Feature/update python translation (#128)

* update python fernet test Signed-off-by: Nicklas Körtge <[email protected]> * update fernet tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> * update tests Signed-off-by: Nicklas Körtge <[email protected]> --------- Signed-off-by: Nicklas Körtge <[email protected]>
IBM · Sep 3, 2024 · 6dcceb1 · 6dcceb1
1 parent 31cd635
commit 6dcceb1
Show file tree

Hide file tree

Showing 64 changed files with 2,271 additions and 767 deletions.
diff --git a/engine/src/main/java/com/ibm/engine/model/Mode.java b/engine/src/main/java/com/ibm/engine/model/Mode.java
@@ -0,0 +1,64 @@
+/*
+ * SonarQube Cryptography Plugin
+ * Copyright (C) 2024 IBM
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.ibm.engine.model;
+
+import javax.annotation.Nonnull;
+import org.jetbrains.annotations.NotNull;
+
+public class Mode<T> extends AbstractValue<T> {
+
+    @Nonnull private final String value;
+    @Nonnull private final T location;
+
+    public Mode(@Nonnull String value, @Nonnull T location) {
+        this.location = location;
+        this.value = value;
+    }
+
+    @Nonnull
+    public String getValue() {
+        return value;
+    }
+
+    @Override
+    public @NotNull T getLocation() {
+        return this.location;
+    }
+
+    @Override
+    public @NotNull String asString() {
+        return this.value;
+    }
+
+    @Override
+    public final boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof Mode<?> mode)) return false;
+
+        return value.equals(mode.value) && location.equals(mode.location);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = value.hashCode();
+        result = 31 * result + location.hashCode();
+        return result;
+    }
+}
diff --git a/...s/detection/kdf/CryptographyHKDFTest.java → ...ibm/engine/model/factory/ModeFactory.java b/...s/detection/kdf/CryptographyHKDFTest.java → ...ibm/engine/model/factory/ModeFactory.java
@@ -17,32 +17,21 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.ibm.plugin.rules.detection.kdf;
+package com.ibm.engine.model.factory;
 
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.mapper.model.INode;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-import org.sonar.plugins.python.api.PythonCheck;
-import org.sonar.plugins.python.api.PythonVisitorContext;
-import org.sonar.plugins.python.api.symbols.Symbol;
-import org.sonar.plugins.python.api.tree.Tree;
-import org.sonar.python.checks.utils.PythonCheckVerifier;
+import com.ibm.engine.detection.ResolvedValue;
+import com.ibm.engine.model.IValue;
+import com.ibm.engine.model.Mode;
+import java.util.Optional;
+import org.jetbrains.annotations.NotNull;
 
-public class CryptographyHKDFTest extends TestBase {
-    @Test
-    void test() {
-        PythonCheckVerifier.verify(
-                "src/test/files/rules/detection/kdf/CryptographyHKDFTestFile.py", this);
-    }
+public class ModeFactory<T> implements IValueFactory<T> {
 
     @Override
-    public void asserts(
-            int findingId,
-            @Nonnull DetectionStore<PythonCheck, Tree, Symbol, PythonVisitorContext> detectionStore,
-            @Nonnull List<INode> nodes) {
-        // TODO:
+    public Optional<IValue<T>> apply(@NotNull ResolvedValue<Object, T> objectTResolvedValue) {
+        if (objectTResolvedValue.value() instanceof String s) {
+            return Optional.of(new Mode<>(s, objectTResolvedValue.tree()));
+        }
+        return Optional.empty();
     }
 }
diff --git a/enricher/src/main/java/com/ibm/enricher/Enricher.java b/enricher/src/main/java/com/ibm/enricher/Enricher.java
@@ -23,28 +23,18 @@
 import com.ibm.enricher.algorithm.DESEnricher;
 import com.ibm.enricher.algorithm.DHEnricher;
 import com.ibm.enricher.algorithm.DSAEnricher;
-import com.ibm.enricher.algorithm.MacOrDigestEnricher;
 import com.ibm.enricher.algorithm.PBKDF2Enricher;
 import com.ibm.enricher.algorithm.RSAEnricher;
 import com.ibm.enricher.algorithm.RSAoaepEnricher;
 import com.ibm.enricher.algorithm.RSAssaPSSEnricher;
 import com.ibm.enricher.algorithm.SHA2Enricher;
 import com.ibm.enricher.algorithm.SHA3Enricher;
 import com.ibm.enricher.algorithm.SignatureEnricher;
+import com.ibm.enricher.algorithm.TagOrDigestEnricher;
 import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.MessageDigest;
-import com.ibm.mapper.model.Signature;
-import com.ibm.mapper.model.algorithms.AES;
-import com.ibm.mapper.model.algorithms.DES;
-import com.ibm.mapper.model.algorithms.DH;
-import com.ibm.mapper.model.algorithms.DSA;
-import com.ibm.mapper.model.algorithms.PBKDF2;
-import com.ibm.mapper.model.algorithms.RSA;
-import com.ibm.mapper.model.algorithms.RSAssaPSS;
-import com.ibm.mapper.model.algorithms.SHA2;
-import com.ibm.mapper.model.algorithms.SHA3;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 import javax.annotation.Nonnull;
 import org.jetbrains.annotations.NotNull;
 
@@ -84,52 +74,31 @@ public static Collection<INode> enrich(@Nonnull final Collection<INode> nodes) {
         return enriched;
     }
 
+    @Nonnull
+    private static final List<IEnricher> enrichers =
+            List.of(
+                    new AESEnricher(),
+                    new DESEnricher(),
+                    new RSAEnricher(),
+                    new DHEnricher(),
+                    new DSAEnricher(),
+                    new SHA2Enricher(),
+                    new SHA3Enricher(),
+                    new PBKDF2Enricher(),
+                    new RSAssaPSSEnricher(),
+                    new RSAoaepEnricher(),
+                    new SignatureEnricher(),
+                    new TagOrDigestEnricher());
+
     /**
      * Enriches the given node with additional information.
      *
      * @param node The node to enrich
      */
     @NotNull @Override
     public INode enrich(@Nonnull INode node) {
-        if (node instanceof AES) {
-            node = new AESEnricher().enrich(node);
-        }
-        if (node instanceof DES) {
-            node = new DESEnricher().enrich(node);
-        }
-
-        if (node instanceof RSA) {
-            node = new RSAEnricher().enrich(node);
-        }
-        if (node instanceof DH) {
-            node = new DHEnricher().enrich(node);
-        }
-        if (node instanceof DSA) {
-            node = new DSAEnricher().enrich(node);
-        }
-
-        if (node instanceof SHA2) {
-            node = new SHA2Enricher().enrich(node);
-        }
-        if (node instanceof SHA3) {
-            node = new SHA3Enricher().enrich(node);
-        }
-
-        if (node instanceof PBKDF2) {
-            node = new PBKDF2Enricher().enrich(node);
-        }
-        if (node instanceof RSAssaPSS) {
-            node = new RSAssaPSSEnricher().enrich(node);
-        }
-        if (node instanceof RSA) {
-            node = new RSAoaepEnricher().enrich(node);
-        }
-
-        if (node instanceof Signature) {
-            node = new SignatureEnricher().enrich(node);
-        }
-        if (node instanceof MessageDigest) {
-            node = new MacOrDigestEnricher().enrich(node);
+        for (final IEnricher enricher : enrichers) {
+            node = enricher.enrich(node);
         }
         return node;
     }

diff --git a/enricher/src/main/java/com/ibm/enricher/algorithm/SignatureEnricher.java b/enricher/src/main/java/com/ibm/enricher/algorithm/SignatureEnricher.java
@@ -38,28 +38,23 @@
 import org.jetbrains.annotations.NotNull;
 
 public class SignatureEnricher implements IEnricher {
+
     @Override
     public @NotNull INode enrich(@NotNull INode node) {
-        if (node instanceof Signature signature && signature.is(Signature.class)) {
-            return enrich(signature);
+        if (node.is(Signature.class)) {
+            if (node instanceof DSA dsa) {
+                return enrichDSA(dsa);
+            }
+            if (node instanceof ECDSA ecdsa) {
+                return enrichECDSA(ecdsa);
+            }
+            if (node instanceof RSA rsa) {
+                return enrichRSA(rsa);
+            }
         }
         return node;
     }
 
-    @Nonnull
-    private Signature enrich(@NotNull Signature signature) {
-        if (signature instanceof DSA dsa) {
-            return enrichDSA(dsa);
-        }
-        if (signature instanceof ECDSA ecdsa) {
-            return enrichECDSA(ecdsa);
-        }
-        if (signature instanceof RSA rsa) {
-            return enrichRSA(rsa);
-        }
-        return signature;
-    }
-
     @SuppressWarnings("java:S3776")
     @Nonnull
     private Signature enrichRSA(@NotNull RSA rsa) {

diff --git a/...richer/algorithm/MacOrDigestEnricher.java → ...richer/algorithm/TagOrDigestEnricher.java b/...richer/algorithm/MacOrDigestEnricher.java → ...richer/algorithm/TagOrDigestEnricher.java
@@ -20,6 +20,7 @@
 package com.ibm.enricher.algorithm;
 
 import com.ibm.enricher.IEnricher;
+import com.ibm.mapper.model.ExtendableOutputFunction;
 import com.ibm.mapper.model.IAsset;
 import com.ibm.mapper.model.INode;
 import com.ibm.mapper.model.Mac;
@@ -28,15 +29,15 @@
 import com.ibm.mapper.model.functionality.Tag;
 import org.jetbrains.annotations.NotNull;
 
-public class MacOrDigestEnricher implements IEnricher {
+public class TagOrDigestEnricher implements IEnricher {
 
     @Override
     public @NotNull INode enrich(@NotNull INode node) {
         if (node instanceof IAsset asset) {
             if (node.is(Mac.class)) {
                 node.put(new Tag(asset.getDetectionContext()));
                 return node;
-            } else if (node.is(MessageDigest.class)) {
+            } else if (node.is(MessageDigest.class) || node.is(ExtendableOutputFunction.class)) {
                 node.put(new Digest(asset.getDetectionContext()));
                 return node;
             }

diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/pyca/PycaCipherMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/pyca/PycaCipherMapper.java
@@ -26,12 +26,14 @@
 import com.ibm.mapper.model.algorithms.Camellia;
 import com.ibm.mapper.model.algorithms.ChaCha20;
 import com.ibm.mapper.model.algorithms.ChaCha20Poly1305;
+import com.ibm.mapper.model.algorithms.Fernet;
 import com.ibm.mapper.model.algorithms.IDEA;
 import com.ibm.mapper.model.algorithms.RC4;
 import com.ibm.mapper.model.algorithms.RSA;
 import com.ibm.mapper.model.algorithms.SEED;
 import com.ibm.mapper.model.algorithms.SM4;
 import com.ibm.mapper.model.algorithms.TripleDES;
+import com.ibm.mapper.model.algorithms.cast.CAST128;
 import com.ibm.mapper.utils.DetectionLocation;
 import java.util.Optional;
 import org.jetbrains.annotations.NotNull;
@@ -52,14 +54,14 @@ public final class PycaCipherMapper implements IMapper {
             case "AES256" -> Optional.of(new AES(256, detectionLocation));
             case "CAMELLIA" -> Optional.of(new Camellia(detectionLocation));
             case "TRIPLEDES" -> Optional.of(new TripleDES(detectionLocation));
-            case "CAST5" -> Optional.empty(); // TODO: create algorithm object
+            case "CAST5" -> Optional.of(new CAST128(detectionLocation));
             case "SEED" -> Optional.of(new SEED(detectionLocation));
             case "SM4" -> Optional.of(new SM4(detectionLocation));
             case "BLOWFISH" -> Optional.of(new Blowfish(detectionLocation));
             case "IDEA" -> Optional.of(new IDEA(detectionLocation));
             case "CHACHA20" -> Optional.of(new ChaCha20(detectionLocation));
             case "ARC4" -> Optional.of(new RC4(detectionLocation));
-            case "FERNET" -> Optional.empty(); // TODO: create algorithm object
+            case "FERNET" -> Optional.of(new Fernet(detectionLocation));
             case "RSA" -> Optional.of(new RSA(detectionLocation));
             case "CHACHA20POLY1305" -> Optional.of(new ChaCha20Poly1305(detectionLocation));
             default -> Optional.empty();

diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/pyca/PycaDigestMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/pyca/PycaDigestMapper.java
@@ -20,7 +20,7 @@
 package com.ibm.mapper.mapper.pyca;
 
 import com.ibm.mapper.mapper.IMapper;
-import com.ibm.mapper.model.INode;
+import com.ibm.mapper.model.MessageDigest;
 import com.ibm.mapper.model.algorithms.MD5;
 import com.ibm.mapper.model.algorithms.Poly1305;
 import com.ibm.mapper.model.algorithms.SHA;
@@ -37,7 +37,7 @@
 
 public final class PycaDigestMapper implements IMapper {
     @Override
-    public @NotNull Optional<? extends INode> parse(
+    public @NotNull Optional<MessageDigest> parse(
             @Nullable String str, @NotNull DetectionLocation detectionLocation) {
         if (str == null) {
             return Optional.empty();

diff --git a/mapper/src/main/java/com/ibm/mapper/model/ExtendableOutputFunction.java b/mapper/src/main/java/com/ibm/mapper/model/ExtendableOutputFunction.java
@@ -19,4 +19,4 @@
  */
 package com.ibm.mapper.model;
 
-public interface ExtendableOutputFunction extends IPrimitive {}
+public interface ExtendableOutputFunction extends MessageDigest {}
diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX963.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ANSIX963.java
@@ -21,6 +21,7 @@
 
 import com.ibm.mapper.model.Algorithm;
 import com.ibm.mapper.model.KeyDerivationFunction;
+import com.ibm.mapper.model.MessageDigest;
 import com.ibm.mapper.utils.DetectionLocation;
 import org.jetbrains.annotations.NotNull;
 
@@ -33,4 +34,9 @@ public ANSIX963(@NotNull DetectionLocation detectionLocation) {
         super(NAME, KeyDerivationFunction.class, detectionLocation);
         this.put(new ECDH(detectionLocation));
     }
+
+    public ANSIX963(@NotNull MessageDigest messageDigest) {
+        this(messageDigest.getDetectionContext());
+        this.put(messageDigest);
+    }
 }
diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/CMAC.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/CMAC.java
@@ -21,18 +21,25 @@
 
 import com.ibm.mapper.model.Algorithm;
 import com.ibm.mapper.model.BlockCipher;
+import com.ibm.mapper.model.Cipher;
 import com.ibm.mapper.model.Mac;
 import com.ibm.mapper.utils.DetectionLocation;
+import javax.annotation.Nonnull;
 import org.jetbrains.annotations.NotNull;
 
 public final class CMAC extends Algorithm implements Mac {
     // https://en.wikipedia.org/wiki/One-key_MAC
-    private static final String NAME = "CMAC"; // OMAC, OMAC1, AES-CMAC
+    private static final String NAME = "CMAC";
 
     public CMAC(@NotNull DetectionLocation detectionLocation) {
         super(NAME, Mac.class, detectionLocation);
     }
 
+    public CMAC(@Nonnull Cipher cipher) {
+        super(NAME, Mac.class, cipher.getDetectionContext());
+        this.put(cipher);
+    }
+
     @Override
     public @NotNull String getName() {
         return this.hasChildOfType(BlockCipher.class)