Merge branch 'develop' into dependabot/maven/org.soot-oss-soot-4.4.1

CROSSINGTUD · Feb 16, 2024 · 7dd0d4f · 7dd0d4f
2 parents 2059bdc + 0afb936
commit 7dd0d4f
Show file tree

Hide file tree

Showing 265 changed files with 12,134 additions and 3,777 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,16 @@
+name: Test Internal Action
+
+on: push
+
+jobs:
+  internal_action:
+    runs-on: ubuntu-latest
+    name: Test CryptoAnalysis Action
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v3
+      - name: Run CogniCrypt
+        uses: ./
+        with:
+          appPath: "CryptoAnalysisTargets/HelloWorld/HelloWorld.jar"
+          basePath: "CryptoAnalysisTargets/HelloWorld"
diff --git a/.gitignore b/.gitignore
@@ -12,6 +12,14 @@ tmp/
 *~.nib
 local.properties
 .settings/
+target/
+build/
+AndroidZooAPKs.csv
+AndroidZooAPIKey.txt
+AndroidZooApps/
+*.iml
+.idea/
+shippable/
 .loadpath
 .recommenders
 

diff --git a/CryptoAnalysis-Android/build/CryptoAnalysis-Android-2.7.3-SNAPSHOT-jar-with-dependencies.jar b/CryptoAnalysis-Android/build/CryptoAnalysis-Android-2.7.3-SNAPSHOT-jar-with-dependencies.jar
diff --git a/CryptoAnalysis-Android/pom.xml b/CryptoAnalysis-Android/pom.xml
@@ -33,19 +33,20 @@
 	<parent>
 		<groupId>de.fraunhofer.iem</groupId>
 		<artifactId>CryptoAnalysis-Parent</artifactId>
-		<version>2.8.0</version>
+		<version>3.0.3</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
 	<properties>
 		<flowDroidVersion>2.12.0</flowDroidVersion>
 	</properties>
+
 	<build>
 		<plugins>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.11.0</version>
+				<version>3.12.1</version>
 				<configuration>
 					<source>${maven.compiler.source}</source>
 					<target>${maven.compiler.target}</target>

diff --git a/CryptoAnalysis-Android/src/main/java/de/fraunhofer/iem/crypto/CogniCryptAndroidAnalysis.java b/CryptoAnalysis-Android/src/main/java/de/fraunhofer/iem/crypto/CogniCryptAndroidAnalysis.java
@@ -1,20 +1,26 @@
 package de.fraunhofer.iem.crypto;
 
 import java.io.File;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import com.google.common.collect.Lists;
+
 import boomerang.callgraph.BoomerangICFG;
 import boomerang.callgraph.ObservableICFG;
 import boomerang.callgraph.ObservableStaticICFG;
 import boomerang.preanalysis.BoomerangPretransformer;
 import crypto.analysis.CrySLResultsReporter;
 import crypto.analysis.CryptoScanner;
 import crypto.analysis.errors.AbstractError;
+import crypto.cryslhandler.CrySLModelReader;
 import crypto.exceptions.CryptoAnalysisException;
 import crypto.reporting.CollectErrorListener;
+import crypto.reporting.CommandLineReporter;
 import crypto.rules.CrySLRule;
 import crypto.rules.CrySLRuleReader;
 import soot.Scene;
@@ -26,11 +32,10 @@
 import soot.jimple.infoflow.android.SetupApplication;
 import soot.jimple.infoflow.android.config.SootConfigForAndroid;
 import soot.options.Options;
-import crypto.cryslhandler.CrySLModelReader;
-import crypto.reporting.CommandLineReporter;
 
 public class CogniCryptAndroidAnalysis {
-	public static void main(String... args) {
+
+	public static void main(String... args) throws CryptoAnalysisException {
 		CogniCryptAndroidAnalysis analysis;
 		if (args[3] != null) {
 			analysis = new CogniCryptAndroidAnalysis(args[0], args[1], args[2], args[3], Lists.<String>newArrayList());
@@ -61,7 +66,7 @@ public CogniCryptAndroidAnalysis(String apkFile, String platformsDirectory, Stri
 		this.outputDir = outputDir;
 	}
 
-	public Collection<AbstractError> run() {
+	public Collection<AbstractError> run() throws CryptoAnalysisException {
 		logger.info("Running static analysis on APK file " + apkFile);
 		logger.info("with Android Platforms dir " + platformsDirectory);
 		constructCallGraph();
@@ -105,7 +110,7 @@ public void setSootOptions(Options options, InfoflowConfiguration config) {
 		logger.info("Done constructing call graph");
 	}
 
-	private Collection<AbstractError> runCryptoAnalysis() {
+	private Collection<AbstractError> runCryptoAnalysis() throws CryptoAnalysisException {
 		prepareAnalysis();
 
 		final ObservableStaticICFG icfg = new ObservableStaticICFG(new BoomerangICFG(false));
@@ -132,7 +137,7 @@ public CrySLResultsReporter getAnalysisListener() {
 		logger.info("Loaded " + rules.size() + " CrySL rules");
 		logger.info("Running CogniCrypt Analysis");
 		scanner.scan(rules);
-		logger.info("Terminated CogniCrypt Analysis");
+		logger.info("Finished CogniCrypt Analysis");
 		System.gc();
 		return errorListener.getErrors();
 	}
@@ -157,25 +162,20 @@ private void prepareAnalysis() {
         logger.info("Library classes: "+ Scene.v().getLibraryClasses().size());
     }
 
-	protected List<CrySLRule> getRules() {
-		List<CrySLRule> rules = Lists.newArrayList();
+	protected List<CrySLRule> getRules() throws CryptoAnalysisException {
 		if (rulesDirectory == null) {
 			throw new RuntimeException(
 					"Please specify a directory the CrySL rules ( " + CrySLModelReader.cryslFileEnding +" Files) are located in.");
 		}
 		File[] listFiles = new File(rulesDirectory).listFiles();
-		for (File file : listFiles) {
-			if (file != null && file.getName().endsWith(CrySLModelReader.cryslFileEnding)) {
-				try {
-					rules.add(CrySLRuleReader.readFromSourceFile(file));
-				} catch (CryptoAnalysisException e) {
-					logger.error(e.getMessage(), e);
-				}
-			}
+		List<File> files = Arrays.asList(listFiles);
+
+		CrySLRuleReader reader = new CrySLRuleReader();
+		List<CrySLRule> rules = reader.readFromSourceFiles(files);
+
+		if (rules.isEmpty()) {
+			throw new CryptoAnalysisException("No CrySL rules found in " + rulesDirectory);
 		}
-		if (rules.isEmpty())
-			System.out.println("CogniCrypt did not find any rules to start the analysis for.\n"
-								+ "It checked for rules in "+rulesDirectory);
 		return rules;
 	}
 

diff --git a/CryptoAnalysis/.gitignore b/CryptoAnalysis/.gitignore
@@ -1 +1 @@
-src/main/resources/**/*.crysl
+src/main/resources/**/*.crysl
diff --git a/CryptoAnalysis/build/descriptor.xml b/CryptoAnalysis/build/descriptor.xml
@@ -6,6 +6,12 @@
         <format>jar</format>
     </formats>
     <includeBaseDirectory>false</includeBaseDirectory>
+    <files>
+        <file>
+            <source>src/main/resources/plugin.properties</source>
+            <outputDirectory>/</outputDirectory>
+        </file>
+    </files>
     <dependencySets>
         <dependencySet>
             <outputDirectory>/</outputDirectory>
@@ -14,4 +20,4 @@
             <scope>runtime</scope>
         </dependencySet>
     </dependencySets>
-</assembly>
+</assembly>
diff --git a/CryptoAnalysis/pom.xml b/CryptoAnalysis/pom.xml
@@ -33,7 +33,7 @@
 	<parent>
 		<groupId>de.fraunhofer.iem</groupId>
 		<artifactId>CryptoAnalysis-Parent</artifactId>
-		<version>2.8.0</version>
+		<version>3.0.3</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
@@ -87,7 +87,7 @@
 								<artifactItem>
 									<groupId>de.darmstadt.tu.crossing</groupId>
 									<artifactId>JavaCryptographicArchitecture</artifactId>
-									<version>1.5.2</version>
+									<version>3.1.0</version>
 									<classifier>ruleset</classifier>
 									<type>zip</type>
 									<overWrite>true</overWrite>
@@ -97,7 +97,7 @@
 								<artifactItem>
 									<groupId>de.fraunhofer.iem</groupId>
 									<artifactId>BouncyCastle</artifactId>
-									<version>0.7.1</version>
+									<version>3.1.0</version>
 									<classifier>ruleset</classifier>
 									<type>zip</type>
 									<overWrite>true</overWrite>
@@ -107,7 +107,7 @@
 								<artifactItem>
 									<groupId>de.darmstadt.tu.crossing</groupId>
 									<artifactId>Tink</artifactId>
-									<version>0.3</version>
+									<version>3.0.0</version>
 									<classifier>ruleset</classifier>
 									<type>zip</type>
 									<overWrite>true</overWrite>
@@ -117,7 +117,7 @@
 								<artifactItem>
 									<groupId>de.paderborn.uni</groupId>
 									<artifactId>BouncyCastle-JCA</artifactId>
-									<version>0.4</version>
+									<version>3.1.0</version>
 									<classifier>ruleset</classifier>
 									<type>zip</type>
 									<overWrite>true</overWrite>
@@ -134,7 +134,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.2.2</version>
+				<version>3.2.5</version>
 				<configuration>
 					<reuseForks>false</reuseForks>
 					<argLine>-Xmx8G -Xms256M -Xss8M -Dmaven.home="${maven.home}"</argLine>
@@ -145,7 +145,7 @@
 					<dependency>
 						<groupId>org.apache.maven.surefire</groupId>
 						<artifactId>surefire-junit4</artifactId>
-						<version>3.2.2</version>
+						<version>3.2.5</version>
 					</dependency>
 					<dependency>
 						<groupId>junit</groupId>
@@ -202,7 +202,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.11.0</version>
+				<version>3.12.1</version>
 				<configuration>
 					<source>${maven.compiler.source}</source>
 					<target>${maven.compiler.target}</target>
@@ -262,7 +262,13 @@
 		<dependency>
 			<groupId>com.google.guava</groupId>
 			<artifactId>guava</artifactId>
-			<version>32.1.3-jre</version>
+			<version>33.0.0-jre</version>
+		</dependency>
+		<dependency>
+			<!-- https://mvnrepository.com/artifact/org.ow2.asm/asm -->
+			<groupId>org.ow2.asm</groupId>
+			<artifactId>asm</artifactId>
+    		<version>9.6</version>
 		</dependency>
 		<dependency>
 			<groupId>de.fraunhofer.iem</groupId>
@@ -310,10 +316,15 @@
 			<artifactId>bctls-jdk18on</artifactId>
 			<version>1.77</version>
 		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+			<version>2.0.12</version>
+		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-simple</artifactId>
-			<version>2.0.9</version>
+			<version>2.0.12</version>
 		</dependency>
 		<dependency>
 			<groupId>com.google.crypto.tink</groupId>
@@ -330,12 +341,12 @@
 		<dependency>
 			<groupId>de.darmstadt.tu.crossing.CrySL</groupId>
 			<artifactId>de.darmstadt.tu.crossing.CrySL</artifactId>
-			<version>2.0.2</version>
+			<version>3.0.1</version>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.xtext</groupId>
 			<artifactId>org.eclipse.xtext.xbase</artifactId>
-			<version>2.28.0</version>
+			<version>2.33.0</version>
 		</dependency>
 		<!-- https://mvnrepository.com/artifact/org.eclipse.emf/org.eclipse.emf.common -->
 		<dependency>
@@ -359,12 +370,17 @@
 		<dependency>
         	<groupId>com.fasterxml.jackson.core</groupId>
        		<artifactId>jackson-databind</artifactId>
-        	<version>2.15.3</version>
+        	<version>2.16.1</version>
 		</dependency>
 		<dependency>
     		<groupId>commons-io</groupId>
     		<artifactId>commons-io</artifactId>
-    		<version>2.15.0</version>
+    		<version>2.15.1</version>
 		</dependency>
+		<dependency>
+			<groupId>info.picocli</groupId>
+			<artifactId>picocli</artifactId>
+			<version>4.7.5</version>
+		  </dependency>
 	</dependencies>
 </project>
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		src/main/resources/*/.crysl
		src/main/resources/*/.crysl