Adapt tests to new constraints evaluation

CROSSINGTUD · Jan 8, 2025 · 7b69874 · 7b69874
1 parent cc2fd33
commit 7b69874
Show file tree

Hide file tree

Showing 13 changed files with 149 additions and 59 deletions.
diff --git a/CryptoAnalysis/src/main/java/crypto/analysis/errors/AlternativeReqPredicateError.java b/CryptoAnalysis/src/main/java/crypto/analysis/errors/AlternativeReqPredicateError.java
@@ -46,11 +46,12 @@ public AlternativeReqPredicateError(
             IAnalysisSeed seed,
             Statement statement,
             CrySLRule rule,
-            Collection<CrySLPredicate> predicates,
-            Collection<AbstractConstraintsError> violatedPredicateErrors) {
+            Collection<CrySLPredicate> allPredicates,
+            Collection<AbstractConstraintsError> missingPredicates) {
         super(seed, statement, rule, new HashSet<>());
 
-        this.contradictedPredicate = predicates;
+        this.contradictedPredicate = allPredicates;
+        this.relevantPredicates = new HashSet<>();
     }
 
     public Collection<CrySLPredicate> getContradictedPredicate() {

diff --git a/CryptoAnalysis/src/main/java/crypto/analysis/errors/ConstraintError.java b/CryptoAnalysis/src/main/java/crypto/analysis/errors/ConstraintError.java
@@ -42,7 +42,7 @@ public String toErrorMarkerString() {
         return "Constraint "
                 + evaluableConstraint
                 + " on object "
-                + getSeed().getFact()
+                + getSeed().getFact().getVariableName()
                 + " is violated due to the following reasons:";
     }
 

diff --git a/CryptoAnalysis/src/main/java/crypto/analysis/errors/ImpreciseValueExtractionError.java b/CryptoAnalysis/src/main/java/crypto/analysis/errors/ImpreciseValueExtractionError.java
@@ -7,7 +7,6 @@
 import crypto.extractparameter.ExtractedValue;
 import crypto.extractparameter.ParameterWithExtractedValues;
 import crysl.rule.CrySLRule;
-import crysl.rule.ISLConstraint;
 import java.util.Objects;
 
 public class ImpreciseValueExtractionError extends AbstractConstraintsError {
@@ -23,18 +22,6 @@ public ImpreciseValueExtractionError(
         this.violatedConstraint = constraint;
     }
 
-    public ImpreciseValueExtractionError(
-            IAnalysisSeed seed, Statement errorStmt, CrySLRule rule, ISLConstraint constraint) {
-        super(seed, errorStmt, rule);
-
-        violatedConstraint = null;
-    }
-
-    private enum ConstraintType {
-        ValueConstraint,
-        ComparisonConstraint,
-    }
-
     public ImpreciseValueExtractionError(
             AnalysisSeedWithSpecification seed,
             Statement statement,
@@ -44,7 +31,7 @@ public ImpreciseValueExtractionError(
             EvaluableConstraint constraint) {
         super(seed, statement, rule);
 
-        violatedConstraint = null;
+        violatedConstraint = constraint;
     }
 
     public EvaluableConstraint getViolatedConstraint() {

diff --git a/CryptoAnalysis/src/main/java/crypto/constraints/ComparisonConstraint.java b/CryptoAnalysis/src/main/java/crypto/constraints/ComparisonConstraint.java
@@ -368,6 +368,11 @@ public ArithmeticLength(
         public IntermediateResult evaluate(Statement statement) {
             return new IntermediateResult(Collections.emptySet(), Collections.emptySet());
         }
+
+        @Override
+        public String toString() {
+            return predicate.toString();
+        }
     }
 
     private record IntermediateResult(

diff --git a/CryptoAnalysis/src/main/java/crypto/constraints/ConstraintsAnalysis.java b/CryptoAnalysis/src/main/java/crypto/constraints/ConstraintsAnalysis.java
@@ -7,6 +7,8 @@
 import crypto.analysis.AnalysisSeedWithSpecification;
 import crypto.analysis.errors.AbstractConstraintsError;
 import crypto.analysis.errors.AlternativeReqPredicateError;
+import crypto.analysis.errors.PredicateContradictionError;
+import crypto.analysis.errors.RequiredPredicateError;
 import crypto.definition.Definitions;
 import crypto.extractparameter.ExtractParameterAnalysis;
 import crypto.extractparameter.ParameterWithExtractedValues;
@@ -226,8 +228,6 @@ private Collection<AbstractConstraintsError> evaluateAlternativeReqPredicate(
             return errors;
         }
 
-        boolean satisfied = false;
-
         Multimap<Statement, AbstractConstraintsError> statementToErrors = HashMultimap.create();
         for (CrySLPredicate predicate : predicates) {
             EvaluableConstraint constraint =
@@ -238,12 +238,20 @@ private Collection<AbstractConstraintsError> evaluateAlternativeReqPredicate(
             for (AbstractConstraintsError error : constraint.getErrors()) {
                 statementToErrors.put(error.getErrorStatement(), error);
             }
-
-            satisfied |= constraint.isSatisfied();
         }
 
-        if (!satisfied) {
-            for (Statement statement : statementToErrors.keySet()) {
+        for (Statement statement : statementToErrors.keySet()) {
+            Collection<CrySLPredicate> ensuredPreds = new HashSet<>(predicates);
+
+            for (AbstractConstraintsError error : statementToErrors.get(statement)) {
+                if (error instanceof RequiredPredicateError reqPredError) {
+                    ensuredPreds.remove(reqPredError.getContradictedPredicates());
+                } else if (error instanceof PredicateContradictionError predContradictionError) {
+                    ensuredPreds.remove(predContradictionError.getContradictedPredicate());
+                }
+            }
+
+            if (ensuredPreds.isEmpty()) {
                 AlternativeReqPredicateError error =
                         new AlternativeReqPredicateError(
                                 seed,

diff --git a/CryptoAnalysis/src/main/java/crypto/constraints/ValueConstraint.java b/CryptoAnalysis/src/main/java/crypto/constraints/ValueConstraint.java
@@ -49,7 +49,9 @@ public EvaluationResult evaluate() {
         allowedValues = formatAllowedValues(allowedValues);
 
         for (ParameterWithExtractedValues parameter : relevantParameters) {
+            // TODO Collect not allowed values and report a single error with them
             for (ExtractedValue extractedValue : parameter.extractedValues()) {
+                // TODO Extract call sites that are not part of the dataflow scope
                 if (extractedValue.val().equals(Val.zero())
                         || (!extractedValue.val().isConstant() && !extractedValue.val().isNull())) {
                     ImpreciseValueExtractionError error =

diff --git a/CryptoAnalysisTargets/HardcodedTestExamples/src/main/java/example/TrueNegative.java b/CryptoAnalysisTargets/HardcodedTestExamples/src/main/java/example/TrueNegative.java
@@ -1,6 +1,8 @@
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
 import java.security.SecureRandom;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
 
 public class TrueNegative {
 
@@ -13,10 +15,12 @@ public void trueNegative() {
         secureRandom.nextBytes(pass);
 
         // convert byte array to char array
-        char[] passwd = new char[pass.length];
-        for(int i=0; i < pass.length; i++){
-            passwd[i] = (char) (pass[i]&0xff);
-        }
+        char[] passwd = IntStream
+                            .range(0, salt.length)
+                            .map(i -> (char) (pass[i]&0xff))
+                            .mapToObj(Character::toString)
+                            .collect(Collectors.joining())
+                            .toCharArray();
 
         byte[] key = getKey(passwd, salt, 10000, 256);
     }

diff --git a/HeadlessJavaScanner/src/test/java/scanner/targets/BouncyCastleHeadlessTest.java b/HeadlessJavaScanner/src/test/java/scanner/targets/BouncyCastleHeadlessTest.java
@@ -52,6 +52,7 @@ public void testBCMacExamples() {
 
         addErrorSpecification(
                 new ErrorSpecification.Builder("bunkr.PBKDF2Descriptor", "calculateRounds", 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .withTPs(TypestateError.class, 2)
                         .withTPs(IncompleteOperationError.class, 1)
                         .build());
@@ -79,13 +80,14 @@ public void testBCSymmetricCipherExamples() {
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "gcm_aes_example.GCMAESBouncyCastle", "processing", 2)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .withTPs(RequiredPredicateError.class, 2)
                         .withTPs(AlternativeReqPredicateError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "gcm_aes_example.GCMAESBouncyCastle", "processingCorrect", 2)
-                        .withTPs(RequiredPredicateError.class, 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .build());
 
         addErrorSpecification(
@@ -115,8 +117,13 @@ public void testBCAsymmetricCipherExamples() {
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("rsa_misuse.RSATest", "Decrypt", 2)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .withTPs(AlternativeReqPredicateError.class, 1)
                         .build());
+        addErrorSpecification(
+                new ErrorSpecification.Builder("rsa_nomisuse.RSATest", "Decrypt", 2)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
+                        .build());
 
         // These two errors occur because AsymmetricCipherKeyPair ensures the predicate only after
         // the constructor call
@@ -129,35 +136,58 @@ public void testBCAsymmetricCipherExamples() {
                         .withTPs(AlternativeReqPredicateError.class, 1)
                         .build());
 
+        addErrorSpecification(
+                new ErrorSpecification.Builder("crypto.RSAEngineTest", "testEncryptOne", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(AlternativeReqPredicateError.class, 1)
+                        .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("crypto.RSAEngineTest", "testEncryptTwo", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
                         .withTPs(TypestateError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("crypto.RSAEngineTest", "testDecryptOne", 1)
                         .withTPs(RequiredPredicateError.class, 2)
                         .withTPs(AlternativeReqPredicateError.class, 1)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 4)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("crypto.RSAEngineTest", "testDecryptTwo", 1)
                         .withTPs(TypestateError.class, 1)
                         .withTPs(RequiredPredicateError.class, 2)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 4)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "params.RSAPrivateCrtKeyParametersTest", "testOne", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .withTPs(RequiredPredicateError.class, 2)
                         .build());
 
+        addErrorSpecification(
+                new ErrorSpecification.Builder("params.RSAKeyParametersTest", "testOne", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .build());
+        addErrorSpecification(
+                new ErrorSpecification.Builder("params.RSAKeyParametersTest", "testTwo", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .build());
+
         addErrorSpecification(
                 new ErrorSpecification.Builder("generators.RSAKeyPairGeneratorTest", "testTwo", 0)
                         .withTPs(RequiredPredicateError.class, 1)
                         .build());
+        addErrorSpecification(
+                new ErrorSpecification.Builder("params.ParametersWithRandomTest", "testOne", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(AlternativeReqPredicateError.class, 1)
+                        .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("params.ParametersWithRandomTest", "testTwo", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
                         .withTPs(RequiredPredicateError.class, 1)
+                        .withTPs(AlternativeReqPredicateError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("generators.RSAKeyPairGeneratorTest", "testThree", 0)
@@ -186,7 +216,7 @@ public void testBCDigestExamples() {
         addErrorSpecification(
                 new ErrorSpecification.Builder("pattern.DigestTest", "digestWithMultipleUpdates", 0)
                         .withTPs(TypestateError.class, 1)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .build());
 
         addErrorSpecification(
@@ -201,6 +231,11 @@ public void testBCDigestExamples() {
                         .withTPs(ForbiddenMethodError.class, 1)
                         .withTPs(RequiredPredicateError.class, 1)
                         .build());
+        addErrorSpecification(
+                new ErrorSpecification.Builder(
+                                "inflatable_donkey.KeyBlobCurve25519Unwrap", "curve25519Unwrap", 4)
+                        .withTPs(ImpreciseValueExtractionError.class, 4)
+                        .build());
 
         addErrorSpecification(
                 new ErrorSpecification.Builder("fabric_api_archieve.Crypto", "sign", 2)
@@ -217,12 +252,12 @@ public void testBCDigestExamples() {
                 new ErrorSpecification.Builder(
                                 "pluotsorbet.BouncyCastleSHA256", "testSHA256DigestTwo", 0)
                         .withTPs(TypestateError.class, 1)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .build());
 
         addErrorSpecification(
                 new ErrorSpecification.Builder("ipack.JPAKEExample", "deriveSessionKey", 1)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .build());
 
         scanner.run();
@@ -239,20 +274,22 @@ public void testBCSignerExamples() {
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "gwt_crypto.ISO9796SignerTest", "doShortPartialTest", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
                         .withTPs(IncompleteOperationError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "gwt_crypto.ISO9796SignerTest", "doFullMessageTest", 0)
                         .withTPs(ConstraintError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .withTPs(IncompleteOperationError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("gwt_crypto.PSSBlindTest", "testSig", 6)
                         .withTPs(IncompleteOperationError.class, 1)
                         .withTPs(RequiredPredicateError.class, 1)
                         .withTPs(AlternativeReqPredicateError.class, 2)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("gwt_crypto.PSSTest", "testSig", 6)
@@ -263,11 +300,13 @@ public void testBCSignerExamples() {
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "gwt_crypto.X931SignerTest", "shouldPassSignatureTestOne", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 1)
                         .withTPs(IncompleteOperationError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder(
                                 "gwt_crypto.X931SignerTest", "shouldPassSignatureTestTwo", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 3)
                         .withTPs(IncompleteOperationError.class, 2)
                         .withTPs(RequiredPredicateError.class, 2)
                         .build());
@@ -286,7 +325,7 @@ public void testBCSignerExamples() {
                 new ErrorSpecification.Builder(
                                 "diqube.TicketSignatureService", "isValidTicketSignature", 1)
                         .withTPs(AlternativeReqPredicateError.class, 1)
-                        .withTPs(ImpreciseValueExtractionError.class, 1)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .build());
 
         addErrorSpecification(
@@ -300,13 +339,15 @@ public void testBCSignerExamples() {
 
         addErrorSpecification(
                 new ErrorSpecification.Builder("pattern.SignerTest", "testSignerGenerate", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 2)
                         .withTPs(RequiredPredicateError.class, 2)
                         .withTPs(AlternativeReqPredicateError.class, 1)
                         .build());
         addErrorSpecification(
                 new ErrorSpecification.Builder("pattern.SignerTest", "testSignerVerify", 0)
+                        .withTPs(ImpreciseValueExtractionError.class, 3)
                         .withTPs(RequiredPredicateError.class, 2)
-                        .withTPs(AlternativeReqPredicateError.class, 1)
+                        .withTPs(AlternativeReqPredicateError.class, 2)
                         .build());
 
         scanner.run();