diff --git a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/aggregator/Aggregate.kt b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/Aggregate.kt similarity index 99% rename from codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/aggregator/Aggregate.kt rename to codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/Aggregate.kt index d4563f126..41d3532a9 100644 --- a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/aggregator/Aggregate.kt +++ b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/Aggregate.kt @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.plugins.aggregator +package de.fraunhofer.aisec.codyze.plugin.aggregator import io.github.detekt.sarif4k.* import io.github.oshai.kotlinlogging.KotlinLogging diff --git a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/aggregator/Parser.kt b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/Parser.kt similarity index 97% rename from codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/aggregator/Parser.kt rename to codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/Parser.kt index 10590dc1e..7b887f73a 100644 --- a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/aggregator/Parser.kt +++ b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/Parser.kt @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.plugins.aggregator +package de.fraunhofer.aisec.codyze.plugin.aggregator import io.github.detekt.sarif4k.Run import io.github.detekt.sarif4k.SarifSchema210 diff --git a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/FindSecBugsExecutor.kt b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/FindSecBugsPlugin.kt similarity index 93% rename from codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/FindSecBugsExecutor.kt rename to codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/FindSecBugsPlugin.kt index fd18d741b..9bb1e2510 100644 --- a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/FindSecBugsExecutor.kt +++ b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/FindSecBugsPlugin.kt @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.plugins.executor +package de.fraunhofer.aisec.codyze.plugin.plugins import edu.umd.cs.findbugs.BugReporter import edu.umd.cs.findbugs.DetectorFactoryCollection @@ -29,7 +29,8 @@ import java.nio.file.Path import kotlin.io.path.absolute // FIXME: copy-paste from SpotBugs-Executor with added FindSecBugs-Plugin -class FindSecBugsExecutor: Executor { +class FindSecBugsPlugin: de.fraunhofer.aisec.codyze.plugin.plugins.Plugin { + override val cliName = "findsecbugs" val pluginFile = File("src/main/resources/spotbugs-plugins/findsecbugs-plugin-1.12.0.jar") // NOTE: this Executor will very likely mark the invocation as failed diff --git a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/PMDExecutor.kt b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/PMDPlugin.kt similarity index 88% rename from codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/PMDExecutor.kt rename to codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/PMDPlugin.kt index a8f44b004..e3187b3b2 100644 --- a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/PMDExecutor.kt +++ b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/PMDPlugin.kt @@ -13,14 +13,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.plugins.executor +package de.fraunhofer.aisec.codyze.plugin.plugins +import de.fraunhofer.aisec.codyze.plugin.plugins.Plugin import java.io.File import java.nio.file.Path import net.sourceforge.pmd.PMDConfiguration import net.sourceforge.pmd.PmdAnalysis -class PMDExecutor: Executor { +class PMDPlugin: Plugin { + override val cliName = "pmd" override fun execute(target: List, output: File) { val config = PMDConfiguration() for (path in target) { diff --git a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/Executor.kt b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/Plugin.kt similarity index 78% rename from codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/Executor.kt rename to codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/Plugin.kt index 4ad75677a..9dde332de 100644 --- a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/Executor.kt +++ b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/Plugin.kt @@ -13,16 +13,19 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.plugins.executor +package de.fraunhofer.aisec.codyze.plugin.plugins import java.io.File import java.nio.file.Path -interface Executor { +interface Plugin { + /** the name this output format has in the codyze-cli. */ + val cliName: String + /** * Executes the respective analysis tool. * @param target The files to be analyzed * @param output The location of the results */ - fun execute(target: List, output: File) + fun execute(target: List, output: File = File("$cliName.sarif")) } \ No newline at end of file diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/FindSecBugsExecutorTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/FindSecBugsExecutorTest.kt deleted file mode 100644 index dcbd4a144..000000000 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/FindSecBugsExecutorTest.kt +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2023, Fraunhofer AISEC. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package de.fraunhofer.aisec.codyze.executor.compiled - - -import de.fraunhofer.aisec.codyze.plugins.executor.FindSecBugsExecutor -import io.github.detekt.sarif4k.* - -class FindSecBugsExecutorTest : CompiledExecutorTest() { - override val executor = FindSecBugsExecutor() - override val resultFileName = "findsecbugs.sarif" - override val expectedResults = SpotbugsExecutorTest().expectedResults + listOf( - Result( - ruleID = "PATH_TRAVERSAL_IN", - ruleIndex = 1, - message = Message( - id = "default", - text = "Potential Path Traversal (file read)", - arguments = listOf("java/io/File.\\\\u003cinit\\\\u003e(Ljava/lang/String;)V") - ), - level = Level.Warning, - locations = listOf( - Location( - physicalLocation = PhysicalLocation( - artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"), - region = Region(startLine = 133) - ), - logicalLocations = listOf( - LogicalLocation( - name = "main(String[])", - kind = "function", - fullyQualifiedName = "de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.main(String[])" - ) - ) - ) - ) - ) - ) -} \ No newline at end of file diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/aggregator/AggregateTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/AggregateTest.kt similarity index 94% rename from codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/aggregator/AggregateTest.kt rename to codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/AggregateTest.kt index 57fee4073..535daa064 100644 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/aggregator/AggregateTest.kt +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/AggregateTest.kt @@ -13,10 +13,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.aggregator +package de.fraunhofer.aisec.codyze.plugin.aggregator -import de.fraunhofer.aisec.codyze.plugins.aggregator.Aggregate -import de.fraunhofer.aisec.codyze.plugins.aggregator.Parser import io.github.detekt.sarif4k.Run import org.junit.jupiter.api.Assertions.* import org.junit.jupiter.api.BeforeAll diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/aggregator/ParserTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/ParserTest.kt similarity index 96% rename from codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/aggregator/ParserTest.kt rename to codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/ParserTest.kt index d26e60425..552e38c18 100644 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/aggregator/ParserTest.kt +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/aggregator/ParserTest.kt @@ -13,9 +13,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.aggregator +package de.fraunhofer.aisec.codyze.plugin.aggregator -import de.fraunhofer.aisec.codyze.plugins.aggregator.Parser import org.junit.jupiter.api.Assertions.* import org.junit.jupiter.api.BeforeAll import org.junit.jupiter.api.Test diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/ExecutorTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/PluginTest.kt similarity index 88% rename from codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/ExecutorTest.kt rename to codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/PluginTest.kt index a5f4343a4..89e64ef4b 100644 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/ExecutorTest.kt +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/PluginTest.kt @@ -13,10 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.executor +package de.fraunhofer.aisec.codyze.plugin.plugins -import de.fraunhofer.aisec.codyze.plugins.aggregator.Parser -import de.fraunhofer.aisec.codyze.plugins.executor.Executor +import de.fraunhofer.aisec.codyze.plugin.aggregator.Parser import io.github.detekt.sarif4k.Result import org.junit.jupiter.api.AfterEach import org.junit.jupiter.api.Test @@ -26,8 +25,8 @@ import kotlin.test.assertEquals import kotlin.test.assertNotNull import kotlin.test.assertTrue -abstract class ExecutorTest { - abstract val executor: Executor +abstract class PluginTest { + abstract val plugin: Plugin abstract val resultFileName: String abstract val expectedResults: List diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/CompiledExecutorTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/CompiledPluginTest.kt similarity index 82% rename from codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/CompiledExecutorTest.kt rename to codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/CompiledPluginTest.kt index 74e93428d..3e672ed58 100644 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/compiled/CompiledExecutorTest.kt +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/CompiledPluginTest.kt @@ -13,15 +13,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.executor.compiled +package de.fraunhofer.aisec.codyze.plugin.plugins.compiled -import de.fraunhofer.aisec.codyze.executor.ExecutorTest +import de.fraunhofer.aisec.codyze.plugin.plugins.PluginTest import java.io.File import java.nio.file.Path -abstract class CompiledExecutorTest: ExecutorTest() { +abstract class CompiledPluginTest: PluginTest() { override fun scanFiles() { - executor.execute( + plugin.execute( listOf(Path.of("src/test/resources/targets/libs/demo-cloud-service-1.0.0.jar")), File("src/test/resources/generatedReports/$resultFileName") ) diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/FindSecBugsPluginTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/FindSecBugsPluginTest.kt new file mode 100644 index 000000000..32e13468b --- /dev/null +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/compiled/FindSecBugsPluginTest.kt @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2023, Fraunhofer AISEC. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package de.fraunhofer.aisec.codyze.plugin.plugins.compiled + + +import de.fraunhofer.aisec.codyze.plugin.plugins.FindSecBugsPlugin +import io.github.detekt.sarif4k.* + +class FindSecBugsPluginTest : CompiledPluginTest() { + override val plugin = FindSecBugsPlugin() + override val resultFileName = "findsecbugs.sarif" + override val expectedResults = listOf( + Result( + ruleID = "DM_DEFAULT_ENCODING", + ruleIndex = 0, + message = Message( + id = "default", + text = "Reliance on default encoding", + arguments = listOf("de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.start()", "new java.io.InputStreamReader(InputStream)") + ), + level = Level.Note, + locations = listOf( + Location( + physicalLocation = PhysicalLocation( + artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"), + region = Region(startLine = 102) + ), + logicalLocations = listOf( + LogicalLocation( + name = "new java.io.InputStreamReader(InputStream)", + kind = "function", + fullyQualifiedName = "new java.io.InputStreamReader(InputStream)" + ) + ) + ) + ) + ), + Result( + ruleID = "DM_DEFAULT_ENCODING", + ruleIndex = 0, + message = Message( + id = "default", + text = "Reliance on default encoding", + arguments = listOf("de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.start()", "new java.io.OutputStreamWriter(OutputStream)") + ), + level = Level.Note, + locations = listOf( + Location( + physicalLocation = PhysicalLocation( + artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"), + region = Region(startLine = 103) + ), + logicalLocations = listOf( + LogicalLocation( + name = "new java.io.OutputStreamWriter(OutputStream)", + kind = "function", + fullyQualifiedName = "new java.io.OutputStreamWriter(OutputStream)" + ) + ) + ) + ) + ), + Result( + ruleID = "PATH_TRAVERSAL_IN", + ruleIndex = 1, + message = Message( + id = "default", + text = "Potential Path Traversal (file read)", + arguments = listOf("java/io/File.\\\\u003cinit\\\\u003e(Ljava/lang/String;)V") + ), + level = Level.Warning, + locations = listOf( + Location( + physicalLocation = PhysicalLocation( + artifactLocation = ArtifactLocation(uri = "de/fraunhofer/aisec/codyze/medina/demo/jsse/TlsServer.java"), + region = Region(startLine = 133) + ), + logicalLocations = listOf( + LogicalLocation( + name = "main(String[])", + kind = "function", + fullyQualifiedName = "de.fraunhofer.aisec.codyze.medina.demo.jsse.TlsServer.main(String[])" + ) + ) + ) + ) + ) + ) +} \ No newline at end of file diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/source/PMDExecutorTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/source/PMDPluginTest.kt similarity index 98% rename from codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/source/PMDExecutorTest.kt rename to codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/source/PMDPluginTest.kt index 9ddb98b5e..a9c1aae19 100644 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/source/PMDExecutorTest.kt +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/source/PMDPluginTest.kt @@ -13,13 +13,13 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.executor.source +package de.fraunhofer.aisec.codyze.plugin.plugins.source -import de.fraunhofer.aisec.codyze.plugins.executor.PMDExecutor +import de.fraunhofer.aisec.codyze.plugin.plugins.PMDPlugin import io.github.detekt.sarif4k.* -class PMDExecutorTest: SourceExecutorTest() { - override val executor = PMDExecutor() +class PMDPluginTest: SourcePluginTest() { + override val plugin = PMDPlugin() override val resultFileName = "pmd.sarif" override val expectedResults = listOf( Result( diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/source/SourceExecutorTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/source/SourcePluginTest.kt similarity index 82% rename from codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/source/SourceExecutorTest.kt rename to codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/source/SourcePluginTest.kt index 7f67a359a..52afbf1aa 100644 --- a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/source/SourceExecutorTest.kt +++ b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/plugin/plugins/source/SourcePluginTest.kt @@ -13,15 +13,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package de.fraunhofer.aisec.codyze.executor.source +package de.fraunhofer.aisec.codyze.plugin.plugins.source -import de.fraunhofer.aisec.codyze.executor.ExecutorTest +import de.fraunhofer.aisec.codyze.plugin.plugins.PluginTest import java.io.File import java.nio.file.Path -abstract class SourceExecutorTest: ExecutorTest() { +abstract class SourcePluginTest: PluginTest() { override fun scanFiles() { - executor.execute( + plugin.execute( listOf(Path.of("src/test/resources/targets/TlsServer.java")), File("src/test/resources/generatedReports/$resultFileName") )