From 7888dab6d945fa782d5d4ad99aa272e79237d818 Mon Sep 17 00:00:00 2001 From: Sven Meyer Date: Fri, 1 Dec 2023 16:34:40 +0100 Subject: [PATCH] Change getInitialTransitions() to return all initial transitions --- .../java/crypto/rules/StateMachineGraph.java | 15 +- .../typestate/CrySLMethodToSootMethod.java | 5 +- ...StateMachineToTypestateChangeFunction.java | 18 +- .../typestate/SootBasedStateMachineGraph.java | 61 +++- .../tests/pattern/CogniCryptTestGenTest.java | 337 ++++++++++++++++++ 5 files changed, 412 insertions(+), 24 deletions(-) create mode 100644 CryptoAnalysis/src/test/java/tests/pattern/CogniCryptTestGenTest.java diff --git a/CryptoAnalysis/src/main/java/crypto/rules/StateMachineGraph.java b/CryptoAnalysis/src/main/java/crypto/rules/StateMachineGraph.java index ad8c87f8f..773d89c1b 100644 --- a/CryptoAnalysis/src/main/java/crypto/rules/StateMachineGraph.java +++ b/CryptoAnalysis/src/main/java/crypto/rules/StateMachineGraph.java @@ -12,17 +12,17 @@ import crypto.interfaces.FiniteStateMachine; public final class StateMachineGraph implements FiniteStateMachine, java.io.Serializable { - /** - * - */ + private static final long serialVersionUID = 1L; private final Set nodes; private final List edges; + private final List initialEdges; private int nodeNameCounter = 0; public StateMachineGraph() { nodes = new HashSet(); edges = new ArrayList(); + initialEdges = new ArrayList(); } public StateNode createNewNode() { @@ -45,6 +45,11 @@ private Boolean addEdge(TransitionEdge edge) { return false; } edges.add(edge); + + if (left.isInitialState()) { + initialEdges.add(edge); + } + return true; } @@ -133,6 +138,10 @@ public List getEdges() { public TransitionEdge getInitialTransition() { return edges.get(0); } + + public Collection getInitialTransitions() { + return initialEdges; + } public Collection getAcceptingStates() { return nodes.parallelStream().filter(node -> node.getAccepting()).collect(Collectors.toList()); diff --git a/CryptoAnalysis/src/main/java/crypto/typestate/CrySLMethodToSootMethod.java b/CryptoAnalysis/src/main/java/crypto/typestate/CrySLMethodToSootMethod.java index 93c6045dc..2b7e5a2c4 100644 --- a/CryptoAnalysis/src/main/java/crypto/typestate/CrySLMethodToSootMethod.java +++ b/CryptoAnalysis/src/main/java/crypto/typestate/CrySLMethodToSootMethod.java @@ -111,7 +111,10 @@ private boolean parametersMatch(List> parameters, List from the parameter + String adaptedParameter = parameters.get(i).getValue().replaceAll("[<].*?[>]", ""); + if (!t.toString().equals(adaptedParameter)) { return false; } i++; diff --git a/CryptoAnalysis/src/main/java/crypto/typestate/FiniteStateMachineToTypestateChangeFunction.java b/CryptoAnalysis/src/main/java/crypto/typestate/FiniteStateMachineToTypestateChangeFunction.java index 6d91b05ab..a5384a0c8 100644 --- a/CryptoAnalysis/src/main/java/crypto/typestate/FiniteStateMachineToTypestateChangeFunction.java +++ b/CryptoAnalysis/src/main/java/crypto/typestate/FiniteStateMachineToTypestateChangeFunction.java @@ -54,26 +54,32 @@ public FiniteStateMachineToTypestateChangeFunction(SootBasedStateMachineGraph fs @Override public Collection> generateSeed(SootMethod method, Unit unit) { Set> out = new HashSet<>(); - if (!(unit instanceof Stmt) || !((Stmt) unit).containsInvokeExpr()) + + if (!(unit instanceof Stmt) || !((Stmt) unit).containsInvokeExpr()) { return out; + } + InvokeExpr invokeExpr = ((Stmt) unit).getInvokeExpr(); SootMethod calledMethod = invokeExpr.getMethod(); - if (!fsm.initialTransitonLabel().contains(calledMethod)) + + if (!fsm.initialTransitonLabel().contains(calledMethod)) { return out; + } + if (calledMethod.isStatic()) { - if(unit instanceof AssignStmt){ + if (unit instanceof AssignStmt) { AssignStmt stmt = (AssignStmt) unit; - out.add(createQuery(stmt,method,new AllocVal(stmt.getLeftOp(), method, stmt.getRightOp(), new Statement(stmt,method)))); + out.add(createQuery(stmt, method, new AllocVal(stmt.getLeftOp(), method, stmt.getRightOp(), new Statement(stmt, method)))); } } else if (invokeExpr instanceof InstanceInvokeExpr && !(invokeExpr instanceof InterfaceInvokeExpr)){ InstanceInvokeExpr iie = (InstanceInvokeExpr) invokeExpr; - out.add(createQuery(unit,method,new AllocVal(iie.getBase(), method,iie, new Statement((Stmt) unit,method)))); + out.add(createQuery(unit, method, new AllocVal(iie.getBase(), method, iie, new Statement((Stmt) unit, method)))); } return out; } private WeightedForwardQuery createQuery(Unit unit, SootMethod method, AllocVal allocVal) { - return new WeightedForwardQuery(new Statement((Stmt)unit,method), allocVal, fsm.getInitialWeight(new Statement((Stmt)unit,method))); + return new WeightedForwardQuery(new Statement((Stmt) unit, method), allocVal, fsm.getInitialWeight(new Statement((Stmt) unit, method))); } diff --git a/CryptoAnalysis/src/main/java/crypto/typestate/SootBasedStateMachineGraph.java b/CryptoAnalysis/src/main/java/crypto/typestate/SootBasedStateMachineGraph.java index 9a1657592..11fbfa159 100644 --- a/CryptoAnalysis/src/main/java/crypto/typestate/SootBasedStateMachineGraph.java +++ b/CryptoAnalysis/src/main/java/crypto/typestate/SootBasedStateMachineGraph.java @@ -1,5 +1,6 @@ package crypto.typestate; +import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashSet; @@ -17,6 +18,9 @@ import crypto.rules.StateNode; import crypto.rules.TransitionEdge; import soot.SootMethod; +import soot.jimple.AssignStmt; +import soot.jimple.InvokeExpr; +import soot.jimple.InvokeStmt; import typestate.TransitionFunction; import typestate.finiteautomata.MatcherTransition; import typestate.finiteautomata.MatcherTransition.Parameter; @@ -30,15 +34,18 @@ public class SootBasedStateMachineGraph { private final StateMachineGraph stateMachineGraph; private Multimap outTransitions = HashMultimap.create(); - private Collection initialTransitonLabel; - private List crySLinitialTransitionLabel; - private LabeledMatcherTransition initialTransiton; - + private Collection initialTransitionLabels; + private Collection crySLinitialTransitionLabels; + private Collection initialMatcherTransitions; public SootBasedStateMachineGraph(StateMachineGraph fsm) { this.stateMachineGraph = fsm; - // TODO #15 we must start the analysis in state - // stateMachineGraph.getInitialTransition().from(); + this.initialTransitionLabels = new ArrayList<>(); + this.crySLinitialTransitionLabels = new ArrayList<>(); + this.initialMatcherTransitions = new ArrayList<>(); + + Collection initialTransitions = stateMachineGraph.getInitialTransitions(); + for (final TransitionEdge t : stateMachineGraph.getAllTransitions()) { WrappedState from = wrappedState(t.from()); WrappedState to = wrappedState(t.to()); @@ -46,12 +53,17 @@ public SootBasedStateMachineGraph(StateMachineGraph fsm) { Parameter.This, to, Type.OnCallOrOnCallToReturn); this.addTransition(trans); outTransitions.putAll(from, convert(t.getLabel())); - if (stateMachineGraph.getInitialTransition().equals(t)) - this.initialTransiton = trans; + + if (initialTransitions.contains(t)) { + initialMatcherTransitions.add(trans); + } } - crySLinitialTransitionLabel = stateMachineGraph.getInitialTransition().getLabel(); - initialTransitonLabel = convert(stateMachineGraph.getInitialTransition().getLabel()); + for (TransitionEdge edge : initialTransitions) { + crySLinitialTransitionLabels.addAll(edge.getLabel()); + initialTransitionLabels.addAll(convert(edge.getLabel())); + } + // All transitions that are not in the state machine for (StateNode t : this.stateMachineGraph.getNodes()) { State wrapped = wrappedState(t); @@ -93,7 +105,28 @@ public Collection getInvolvedMethods() { } public TransitionFunction getInitialWeight(Statement stmt) { - return new TransitionFunction(initialTransiton, Collections.singleton(stmt)); + TransitionFunction defaultTransition = new TransitionFunction(((ArrayList) initialMatcherTransitions).get(0), Collections.singleton(stmt)); + + if (!(stmt.getUnit().get() instanceof InvokeStmt) && !(stmt.getUnit().get() instanceof AssignStmt)) { + return defaultTransition; + } + + for (LabeledMatcherTransition trans : initialMatcherTransitions) { + if (stmt.getUnit().get() instanceof InvokeStmt) { + InvokeExpr invokeExpr = stmt.getUnit().get().getInvokeExpr(); + + if (trans.getMatching(invokeExpr.getMethod()).isPresent()) { + return new TransitionFunction(trans, Collections.singleton(stmt)); + } + } else if (stmt.getUnit().get() instanceof AssignStmt) { + InvokeExpr invokeExpr = stmt.getUnit().get().getInvokeExpr(); + + if (trans.getMatching(invokeExpr.getMethod()).isPresent()) { + return new TransitionFunction(trans, Collections.singleton(stmt)); + } + } + } + return defaultTransition; } public List getAllTransitions() { @@ -101,10 +134,10 @@ public List getAllTransitions() { } public Collection initialTransitonLabel() { - return Lists.newArrayList(initialTransitonLabel); + return initialTransitionLabels; } - public List getInitialTransition() { - return crySLinitialTransitionLabel; + public Collection getInitialTransition() { + return crySLinitialTransitionLabels; } } diff --git a/CryptoAnalysis/src/test/java/tests/pattern/CogniCryptTestGenTest.java b/CryptoAnalysis/src/test/java/tests/pattern/CogniCryptTestGenTest.java new file mode 100644 index 000000000..dcd2f4a91 --- /dev/null +++ b/CryptoAnalysis/src/test/java/tests/pattern/CogniCryptTestGenTest.java @@ -0,0 +1,337 @@ +package tests.pattern; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.DigestException; +import java.security.InvalidAlgorithmParameterException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStore.Entry; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; +import java.security.KeyStoreException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.UnrecoverableEntryException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertSelector; +import java.security.cert.CertificateException; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.TrustAnchor; +import java.util.Set; + +import javax.net.ssl.SSLParameters; + +import org.junit.Test; + +import crypto.analysis.CrySLRulesetSelector.Ruleset; +import test.UsagePatternTestingFramework; +import test.assertions.Assertions; + +public class CogniCryptTestGenTest extends UsagePatternTestingFramework { + + @Override + protected Ruleset getRuleSet() { + return Ruleset.JavaCryptographicArchitecture; + } + + @Test + public void pKIXBuilderParametersValidTest2() throws InvalidAlgorithmParameterException { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + Set trustAnchors = null; + CertSelector certSelector = null; + + PKIXBuilderParameters pKIXBuilderParameters0 = new PKIXBuilderParameters(trustAnchors, certSelector); + Assertions.hasEnsuredPredicate(pKIXBuilderParameters0); + Assertions.mustBeInAcceptingState(pKIXBuilderParameters0); + } + + @Test + public void sSLParametersValidTest1() { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + SSLParameters sSLParameters0 = new SSLParameters(new String[] { "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, + new String[] { "TLSv1.2" }); + Assertions.hasEnsuredPredicate(sSLParameters0); + Assertions.mustBeInAcceptingState(sSLParameters0); + } + + @Test + public void sSLParametersValidTest2() { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + SSLParameters sSLParameters0 = new SSLParameters(new String[] { "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }); + sSLParameters0.setProtocols(new String[] { "TLSv1.2" }); + Assertions.hasEnsuredPredicate(sSLParameters0); + Assertions.mustBeInAcceptingState(sSLParameters0); + } + + @Test + public void sSLParametersValidTest3() { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + SSLParameters sSLParameters0 = new SSLParameters(new String[] { "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }); + sSLParameters0.setProtocols(new String[] { "TLSv1.2" }); + Assertions.hasEnsuredPredicate(sSLParameters0); + Assertions.mustBeInAcceptingState(sSLParameters0); + } + + @Test + public void sSLParametersInvalidTest2() { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + SSLParameters sSLParameters0 = new SSLParameters(new String[] { "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }); + Assertions.notHasEnsuredPredicate(sSLParameters0); + Assertions.mustNotBeInAcceptingState(sSLParameters0); + } + + @Test + public void keyStoreInvalidTest10() throws NoSuchAlgorithmException, UnrecoverableKeyException, IOException, + KeyStoreException, CertificateException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + char[] passwordKey = null; + String alias = null; + Entry entry = null; + InputStream fileinput = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + char[] passwordIn = null; + LoadStoreParameter paramStore = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm); + keyStore0.load(fileinput, passwordIn); + Key key = keyStore0.getKey(alias, passwordKey); + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(paramStore); + Assertions.hasEnsuredPredicate(key); + Assertions.mustBeInAcceptingState(keyStore0); + } + + @Test + public void keyStoreInvalidTest11() throws NoSuchAlgorithmException, UnrecoverableKeyException, IOException, + KeyStoreException, CertificateException, NoSuchProviderException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + char[] passwordKey = null; + String alias = null; + Entry entry = null; + InputStream fileinput = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + char[] passwordIn = null; + LoadStoreParameter paramStore = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm, (Provider) null); + keyStore0.load(fileinput, passwordIn); + Key key = keyStore0.getKey(alias, passwordKey); + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(paramStore); + Assertions.hasEnsuredPredicate(key); + Assertions.mustBeInAcceptingState(keyStore0); + + } + + @Test + public void keyStoreInvalidTest12() throws NoSuchAlgorithmException, UnrecoverableKeyException, IOException, + KeyStoreException, CertificateException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + char[] passwordKey = null; + String alias = null; + Entry entry = null; + LoadStoreParameter paramLoad = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + LoadStoreParameter paramStore = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm); + keyStore0.load(paramLoad); + Key key = keyStore0.getKey(alias, passwordKey); + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(paramStore); + Assertions.hasEnsuredPredicate(key); + Assertions.mustBeInAcceptingState(keyStore0); + } + + @Test + public void keyStoreInvalidTest13() throws NoSuchAlgorithmException, UnrecoverableKeyException, IOException, + KeyStoreException, CertificateException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + char[] passwordKey = null; + String alias = null; + Entry entry = null; + InputStream fileinput = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + OutputStream fileoutput = null; + char[] passwordOut = null; + char[] passwordIn = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm); + keyStore0.load(fileinput, passwordIn); + Key key = keyStore0.getKey(alias, passwordKey); + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(fileoutput, passwordOut); + Assertions.hasEnsuredPredicate(key); + Assertions.mustBeInAcceptingState(keyStore0); + } + + @Test + public void keyStoreInvalidTest14() throws NoSuchAlgorithmException, IOException, KeyStoreException, + CertificateException, UnrecoverableEntryException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + String aliasGet = null; + Entry entry = null; + InputStream fileinput = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + char[] passwordIn = null; + LoadStoreParameter paramStore = null; + ProtectionParameter protParamGet = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm); + keyStore0.load(fileinput, passwordIn); + keyStore0.getEntry(aliasGet, protParamGet); + // missing getKey + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(paramStore); + Assertions.notHasEnsuredPredicate(keyStore0); + Assertions.mustNotBeInAcceptingState(keyStore0); + } + + @Test + public void keyStoreInvalidTest15() throws NoSuchAlgorithmException, IOException, KeyStoreException, + CertificateException, NoSuchProviderException, UnrecoverableEntryException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + String aliasGet = null; + Entry entry = null; + InputStream fileinput = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + char[] passwordIn = null; + LoadStoreParameter paramStore = null; + ProtectionParameter protParamGet = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm, (Provider) null); + keyStore0.load(fileinput, passwordIn); + keyStore0.getEntry(aliasGet, protParamGet); + // missing getKey + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(paramStore); + Assertions.notHasEnsuredPredicate(keyStore0); + Assertions.mustNotBeInAcceptingState(keyStore0); + } + + @Test + public void keyStoreInvalidTest16() throws NoSuchAlgorithmException, IOException, KeyStoreException, + CertificateException, UnrecoverableEntryException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + String aliasGet = null; + Entry entry = null; + LoadStoreParameter paramLoad = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + LoadStoreParameter paramStore = null; + ProtectionParameter protParamGet = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm); + keyStore0.load(paramLoad); + keyStore0.getEntry(aliasGet, protParamGet); + // missing getKey + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(paramStore); + Assertions.notHasEnsuredPredicate(keyStore0); + Assertions.mustNotBeInAcceptingState(keyStore0); + } + + @Test + public void keyStoreInvalidTest17() throws NoSuchAlgorithmException, IOException, KeyStoreException, + CertificateException, UnrecoverableEntryException { + + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + String aliasGet = null; + Entry entry = null; + InputStream fileinput = null; + String keyStoreAlgorithm = null; + String aliasSet = null; + ProtectionParameter protParamSet = null; + OutputStream fileoutput = null; + char[] passwordOut = null; + char[] passwordIn = null; + ProtectionParameter protParamGet = null; + + KeyStore keyStore0 = KeyStore.getInstance(keyStoreAlgorithm); + keyStore0.load(fileinput, passwordIn); + keyStore0.getEntry(aliasGet, protParamGet); + // missing getKey + keyStore0.setEntry(aliasSet, entry, protParamSet); + keyStore0.store(fileoutput, passwordOut); + Assertions.notHasEnsuredPredicate(keyStore0); + Assertions.mustNotBeInAcceptingState(keyStore0); + } + + @Test + public void messageDigestInvalidTest10() throws NoSuchAlgorithmException { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + byte[] inbytearr = null; + + MessageDigest messageDigest0 = MessageDigest.getInstance("SHA-256"); + byte[] out = messageDigest0.digest(inbytearr); + // update is skipped + out = messageDigest0.digest(); + Assertions.notHasEnsuredPredicate(out); + Assertions.mustNotBeInAcceptingState(messageDigest0); + } + + @Test + public void messageDigestInvalidTest11() throws NoSuchAlgorithmException, NoSuchProviderException { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + byte[] inbytearr = null; + + MessageDigest messageDigest0 = MessageDigest.getInstance("SHA-256", (Provider) null); + byte[] out = messageDigest0.digest(inbytearr); + // update is skipped + out = messageDigest0.digest(); + Assertions.notHasEnsuredPredicate(out); + Assertions.mustNotBeInAcceptingState(messageDigest0); + } + + @Test + public void messageDigestInvalidTest12() throws NoSuchAlgorithmException, DigestException { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + int off = 0; + byte[] inbytearr = null; + int len = 0; + byte[] out = null; + + MessageDigest messageDigest0 = MessageDigest.getInstance("SHA-256"); + out = messageDigest0.digest(inbytearr); + // update is skipped + messageDigest0.digest(out, off, len); + Assertions.notHasEnsuredPredicate(out); + Assertions.mustNotBeInAcceptingState(messageDigest0); + } + + @Test + public void messageDigestInvalidTest13() throws NoSuchAlgorithmException { + // Related to issue 296: https://github.com/CROSSINGTUD/CryptoAnalysis/issues/296 + byte[] inbytearr = null; + + MessageDigest messageDigest0 = MessageDigest.getInstance("SHA-256"); + byte[] out = messageDigest0.digest(inbytearr); + out = messageDigest0.digest(inbytearr); + Assertions.hasEnsuredPredicate(out); + Assertions.mustBeInAcceptingState(messageDigest0); + } +}