Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unfinished loading finding descriptions in LSP #263

Open
fwendland opened this issue Sep 16, 2021 · 2 comments
Open

Unfinished loading finding descriptions in LSP #263

fwendland opened this issue Sep 16, 2021 · 2 comments
Labels
bug Something isn't working

Comments

@fwendland
Copy link
Collaborator

When using the LSP interface with Eclipse the findingDescription.json isn't fully loaded and parsed, before it's used.

Here is an excerpt from a log file:

19:16:20,710 INFO AnalysisServer Registering builtin de.fraunhofer.aisec.codyze.crymlin.builtin.SplitDisjoint
//...
19:16:21,143 INFO AnalysisServer LSP server started
19:16:21,144 INFO AnalysisServer Parsing MARK files in /opt/codyze/mark
19:16:21,642 INFO CpgDocumentService Handling didOpen for file: file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
19:16:21,643 DEBUG CpgDocumentService Starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
19:16:21,644 DEBUG CpgDocumentService Really starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
// ...
19:16:23,503 INFO AnalysisServer Loading MARK from directory /opt/codyze/mark
19:16:23,527 INFO AnalysisServer Loading MARK file /opt/codyze/mark/bouncycastle/KeyGenerator.mark
// ...
19:16:25,970 INFO AnalysisServer Loaded 60 entities and 40 rules.
19:16:25,971 INFO FindingDescription Parsing MARK description file from /opt/codyze/mark/findingDescription.json
//...
19:16:26,854 INFO Evaluator Got 8 findings in analysis context: [Rule ID_4_01 verified, Rule ID_2_1_2_3_01 violated, Rule ID_2_1_3_01 verified, Rule ID_2_01 verified, Rule BouncyCastleProvider_MessageDigest violated, Rule BouncyCastleProvider_SecureRandom violated, Rule ID_2_1_01 verified, Rule BouncyCastleProvider_Cipher violated]
19:16:26,855 INFO CpgDocumentService Analysis for file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java done. Returning 8 findings.
19:16:26,856 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:27,415 INFO FindingDescription Loaded 68 description(s)
19:16:27,415 DEBUG FindingDescription Descriptions:
{InvalidProvider_AlgorithmParameterGenerator=de.fraunhofer.aisec.codyze.analysis.FindingDescription$FindingDescriptionItem@63b2418e, /* ... */}

Seemingly, the CpgDocumentService access the finding descriptions before they are fully parsed and available through FindingDescription. This method

val map = mapper.readValue<Map<String, FindingDescriptionItem>>(descriptionFile)

appears to finish evaluation too late.

This might be caused by some threaded execution and insufficent synchronisation.

@fwendland fwendland added the bug Something isn't working label Sep 16, 2021
@fwendland fwendland added this to the 2.0.0 milestone Sep 16, 2021
@oxisto
Copy link
Member

oxisto commented Sep 17, 2021

Using the LSP-based plugin for VScode seems to work flawlessly. Is this somehow related to something Eclipse-specific?

@fwendland
Copy link
Collaborator Author

Maybe. I'm gone test some more.

@fwendland fwendland removed this from the 2.x.y milestone Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants