Add taint analysis configuration parser (#1770)

Author: mmvpm

gradle.properties

@@ -60,6 +60,7 @@ kryoSerializersVersion=0.45
 asmVersion=9.2
 testNgVersion=7.6.0
 mockitoInlineVersion=4.0.0
+kamlVersion = 0.51.0
 jacksonVersion = 2.12.3
 javasmtSolverZ3Version=4.8.9-sosy1
 slf4jVersion=1.7.36

utbot-framework-test/build.gradle

@@ -37,6 +37,7 @@ dependencies {
         exclude group:'com.google.guava', module:'guava'
     }
 
+    implementation group: 'com.charleskorn.kaml', name: 'kaml', version: kamlVersion
     implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: jacksonVersion
     implementation group: 'org.sosy-lab', name: 'javasmt-solver-z3', version: javasmtSolverZ3Version
     implementation group: 'com.github.curious-odd-man', name: 'rgxgen', version: rgxgenVersion

utbot-framework-test/src/test/kotlin/org/utbot/taint/parser/TaintAnalysisConfigurationParserTest.kt

@@ -0,0 +1,122 @@
+package org.utbot.taint.parser
+
+import com.charleskorn.kaml.YamlException
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
+import org.utbot.taint.parser.constants.*
+import org.utbot.taint.parser.model.*
+import org.utbot.taint.parser.yaml.ConfigurationParseError
+
+class TaintAnalysisConfigurationParserTest {
+
+    @Test
+    fun `parse should parse correct yaml`() {
+        val actualConfiguration = TaintAnalysisConfigurationParser.parse(yamlInput)
+        assertEquals(expectedConfiguration, actualConfiguration)
+    }
+
+    @Test
+    fun `parse should throw exception on malformed yaml`() {
+        val malformedYamlInput = yamlInput.replace("{", "")
+        assertThrows<YamlException> {
+            TaintAnalysisConfigurationParser.parse(malformedYamlInput)
+        }
+    }
+
+    @Test
+    fun `parse should throw exception on incorrect yaml`() {
+        val incorrectYamlInput = yamlInput.replace(k_not, "net")
+        assertThrows<ConfigurationParseError> {
+            TaintAnalysisConfigurationParser.parse(incorrectYamlInput)
+        }
+    }
+
+    // test data
+
+    private val yamlInput = """
+        $k_sources:
+          - java.lang.System.getenv:
+              $k_signature: [ ${k_lt}java.lang.String${k_gt} ]
+              $k_addTo: $k_return
+              $k_marks: environment
+
+        $k_passes:
+          - java.lang.String:
+              - concat:
+                  $k_conditions:
+                    $k_this: { $k_not: "" }
+                  $k_getFrom: $k_this
+                  $k_addTo: $k_return
+                  $k_marks: sensitive-data
+              - concat:
+                  $k_conditions:
+                    ${k_arg}1: { $k_not: "" }
+                  $k_getFrom: ${k_arg}1
+                  $k_addTo: $k_return
+                  $k_marks: sensitive-data
+        
+        $k_cleaners:
+          - java.lang.String.isEmpty:
+              $k_conditions:
+                $k_return: true
+              $k_removeFrom: $k_this
+              $k_marks: [ sql-injection, xss ]
+        
+        $k_sinks:
+          - org.example.util.unsafe:
+              $k_signature: [ $k__, ${k_lt}java.lang.Integer${k_gt} ]
+              $k_conditions:
+                ${k_arg}2: 0
+              $k_check: ${k_arg}2
+              $k_marks: environment
+    """.trimIndent()
+
+    private val expectedConfiguration = Configuration(
+        sources = listOf(
+            Source(
+                methodFqn = MethodFqn(listOf("java", "lang"), "System", "getenv"),
+                addTo = TaintEntitiesSet(setOf(ReturnValue)),
+                marks = TaintMarksSet(setOf(TaintMark("environment"))),
+                signature = SignatureList(listOf(ArgumentTypeString("java.lang.String"))),
+                conditions = NoConditions
+            )
+        ),
+        passes = listOf(
+            Pass(
+                methodFqn = MethodFqn(listOf("java", "lang"), "String", "concat"),
+                getFrom = TaintEntitiesSet(setOf(ThisObject)),
+                addTo = TaintEntitiesSet(setOf(ReturnValue)),
+                marks = TaintMarksSet(setOf(TaintMark("sensitive-data"))),
+                signature = AnySignature,
+                conditions = ConditionsMap(mapOf(ThisObject to NotCondition(ValueCondition(ArgumentValueString("")))))
+            ),
+            Pass(
+                methodFqn = MethodFqn(listOf("java", "lang"), "String", "concat"),
+                getFrom = TaintEntitiesSet(setOf(MethodArgument(1u))),
+                addTo = TaintEntitiesSet(setOf(ReturnValue)),
+                marks = TaintMarksSet(setOf(TaintMark("sensitive-data"))),
+                signature = AnySignature,
+                conditions = ConditionsMap(mapOf(MethodArgument(1u) to NotCondition(ValueCondition(ArgumentValueString("")))))
+            )
+        ),
+        cleaners = listOf(
+            Cleaner(
+                methodFqn = MethodFqn(listOf("java", "lang"), "String", "isEmpty"),
+                removeFrom = TaintEntitiesSet(setOf(ThisObject)),
+                marks = TaintMarksSet(setOf(TaintMark("sql-injection"), TaintMark("xss"))),
+                signature = AnySignature,
+                conditions = ConditionsMap(mapOf(ReturnValue to ValueCondition(ArgumentValueBoolean(true))))
+            )
+        ),
+        sinks = listOf(
+            Sink(
+                methodFqn = MethodFqn(listOf("org", "example"), "util", "unsafe"),
+                check = TaintEntitiesSet(setOf(MethodArgument(2u))),
+                marks = TaintMarksSet(setOf(TaintMark("environment"))),
+                signature = SignatureList(argumentTypes = listOf(ArgumentTypeAny, ArgumentTypeString("java.lang.Integer"))),
+                conditions = ConditionsMap(mapOf(MethodArgument(2u) to ValueCondition(ArgumentValueLong(0L))))
+            )
+        )
+    )
+}

utbot-framework-test/src/test/kotlin/org/utbot/taint/parser/constants/Constants.kt

@@ -0,0 +1,27 @@
+package org.utbot.taint.parser.constants
+
+import org.utbot.taint.parser.yaml.Constants
+
+internal const val k_sources = Constants.KEY_SOURCES
+internal const val k_passes = Constants.KEY_PASSES
+internal const val k_cleaners = Constants.KEY_CLEANERS
+internal const val k_sinks = Constants.KEY_SINKS
+
+internal const val k_addTo = Constants.KEY_ADD_TO
+internal const val k_getFrom = Constants.KEY_GET_FROM
+internal const val k_removeFrom = Constants.KEY_REMOVE_FROM
+internal const val k_check = Constants.KEY_CHECK
+internal const val k_marks = Constants.KEY_MARKS
+
+internal const val k_signature = Constants.KEY_SIGNATURE
+internal const val k_conditions = Constants.KEY_CONDITIONS
+
+internal const val k_not = Constants.KEY_CONDITION_NOT
+
+internal const val k_this = Constants.KEY_THIS
+internal const val k_return = Constants.KEY_RETURN
+internal const val k_arg = Constants.KEY_ARG
+
+internal const val k_lt = Constants.ARGUMENT_TYPE_PREFIX
+internal const val k_gt = Constants.ARGUMENT_TYPE_SUFFIX
+internal const val k__ = Constants.ARGUMENT_TYPE_UNDERSCORE

utbot-framework-test/src/test/kotlin/org/utbot/taint/parser/yaml/ConditionParserTest.kt

@@ -0,0 +1,163 @@
+package org.utbot.taint.parser.yaml
+
+import com.charleskorn.kaml.*
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.DisplayName
+import org.junit.jupiter.api.Nested
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
+import org.utbot.taint.parser.constants.*
+import org.utbot.taint.parser.model.*
+
+class ConditionParserTest {
+
+    @Nested
+    @DisplayName("parseCondition")
+    inner class ParseConditionTest {
+        @Test
+        fun `should parse yaml null as ValueCondition`() {
+            val yamlNull = Yaml.default.parseToYamlNode("null")
+            val expectedCondition = ValueCondition(ArgumentValueNull)
+
+            val actualCondition = ConditionParser.parseCondition(yamlNull)
+            assertEquals(expectedCondition, actualCondition)
+        }
+
+        @Test
+        fun `should parse yaml scalar with argument value as ValueCondition`() {
+            val yamlScalar = Yaml.default.parseToYamlNode("some-string")
+            val expectedCondition = ValueCondition(ArgumentValueString("some-string"))
+
+            val actualCondition = ConditionParser.parseCondition(yamlScalar)
+            assertEquals(expectedCondition, actualCondition)
+        }
+
+        @Test
+        fun `should parse yaml scalar with argument type as TypeCondition`() {
+            val yamlScalar = Yaml.default.parseToYamlNode("${k_lt}java.lang.Integer${k_gt}")
+            val expectedCondition = TypeCondition(ArgumentTypeString("java.lang.Integer"))
+
+            val actualCondition = ConditionParser.parseCondition(yamlScalar)
+            assertEquals(expectedCondition, actualCondition)
+        }
+
+        @Test
+        fun `should parse yaml list as OrCondition`() {
+            val yamlList = Yaml.default.parseToYamlNode("[ 1, true, ${k_lt}java.lang.Integer${k_gt} ]")
+            val expectedCondition = OrCondition(listOf(
+                ValueCondition(ArgumentValueLong(1L)),
+                ValueCondition(ArgumentValueBoolean(true)),
+                TypeCondition(ArgumentTypeString("java.lang.Integer")),
+            ))
+
+            val actualCondition = ConditionParser.parseCondition(yamlList)
+            assertEquals(expectedCondition, actualCondition)
+        }
+
+        @Test
+        fun `should parse yaml map with a key 'not' as NotCondition`() {
+            val yamlMap = Yaml.default.parseToYamlNode("$k_not: ${k_lt}int${k_gt}")
+            val expectedCondition = NotCondition(TypeCondition(ArgumentTypeString("int")))
+
+            val actualCondition = ConditionParser.parseCondition(yamlMap)
+            assertEquals(expectedCondition, actualCondition)
+        }
+
+        @Test
+        fun `should fail on yaml map without a key 'not'`() {
+            val yamlMap = Yaml.default.parseToYamlNode("net: ${k_lt}int${k_gt}")
+
+            assertThrows<ConfigurationParseError> {
+                ConditionParser.parseCondition(yamlMap)
+            }
+        }
+
+        @Test
+        fun `should fail on yaml map with unknown keys`() {
+            val yamlMap = Yaml.default.parseToYamlNode("{ $k_not: ${k_lt}int${k_gt}, unknown-key: 0 }")
+
+            assertThrows<ConfigurationParseError> {
+                ConditionParser.parseCondition(yamlMap)
+            }
+        }
+
+        @Test
+        fun `should parse complicated yaml node`() {
+            val yamlMap = Yaml.default.parseToYamlNode("$k_not: [ { $k_not: 0 }, ${k_lt}int${k_gt}, { $k_not: null } ]")
+            val expectedCondition = NotCondition(OrCondition(listOf(
+                NotCondition(ValueCondition(ArgumentValueLong(0L))),
+                TypeCondition(ArgumentTypeString("int")),
+                NotCondition(ValueCondition(ArgumentValueNull))
+            )))
+
+            val actualCondition = ConditionParser.parseCondition(yamlMap)
+            assertEquals(expectedCondition, actualCondition)
+        }
+
+        @Test
+        fun `should fail on another yaml type`() {
+            val yamlTaggedNode = YamlTaggedNode("some-tag", YamlNull(YamlPath.root))
+
+            assertThrows<ConfigurationParseError> {
+                ConditionParser.parseCondition(yamlTaggedNode)
+            }
+        }
+    }
+
+    @Nested
+    @DisplayName("parseConditions")
+    inner class ParseConditionsTest {
+        @Test
+        fun `should parse correct yaml map as Conditions`() {
+            val yamlMap = Yaml.default.parseToYamlNode("{ $k_this: \"\", ${k_arg}2: { $k_not: ${k_lt}int${k_gt} }, $k_return: [ 0, 1 ] }")
+            val expectedConditions = ConditionsMap(mapOf(
+                ThisObject to ValueCondition(ArgumentValueString("")),
+                MethodArgument(2u) to NotCondition(TypeCondition(ArgumentTypeString("int"))),
+                ReturnValue to OrCondition(listOf(ValueCondition(ArgumentValueLong(0L)), ValueCondition(ArgumentValueLong(1L))))
+            ))
+
+            val actualConditions = ConditionParser.parseConditions(yamlMap)
+            assertEquals(expectedConditions, actualConditions)
+        }
+
+        @Test
+        fun `should parse empty yaml map as NoConditions`() {
+            val yamlMap = Yaml.default.parseToYamlNode("{}")
+            val expectedConditions = NoConditions
+
+            val actualConditions = ConditionParser.parseConditions(yamlMap)
+            assertEquals(expectedConditions, actualConditions)
+        }
+
+        @Test
+        fun `should fail on another yaml type`() {
+            val yamlList = Yaml.default.parseToYamlNode("[]")
+
+            assertThrows<ConfigurationParseError> {
+                ConditionParser.parseConditions(yamlList)
+            }
+        }
+    }
+
+    @Nested
+    @DisplayName("parseConditionsKey")
+    inner class ParseConditionsKeyTest {
+        @Test
+        fun `should parse yaml map with a key 'conditions'`() {
+            val yamlMap = Yaml.default.parseToYamlNode("$k_conditions: { $k_return: null }").yamlMap
+            val expectedConditions = ConditionsMap(mapOf(ReturnValue to ValueCondition(ArgumentValueNull)))
+
+            val actualConditions = ConditionParser.parseConditionsKey(yamlMap)
+            assertEquals(expectedConditions, actualConditions)
+        }
+
+        @Test
+        fun `should parse yaml map without a key 'conditions' as NoConditions`() {
+            val yamlMap = Yaml.default.parseToYamlNode("$k_marks: []").yamlMap
+            val expectedConditions = NoConditions
+
+            val actualConditions = ConditionParser.parseConditionsKey(yamlMap)
+            assertEquals(expectedConditions, actualConditions)
+        }
+    }
+}

utbot-framework-test/src/test/kotlin/org/utbot/taint/parser/yaml/ConfigurationParserTest.kt

@@ -0,0 +1,55 @@
+package org.utbot.taint.parser.yaml
+
+import com.charleskorn.kaml.Yaml
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.DisplayName
+import org.junit.jupiter.api.Nested
+import org.junit.jupiter.api.Test
+import org.utbot.taint.parser.constants.*
+import org.utbot.taint.parser.model.*
+import org.junit.jupiter.api.assertThrows
+
+class ConfigurationParserTest {
+
+    @Nested
+    @DisplayName("parseConfiguration")
+    inner class ParseConfigurationTest {
+        @Test
+        fun `should parse yaml map as Configuration`() {
+            val yamlMap = Yaml.default.parseToYamlNode("{ $k_sources: [], $k_passes: [], $k_cleaners: [], $k_sinks: [] }")
+            val expectedConfiguration = Configuration(listOf(), listOf(), listOf(), listOf())
+
+            val actualConfiguration = ConfigurationParser.parseConfiguration(yamlMap)
+            assertEquals(expectedConfiguration, actualConfiguration)
+        }
+
+        @Test
+        fun `should not fail if yaml map does not contain some keys`() {
+            val yamlMap = Yaml.default.parseToYamlNode("{ $k_sources: [], $k_sinks: [] }")
+            val expectedConfiguration = Configuration(listOf(), listOf(), listOf(), listOf())
+
+            val actualConfiguration = ConfigurationParser.parseConfiguration(yamlMap)
+            assertEquals(expectedConfiguration, actualConfiguration)
+        }
+
+        @Test
+        fun `should fail on other yaml types`() {
+            val yamlList = Yaml.default.parseToYamlNode("[]")
+
+            assertThrows<ConfigurationParseError> {
+                ConfigurationParser.parseConfiguration(yamlList)
+            }
+        }
+
+        @Test
+        fun `should fail on yaml map with unknown keys`() {
+            val yamlMap = Yaml.default.parseToYamlNode(
+                "{ $k_sources: [], $k_passes: [], $k_cleaners: [], $k_sinks: [], unknown-key: [] }"
+            )
+
+            assertThrows<ConfigurationParseError> {
+                ConfigurationParser.parseConfiguration(yamlMap)
+            }
+        }
+    }
+}