = listOf(
+        Result(
+            ruleID = "DM_DEFAULT_ENCODING",
+            ruleIndex = 0,
+            message = Message(
+                id = "default",
+                text = "Reliance on default encoding",
+                arguments = listOf("de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.start()", "new java.io.InputStreamReader(InputStream)")
+            ),
+            level = Level.Note,
+            locations = listOf(
+                Location(
+                    physicalLocation = PhysicalLocation(
+                        artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"),
+                        region = Region(startLine = 102)
+                    ),
+                    logicalLocations = listOf(
+                        LogicalLocation(
+                            name = "new java.io.InputStreamReader(InputStream)",
+                            kind = "function",
+                            fullyQualifiedName = "new java.io.InputStreamReader(InputStream)"
+                        )
+                    )
+                )
+            )
+        ),
+        Result(
+            ruleID = "DM_DEFAULT_ENCODING",
+            ruleIndex = 0,
+            message = Message(
+                id = "default",
+                text = "Reliance on default encoding",
+                arguments = listOf("de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.start()", "new java.io.OutputStreamWriter(OutputStream)")
+            ),
+            level = Level.Note,
+            locations = listOf(
+                Location(
+                    physicalLocation = PhysicalLocation(
+                        artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"),
+                        region = Region(startLine = 103)
+                    ),
+                    logicalLocations = listOf(
+                        LogicalLocation(
+                            name = "new java.io.OutputStreamWriter(OutputStream)",
+                            kind = "function",
+                            fullyQualifiedName = "new java.io.OutputStreamWriter(OutputStream)"
+                        )
+                    )
+                )
+            )
+        ),
+        Result(
+            ruleID = "PATH_TRAVERSAL_IN",
+            ruleIndex = 1,
+            message = Message(
+                id = "default",
+                text = "Potential Path Traversal (file read)",
+                arguments = listOf("java/io/File.\\\\u003cinit\\\\u003e(Ljava/lang/String;)V")
+            ),
+            level = Level.Warning,
+            locations = listOf(
+                Location(
+                    physicalLocation = PhysicalLocation(
+                        artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"),
+                        region = Region(startLine = 133)
+                    ),
+                    logicalLocations = listOf(
+                        LogicalLocation(
+                            name = "main(String[])",
+                            kind = "function",
+                            fullyQualifiedName = "de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.main(String[])"
+                        )
+                    )
+                )
+            )
+        )
+    )
+}
diff --git a/...codyze/executor/source/PMDExecutorTest.kt → ...ze/plugin/plugins/source/PMDPluginTest.kt b/...codyze/executor/source/PMDExecutorTest.kt → ...ze/plugin/plugins/source/PMDPluginTest.kt
@@ -13,13 +13,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.executor.source
+package de.fraunhofer.aisec.codyze.plugin.plugins.source
 
-import de.fraunhofer.aisec.codyze.plugins.executor.PMDExecutor
+import de.fraunhofer.aisec.codyze.plugin.plugins.PMDPlugin
 import io.github.detekt.sarif4k.*
 
-class PMDExecutorTest: SourceExecutorTest() {
-    override val executor = PMDExecutor()
+class PMDPluginTest: SourcePluginTest() {
+    override val plugin = PMDPlugin()
     override val resultFileName = "pmd.sarif"
     override val expectedResults = listOf(
         Result(

diff --git a/...yze/executor/source/SourceExecutorTest.kt → ...plugin/plugins/source/SourcePluginTest.kt b/...yze/executor/source/SourceExecutorTest.kt → ...plugin/plugins/source/SourcePluginTest.kt
@@ -13,15 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.fraunhofer.aisec.codyze.executor.source
+package de.fraunhofer.aisec.codyze.plugin.plugins.source
 
-import de.fraunhofer.aisec.codyze.executor.ExecutorTest
+import de.fraunhofer.aisec.codyze.plugin.plugins.PluginTest
 import java.io.File
 import java.nio.file.Path
 
-abstract class SourceExecutorTest: ExecutorTest() {
+abstract class SourcePluginTest: PluginTest() {
     override fun scanFiles() {
-        executor.execute(
+        plugin.execute(
             listOf(Path.of("src/test/resources/targets/TlsServer.java")),
             File("src/test/resources/generatedReports/$resultFileName")
         )