Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

Ensure single file and folder analysis generate similar results #137

Closed
wants to merge 4 commits into from
Closed

Ensure single file and folder analysis generate similar results #137

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8132d2f
Added full folder JCA test case
fwendland Jan 14, 2021
26d1f8a
Merge branch 'main' into fw/inconsistent-findings
fwendland Mar 23, 2022
07390c1
Merge branch 'main' into fw/inconsistent-findings
fwendland Mar 29, 2022
a01f431
Merge branch 'main' into fw/inconsistent-findings
fwendland May 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
197 changes: 197 additions & 0 deletions src/test/java/de/fraunhofer/aisec/codyze/crymlin/JCATest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,4 +261,201 @@ internal class JCATest : AbstractMarkTest() {
"line 13: Rule ID_3_5_01 violated" // ok
)
}

@Test
@Throws(Exception::class)
fun testAll() {
val findings = performTest("java/jca/", "mark/bouncycastle/")

expected(
findings,
// BCProviderCipher
// rule bouncy castle as provider
"line 19: Rule BouncyCastleProvider_Cipher violated", // ok
"line 22: Rule BouncyCastleProvider_Cipher verified", // ok
"line 23: Rule BouncyCastleProvider_Cipher violated", // improv type resolution for
// BouncyCastleProvider class
"line 24: Rule BouncyCastleProvider_Cipher verified", // type hierarchy is now available
"line 27: Rule BouncyCastleProvider_Cipher violated", // ok
"line 28: Rule BouncyCastleProvider_Cipher violated", // ok
// rule allowed ciphers
"line 19: Rule ID_2_01 verified", // ok
"line 22: Rule ID_2_01 verified", // ok
"line 23: Rule ID_2_01 verified", // ok
"line 24: Rule ID_2_01 verified", // type hierarchy is now available
"line 27: Rule ID_2_01 verified", // ok
"line 28: Rule ID_2_01 verified", // ok
// rule allowed block cipher modes
"line 19: Rule ID_2_1_01 violated", // ok, minimal test
"line 22: Rule ID_2_1_01 violated", // ok, minimal test
"line 23: Rule ID_2_1_01 violated", // ok, minimal test
"line 24: Rule ID_2_1_01 violated", // type hierarchy is now available
"line 27: Rule ID_2_1_01 violated", // ok, minimal test
"line 28: Rule ID_2_1_01 violated", // ok, minimal test

// BlockCipher
// rules for Bouncy Castle as provider
"line 10: Rule BouncyCastleProvider_Cipher verified", // ok
"line 14: Rule BouncyCastleProvider_Cipher verified", // ok
"line 18: Rule BouncyCastleProvider_Cipher verified", // ok
"line 22: Rule BouncyCastleProvider_Cipher verified", // ok
"line 26: Rule BouncyCastleProvider_Cipher verified", // ok
// rule allowed ciphers
"line 10: Rule ID_2_01 verified", // ok
"line 14: Rule ID_2_01 violated", // ok
"line 18: Rule ID_2_01 violated", // ok
"line 22: Rule ID_2_01 violated", // ok
"line 26: Rule ID_2_01 violated", // ok
// rules allowed cipher modes
"line 10: Rule ID_2_1_01 violated", // ok, minimal test

// AESCCM
// rule bouncy castle as provider
"line 18: Rule BouncyCastleProvider_Cipher verified", // ok
"line 22: Rule BouncyCastleProvider_KeyGenerator verified", // ok
"line 30: Rule BouncyCastleProvider_SecureRandom verified", // ok
// rules ccm block cipher mode
"line 18: Rule ID_2_01 verified", // ok
"line 18: Rule ID_2_1_01 verified", // ok
"line [36]: Rule ID_2_1_2_1_02 verified", // ok
// rules order
"line 36: Violation against Order: Base c is not correctly terminated. Expected one of [c.aad, c.finalize, c.update] to follow the correct last call on this base. (InvalidOrderforAEAD)", // ok, minimal test

// AESGCM
// rule bouncy castle as provider
"line 23: Rule BouncyCastleProvider_Cipher verified", // ok
"line 28: Rule BouncyCastleProvider_SecureRandom verified", // ok
"line 41: Rule BouncyCastleProvider_Cipher verified", // ok
"line 46: Rule BouncyCastleProvider_SecureRandom verified", // ok
"line 62: Rule BouncyCastleProvider_KeyGenerator violated", // rule block cipher
"line 23: Rule ID_2_01 verified", // ok
"line 41: Rule ID_2_01 verified", // ok
// rule block cipher mode
"line 23: Rule ID_2_1_01 verified", // ok
"line 41: Rule ID_2_1_01 verified", // ok
// GCM nonce length for authentication tag
"line 31: Rule ID_2_1_2_2_02 verified", // ok
"line 49: Rule ID_2_1_2_2_02 verified", // ok
// GCM minimum length of authentication tag
"line 31: Rule ID_2_1_2_2_03 verified", // ok
"line 49: Rule ID_2_1_2_2_03 verified", // ok
"line 23: Verified Order: AEAD_Crypt", // ok
"line 41: Verified Order: AEAD_Crypt",

// AESCBC
// rule bouncy castle as provider
"line 11: Rule BouncyCastleProvider_Cipher verified", // ok
"line 13: Rule BouncyCastleProvider_Cipher verified", // ok
"line 14: Rule BouncyCastleProvider_Cipher verified", // ok
"line 16: Rule BouncyCastleProvider_Cipher verified", // ok
// rule block cipher
"line 11: Rule ID_2_01 verified", // ok
"line 13: Rule ID_2_01 verified", // ok
"line 14: Rule ID_2_01 verified", // ok
"line 16: Rule ID_2_01 verified", // ok
// rule block cipher mode
"line 11: Rule ID_2_1_01 verified", // ok
"line 13: Rule ID_2_1_01 verified", // ok
"line 14: Rule ID_2_1_01 verified", // ok
"line 16: Rule ID_2_1_01 verified", // ok
// rule cbc padding
"line 11: Rule ID_2_1_3_01 violated", // ok
"line 13: Rule ID_2_1_3_01 verified", // ok
"line 14: Rule ID_2_1_3_01 verified", // ok
"line 16: Rule ID_2_1_3_01 verified", // ok
// CBC unpredictable IV
"line 11: Rule ID_2_1_2_3_01 violated", // ok
"line 13: Rule ID_2_1_2_3_01 violated", // ok
"line 14: Rule ID_2_1_2_3_01 violated", // ok
"line 16: Rule ID_2_1_2_3_01 violated", // ok
// rule order basic cipher
// "line 11: Violation against Order: Base c1 is not correctly terminated.
// Expected one of [c.init] to follow the correct last call on this base.
// (InvalidOrderOfCipherOperations)", // ok, minimal test
// "line 13: Violation against Order: Base c2 is not correctly terminated.
// Expected one of [c.init] to follow the correct last call on this base.
// (InvalidOrderOfCipherOperations)", // ok, minimal test
// "line 14: Violation against Order: Base c3 is not correctly terminated.
// Expected one of [c.init] to follow the correct last call on this base.
// (InvalidOrderOfCipherOperations)", // ok, minimal test
// "line 16: Violation against Order: Base c4 is not correctly terminated.
// Expected one of [c.init] to follow the correct last call on this base.
// (InvalidOrderOfCipherOperations)" // ok, minimal test

// AESCTR
// rule bouncy castle as provider
"line 23: Rule BouncyCastleProvider_Cipher verified", // ok
"line 25: Rule BouncyCastleProvider_KeyGenerator verified",
"line 30: Rule BouncyCastleProvider_SecureRandom verified", // ok
"line 37: Rule BouncyCastleProvider_Mac verified", // ok
"line 38: Rule BouncyCastleProvider_KeyGenerator verified", // rule block cipher
"line 23: Rule ID_2_01 verified", // ok
// rule block cipher mode
"line 23: Rule ID_2_1_01 verified", // ok*/
// rule aes/ctr with mac (these seem to be broken because of the _is builtin does not
// work the way it is assumed!)
"line [47, 51]: Rule ID_2_2_02 verified", // improv rule
"line [47, 61]: Rule ID_2_2_02 verified", // improv rule
"line [51, 59]: Rule ID_2_2_02 verified", // improv rule
"line [59, 61]: Rule ID_2_2_02 verified", // improv rule
// rule mac
"line 37: Rule ID_5_3_01 verified", // ok
// rule mac key length
"line [37, 38]: Rule ID_5_3_02_HMAC_Keygen verified", // ok
"line 23: Verified Order: Crypt",

// BCMac
"line 10: Rule BouncyCastleProvider_Mac verified", // ok
"line 12: Rule BouncyCastleProvider_Mac verified", // ok
"line 13: Rule BouncyCastleProvider_Mac verified", // ok
"line 14: Rule BouncyCastleProvider_Mac verified", // ok
"line 15: Rule BouncyCastleProvider_Mac verified", // ok
"line 16: Rule BouncyCastleProvider_Mac verified", // ok
"line 17: Rule BouncyCastleProvider_Mac verified", // ok
"line 18: Rule BouncyCastleProvider_Mac verified", // ok
"line 20: Rule BouncyCastleProvider_Mac verified", // ok
"line 22: Rule BouncyCastleProvider_Mac verified", // ok
"line 23: Rule BouncyCastleProvider_Mac verified", // ok
"line 24: Rule BouncyCastleProvider_Mac verified", // ok
// rule mac
"line 10: Rule ID_5_3_01 verified", // ok
"line 12: Rule ID_5_3_01 verified", // ok
"line 13: Rule ID_5_3_01 verified", // ok
"line 14: Rule ID_5_3_01 verified", // ok
"line 15: Rule ID_5_3_01 verified", // ok
"line 16: Rule ID_5_3_01 verified", // ok
"line 17: Rule ID_5_3_01 verified", // ok
"line 18: Rule ID_5_3_01 verified", // ok
"line 20: Rule ID_5_3_01 verified", // ok
"line 22: Rule ID_5_3_01 violated", // ok
"line 23: Rule ID_5_3_01 violated", // ok
"line 24: Rule ID_5_3_01 violated", // ok
// rule mac tag length
"line 10: Rule ID_5_3_03_CMAC verified", // ok
"line 20: Rule ID_5_3_03_GMAC verified", // ok

// RSACipherTest
"line 6: Rule BouncyCastleProvider_Cipher verified", // ok
"line 8: Rule BouncyCastleProvider_Cipher verified", // ok
"line 7: Rule BouncyCastleProvider_Cipher verified", // ok
"line 9: Rule BouncyCastleProvider_Cipher verified", // ok
"line 10: Rule BouncyCastleProvider_Cipher verified", // ok
"line 11: Rule BouncyCastleProvider_Cipher verified", // ok
"line 13: Rule BouncyCastleProvider_Cipher verified", // ok
"line 6: Rule ID_2_01 verified", // ok
"line 8: Rule ID_2_01 verified", // ok
"line 7: Rule ID_2_01 verified", // ok
"line 9: Rule ID_2_01 verified", // ok
"line 10: Rule ID_2_01 verified", // ok
"line 11: Rule ID_2_01 verified", // ok
"line 13: Rule ID_2_01 verified", // ok
"line 6: Rule ID_3_5_01 verified", // ok
"line 7: Rule ID_3_5_01 verified", // ok
"line 8: Rule ID_3_5_01 verified", // ok
"line 9: Rule ID_3_5_01 verified", // ok
"line 10: Rule ID_3_5_01 verified", // ok
"line 11: Rule ID_3_5_01 verified", // ok
"line 13: Rule ID_3_5_01 violated" // ok
)
}
}