diff --git a/engine/src/main/java/com/ibm/engine/language/java/JavaDetectionEngine.java b/engine/src/main/java/com/ibm/engine/language/java/JavaDetectionEngine.java index b55f55e5..7ccd5ccd 100644 --- a/engine/src/main/java/com/ibm/engine/language/java/JavaDetectionEngine.java +++ b/engine/src/main/java/com/ibm/engine/language/java/JavaDetectionEngine.java @@ -825,8 +825,7 @@ private void analyseExpression( // scope detectionStore.onDetectedDependingParameter( parameter, methodInvocationTree, DetectionStore.Scope.EXPRESSION); - } else if (expression instanceof NewClassTree newClassTree - && assignedSymbol.isEmpty()) { + } else if (expression instanceof NewClassTree newClassTree) { // follow expression directly, do not find matching expression in the method // scope detectionStore.onDetectedDependingParameter( diff --git a/engine/src/main/java/com/ibm/engine/model/context/AlgorithmParameterContext.java b/engine/src/main/java/com/ibm/engine/model/context/AlgorithmParameterContext.java index 5e3bbf5f..05349549 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/AlgorithmParameterContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/AlgorithmParameterContext.java @@ -19,36 +19,19 @@ */ package com.ibm.engine.model.context; +import java.util.HashMap; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public class AlgorithmParameterContext - implements IDetectionContext, ISupportKind { - - public enum Kind { - DH, - AEAD, - CCM, - GMSS, - IES, - KEY, - SABER, - NONE - } - - @Nonnull private final Kind kind; - - public AlgorithmParameterContext(@Nonnull Kind kind) { - this.kind = kind; - } +public class AlgorithmParameterContext extends DetectionContext { public AlgorithmParameterContext() { - this.kind = Kind.NONE; + super(new HashMap<>()); } - @Nonnull - public Kind kind() { - return kind; + public AlgorithmParameterContext(@Nonnull Map properties) { + super(properties); } @NotNull @Override diff --git a/engine/src/main/java/com/ibm/engine/model/context/CipherContext.java b/engine/src/main/java/com/ibm/engine/model/context/CipherContext.java index 59dabab8..ee1af743 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/CipherContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/CipherContext.java @@ -23,70 +23,14 @@ import java.util.Map; import javax.annotation.Nonnull; -public class CipherContext extends DetectionContext - implements IDetectionContext, ISupportKind { - - public enum Kind { - PKE, - RSA, - Fernet, - OAEP, - CHACHA20POLY1305, - AES_WRAP, - AES_WRAP_WITH_PADDING, - ENCRYPTION_STATUS, - WRAPPING_STATUS, - ENCODING, - ENCODING_SIGNATURE, - WRAP, - BLOCK_CIPHER, - BLOCK_CIPHER_ENGINE, - BLOCK_CIPHER_ENGINE_FOR_AEAD, - STREAM_CIPHER_ENGINE, - ASYMMETRIC_CIPHER_ENGINE, - ASYMMETRIC_CIPHER_ENGINE_SIGNATURE, - ASYMMETRIC_BUFFERED_BLOCK_CIPHER, - BUFFERED_BLOCK_CIPHER, - AEAD_BLOCK_CIPHER, - AEAD_ENGINE, - PADDING, - PBE, - HASH, - NONE - } - - @Nonnull private final Kind kind; - - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - public CipherContext(@Nonnull Kind kind) { - super(new HashMap<>()); - this.kind = kind; - } +public class CipherContext extends DetectionContext { public CipherContext() { super(new HashMap<>()); - this.kind = Kind.NONE; } public CipherContext(@Nonnull Map properties) { super(properties); - this.kind = Kind.NONE; - } - - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - @Nonnull - public Kind kind() { - return kind; } @Nonnull diff --git a/engine/src/main/java/com/ibm/engine/model/context/DigestContext.java b/engine/src/main/java/com/ibm/engine/model/context/DigestContext.java index 28ea36b3..b7f55c68 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/DigestContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/DigestContext.java @@ -23,48 +23,14 @@ import java.util.Map; import javax.annotation.Nonnull; -public class DigestContext extends DetectionContext - implements IDetectionContext, ISupportKind { - - public enum Kind { - NONE, - MGF1, - CRAMER_SHOUP, - NTRU, - } - - @Nonnull private final Kind kind; +public class DigestContext extends DetectionContext { public DigestContext() { super(new HashMap<>()); - this.kind = Kind.NONE; - } - - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - public DigestContext(@Nonnull Kind kind) { - super(new HashMap<>()); - this.kind = kind; } public DigestContext(@Nonnull Map properties) { super(properties); - this.kind = Kind.NONE; - } - - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - @Nonnull - public Kind kind() { - return kind; } @Nonnull diff --git a/engine/src/main/java/com/ibm/engine/model/context/KeyAgreementContext.java b/engine/src/main/java/com/ibm/engine/model/context/KeyAgreementContext.java index 99bec033..c221bcdd 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/KeyAgreementContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/KeyAgreementContext.java @@ -19,23 +19,18 @@ */ package com.ibm.engine.model.context; +import java.util.HashMap; import java.util.Map; import org.jetbrains.annotations.NotNull; -public class KeyAgreementContext extends DetectionContext implements IDetectionContext { +public class KeyAgreementContext extends DetectionContext { - public KeyAgreementContext(@NotNull Map properties) { - super(properties); + public KeyAgreementContext() { + super(new HashMap<>()); } - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - public KeyAgreementContext() { - super(Map.of()); + public KeyAgreementContext(@NotNull Map properties) { + super(properties); } @NotNull @Override diff --git a/engine/src/main/java/com/ibm/engine/model/context/KeyContext.java b/engine/src/main/java/com/ibm/engine/model/context/KeyContext.java index d278816e..5c9451b3 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/KeyContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/KeyContext.java @@ -27,36 +27,15 @@ public class KeyContext extends DetectionContext implements IDetectionContext, ISupportKind { public enum Kind { - KDF, - KEM, + /* TODO: they are still used in JCA and Python, but should be removed */ + EC, DES, DESede, DH, - DH_FULL, DSA, - EC, PBE, - RSA, - X25519, - X448, - Ed25519, - Ed448, - Fernet, - CHACHA20POLY1305, - AESGCM, - AESGCMIV, - AESOCB3, - AESSIV, - AESCCM, - PBKDF2HMAC, - SCRYPT, - ConcatKDFHash, - ConcatKDFHMAC, - HKDF, - HKDFExpand, - KBKDFHMAC, - KBKDFCMAC, - X963KDF, + KDF, + KEM, NONE, UNKNOWN; } diff --git a/engine/src/main/java/com/ibm/engine/model/context/MacContext.java b/engine/src/main/java/com/ibm/engine/model/context/MacContext.java index aad3f693..5ec50a09 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/MacContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/MacContext.java @@ -23,48 +23,14 @@ import java.util.Map; import javax.annotation.Nonnull; -public class MacContext extends DetectionContext - implements IDetectionContext, ISupportKind { - - public enum Kind { - CMAC, - HMAC, - Poly1305, - NONE - } - - @Nonnull private final Kind kind; - - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - public MacContext(@Nonnull Kind kind) { - super(new HashMap<>()); - this.kind = kind; - } +public class MacContext extends DetectionContext { public MacContext() { super(new HashMap<>()); - this.kind = Kind.NONE; } public MacContext(@Nonnull Map properties) { super(properties); - this.kind = Kind.NONE; - } - - /** - * use a property map instead - * - * @deprecated - */ - @Deprecated(since = "1.3.0") - @Nonnull - public Kind kind() { - return kind; } @Nonnull diff --git a/engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java b/engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java index 19f89150..cd67e964 100644 --- a/engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java +++ b/engine/src/main/java/com/ibm/engine/model/context/SignatureContext.java @@ -28,10 +28,6 @@ public class SignatureContext extends DetectionContext public enum Kind { PSS, MGF1, - DSA, - EdDSA, - MESSAGE_SIGNER, - SIGNING_STATUS, NONE } diff --git a/enricher/src/main/java/com/ibm/enricher/Enricher.java b/enricher/src/main/java/com/ibm/enricher/Enricher.java index db8d38fd..a83e3783 100644 --- a/enricher/src/main/java/com/ibm/enricher/Enricher.java +++ b/enricher/src/main/java/com/ibm/enricher/Enricher.java @@ -23,6 +23,7 @@ import com.ibm.enricher.algorithm.DESEnricher; import com.ibm.enricher.algorithm.DHEnricher; import com.ibm.enricher.algorithm.DSAEnricher; +import com.ibm.enricher.algorithm.KEMEnricher; import com.ibm.enricher.algorithm.PBKDF2Enricher; import com.ibm.enricher.algorithm.RSAEnricher; import com.ibm.enricher.algorithm.RSAoaepEnricher; @@ -88,7 +89,8 @@ public static Collection enrich(@Nonnull final Collection nodes) { new RSAssaPSSEnricher(), new RSAoaepEnricher(), new SignatureEnricher(), - new TagOrDigestEnricher()); + new TagOrDigestEnricher(), + new KEMEnricher()); /** * Enriches the given node with additional information. diff --git a/enricher/src/main/java/com/ibm/enricher/algorithm/KEMEnricher.java b/enricher/src/main/java/com/ibm/enricher/algorithm/KEMEnricher.java new file mode 100644 index 00000000..72ccc42d --- /dev/null +++ b/enricher/src/main/java/com/ibm/enricher/algorithm/KEMEnricher.java @@ -0,0 +1,62 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.enricher.algorithm; + +import com.ibm.enricher.IEnricher; +import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.Oid; +import com.ibm.mapper.model.ParameterSetIdentifier; +import com.ibm.mapper.model.algorithms.kyber.MLKEM; +import com.ibm.mapper.utils.DetectionLocation; +import java.util.Optional; +import javax.annotation.Nonnull; + +public class KEMEnricher implements IEnricher { + + @Override + public @Nonnull INode enrich(@Nonnull INode node) { + if (node instanceof MLKEM mlkem) { + return enrichMLKEM(mlkem); + } + return node; + } + + @Nonnull + private MLKEM enrichMLKEM(@Nonnull MLKEM mlkem) { + final Optional parameterSetIdentifierOptional = + mlkem.hasChildOfType(ParameterSetIdentifier.class); + if (parameterSetIdentifierOptional.isPresent() + && parameterSetIdentifierOptional.get() + instanceof ParameterSetIdentifier parameterSetIdentifier) { + final DetectionLocation detectionLocation = + parameterSetIdentifier.getDetectionContext(); + switch (parameterSetIdentifier.asString()) { + case "512" -> mlkem.put(new Oid("2.16.840.1.101.3.4.4.1", detectionLocation)); + case "768" -> mlkem.put(new Oid("2.16.840.1.101.3.4.4.2", detectionLocation)); + case "1024" -> mlkem.put(new Oid("2.16.840.1.101.3.4.4.3", detectionLocation)); + default -> { + // the base OID for NIST KEM + mlkem.put(new Oid("2.16.840.1.101.3.4.4", detectionLocation)); + } + } + } + return mlkem; + } +} diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngine.java index 07cc6e9a..d4f5dc25 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngine.java @@ -69,7 +69,7 @@ private BcAEADCipherEngine() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(engine)) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules())); } else { @@ -88,7 +88,7 @@ private BcAEADCipherEngine() { new AlgorithmParameterFactory<>( AlgorithmParameter.Kind.ANY)) .asChildOfParameterWithId(-1) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules())); } diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherInit.java index 3bf61c98..9d0f7184 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcAEADCipherInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcCCMBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcCCMBlockCipher.java index 93177cee..355fd44a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcCCMBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcCCMBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,8 +48,8 @@ private BcCCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -62,8 +63,8 @@ private BcCCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcChaCha20Poly1305.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcChaCha20Poly1305.java index 2315a230..81bae533 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcChaCha20Poly1305.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcChaCha20Poly1305.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.mac.BcMac; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcChaCha20Poly1305() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(AEAD)) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.CHACHA20POLY1305)) + .buildForContext(new CipherContext(Map.of("kind", "CHACHA20POLY1305"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -60,7 +61,7 @@ private BcChaCha20Poly1305() { .shouldBeDetectedAs(new ValueActionFactory<>(AEAD + "[WITH_MAC]")) .withMethodParameter("org.bouncycastle.crypto.Mac") .addDependingDetectionRules(BcMac.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.CHACHA20POLY1305)) + .buildForContext(new CipherContext(Map.of("kind", "CHACHA20POLY1305"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcEAXBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcEAXBlockCipher.java index d75b69ba..ea3ec370 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcEAXBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcEAXBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,8 +48,8 @@ private BcEAXBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMBlockCipher.java index 58a9ad0b..90873e18 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,8 +48,8 @@ private BcGCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -62,9 +63,9 @@ private BcGCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) .withMethodParameter("org.bouncycastle.crypto.modes.gcm.GCMMultiplier") - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -78,8 +79,8 @@ private BcGCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -93,9 +94,9 @@ private BcGCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) .withMethodParameter("org.bouncycastle.crypto.modes.gcm.GCMMultiplier") - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMSIVBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMSIVBlockCipher.java index 4ae9e943..1be82d37 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMSIVBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcGCMSIVBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcGCMSIVBlockCipher() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(MODE)) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -58,8 +59,8 @@ private BcGCMSIVBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -73,9 +74,9 @@ private BcGCMSIVBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) .withMethodParameter("org.bouncycastle.crypto.modes.gcm.GCMMultiplier") - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKCCMBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKCCMBlockCipher.java index f6eb7743..41480b68 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKCCMBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKCCMBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,8 +48,8 @@ private BcKCCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); @@ -62,9 +63,9 @@ private BcKCCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) .withMethodParameter("int") - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKGCMBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKGCMBlockCipher.java index 4d158913..61441255 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKGCMBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcKGCMBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,8 +48,8 @@ private BcKGCMBlockCipher() { .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcOCBBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcOCBBlockCipher.java index 5e7055de..77bc5bba 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcOCBBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcOCBBlockCipher.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.blockcipher.BcBlockCipher; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,13 +48,13 @@ private BcOCBBlockCipher() { .shouldBeDetectedAs(new ValueActionFactory<>(MODE)) .withMethodParameter("org.bouncycastle.crypto.BlockCipher") // hash cipher .addDependingDetectionRules( - BcBlockCipher.all(new CipherContext(CipherContext.Kind.HASH))) + BcBlockCipher.all(new CipherContext(Map.of("kind", "HASH")))) .withMethodParameter("org.bouncycastle.crypto.BlockCipher") // main cipher .addDependingDetectionRules( BcBlockCipher.all( new CipherContext( - CipherContext.Kind.BLOCK_CIPHER_ENGINE_FOR_AEAD))) - .buildForContext(new CipherContext(CipherContext.Kind.AEAD_BLOCK_CIPHER)) + Map.of("kind", "BLOCK_CIPHER_ENGINE_FOR_AEAD")))) + .buildForContext(new CipherContext(Map.of("kind", "AEAD_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcAEADCipherInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java index 20ee10ee..5e5bd1da 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherEngine.java @@ -26,6 +26,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.Nullable; import org.jetbrains.annotations.NotNull; @@ -53,7 +54,7 @@ private BcAsymCipherEngine() { IDetectionContext context = detectionValueContext != null ? detectionValueContext - : new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE); + : new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE")); for (String engine : blockCiphers) { constructorsList.add( diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherInit.java index c3d972be..3b78b1e4 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcAsymCipherInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcAsymCipherInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipher.java index 76dcfe2e..31ba8753 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipher.java @@ -26,6 +26,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -47,7 +48,7 @@ private BcBufferedAsymmetricBlockCipher() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -60,7 +61,7 @@ private BcBufferedAsymmetricBlockCipher() { .withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher") .addDependingDetectionRules(BcAsymmetricBlockCipher.rules()) .buildForContext( - new CipherContext(CipherContext.Kind.ASYMMETRIC_BUFFERED_BLOCK_CIPHER)) + new CipherContext(Map.of("kind", "ASYMMETRIC_BUFFERED_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(List.of(INIT)); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcISO9796d1Encoding.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcISO9796d1Encoding.java index 6e05aec0..c0fe1b08 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcISO9796d1Encoding.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcISO9796d1Encoding.java @@ -26,6 +26,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.Nullable; import org.jetbrains.annotations.Unmodifiable; @@ -44,7 +45,7 @@ private static final List> constructors( IDetectionContext context = encodingDetectionValueContext != null ? encodingDetectionValueContext - : new CipherContext(CipherContext.Kind.ENCODING); + : new CipherContext(Map.of("kind", "ENCODING")); constructorsList.add( new DetectionRuleBuilder() .createDetectionRule() diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncoding.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncoding.java index cca8dc74..5e06c952 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncoding.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncoding.java @@ -30,6 +30,7 @@ import com.ibm.plugin.rules.detection.bc.digest.BcDigests; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.Nullable; import org.jetbrains.annotations.Unmodifiable; @@ -48,7 +49,7 @@ private static final List> constructors( IDetectionContext context = encodingDetectionValueContext != null ? encodingDetectionValueContext - : new CipherContext(CipherContext.Kind.ENCODING); + : new CipherContext(Map.of("kind", "ENCODING")); constructorsList.add( new DetectionRuleBuilder() @@ -107,7 +108,7 @@ private static final List> constructors( .addDependingDetectionRules(BcDigests.rules()) .withMethodParameter("org.bouncycastle.crypto.Digest") // mgf1Hash .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.MGF1))) + BcDigests.rules(new DigestContext(Map.of("kind", "MGF1")))) .withMethodParameter(BYTE_ARRAY_TYPE) .buildForContext(context) .inBundle(() -> "Bc") diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcPKCS1Encoding.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcPKCS1Encoding.java index 60198a8c..b2cc85e2 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcPKCS1Encoding.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcPKCS1Encoding.java @@ -28,6 +28,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.Nullable; import org.jetbrains.annotations.Unmodifiable; @@ -46,7 +47,7 @@ private static final List> constructors( IDetectionContext context = encodingDetectionValueContext != null ? encodingDetectionValueContext - : new CipherContext(CipherContext.Kind.ENCODING); + : new CipherContext(Map.of("kind", "ENCODING")); constructorsList.add( new DetectionRuleBuilder() diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/basicagreement/BcBasicAgreement.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/basicagreement/BcBasicAgreement.java index 3d4df02b..d1cbe3c9 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/basicagreement/BcBasicAgreement.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/basicagreement/BcBasicAgreement.java @@ -26,6 +26,7 @@ import java.util.Arrays; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Unmodifiable; @@ -58,7 +59,7 @@ private BcBasicAgreement() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(agreement)) .withoutParameters() - .buildForContext(new KeyContext(KeyContext.Kind.DH)) + .buildForContext(new KeyContext(Map.of("kind", "DH"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcBasicAgreementInit.rules())); } diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipher.java index 39e6c38a..77c46066 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipher.java @@ -28,6 +28,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import java.util.stream.Stream; import javax.annotation.Nonnull; import javax.annotation.Nullable; @@ -58,7 +59,7 @@ private static final List> simpleConstructors( IDetectionContext context = detectionValueContext != null ? detectionValueContext - : new CipherContext(CipherContext.Kind.BLOCK_CIPHER); + : new CipherContext(Map.of("kind", "BLOCK_CIPHER")); for (String blockCipher : blockCiphers) { constructorsList.add( @@ -82,7 +83,7 @@ private static final List> specialConstructors( IDetectionContext context = detectionValueContext != null ? detectionValueContext - : new CipherContext(CipherContext.Kind.BLOCK_CIPHER); + : new CipherContext(Map.of("kind", "BLOCK_CIPHER")); constructorsList.add( new DetectionRuleBuilder() diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherEngine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherEngine.java index 1bb193f4..70e2ebd4 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherEngine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherEngine.java @@ -28,6 +28,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.Nullable; import org.jetbrains.annotations.Unmodifiable; @@ -82,7 +83,7 @@ private static final List> simpleConstructors( IDetectionContext context = detectionValueContext != null ? detectionValueContext - : new CipherContext(CipherContext.Kind.BLOCK_CIPHER_ENGINE); + : new CipherContext(Map.of("kind", "BLOCK_CIPHER_ENGINE")); // Simple empty constructors for (String engine : enginesEmptyConstructors) { diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherInit.java index f22781a3..b08c6ac6 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcBlockCipherInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcBlockCipherInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java index 294f73ff..7a3fa24a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/blockcipherpadding/BcBlockCipherPadding.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Unmodifiable; @@ -55,7 +56,7 @@ private BcBlockCipherPadding() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(padding)) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.PADDING)) + .buildForContext(new CipherContext(Map.of("kind", "PADDING"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); } diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipher.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipher.java index 48857425..94a04f62 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipher.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipher.java @@ -67,7 +67,7 @@ private BcBufferedBlockCipher() { .withMethodParameter("org.bouncycastle.crypto.BlockCipher") .addDependingDetectionRules(BcBlockCipher.all()) .buildForContext( - new CipherContext(CipherContext.Kind.BUFFERED_BLOCK_CIPHER)) + new CipherContext(Map.of("kind", "BUFFERED_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcBufferedBlockCipherInit.rules())); } @@ -87,8 +87,7 @@ private BcBufferedBlockCipher() { // TODO: "Type": should it be detected? .withMethodParameter("org.bouncycastle.crypto.BlockCipher") .addDependingDetectionRules(BcBlockCipher.all()) - .buildForContext( - new CipherContext(CipherContext.Kind.BUFFERED_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "BUFFERED_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcBufferedBlockCipherInit.rules())); @@ -103,8 +102,7 @@ private BcBufferedBlockCipher() { new ValueActionFactory<>("PaddedBufferedBlockCipher[PKCS7]")) .withMethodParameter("org.bouncycastle.crypto.BlockCipher") .addDependingDetectionRules(BcBlockCipher.all()) - .buildForContext( - new CipherContext(CipherContext.Kind.BUFFERED_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "BUFFERED_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcBufferedBlockCipherInit.rules())); @@ -119,8 +117,7 @@ private BcBufferedBlockCipher() { .addDependingDetectionRules(BcBlockCipher.all()) .withMethodParameter("org.bouncycastle.crypto.paddings.BlockCipherPadding") .addDependingDetectionRules(BcBlockCipherPadding.rules()) - .buildForContext( - new CipherContext(CipherContext.Kind.BUFFERED_BLOCK_CIPHER)) + .buildForContext(new CipherContext(Map.of("kind", "BUFFERED_BLOCK_CIPHER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcBufferedBlockCipherInit.rules())); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipherInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipherInit.java index 81e795e2..c43cc9fb 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipherInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcBufferedBlockCipherInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcBufferedBlockCipherInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcAEADParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcAEADParameters.java index 8a017d3a..ba7a5aaf 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcAEADParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcAEADParameters.java @@ -48,8 +48,7 @@ private BcAEADParameters() { .withMethodParameter("int") .shouldBeDetectedAs(new MacSizeFactory<>(Size.UnitType.BIT)) .withMethodParameter(BYTE_ARRAY_TYPE) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.AEAD)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -65,8 +64,7 @@ private BcAEADParameters() { .shouldBeDetectedAs(new MacSizeFactory<>(Size.UnitType.BIT)) .withMethodParameter(BYTE_ARRAY_TYPE) .withMethodParameter(BYTE_ARRAY_TYPE) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.AEAD)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCCMParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCCMParameters.java index 516da5d6..80e384bc 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCCMParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCCMParameters.java @@ -48,8 +48,7 @@ private BcCCMParameters() { .shouldBeDetectedAs(new MacSizeFactory<>(Size.UnitType.BIT)) .withMethodParameter(BYTE_ARRAY_TYPE) .withMethodParameter(BYTE_ARRAY_TYPE) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.CCM)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParameters.java index 9014bf70..af519c29 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcCramerShoupParameters.java @@ -22,7 +22,6 @@ import static com.ibm.plugin.rules.detection.TypeShortcuts.BIGINTEGER_TYPE; import com.ibm.engine.model.context.AlgorithmParameterContext; -import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.rule.IDetectionRule; import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; @@ -49,8 +48,7 @@ private BcCramerShoupParameters() { .withMethodParameter(BIGINTEGER_TYPE) .withMethodParameter(BIGINTEGER_TYPE) .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.CRAMER_SHOUP))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParameters.java index 305123f6..4889c01b 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcGMSSParameters.java @@ -46,8 +46,7 @@ private BcGMSSParameters() { .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -59,8 +58,7 @@ private BcGMSSParameters() { .withMethodParameter("boolean") .withMethodParameter("org.bouncycastle.pqc.legacy.crypto.gmss.GMSSParameters") .addDependingDetectionRules(List.of(BASE_CONSTRUCTOR)) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -73,8 +71,7 @@ private BcGMSSParameters() { .withMethodParameter(BYTE_ARRAY_TYPE) .withMethodParameter("org.bouncycastle.pqc.legacy.crypto.gmss.GMSSParameters") .addDependingDetectionRules(List.of(BASE_CONSTRUCTOR)) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -86,8 +83,7 @@ private BcGMSSParameters() { .withMethodParameter(BYTE_ARRAY_TYPE) .withMethodParameter("org.bouncycastle.pqc.legacy.crypto.gmss.GMSSParameters") .addDependingDetectionRules(List.of(BASE_CONSTRUCTOR)) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -99,8 +95,7 @@ private BcGMSSParameters() { .withMethodParameter( "org.bouncycastle.pqc.legacy.crypto.gmss.GMSSPublicKeyParameters") .addDependingDetectionRules(List.of(PUBLIC_KEY_CONSTRUCTOR)) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -127,8 +122,7 @@ private BcGMSSParameters() { .addDependingDetectionRules(List.of(BASE_CONSTRUCTOR)) .withMethodParameter( "org.bouncycastle.pqc.legacy.crypto.gmss.GMSSDigestProvider") - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -162,8 +156,7 @@ private BcGMSSParameters() { .addDependingDetectionRules(List.of(BASE_CONSTRUCTOR)) .withMethodParameter( "org.bouncycastle.pqc.legacy.crypto.gmss.GMSSDigestProvider") - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.GMSS)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParameters.java index 6fc80bd1..348bc05a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcIESParameters.java @@ -49,8 +49,7 @@ private BcIESParameters() { .withMethodParameter("int") .shouldBeDetectedAs(new MacSizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.IES)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -66,8 +65,7 @@ private BcIESParameters() { .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.IES)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParameter.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParameter.java index 0c908a54..56d5f5b8 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParameter.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcKeyParameter.java @@ -47,8 +47,7 @@ private BcKeyParameter() { .withMethodParameter("int") .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.KEY)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUEncryptionParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUEncryptionParameters.java index fd0d00fc..851f0c9a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUEncryptionParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUEncryptionParameters.java @@ -22,7 +22,6 @@ import static com.ibm.plugin.rules.detection.TypeShortcuts.BYTE_ARRAY_TYPE; import com.ibm.engine.model.context.AlgorithmParameterContext; -import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.rule.IDetectionRule; import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; @@ -60,8 +59,7 @@ private BcNTRUEncryptionParameters() { .withMethodParameter("boolean") .withMethodParameter("boolean") .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.NTRU))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -91,8 +89,7 @@ private BcNTRUEncryptionParameters() { .withMethodParameter("boolean") .withMethodParameter("boolean") .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.NTRU))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPrivateKeyParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPrivateKeyParameters.java index 28b98a53..4b6df9ff 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPrivateKeyParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPrivateKeyParameters.java @@ -22,7 +22,6 @@ import static com.ibm.plugin.rules.detection.TypeShortcuts.BYTE_ARRAY_TYPE; import com.ibm.engine.model.context.AlgorithmParameterContext; -import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.rule.IDetectionRule; import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; @@ -59,8 +58,7 @@ private BcNTRUSigningPrivateKeyParameters() { .withMethodParameter("boolean") .withMethodParameter("int") .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.NTRU))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -89,8 +87,7 @@ private BcNTRUSigningPrivateKeyParameters() { .withMethodParameter("boolean") .withMethodParameter("int") .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.NTRU))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPublicKeyParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPublicKeyParameters.java index 77333046..130a60db 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPublicKeyParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcNTRUSigningPublicKeyParameters.java @@ -22,7 +22,6 @@ import static com.ibm.plugin.rules.detection.TypeShortcuts.BYTE_ARRAY_TYPE; import com.ibm.engine.model.context.AlgorithmParameterContext; -import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.rule.IDetectionRule; import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; @@ -53,8 +52,7 @@ private BcNTRUSigningPublicKeyParameters() { .withMethodParameter("double") .withMethodParameter("double") .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.NTRU))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); @@ -78,8 +76,7 @@ private BcNTRUSigningPublicKeyParameters() { .withMethodParameter("double") .withMethodParameter("double") .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.NTRU))) + .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParameters.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParameters.java index 5c69340e..2a9a5b08 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParameters.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/cipherparameters/BcSABERParameters.java @@ -54,8 +54,7 @@ private BcSABERParameters() { */ // .shouldBeDetectedAs(new BooleanFactory<>()) // captures `usingAes` .withMethodParameter("boolean") - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.SABER)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java index f0d564eb..75a9f291 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/derivationfunction/BcDerivationFunction.java @@ -99,7 +99,7 @@ private BcDerivationFunction() { .shouldBeDetectedAs(new ValueActionFactory<>(generator)) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) - .buildForContext(new KeyContext(KeyContext.Kind.KDF)) + .buildForContext(new KeyContext(Map.of("kind", "KDF"))) // TODO: .withDependingDetectionRules(DerivationFunctionInit.rules())); .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -116,7 +116,7 @@ private BcDerivationFunction() { .shouldBeDetectedAs(new ValueActionFactory<>(generator)) .withMethodParameter("org.bouncycastle.crypto.Mac") .addDependingDetectionRules(BcMac.rules()) - .buildForContext(new KeyContext(KeyContext.Kind.KDF)) + .buildForContext(new KeyContext(Map.of("kind", "KDF"))) // TODO: .withDependingDetectionRules(DerivationFunctionInit.rules())); .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -138,7 +138,7 @@ private BcDerivationFunction() { .shouldBeDetectedAs(new OperationModeFactory<>()) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) - .buildForContext(new KeyContext(KeyContext.Kind.KDF)) + .buildForContext(new KeyContext(Map.of("kind", "KDF"))) // TODO: .withDependingDetectionRules(DerivationFunctionInit.rules())); .inBundle(() -> "Bc") .withoutDependingDetectionRules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java index 396de4a1..79a3e2cd 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSA.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Unmodifiable; @@ -60,7 +61,7 @@ private BcDSA() { .shouldBeDetectedAs(new ValueActionFactory<>(dsa)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() - .buildForContext(new SignatureContext(SignatureContext.Kind.DSA)) + .buildForContext(new SignatureContext(Map.of("kind", "DSA"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcDSAInit.rules())); } diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSAInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSAInit.java index 1ad85bcc..c79a847c 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSAInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/dsa/BcDSAInit.java @@ -44,7 +44,7 @@ private BcDSAInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new SignatureContext(SignatureContext.Kind.SIGNING_STATUS)) + .buildForContext(new SignatureContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java index dab1cb8f..a39620bb 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretExtractor.java @@ -72,7 +72,7 @@ private BcEncapsulatedSecretExtractor() { .shouldBeDetectedAs(new ValueActionFactory<>(extractor)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); } @@ -95,7 +95,7 @@ private BcEncapsulatedSecretExtractor() { .asChildOfParameterWithId(-1) .withMethodParameter("org.bouncycastle.crypto.DerivationFunction") .addDependingDetectionRules(BcDerivationFunction.rules()) - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -112,7 +112,7 @@ private BcEncapsulatedSecretExtractor() { .asChildOfParameterWithId(-1) .withMethodParameter("org.bouncycastle.crypto.DerivationFunction") .addDependingDetectionRules(BcDerivationFunction.rules()) - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -132,7 +132,7 @@ private BcEncapsulatedSecretExtractor() { .withMethodParameter("boolean") .withMethodParameter("boolean") .withMethodParameter("boolean") - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java index 652984df..546c56d9 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/encapsulatedsecret/BcEncapsulatedSecretGenerator.java @@ -71,7 +71,7 @@ private BcEncapsulatedSecretGenerator() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(generator)) .withMethodParameter("java.security.SecureRandom") - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); } @@ -94,7 +94,7 @@ private BcEncapsulatedSecretGenerator() { .withMethodParameter("org.bouncycastle.crypto.DerivationFunction") .addDependingDetectionRules(BcDerivationFunction.rules()) .withMethodParameter("java.security.SecureRandom") - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -110,7 +110,7 @@ private BcEncapsulatedSecretGenerator() { .withMethodParameter("org.bouncycastle.crypto.DerivationFunction") .addDependingDetectionRules(BcDerivationFunction.rules()) .withMethodParameter("java.security.SecureRandom") - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -129,7 +129,7 @@ private BcEncapsulatedSecretGenerator() { .withMethodParameter("boolean") .withMethodParameter("boolean") .withMethodParameter("boolean") - .buildForContext(new KeyContext(KeyContext.Kind.KEM)) + .buildForContext(new KeyContext(Map.of("kind", "KEM"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java index 72008f0e..d9fcd95a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSigner.java @@ -19,6 +19,7 @@ */ package com.ibm.plugin.rules.detection.bc.messagesigner; +import com.ibm.engine.model.context.DigestContext; import com.ibm.engine.model.context.SignatureContext; import com.ibm.engine.model.factory.ValueActionFactory; import com.ibm.engine.rule.IDetectionRule; @@ -78,8 +79,7 @@ private BcMessageSigner() { .shouldBeDetectedAs(new ValueActionFactory<>(signer)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() - .buildForContext( - new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER)) + .buildForContext(new SignatureContext(Map.of("kind", "MESSAGE_SIGNER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcMessageSignerInit.rules())); } @@ -96,10 +96,14 @@ private BcMessageSigner() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>("SPHINCS256Signer")) .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules(BcDigests.rules()) + .addDependingDetectionRules( + BcDigests.rules( + new DigestContext(Map.of("kind", "ASSET_COLLECTION")))) .withMethodParameter("org.bouncycastle.crypto.Digest") - .addDependingDetectionRules(BcDigests.rules()) - .buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER)) + .addDependingDetectionRules( + BcDigests.rules( + new DigestContext(Map.of("kind", "ASSET_COLLECTION")))) + .buildForContext(new SignatureContext(Map.of("kind", "MESSAGE_SIGNER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcMessageSignerInit.rules())); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSignerInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSignerInit.java index 415492a4..1dcf2c35 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSignerInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcMessageSignerInit.java @@ -44,7 +44,7 @@ private BcMessageSignerInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new SignatureContext(SignatureContext.Kind.SIGNING_STATUS)) + .buildForContext(new SignatureContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java index 6ae880d0..75c325d2 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/messagesigner/BcStateAwareMessageSigner.java @@ -62,8 +62,7 @@ private BcStateAwareMessageSigner() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(signer)) .withoutParameters() - .buildForContext( - new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER)) + .buildForContext(new SignatureContext(Map.of("kind", "MESSAGE_SIGNER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcMessageSignerInit.rules())); } @@ -82,7 +81,7 @@ private BcStateAwareMessageSigner() { .shouldBeDetectedAs(new ValueActionFactory<>("GMSSStateAwareSigner")) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) - .buildForContext(new SignatureContext(SignatureContext.Kind.MESSAGE_SIGNER)) + .buildForContext(new SignatureContext(Map.of("kind", "MESSAGE_SIGNER"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcMessageSignerInit.rules())); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngine.java index fb97fa6c..652d4fb5 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngine.java @@ -28,6 +28,7 @@ import com.ibm.plugin.rules.detection.bc.derivationfunction.BcDerivationFunction; import com.ibm.plugin.rules.detection.bc.mac.BcMac; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -53,7 +54,7 @@ private BcIESEngine() { .addDependingDetectionRules(BcDerivationFunction.rules()) .withMethodParameter("org.bouncycastle.crypto.Mac") .addDependingDetectionRules(BcMac.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcIESEngineInit.rules()); @@ -71,7 +72,7 @@ private BcIESEngine() { .addDependingDetectionRules(BcMac.rules()) .withMethodParameter("org.bouncycastle.crypto.BufferedBlockCipher") .addDependingDetectionRules(BcBufferedBlockCipher.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcIESEngineInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineInit.java index cd05e0e3..9a97e5eb 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -79,7 +80,7 @@ private BcIESEngineInit() { .addDependingDetectionRules(BcCipherParameters.rules()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2Engine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2Engine.java index c14b36b2..f9b27f21 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2Engine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2Engine.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -45,7 +46,7 @@ private BcSM2Engine() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(ENGINE_NAME)) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcSM2EngineInit.rules()); @@ -57,7 +58,7 @@ private BcSM2Engine() { .shouldBeDetectedAs(new ValueActionFactory<>(ENGINE_NAME)) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcSM2EngineInit.rules()); @@ -70,7 +71,7 @@ private BcSM2Engine() { .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) .withMethodParameter("org.bouncycastle.crypto.engines.SM2Engine$Mode") - .buildForContext(new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcSM2EngineInit.rules()); @@ -81,7 +82,7 @@ private BcSM2Engine() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>(ENGINE_NAME)) .withMethodParameter("org.bouncycastle.crypto.engines.SM2Engine$Mode") - .buildForContext(new CipherContext(CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE)) + .buildForContext(new CipherContext(Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcSM2EngineInit.rules()); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2EngineInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2EngineInit.java index 61787862..9bf5b013 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2EngineInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/other/BcSM2EngineInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcSM2EngineInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/pbe/BcPBEParametersGenerator.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/pbe/BcPBEParametersGenerator.java index d4e12e74..ef5a1c6e 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/pbe/BcPBEParametersGenerator.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/pbe/BcPBEParametersGenerator.java @@ -27,6 +27,7 @@ import java.util.Arrays; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Unmodifiable; @@ -62,7 +63,7 @@ private BcPBEParametersGenerator() { .forConstructor() .shouldBeDetectedAs(new ValueActionFactory<>("PKCS5S2ParametersGenerator")) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.PBE)) + .buildForContext(new CipherContext(Map.of("kind", "PBE"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -81,7 +82,7 @@ private BcPBEParametersGenerator() { .shouldBeDetectedAs( new ValueActionFactory<>("OpenSSLPBEParametersGenerator[MD5]")) .withoutParameters() - .buildForContext(new CipherContext(CipherContext.Kind.PBE)) + .buildForContext(new CipherContext(Map.of("kind", "PBE"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); @@ -95,7 +96,7 @@ private BcPBEParametersGenerator() { .shouldBeDetectedAs(new ValueActionFactory<>(pbeClass)) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.PBE)) + .buildForContext(new CipherContext(Map.of("kind", "PBE"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules()); } diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcGenericSigner.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcGenericSigner.java index 82451f37..64121c38 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcGenericSigner.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcGenericSigner.java @@ -27,6 +27,7 @@ import com.ibm.plugin.rules.detection.bc.asymmetricblockcipher.BcAsymmetricBlockCipher; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -48,9 +49,9 @@ private BcGenericSigner() { .withMethodParameter("org.bouncycastle.crypto.AsymmetricBlockCipher") .addDependingDetectionRules( BcAsymmetricBlockCipher.rules( - new CipherContext(CipherContext.Kind.ENCODING_SIGNATURE), + new CipherContext(Map.of("kind", "ENCODING_SIGNATURE")), new CipherContext( - CipherContext.Kind.ASYMMETRIC_CIPHER_ENGINE_SIGNATURE))) + Map.of("kind", "ASYMMETRIC_CIPHER_ENGINE_SIGNATURE")))) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules(BcDigests.rules()) .buildForContext(new SignatureContext()) diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcPSSSigner.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcPSSSigner.java index bbe1bc6b..656c9465 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcPSSSigner.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcPSSSigner.java @@ -31,6 +31,7 @@ import com.ibm.plugin.rules.detection.bc.asymmetricblockcipher.BcAsymmetricBlockCipher; import com.ibm.plugin.rules.detection.bc.digest.BcDigests; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -70,7 +71,7 @@ private BcPSSSigner() { .addDependingDetectionRules(BcDigests.rules()) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.MGF1))) + BcDigests.rules(new DigestContext(Map.of("kind", "MGF1")))) .withMethodParameter(BYTE_ARRAY_TYPE) .buildForContext(new SignatureContext()) .inBundle(() -> "Bc") @@ -88,7 +89,7 @@ private BcPSSSigner() { .addDependingDetectionRules(BcDigests.rules()) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.MGF1))) + BcDigests.rules(new DigestContext(Map.of("kind", "MGF1")))) .withMethodParameter(BYTE_ARRAY_TYPE) .withMethodParameter("byte") .buildForContext(new SignatureContext()) @@ -107,7 +108,7 @@ private BcPSSSigner() { .addDependingDetectionRules(BcDigests.rules()) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.MGF1))) + BcDigests.rules(new DigestContext(Map.of("kind", "MGF1")))) .withMethodParameter("int") .shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) @@ -127,7 +128,7 @@ private BcPSSSigner() { .addDependingDetectionRules(BcDigests.rules()) .withMethodParameter("org.bouncycastle.crypto.Digest") .addDependingDetectionRules( - BcDigests.rules(new DigestContext(DigestContext.Kind.MGF1))) + BcDigests.rules(new DigestContext(Map.of("kind", "MGF1")))) .withMethodParameter("int") .shouldBeDetectedAs(new SaltSizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcSignerInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcSignerInit.java index 6e877ec5..4577692a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcSignerInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/signer/BcSignerInit.java @@ -44,7 +44,7 @@ private BcSignerInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new SignatureContext(SignatureContext.Kind.SIGNING_STATUS)) + .buildForContext(new SignatureContext()) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherEngine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherEngine.java index 8613bd81..5c37053b 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherEngine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherEngine.java @@ -26,6 +26,7 @@ import java.util.Arrays; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Unmodifiable; @@ -72,7 +73,7 @@ private BcStreamCipherEngine() { // We want to capture all possible constructors (some have arguments) .withAnyParameters() .buildForContext( - new CipherContext(CipherContext.Kind.STREAM_CIPHER_ENGINE)) + new CipherContext(Map.of("kind", "STREAM_CIPHER_ENGINE"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcStreamCipherInit.rules())); } diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherInit.java index 99e4d775..2d39ea42 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/streamcipher/BcStreamCipherInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcStreamCipherInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.ENCRYPTION_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "ENCRYPTION_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperEngine.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperEngine.java index c7d7ee6b..c4c8d097 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperEngine.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperEngine.java @@ -29,6 +29,7 @@ import java.util.Arrays; import java.util.LinkedList; import java.util.List; +import java.util.Map; import java.util.stream.Stream; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; @@ -67,7 +68,7 @@ private BcWrapperEngine() { .shouldBeDetectedAs(new ValueActionFactory<>(engine)) // We want to capture all possible constructors (some have arguments) .withAnyParameters() - .buildForContext(new CipherContext(CipherContext.Kind.WRAP)) + .buildForContext(new CipherContext(Map.of("kind", "WRAP"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcWrapperInit.rules())); } @@ -87,7 +88,7 @@ private BcWrapperEngine() { .withMethodParameter("int") .shouldBeDetectedAs(new BlockSizeFactory<>(Size.UnitType.BIT)) .asChildOfParameterWithId(-1) - .buildForContext(new CipherContext(CipherContext.Kind.WRAP)) + .buildForContext(new CipherContext(Map.of("kind", "WRAP"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcWrapperInit.rules())); @@ -99,7 +100,7 @@ private BcWrapperEngine() { .shouldBeDetectedAs(new ValueActionFactory<>("RFC5649WrapEngine")) .withMethodParameter("org.bouncycastle.crypto.BlockCipher") .addDependingDetectionRules(BcBlockCipherEngine.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.WRAP)) + .buildForContext(new CipherContext(Map.of("kind", "WRAP"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcWrapperInit.rules())); @@ -111,7 +112,7 @@ private BcWrapperEngine() { .shouldBeDetectedAs(new ValueActionFactory<>("RFC3394WrapEngine")) .withMethodParameter("org.bouncycastle.crypto.BlockCipher") .addDependingDetectionRules(BcBlockCipherEngine.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.WRAP)) + .buildForContext(new CipherContext(Map.of("kind", "WRAP"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcWrapperInit.rules())); @@ -124,7 +125,7 @@ private BcWrapperEngine() { .withMethodParameter("org.bouncycastle.crypto.BlockCipher") .addDependingDetectionRules(BcBlockCipherEngine.rules()) .withMethodParameter("boolean") - .buildForContext(new CipherContext(CipherContext.Kind.WRAP)) + .buildForContext(new CipherContext(Map.of("kind", "WRAP"))) .inBundle(() -> "Bc") .withDependingDetectionRules(BcWrapperInit.rules())); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperInit.java index a7e32750..8c67997a 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/bc/wrapper/BcWrapperInit.java @@ -25,6 +25,7 @@ import com.ibm.engine.rule.builder.DetectionRuleBuilder; import com.ibm.plugin.rules.detection.bc.cipherparameters.BcCipherParameters; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -44,7 +45,7 @@ private BcWrapperInit() { .shouldBeDetectedAs(new BooleanFactory<>()) .withMethodParameter("org.bouncycastle.crypto.CipherParameters") .addDependingDetectionRules(BcCipherParameters.rules()) - .buildForContext(new CipherContext(CipherContext.Kind.WRAPPING_STATUS)) + .buildForContext(new CipherContext(Map.of("kind", "WRAPPING_STATUS"))) .inBundle(() -> "Bc") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHGenParameterSpec.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHGenParameterSpec.java index dfcbf790..8a917b36 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHGenParameterSpec.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHGenParameterSpec.java @@ -39,8 +39,7 @@ public final class JcaDHGenParameterSpec { .withMethodParameter("int") .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT)) .withMethodParameter("int") - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.DH)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Jca") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHParameterSpec.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHParameterSpec.java index b2ba212e..efff8813 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHParameterSpec.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaDHParameterSpec.java @@ -41,8 +41,7 @@ public final class JcaDHParameterSpec { .withMethodParameter(BIGINTEGER_TYPE) .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.PRIME_P)) .withMethodParameter(BIGINTEGER_TYPE) - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.DH)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Jca") .withoutDependingDetectionRules(); @@ -55,8 +54,7 @@ public final class JcaDHParameterSpec { .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.PRIME_P)) .withMethodParameter(BIGINTEGER_TYPE) .withMethodParameter("int") - .buildForContext( - new AlgorithmParameterContext(AlgorithmParameterContext.Kind.DH)) + .buildForContext(new AlgorithmParameterContext()) .inBundle(() -> "Jca") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/cipher/JcaCipherInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/cipher/JcaCipherInit.java index 6acafb37..07f010b7 100644 --- a/java/src/main/java/com/ibm/plugin/rules/detection/jca/cipher/JcaCipherInit.java +++ b/java/src/main/java/com/ibm/plugin/rules/detection/jca/cipher/JcaCipherInit.java @@ -29,6 +29,7 @@ import com.ibm.plugin.rules.detection.jca.algorithmspec.JcaAlgorithmParameterSpec; import com.ibm.plugin.rules.detection.jca.keyspec.JcaKeySpec; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import org.jetbrains.annotations.Unmodifiable; import org.sonar.plugins.java.api.tree.Tree; @@ -43,7 +44,7 @@ public final class JcaCipherInit { .withMethodParameter("int") .shouldBeDetectedAs(new OperationModeFactory<>()) .withMethodParameter("java.security.cert.Certificate") - .buildForContext(new CipherContext(CipherContext.Kind.PKE)) + .buildForContext(new CipherContext(Map.of("kind", "PKE"))) .inBundle(() -> "Jca") .withoutDependingDetectionRules(); @@ -56,7 +57,7 @@ public final class JcaCipherInit { .shouldBeDetectedAs(new OperationModeFactory<>()) .withMethodParameter("java.security.cert.Certificate") .withMethodParameter("java.security.SecureRandom") - .buildForContext(new CipherContext(CipherContext.Kind.PKE)) + .buildForContext(new CipherContext(Map.of("kind", "PKE"))) .inBundle(() -> "Jca") .withoutDependingDetectionRules(); diff --git a/java/src/main/java/com/ibm/plugin/translation/reorganizer/JavaReorganizerRules.java b/java/src/main/java/com/ibm/plugin/translation/reorganizer/JavaReorganizerRules.java index 94344668..85b4bc07 100644 --- a/java/src/main/java/com/ibm/plugin/translation/reorganizer/JavaReorganizerRules.java +++ b/java/src/main/java/com/ibm/plugin/translation/reorganizer/JavaReorganizerRules.java @@ -27,7 +27,6 @@ import com.ibm.mapper.reorganizer.rules.MacReorganizer; import com.ibm.mapper.reorganizer.rules.SignatureReorganizer; import java.util.List; -import java.util.stream.Stream; import javax.annotation.Nonnull; public final class JavaReorganizerRules { @@ -37,14 +36,18 @@ private JavaReorganizerRules() { @Nonnull public static List rules() { - return Stream.of( - AeadBlockCipherReorganizer.rules().stream(), - AsymmetricBlockCipherReorganizer.rules().stream(), - BlockCipherReorganizer.rules().stream(), - CipherParameterReorganizer.rules().stream(), - MacReorganizer.rules().stream(), - Stream.of(SignatureReorganizer.MERGE_SIGNATURE_UNKNOWN_PARENT_AND_CHILD)) - .flatMap(i -> i) - .toList(); + return List.of( + AeadBlockCipherReorganizer.MERGE_AE_PARENT_AND_CHILD, + AeadBlockCipherReorganizer.MOVE_TAG_LENGTH_UNDER_MAC, + AsymmetricBlockCipherReorganizer.INVERT_DIGEST_AND_ITS_SIZE, + AsymmetricBlockCipherReorganizer.MERGE_PKE_PARENT_AND_CHILD, + BlockCipherReorganizer.MERGE_BLOCK_CIPHER_PARENT_AND_CHILD, + CipherParameterReorganizer.MOVE_KEY_LENGTH_UNDER_TAG_LENGTH_UP, + CipherParameterReorganizer.MOVE_NODES_UNDER_DECRYPT_UP, + CipherParameterReorganizer.MOVE_NODES_UNDER_ENCRYPT_UP, + MacReorganizer.MERGE_UNKNOWN_MAC_PARENT_AND_CIPHER_CHILD, + MacReorganizer.MOVE_SOME_MAC_CHILDREN_UNDER_BLOCKCIPHER, + MacReorganizer.MOVE_TAG_LENGTH_UNDER_MAC, + SignatureReorganizer.MERGE_UNKNOWN_SIGNATURE_PARENT_AND_CHILD); } } diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java index 5417657e..064aad6c 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaCipherContextTranslator.java @@ -26,7 +26,7 @@ import com.ibm.engine.model.IValue; import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.ValueAction; -import com.ibm.engine.model.context.CipherContext; +import com.ibm.engine.model.context.DetectionContext; import com.ibm.engine.model.context.IDetectionContext; import com.ibm.mapper.mapper.bc.BcAeadEnumsMapper; import com.ibm.mapper.mapper.bc.BcAeadMapper; @@ -85,18 +85,19 @@ public final class JavaCipherContextTranslator extends JavaAbstractLibraryTransl @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - final CipherContext.Kind kind = ((CipherContext) detectionContext).kind(); - if (value instanceof OperationMode operationMode) { + if (value instanceof OperationMode operationMode + && detectionContext instanceof DetectionContext context) { + String kind = context.get("kind").map(k -> k).orElse(""); return switch (kind) { - case ENCRYPTION_STATUS -> { + case "ENCRYPTION_STATUS" -> { BcOperationModeEncryptionMapper bcCipherOperationModeMapper = new BcOperationModeEncryptionMapper(); yield bcCipherOperationModeMapper .parse(operationMode.asString(), detectionLocation) .map(f -> f); } - case WRAPPING_STATUS -> { + case "WRAPPING_STATUS" -> { BcOperationModeWrappingMapper bcOperationModeWrappingMapper = new BcOperationModeWrappingMapper(); yield bcOperationModeWrappingMapper @@ -105,230 +106,88 @@ public final class JavaCipherContextTranslator extends JavaAbstractLibraryTransl } default -> Optional.empty(); }; - } else if (value instanceof ValueAction valueAction) { - // com.ibm.mapper.model.Algorithm algorithm; - // BlockCipher blockCipher; - // AuthenticatedEncryption ae; - // PublicKeyEncryption pke; - // Mode mode; - // Padding padding; - // PasswordBasedEncryption pbe; - + } else if (value instanceof ValueAction valueAction + && detectionContext instanceof DetectionContext context) { + String kind = context.get("kind").map(k -> k).orElse(""); switch (kind) { - case BLOCK_CIPHER_ENGINE, /* AEAD_BLOCK_CIPHER_ENGINE, */ HASH: + case "BLOCK_CIPHER_ENGINE", "HASH": /* TODO: better handle the HASH case (used in `BcOCBBlockCipher`): use asKind MessageDigest? */ BcBlockCipherEngineMapper bcBlockCipherMapper = new BcBlockCipherEngineMapper(BlockCipher.class); return bcBlockCipherMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case BLOCK_CIPHER_ENGINE_FOR_AEAD: + case "BLOCK_CIPHER_ENGINE_FOR_AEAD": BcBlockCipherEngineMapper bcBlockCipherForAeadMapper = new BcBlockCipherEngineMapper(AuthenticatedEncryption.class); return bcBlockCipherForAeadMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case BLOCK_CIPHER: + case "BLOCK_CIPHER": BcBlockCipherModeMapper bcBlockCipherModeMapper = new BcBlockCipherModeMapper(); return bcBlockCipherModeMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case ASYMMETRIC_CIPHER_ENGINE: + case "ASYMMETRIC_CIPHER_ENGINE": BcAsymCipherEngineMapper bcAsymCipherEngineMapper = new BcAsymCipherEngineMapper(PublicKeyEncryption.class); return bcAsymCipherEngineMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case ASYMMETRIC_CIPHER_ENGINE_SIGNATURE: + case "ASYMMETRIC_CIPHER_ENGINE_SIGNATURE": BcAsymCipherEngineMapper bcAsymCipherEngineSignatureMapper = new BcAsymCipherEngineMapper(Signature.class); return bcAsymCipherEngineSignatureMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case BUFFERED_BLOCK_CIPHER: + case "BUFFERED_BLOCK_CIPHER": BcBufferedBlockCipherMapper bcBufferedBlockCipherMapper = new BcBufferedBlockCipherMapper(); return bcBufferedBlockCipherMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case STREAM_CIPHER_ENGINE: + case "STREAM_CIPHER_ENGINE": BcStreamCipherEngineMapper bcStreamCipherEngineMapper = new BcStreamCipherEngineMapper(); return bcStreamCipherEngineMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case WRAP: + case "WRAP": BcWrapperMapper bcWrapperMapper = new BcWrapperMapper(); return bcWrapperMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - - /*case ASYMMETRIC_CIPHER_ENGINE, BLOCK_CIPHER_ENGINE, WRAP_ENGINE: - return Optional.of( - new BlockCipher( - new com.ibm.mapper.model.Algorithm( - valueAction.asString(), detectionLocation))); - case ASYMMETRIC_CIPHER_ENGINE_SIGNATURE: - return Optional.of( - new PublicKeyEncryption( - new com.ibm.mapper.model.Algorithm( - valueAction.asString(), detectionLocation))); - case WRAP_RFC: - // Should the RFC value be reflected in the translation? Where? - return Optional.of( - new BlockCipher( - new com.ibm.mapper.model.Algorithm( - ITranslator.UNKNOWN, detectionLocation))); - case STREAM_CIPHER_ENGINE: - return Optional.of( - new StreamCipher( - new com.ibm.mapper.model.Algorithm( - valueAction.asString(), detectionLocation))); - case BLOCK_CIPHER, BUFFERED_BLOCK_CIPHER: - String blockCipherString = null; - String modeString = valueAction.asString(); - boolean addMode = true; - String paddingString = "PKCS7"; - boolean addPadding = false; - - List isNotAModeList = - List.of( - "Buffered", - "DefaultBuffered", - "Padded", - "PaddedBuffered", - "PaddedBuffered(PKCS7)"); - if (isNotAModeList.contains(modeString)) { - addMode = false; - - if (modeString.contains(paddingString)) { - addPadding = true; - } - } - - if (modeString.contains("|")) { - String[] split = modeString.split("\\|"); - if (split.length != 2) { - break; - } - - blockCipherString = split[0]; - modeString = split[1]; - } - - mode = new Mode(modeString, detectionLocation); - padding = new Padding(paddingString, detectionLocation); - algorithm = - new com.ibm.mapper.model.Algorithm( - blockCipherString != null - ? blockCipherString - : ITranslator.UNKNOWN, - detectionLocation); - blockCipher = - new BlockCipher( - algorithm, addMode ? mode : null, addPadding ? padding : null); - return Optional.of(blockCipher); */ - case AEAD_ENGINE, AEAD_BLOCK_CIPHER, CHACHA20POLY1305: + case "AEAD_ENGINE", "AEAD_BLOCK_CIPHER", "CHACHA20POLY1305": BcAeadMapper bcAeadMapper = new BcAeadMapper(); return bcAeadMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case ENCODING: + case "ENCODING": BcAsymCipherEncodingMapper bcAsymCipherEncodingMapper = new BcAsymCipherEncodingMapper(PublicKeyEncryption.class); return bcAsymCipherEncodingMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case ENCODING_SIGNATURE: + case "ENCODING_SIGNATURE": BcAsymCipherEncodingMapper bcAsymCipherEncodingSignatureMapper = new BcAsymCipherEncodingMapper(Signature.class); return bcAsymCipherEncodingSignatureMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - - /* case ENCODING: - blockCipher = - new BlockCipher( - new com.ibm.mapper.model.Algorithm( - ITranslator.UNKNOWN, detectionLocation)); - - padding = new Padding(valueAction.asString(), detectionLocation); - switch (valueAction.asString()) { - case "OAEP": - blockCipher.put(new OAEP(padding)); - break; - default: - blockCipher.put(padding); - break; - } - - return Optional.of(blockCipher); - case ENCODING_SIGNATURE: - pke = - new PublicKeyEncryption( - new com.ibm.mapper.model.Algorithm( - ITranslator.UNKNOWN, detectionLocation)); - - padding = new Padding(valueAction.asString(), detectionLocation); - switch (valueAction.asString()) { - case "OAEP": - pke.put(new OAEP(padding)); - break; - default: - pke.put(padding); - break; - } - - return Optional.of(pke); */ - case ASYMMETRIC_BUFFERED_BLOCK_CIPHER: + case "ASYMMETRIC_BUFFERED_BLOCK_CIPHER": com.ibm.mapper.model.Algorithm blockCipher = Utils.unknown(PublicKeyEncryption.class, detectionLocation); return Optional.of(blockCipher); - case PADDING: + case "PADDING": BcPaddingMapper bcPaddingMapper = new BcPaddingMapper(); return bcPaddingMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case PBE: + case "PBE": BcPbeMapper bcPbeMapper = new BcPbeMapper(); return bcPbeMapper.parse(valueAction.asString(), detectionLocation).map(f -> f); - /* case PADDING: - padding = new Padding(valueAction.asString(), detectionLocation); - return Optional.of(padding); - case PBE: - String algorithmName = valueAction.asString(); - switch (valueAction.asString()) { - case "OpenSSLPBE": - algorithmName = "PKCS #5 v2.0 Scheme 1"; - break; - case "PKCS12": - algorithmName = "PKCS #12 v1.0"; - break; - case "PKCS5S1": - algorithmName = "PKCS #5 v2.0 Scheme 1"; - break; - case "PKCS5S2": - algorithmName = "PKCS #5 v2.0 Scheme 2"; - break; - default: - break; - } - - algorithm = - new com.ibm.mapper.model.Algorithm(algorithmName, detectionLocation); - pbe = new PasswordBasedEncryption(algorithm); - - if (valueAction.asString().equals("OpenSSLPBE")) { - // Default digest is MD5 - pbe.put( - new MessageDigest( - new com.ibm.mapper.model.Algorithm( - "MD5", detectionLocation))); - } - - return Optional.of(pbe); */ default: - return Optional.empty(); // TODO + return Optional.empty(); } } else if (value instanceof AlgorithmParameter algorithmParameter) { BcAeadEnumsMapper bcAeadParametersMapper = new BcAeadEnumsMapper(); diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java index 02e71550..cb7d3e5d 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaDigestContextTranslator.java @@ -22,7 +22,7 @@ import com.ibm.engine.model.Algorithm; import com.ibm.engine.model.IValue; import com.ibm.engine.model.ValueAction; -import com.ibm.engine.model.context.DigestContext; +import com.ibm.engine.model.context.DetectionContext; import com.ibm.engine.model.context.IDetectionContext; import com.ibm.mapper.mapper.bc.BcDigestMapper; import com.ibm.mapper.mapper.jca.JcaMessageDigestMapper; @@ -30,8 +30,10 @@ import com.ibm.mapper.model.INode; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.algorithms.MGF1; +import com.ibm.mapper.model.collections.MergeableCollection; import com.ibm.mapper.model.functionality.Digest; import com.ibm.mapper.utils.DetectionLocation; +import java.util.List; import java.util.Optional; import org.jetbrains.annotations.NotNull; import org.sonar.plugins.java.api.tree.Tree; @@ -61,16 +63,22 @@ public final class JavaDigestContextTranslator extends JavaAbstractLibraryTransl @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - final DigestContext.Kind kind = ((DigestContext) detectionContext).kind(); - if (value instanceof ValueAction) { + if (value instanceof ValueAction && detectionContext instanceof DetectionContext context) { + String kind = context.get("kind").map(k -> k).orElse(""); switch (kind) { - case MGF1 -> { + case "MGF1" -> { BcDigestMapper bcDigestsMapper = new BcDigestMapper(); return bcDigestsMapper .parse(value.asString(), detectionLocation) .filter(MessageDigest.class::isInstance) .map(digest -> new MGF1((MessageDigest) digest)); } + case "ASSET_COLLECTION" -> { + BcDigestMapper bcDigestsMapper = new BcDigestMapper(); + return bcDigestsMapper + .parse(value.asString(), detectionLocation) + .map(digest -> new MergeableCollection(List.of(digest))); + } default -> { BcDigestMapper bcDigestsMapper = new BcDigestMapper(); return bcDigestsMapper.parse(value.asString(), detectionLocation).map(f -> f); diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyAgreementContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyAgreementContextTranslator.java index c8245d0d..f3528cb9 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyAgreementContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyAgreementContextTranslator.java @@ -61,9 +61,7 @@ public final class JavaKeyAgreementContextTranslator extends JavaAbstractLibrary @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - if (value instanceof Algorithm algorithm) { - return Optional.empty(); // TODO - } else if (value instanceof KeySize keySize) { + if (value instanceof KeySize keySize) { KeyLength keyLength = new KeyLength(keySize.getValue(), detectionLocation); return Optional.of(keyLength); } else if (value instanceof KeyAction action) { diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java index 23ef2bea..0868136a 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java @@ -25,8 +25,8 @@ import com.ibm.engine.model.KeySize; import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.DetectionContext; import com.ibm.engine.model.context.IDetectionContext; -import com.ibm.engine.model.context.KeyContext; import com.ibm.engine.model.context.PrivateKeyContext; import com.ibm.engine.model.context.PublicKeyContext; import com.ibm.engine.model.context.SecretKeyContext; @@ -97,26 +97,26 @@ public final class JavaKeyContextTranslator extends JavaAbstractLibraryTranslato @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - if (value instanceof ValueAction valueAction) { - final KeyContext.Kind kind = ((KeyContext) detectionContext).kind(); - // com.ibm.mapper.model.Algorithm algorithm; + if (value instanceof ValueAction valueAction + && detectionContext instanceof DetectionContext context) { + String kind = context.get("kind").map(k -> k).orElse(""); switch (kind) { - case DH: + case "DH": BcAgreementMapper bcAgreementMapper = new BcAgreementMapper(); return bcAgreementMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case KDF: + case "KDF": BcDerivationFunctionMapper bcDerivationFunctionMapper = new BcDerivationFunctionMapper(); return bcDerivationFunctionMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); - case KEM: + case "KEM": BcKemMapper bcKEMMapper = new BcKemMapper(); return bcKEMMapper.parse(valueAction.asString(), detectionLocation).map(f -> f); default: - break; + return Optional.empty(); } } else if (value instanceof KeySize keySize) { KeyLength keyLength = new KeyLength(keySize.getValue(), detectionLocation); diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java index 93418c8b..a3e76dd4 100644 --- a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java +++ b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaSignatureContextTranslator.java @@ -24,8 +24,8 @@ import com.ibm.engine.model.SaltSize; import com.ibm.engine.model.SignatureAction; import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.DetectionContext; import com.ibm.engine.model.context.IDetectionContext; -import com.ibm.engine.model.context.SignatureContext; import com.ibm.mapper.mapper.bc.BcDsaMapper; import com.ibm.mapper.mapper.bc.BcMessageSignerMapper; import com.ibm.mapper.mapper.bc.BcOperationModeSigningMapper; @@ -66,88 +66,32 @@ public final class JavaSignatureContextTranslator extends JavaAbstractLibraryTra @NotNull IValue value, @NotNull IDetectionContext detectionContext, @NotNull DetectionLocation detectionLocation) { - final SignatureContext.Kind kind = ((SignatureContext) detectionContext).kind(); - if (value instanceof ValueAction valueAction) { + if (value instanceof ValueAction valueAction + && detectionContext instanceof DetectionContext context) { + String kind = context.get("kind").map(k -> k).orElse(""); switch (kind) { - case DSA: + case "DSA": BcDsaMapper bcDSAMapper = new BcDsaMapper(); return bcDSAMapper.parse(valueAction.asString(), detectionLocation).map(f -> f); - case MESSAGE_SIGNER: + case "MESSAGE_SIGNER": BcMessageSignerMapper bcMessageSignerMapper = new BcMessageSignerMapper(); return bcMessageSignerMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); default: - // TODO: would it be better with a special Kind? BcSignatureMapper bcSignatureMapper = new BcSignatureMapper(); return bcSignatureMapper .parse(valueAction.asString(), detectionLocation) .map(f -> f); } - /*final SignatureContext.Kind kind = ((SignatureContext) detectionContext).kind(); - if (value instanceof ValueAction valueAction) { - Algorithm algorithm; - Signature signature; - ECAlgorithm eca; - ProbabilisticSignatureScheme pss; - switch (kind) { - case EdDSA: - String curveName = ITranslator.UNKNOWN; - switch (valueAction.asString()) { - case "Ed25519": - curveName = "Curve25519"; - break; - case "Ed448": - curveName = "Curve448"; - break; - default: - break; - } - algorithm = new Algorithm("EdDSA", detectionLocation); - signature = new Signature(algorithm); - - eca = new EllipticCurveAlgorithm(new Algorithm("EC", detectionLocation)); - eca.put(new EllipticCurve(curveName, detectionLocation)); - - signature.put(eca); - return Optional.of(signature); - case ALGORITHM_AND_HASH_WRAPPER, DIGEST_MESSAGE_WRAPPER: - // Maybe choose a better way to translate DIGEST_MESSAGE_WRAPPER - algorithm = new Algorithm(ITranslator.UNKNOWN, detectionLocation); - signature = new Signature(algorithm); - return Optional.of(signature); - case RSA: - algorithm = new Algorithm(ITranslator.UNKNOWN + "withRSA", detectionLocation); - signature = new Signature(algorithm); - PublicKeyEncryption pke = - new PublicKeyEncryption(new Algorithm("RSA", detectionLocation)); - signature.put(pke); - return Optional.of(signature); - case SIGNATURE_NAME, DSA: - algorithm = new Algorithm(valueAction.asString(), detectionLocation); - signature = new Signature(algorithm); - return Optional.of(signature); - case PSS: - pss = new ProbabilisticSignatureScheme(detectionLocation); - algorithm = new Algorithm(ITranslator.UNKNOWN + "-PSS", detectionLocation); - signature = new Signature(algorithm); - signature.put(pss); - return Optional.of(signature); - default: - algorithm = new Algorithm(valueAction.asString(), detectionLocation); - return Optional.of(algorithm); - }*/ } else if (value instanceof OperationMode operationMode) { - switch (kind) { - case SIGNING_STATUS: - BcOperationModeSigningMapper bcOperationModeSigningMapper = - new BcOperationModeSigningMapper(); - return bcOperationModeSigningMapper - .parse(operationMode.asString(), detectionLocation) - .map(f -> f); - default: - break; - } + BcOperationModeSigningMapper bcOperationModeSigningMapper = + new BcOperationModeSigningMapper(); + return bcOperationModeSigningMapper + .parse(operationMode.asString(), detectionLocation) + .map(f -> f); + } else if (value instanceof SaltSize saltSize) { + return Optional.of(new SaltLength(saltSize.getValue(), detectionLocation)); } return Optional.empty(); } diff --git a/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTestFile.java b/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTestFile.java index 554668ed..a397dfcc 100644 --- a/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTestFile.java +++ b/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTestFile.java @@ -17,13 +17,13 @@ public byte[] encryptCEK1(final RSAPublicKey pub, final SecretKey cek) throws RuntimeException { try { // TODO: This detection should optimally not happen once RSA has been detected as a child finding of OAEPEncoding - AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSA}} + AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSAEngine}} // TODO: Using intermediate variables should also work // Digest digest = new ShortenedDigest(new SHA3Digest(), 16); // Digest digest = new SHA3Digest(); // TODO: Duplicate detection of SHA3 (see detection store) - OAEPEncoding cipher = new OAEPEncoding(engine, new ShortenedDigest(new SHA3Digest(), 16)); // Noncompliant {{OAEP}} + OAEPEncoding cipher = new OAEPEncoding(engine, new ShortenedDigest(new SHA3Digest(), 16)); // Noncompliant {{OAEPEncoding}} BigInteger mod = pub.getModulus(); BigInteger exp = pub.getPublicExponent(); @@ -47,9 +47,9 @@ public byte[] encryptCEK2(final RSAPublicKey pub, final SecretKey cek) throws RuntimeException { try { // TODO: This detection should optimally not happen once RSA has been detected as a child finding of OAEPEncoding - AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSA}} + AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSAEngine}} - OAEPEncoding cipher = new OAEPEncoding(engine, new NonMemoableDigest(new SHA3Digest()), new SHA512Digest(), new byte[16]); // Noncompliant {{OAEP}} + OAEPEncoding cipher = new OAEPEncoding(engine, new NonMemoableDigest(new SHA3Digest()), new SHA512Digest(), new byte[16]); // Noncompliant {{OAEPEncoding}} BigInteger mod = pub.getModulus(); BigInteger exp = pub.getPublicExponent(); diff --git a/java/src/test/files/rules/detection/bc/blockcipher/BcG3413CFBBlockCipherTestFile.java b/java/src/test/files/rules/detection/bc/blockcipher/BcG3413CFBBlockCipherTestFile.java index 18f24348..273da770 100644 --- a/java/src/test/files/rules/detection/bc/blockcipher/BcG3413CFBBlockCipherTestFile.java +++ b/java/src/test/files/rules/detection/bc/blockcipher/BcG3413CFBBlockCipherTestFile.java @@ -5,9 +5,8 @@ public class BcG3413CFBBlockCipherTestFile { public void AESCipherCBCnoPad(byte[] key) { - // TODO: This detection should optimally not happen once GOST3412_2015 has been detected as a child finding of G3413CFBBlockCipher - GOST3412_2015Engine engine = new GOST3412_2015Engine(); // Noncompliant {{GOST R 34.12-2015}} - G3413CFBBlockCipher cipher = new G3413CFBBlockCipher(engine, 128); // Noncompliant {{GOST R 34.12-2015|CFB}} + GOST3412_2015Engine engine = new GOST3412_2015Engine(); // Noncompliant {{GOST3412_2015Engine}} + G3413CFBBlockCipher cipher = new G3413CFBBlockCipher(engine, 128); // Noncompliant {{G3413CFBBlockCipher}} KeyParameter kp = new KeyParameter(key); cipher.init(true, kp); return; diff --git a/java/src/test/files/rules/detection/bc/other/BcIESEngineTestFile.java b/java/src/test/files/rules/detection/bc/other/BcIESEngineTestFile.java index 19825fc4..cff4445f 100644 --- a/java/src/test/files/rules/detection/bc/other/BcIESEngineTestFile.java +++ b/java/src/test/files/rules/detection/bc/other/BcIESEngineTestFile.java @@ -19,18 +19,18 @@ public static void main(String[] args) throws Exception { new EphemeralKeyPairGenerator(null, null); // Set up the basic agreement - ECDHBasicAgreement agreement = new ECDHBasicAgreement(); // Noncompliant {{ECDH}} + ECDHBasicAgreement agreement = new ECDHBasicAgreement(); // Noncompliant {{ECDHBasicAgreement}} // Set up the key derivation function // Here, we use a simple SHA-256 based derivation function - DerivationFunction kdf = new KDF1BytesGenerator(new SHA256Digest()); // Noncompliant {{KDF1}} + DerivationFunction kdf = new KDF1BytesGenerator(new SHA256Digest()); // Noncompliant {{KDF1BytesGenerator}} // Set up the MAC (Message Authentication Code) // Here, we use HMAC with SHA-512 HMac mac = new HMac(new SHA512Digest()); // Noncompliant {{HMac}} // Initialize the IESEngine - IESEngine engine = new IESEngine(agreement, kdf, mac); // Noncompliant {{IES}} + IESEngine engine = new IESEngine(agreement, kdf, mac); // Noncompliant {{IESEngine}} // Set up the IESEngine parameters IESParameters iesParameters = new IESParameters(null, null, 128); diff --git a/java/src/test/files/rules/detection/bc/signer/BcDigestingMessageSignerTestFile.java b/java/src/test/files/rules/detection/bc/signer/BcDigestingMessageSignerTestFile.java index 4bd64020..f706d8d1 100644 --- a/java/src/test/files/rules/detection/bc/signer/BcDigestingMessageSignerTestFile.java +++ b/java/src/test/files/rules/detection/bc/signer/BcDigestingMessageSignerTestFile.java @@ -19,7 +19,7 @@ public static void test() { // Initialize DigestingMessageSigner with SPHINCS signer and SHAKEDigest DigestingMessageSigner signer = new DigestingMessageSigner(sphincsSigner, digest); - // Noncompliant@-1 {{DigestingMessage}} + // Noncompliant@-1 {{DigestingMessageSigner}} signer.init(true, new RSAKeyParameters(true, new BigInteger("0"), new BigInteger("1"))); diff --git a/java/src/test/files/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTestFile.java b/java/src/test/files/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTestFile.java index 846ac135..28b13f9d 100644 --- a/java/src/test/files/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTestFile.java +++ b/java/src/test/files/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTestFile.java @@ -18,7 +18,7 @@ public static void test() { // Initialize DigestingStateAwareMessageSigner with SPHINCS signer and SHAKEDigest DigestingStateAwareMessageSigner signer = new DigestingStateAwareMessageSigner(gmssSigner, digest); - // Noncompliant@-1 {{DigestingStateAwareMessage}} + // Noncompliant@-1 {{DigestingStateAwareMessageSigner}} signer.init(true, new RSAKeyParameters(true, new BigInteger("0"), new BigInteger("1"))); diff --git a/java/src/test/files/rules/detection/bc/signer/BcISO9796d2PSSSignerTestFile.java b/java/src/test/files/rules/detection/bc/signer/BcISO9796d2PSSSignerTestFile.java index 8690cb32..39d3bdad 100644 --- a/java/src/test/files/rules/detection/bc/signer/BcISO9796d2PSSSignerTestFile.java +++ b/java/src/test/files/rules/detection/bc/signer/BcISO9796d2PSSSignerTestFile.java @@ -16,14 +16,14 @@ public static void test() { Digest digest = new SHA256Digest(); // Initialize your digest, e.g., new SHA256Digest() // Initialize the Engine - AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSA}} + AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSAEngine}} // Initialize the AsymmetricBlockCipher - ISO9796d1Encoding cipher = new ISO9796d1Encoding(engine); // Noncompliant {{ISO 9796-1}} + ISO9796d1Encoding cipher = new ISO9796d1Encoding(engine); // Noncompliant {{ISO9796d1Encoding}} // Initialize ISO9796d2PSSSigner ISO9796d2PSSSigner signer = new ISO9796d2PSSSigner(cipher, digest, 256, false); - // Noncompliant@-1 {{ISO9796d2PSS}} + // Noncompliant@-1 {{ISO9796d2PSSSigner}} signer.init(true, new RSAKeyParameters(true, new BigInteger("0"), new BigInteger("1"))); diff --git a/java/src/test/files/rules/detection/bc/wrapper/BcAESWrapEngineTestFile.java b/java/src/test/files/rules/detection/bc/wrapper/BcAESWrapEngineTestFile.java index f5361fc8..5829ea4b 100644 --- a/java/src/test/files/rules/detection/bc/wrapper/BcAESWrapEngineTestFile.java +++ b/java/src/test/files/rules/detection/bc/wrapper/BcAESWrapEngineTestFile.java @@ -14,7 +14,7 @@ public static void test() { random.nextBytes(wrappingKey); // Wrap the key - AESWrapEngine wrapper = new AESWrapEngine(); // Noncompliant {{AES}} + AESWrapEngine wrapper = new AESWrapEngine(); // Noncompliant {{AESWrapEngine}} KeyParameter keyParameter = new KeyParameter(wrappingKey); wrapper.init(true, keyParameter); diff --git a/java/src/test/files/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTestFile.java b/java/src/test/files/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTestFile.java index 8abbbb21..50a134ca 100644 --- a/java/src/test/files/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTestFile.java +++ b/java/src/test/files/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTestFile.java @@ -14,7 +14,7 @@ public static void test() { random.nextBytes(wrappingKey); // Wrap the key (block size: 256 bits) - DSTU7624WrapEngine wrapper = new DSTU7624WrapEngine(256); // Noncompliant {{DSTU 7624:2014}} + DSTU7624WrapEngine wrapper = new DSTU7624WrapEngine(256); // Noncompliant {{DSTU7624WrapEngine}} KeyParameter keyParameter = new KeyParameter(wrappingKey); wrapper.init(true, keyParameter); diff --git a/java/src/test/files/rules/detection/bc/wrapper/BcRFC3394WrapEngineTestFile.java b/java/src/test/files/rules/detection/bc/wrapper/BcRFC3394WrapEngineTestFile.java index 906f48be..23ccfbe6 100644 --- a/java/src/test/files/rules/detection/bc/wrapper/BcRFC3394WrapEngineTestFile.java +++ b/java/src/test/files/rules/detection/bc/wrapper/BcRFC3394WrapEngineTestFile.java @@ -16,8 +16,8 @@ public static void test1() { random.nextBytes(wrappingKey); // Wrap the key - AESFastEngine aesEngine = new AESFastEngine(); // Noncompliant {{AES}} - RFC3394WrapEngine wrapper = new RFC3394WrapEngine(aesEngine); // Noncompliant {{RFC 3394}} + AESFastEngine aesEngine = new AESFastEngine(); // Noncompliant {{AESFastEngine}} + RFC3394WrapEngine wrapper = new RFC3394WrapEngine(aesEngine); // Noncompliant {{RFC3394WrapEngine}} KeyParameter keyParameter = new KeyParameter(wrappingKey); wrapper.init(true, keyParameter); @@ -35,9 +35,9 @@ public static void test2() { random.nextBytes(wrappingKey); // Wrap the key in the forward direction - AESFastEngine aesEngine = new AESFastEngine(); // Noncompliant {{AES}} + AESFastEngine aesEngine = new AESFastEngine(); // Noncompliant {{AESFastEngine}} RFC3394WrapEngine forwardWrapper = // Forward direction - new RFC3394WrapEngine(aesEngine, false); // Noncompliant {{RFC 3394}} + new RFC3394WrapEngine(aesEngine, false); // Noncompliant {{RFC3394WrapEngine}} KeyParameter forwardKeyParameter = new KeyParameter(wrappingKey); forwardWrapper.init(true, forwardKeyParameter); diff --git a/java/src/test/files/rules/issues/DuplicateParameterFindingsTestFile.java b/java/src/test/files/rules/issues/DuplicateParameterFindingsTestFile.java index 8c6e3d5b..7fd73ab8 100644 --- a/java/src/test/files/rules/issues/DuplicateParameterFindingsTestFile.java +++ b/java/src/test/files/rules/issues/DuplicateParameterFindingsTestFile.java @@ -13,9 +13,9 @@ public class DuplicateParameterFindingsTestFile { public byte[] encryptCEK(final RSAPublicKey pub, final SecretKey cek) throws RuntimeException { - AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSA}} + AsymmetricBlockCipher engine = new RSAEngine(); // Noncompliant {{RSAEngine}} - OAEPEncoding cipher = new OAEPEncoding(engine, new SHA3Digest(), new SHA512Digest(), new byte[16]); // Noncompliant {{OAEP}} + OAEPEncoding cipher = new OAEPEncoding(engine, new SHA3Digest(), new SHA512Digest(), new byte[16]); // Noncompliant {{OAEPEncoding}} // cipher.init(true, new RSAKeyParameters(false, null, null)); diff --git a/java/src/test/files/rules/issues/DuplicateParametersFinding2TestFile.java b/java/src/test/files/rules/issues/DuplicateParametersFinding2TestFile.java new file mode 100644 index 00000000..19045b6b --- /dev/null +++ b/java/src/test/files/rules/issues/DuplicateParametersFinding2TestFile.java @@ -0,0 +1,15 @@ +package com.ibm.example; + +public class DuplicateParametersFinding2TestFile { + + public class Car { + Car(SeatInterface frontSeats, SeatInterface backSeats) {} + } + public interface SeatInterface {} + public class LeatherSeats implements SeatInterface {} + public class HeatedSeats implements SeatInterface {} + + public void test() { + Car myCar = new Car(new LeatherSeats(), new HeatedSeats()); // Noncompliant {{Car}} + } +} diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngineTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngineTest.java index b235c7cd..bf44c685 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngineTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/aeadcipher/BcAEADCipherEngineTest.java @@ -35,7 +35,6 @@ import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; import org.jetbrains.annotations.NotNull; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.sonar.java.checks.verifier.CheckVerifier; import org.sonar.plugins.java.api.JavaCheck; @@ -44,7 +43,6 @@ import org.sonar.plugins.java.api.tree.Tree; class BcAEADCipherEngineTest extends TestBase { - @Disabled("Duplication of te OperationMode creates duplicated translated nodes") @Test void test() { CheckVerifier.newVerifier() @@ -61,6 +59,7 @@ public void asserts( @NotNull DetectionStore detectionStore, @NotNull List nodes) { String algorithmName = findingId == 0 ? "AsconEngine" : "Grain128AEADEngine"; + String translatedAlgorithmName = findingId == 0 ? "Ascon-128" : "Grain-128AEAD"; /* * Detection Store @@ -98,8 +97,8 @@ public void asserts( // AuthenticatedEncryption INode authenticatedEncryptionNode = nodes.get(0); assertThat(authenticatedEncryptionNode.getKind()).isEqualTo(AuthenticatedEncryption.class); - assertThat(authenticatedEncryptionNode.getChildren()).hasSize(findingId == 0 ? 2 : 1); - assertThat(authenticatedEncryptionNode.asString()).isEqualTo(algorithmName); + // assertThat(authenticatedEncryptionNode.getChildren()).hasSize(findingId == 0 ? 2 : 1); + assertThat(authenticatedEncryptionNode.asString()).isEqualTo(translatedAlgorithmName); // Encrypt under AuthenticatedEncryption INode encryptNode = authenticatedEncryptionNode.getChildren().get(Encrypt.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTest.java index ec2406a5..50cd50d8 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTest.java @@ -123,7 +123,7 @@ public void asserts( INode pkeNode = nodes.get(0); assertThat(pkeNode.getKind()).isEqualTo(PublicKeyEncryption.class); assertThat(pkeNode.getChildren()).hasSize(4); - assertThat(pkeNode.asString()).isEqualTo("RSA"); + assertThat(pkeNode.asString()).isEqualTo("RSA-OAEP"); // Encrypt under PublicKeyEncryption INode encryptNode = pkeNode.getChildren().get(Encrypt.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTest.java index ba2a598a..386bec7a 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/asymmetricblockcipher/BcOAEPEncodingTest.java @@ -25,7 +25,6 @@ import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; import org.jetbrains.annotations.NotNull; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.sonar.java.checks.verifier.CheckVerifier; import org.sonar.plugins.java.api.JavaCheck; @@ -34,8 +33,7 @@ import org.sonar.plugins.java.api.tree.Tree; class BcOAEPEncodingTest extends TestBase { - /* TODO: fix duplicate digest detections before enabling and writing asserts */ - @Disabled + // @Disabled("Fix duplicate digest detections before enabling and writing asserts") @Test void test() { CheckVerifier.newVerifier() diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcCBCBlockCipherTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcCBCBlockCipherTest.java index 952e58d8..5516ba55 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcCBCBlockCipherTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/blockcipher/BcCBCBlockCipherTest.java @@ -110,8 +110,8 @@ public void asserts( // BlockCipher INode blockCipherNode1 = nodes.get(0); assertThat(blockCipherNode1.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode1.getChildren()).hasSize(3); - assertThat(blockCipherNode1.asString()).isEqualTo("AES"); + assertThat(blockCipherNode1.getChildren()).hasSize(4); + assertThat(blockCipherNode1.asString()).isEqualTo("AES-CBC"); // Decrypt under BlockCipher INode decryptNode = diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcCTSBlockCipherTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcCTSBlockCipherTest.java index 0e51fb7b..a2706fde 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcCTSBlockCipherTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcCTSBlockCipherTest.java @@ -100,8 +100,8 @@ public void asserts( // BlockCipher INode blockCipherNode = nodes.get(0); assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(3); - assertThat(blockCipherNode.asString()).isEqualTo("AES"); + assertThat(blockCipherNode.getChildren()).hasSize(4); + assertThat(blockCipherNode.asString()).isEqualTo("AES-CTS"); // Mode under BlockCipher INode modeNode = blockCipherNode.getChildren().get(Mode.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcDefaultBufferedBlockCipherTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcDefaultBufferedBlockCipherTest.java index 06cd9a36..8a0b942e 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcDefaultBufferedBlockCipherTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcDefaultBufferedBlockCipherTest.java @@ -99,7 +99,7 @@ public void asserts( // BlockCipher INode blockCipherNode = nodes.get(0); assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(2); + assertThat(blockCipherNode.getChildren()).hasSize(3); assertThat(blockCipherNode.asString()).isEqualTo("AES"); // Encrypt under BlockCipher diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcNISTCTSBlockCipherTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcNISTCTSBlockCipherTest.java index 1ecf9328..84931541 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcNISTCTSBlockCipherTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcNISTCTSBlockCipherTest.java @@ -101,8 +101,8 @@ public void asserts( // BlockCipher INode blockCipherNode = nodes.get(0); assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(3); - assertThat(blockCipherNode.asString()).isEqualTo("AES"); + assertThat(blockCipherNode.getChildren()).hasSize(4); + assertThat(blockCipherNode.asString()).isEqualTo("AES-CTS"); // Encrypt under BlockCipher INode encryptNode = blockCipherNode.getChildren().get(Encrypt.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherCustomPaddingTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherCustomPaddingTest.java index 52de6216..493ac581 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherCustomPaddingTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherCustomPaddingTest.java @@ -43,16 +43,8 @@ import org.sonar.plugins.java.api.tree.Tree; class BcPaddedBufferedBlockCipherCustomPaddingTest extends TestBase { - /** - * This test shows that CBC is missing its AES child, because of the issue described in - * `NextParameterDependingRulesTest` (this test does not use an intermediary variable for AES, - * contrarily to `BcPaddedBufferedBlockCipherTest`). - * - *

Also, we currently have two ValueActions at the same level that both translate to a - * BlockCipher: CBC (that is missing its AES child) and an undesirable AES detection. At - * translation, this will create the bug observed in `DuplicateDependingRulesTest`. - */ - @Disabled + @Disabled( + "There is an undesirable AES detection at the same level than CBC: it should not be the case") @Test void test() { CheckVerifier.newVerifier() diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherTest.java index 25a8e249..ebc607f9 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/bufferedblockcipher/BcPaddedBufferedBlockCipherTest.java @@ -42,12 +42,8 @@ import org.sonar.plugins.java.api.tree.Tree; class BcPaddedBufferedBlockCipherTest extends TestBase { - /** - * We currently have two ValueActions at the same level that both translate to a BlockCipher: - * CBC and an undesirable duplicate AES detection. At translation, this will create the bug - * observed in `DuplicateDependingRulesTest`. - */ - @Disabled + @Disabled( + "There is an undesirable AES detection at the same level than CBC: it should not be the case") @Test void test() { CheckVerifier.newVerifier() diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java index 32247d30..73899319 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKGMACTest.java @@ -139,7 +139,7 @@ public void asserts( macNode.getChildren().get(AuthenticatedEncryption.class); assertThat(authenticatedEncryptionNode).isNotNull(); assertThat(authenticatedEncryptionNode.getChildren()).hasSize(2); - assertThat(authenticatedEncryptionNode.asString()).isEqualTo("Kalyna"); + assertThat(authenticatedEncryptionNode.asString()).isEqualTo("Kalyna-64"); // BlockSize under AuthenticatedEncryption under Mac INode blockSizeNode = authenticatedEncryptionNode.getChildren().get(BlockSize.class); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKMACTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKMACTest.java index aedc2038..1cd97e12 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKMACTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/mac/BcKMACTest.java @@ -26,9 +26,9 @@ import com.ibm.engine.model.ParameterIdentifier; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.Mac; -import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.ParameterSetIdentifier; import com.ibm.mapper.model.functionality.Digest; import com.ibm.mapper.model.functionality.Tag; @@ -95,15 +95,15 @@ public void asserts( assertThat(tagNode.getChildren()).isEmpty(); assertThat(tagNode.asString()).isEqualTo("TAG"); - // MessageDigest under Mac - INode messageDigestNode = macNode.getChildren().get(MessageDigest.class); - assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).hasSize(1); - assertThat(messageDigestNode.asString()).isEqualTo("cSHAKE"); + // ExtendableOutputFunction under Mac + INode xofNode = macNode.getChildren().get(ExtendableOutputFunction.class); + assertThat(xofNode).isNotNull(); + assertThat(xofNode.getChildren()).hasSize(1); + assertThat(xofNode.asString()).isEqualTo("cSHAKE"); /* TODO: optimally, we would capture cSHAKE256 here (using enrichment) */ - // Digest under MessageDigest under Mac - INode digestNode = messageDigestNode.getChildren().get(Digest.class); + // Digest under ExtendableOutputFunction under Mac + INode digestNode = xofNode.getChildren().get(Digest.class); assertThat(digestNode).isNotNull(); assertThat(digestNode.getChildren()).isEmpty(); assertThat(digestNode.asString()).isEqualTo("DIGEST"); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineTest.java index 8d06aa77..13e8440e 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/other/BcIESEngineTest.java @@ -19,13 +19,31 @@ */ package com.ibm.plugin.rules.detection.bc.other; +import static org.assertj.core.api.Assertions.assertThat; + import com.ibm.engine.detection.DetectionStore; +import com.ibm.engine.model.IValue; +import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.CipherContext; +import com.ibm.engine.model.context.DigestContext; +import com.ibm.engine.model.context.KeyContext; +import com.ibm.engine.model.context.MacContext; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyAgreement; +import com.ibm.mapper.model.KeyDerivationFunction; +import com.ibm.mapper.model.Mac; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Oid; +import com.ibm.mapper.model.PublicKeyEncryption; +import com.ibm.mapper.model.TagLength; +import com.ibm.mapper.model.functionality.Digest; +import com.ibm.mapper.model.functionality.Tag; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; import org.jetbrains.annotations.NotNull; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.sonar.java.checks.verifier.CheckVerifier; import org.sonar.plugins.java.api.JavaCheck; @@ -34,8 +52,6 @@ import org.sonar.plugins.java.api.tree.Tree; class BcIESEngineTest extends TestBase { - @Disabled( - "Problem to reolve before enabling this test: duplicate detection of the hashes (probably the same problem as in `DuplicateParameterFindingsTest`)") @Test void test() { CheckVerifier.newVerifier() @@ -50,8 +66,168 @@ public void asserts( int findingId, @NotNull DetectionStore detectionStore, @NotNull List nodes) { + if (findingId == 0 || findingId == 1 || findingId == 2) { + return; + } + /* - * TODO: + * Detection Store */ + + assertThat(detectionStore.getDetectionValues()).hasSize(1); + assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); + IValue value0 = detectionStore.getDetectionValues().get(0); + assertThat(value0).isInstanceOf(ValueAction.class); + assertThat(value0.asString()).isEqualTo("IESEngine"); + + List> stores = + getStoresOfValueType(ValueAction.class, detectionStore.getChildren()); + + DetectionStore store_1 = stores.get(0); + assertThat(store_1.getDetectionValues()).hasSize(1); + assertThat(store_1.getDetectionValueContext()).isInstanceOf(KeyContext.class); + IValue value0_1 = store_1.getDetectionValues().get(0); + assertThat(value0_1).isInstanceOf(ValueAction.class); + assertThat(value0_1.asString()).isEqualTo("ECDHBasicAgreement"); + + DetectionStore store_2 = stores.get(1); + assertThat(store_2.getDetectionValues()).hasSize(1); + assertThat(store_2.getDetectionValueContext()).isInstanceOf(KeyContext.class); + IValue value0_2 = store_2.getDetectionValues().get(0); + assertThat(value0_2).isInstanceOf(ValueAction.class); + assertThat(value0_2.asString()).isEqualTo("KDF1BytesGenerator"); + + DetectionStore store_2_1 = + getStoreOfValueType(ValueAction.class, store_2.getChildren()); + assertThat(store_2_1.getDetectionValues()).hasSize(1); + assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_2_1 = store_2_1.getDetectionValues().get(0); + assertThat(value0_2_1).isInstanceOf(ValueAction.class); + assertThat(value0_2_1.asString()).isEqualTo("SHA256Digest"); + + DetectionStore store_3 = stores.get(2); + assertThat(store_3.getDetectionValues()).hasSize(1); + assertThat(store_3.getDetectionValueContext()).isInstanceOf(MacContext.class); + IValue value0_3 = store_3.getDetectionValues().get(0); + assertThat(value0_3).isInstanceOf(ValueAction.class); + assertThat(value0_3.asString()).isEqualTo("HMac"); + + DetectionStore store_3_1 = + getStoreOfValueType(ValueAction.class, store_3.getChildren()); + assertThat(store_3_1.getDetectionValues()).hasSize(1); + assertThat(store_3_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_3_1 = store_3_1.getDetectionValues().get(0); + assertThat(value0_3_1).isInstanceOf(ValueAction.class); + assertThat(value0_3_1.asString()).isEqualTo("SHA512Digest"); + + /* + * Translation + */ + + assertThat(nodes).hasSize(1); + + // PublicKeyEncryption + INode publicKeyEncryptionNode = nodes.get(0); + assertThat(publicKeyEncryptionNode.getKind()).isEqualTo(PublicKeyEncryption.class); + assertThat(publicKeyEncryptionNode.getChildren()).hasSize(3); + assertThat(publicKeyEncryptionNode.asString()).isEqualTo("IES"); + + // Mac under PublicKeyEncryption + INode macNode1 = publicKeyEncryptionNode.getChildren().get(Mac.class); + assertThat(macNode1).isNotNull(); + assertThat(macNode1.getChildren()).hasSize(3); + assertThat(macNode1.asString()).isEqualTo("HMAC-SHA512"); + + // Tag under Mac under PublicKeyEncryption + INode tagNode1 = macNode1.getChildren().get(Tag.class); + assertThat(tagNode1).isNotNull(); + assertThat(tagNode1.getChildren()).isEmpty(); + assertThat(tagNode1.asString()).isEqualTo("TAG"); + + // MessageDigest under Mac under PublicKeyEncryption + INode messageDigestNode2 = macNode1.getChildren().get(MessageDigest.class); + assertThat(messageDigestNode2).isNotNull(); + assertThat(messageDigestNode2.getChildren()).hasSize(4); + assertThat(messageDigestNode2.asString()).isEqualTo("SHA512"); + + // Oid under MessageDigest under Mac under PublicKeyEncryption + INode oidNode3 = messageDigestNode2.getChildren().get(Oid.class); + assertThat(oidNode3).isNotNull(); + assertThat(oidNode3.getChildren()).isEmpty(); + assertThat(oidNode3.asString()).isEqualTo("2.16.840.1.101.3.4.2.3"); + + // DigestSize under MessageDigest under Mac under PublicKeyEncryption + INode digestSizeNode2 = messageDigestNode2.getChildren().get(DigestSize.class); + assertThat(digestSizeNode2).isNotNull(); + assertThat(digestSizeNode2.getChildren()).isEmpty(); + assertThat(digestSizeNode2.asString()).isEqualTo("512"); + + // BlockSize under MessageDigest under Mac under PublicKeyEncryption + INode blockSizeNode2 = messageDigestNode2.getChildren().get(BlockSize.class); + assertThat(blockSizeNode2).isNotNull(); + assertThat(blockSizeNode2.getChildren()).isEmpty(); + assertThat(blockSizeNode2.asString()).isEqualTo("1024"); + + // Digest under MessageDigest under Mac under PublicKeyEncryption + INode digestNode2 = messageDigestNode2.getChildren().get(Digest.class); + assertThat(digestNode2).isNotNull(); + assertThat(digestNode2.getChildren()).isEmpty(); + assertThat(digestNode2.asString()).isEqualTo("DIGEST"); + + // TagLength under Mac under PublicKeyEncryption + INode tagLengthNode = macNode1.getChildren().get(TagLength.class); + assertThat(tagLengthNode).isNotNull(); + assertThat(tagLengthNode.getChildren()).isEmpty(); + assertThat(tagLengthNode.asString()).isEqualTo("128"); + + // KeyDerivationFunction under PublicKeyEncryption + INode keyDerivationFunctionNode1 = + publicKeyEncryptionNode.getChildren().get(KeyDerivationFunction.class); + assertThat(keyDerivationFunctionNode1).isNotNull(); + assertThat(keyDerivationFunctionNode1.getChildren()).hasSize(1); + assertThat(keyDerivationFunctionNode1.asString()).isEqualTo("KDF1"); + + // MessageDigest under KeyDerivationFunction under PublicKeyEncryption + INode messageDigestNode3 = + keyDerivationFunctionNode1.getChildren().get(MessageDigest.class); + assertThat(messageDigestNode3).isNotNull(); + assertThat(messageDigestNode3.getChildren()).hasSize(4); + assertThat(messageDigestNode3.asString()).isEqualTo("SHA256"); + + // Oid under MessageDigest under KeyDerivationFunction under PublicKeyEncryption + INode oidNode4 = messageDigestNode3.getChildren().get(Oid.class); + assertThat(oidNode4).isNotNull(); + assertThat(oidNode4.getChildren()).isEmpty(); + assertThat(oidNode4.asString()).isEqualTo("2.16.840.1.101.3.4.2.1"); + + // DigestSize under MessageDigest under KeyDerivationFunction under PublicKeyEncryption + INode digestSizeNode3 = messageDigestNode3.getChildren().get(DigestSize.class); + assertThat(digestSizeNode3).isNotNull(); + assertThat(digestSizeNode3.getChildren()).isEmpty(); + assertThat(digestSizeNode3.asString()).isEqualTo("256"); + + // BlockSize under MessageDigest under KeyDerivationFunction under PublicKeyEncryption + INode blockSizeNode3 = messageDigestNode3.getChildren().get(BlockSize.class); + assertThat(blockSizeNode3).isNotNull(); + assertThat(blockSizeNode3.getChildren()).isEmpty(); + assertThat(blockSizeNode3.asString()).isEqualTo("512"); + + // Digest under MessageDigest under KeyDerivationFunction under PublicKeyEncryption + INode digestNode3 = messageDigestNode3.getChildren().get(Digest.class); + assertThat(digestNode3).isNotNull(); + assertThat(digestNode3.getChildren()).isEmpty(); + assertThat(digestNode3.asString()).isEqualTo("DIGEST"); + + // KeyAgreement under PublicKeyEncryption + INode keyAgreementNode1 = publicKeyEncryptionNode.getChildren().get(KeyAgreement.class); + assertThat(keyAgreementNode1).isNotNull(); + assertThat(keyAgreementNode1.getChildren()).hasSize(1); + assertThat(keyAgreementNode1.asString()).isEqualTo("ECDH"); + + // Oid under KeyAgreement under PublicKeyEncryption + INode oidNode5 = keyAgreementNode1.getChildren().get(Oid.class); + assertThat(oidNode5).isNotNull(); + assertThat(oidNode5.getChildren()).isEmpty(); + assertThat(oidNode5.asString()).isEqualTo("1.3.132.1.12"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingMessageSignerTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingMessageSignerTest.java index b68b6585..23663351 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingMessageSignerTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingMessageSignerTest.java @@ -19,8 +19,24 @@ */ package com.ibm.plugin.rules.detection.bc.signer; +import static org.assertj.core.api.Assertions.assertThat; + import com.ibm.engine.detection.DetectionStore; +import com.ibm.engine.model.IValue; +import com.ibm.engine.model.OperationMode; +import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.DigestContext; +import com.ibm.engine.model.context.SignatureContext; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Oid; +import com.ibm.mapper.model.ParameterSetIdentifier; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.model.collections.MergeableCollection; +import com.ibm.mapper.model.functionality.Digest; +import com.ibm.mapper.model.functionality.Sign; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -48,6 +64,117 @@ public void asserts( int findingId, @NotNull DetectionStore detectionStore, @NotNull List nodes) { - // TODO: + /* + * Detection Store + */ + + assertThat(detectionStore.getDetectionValues()).hasSize(1); + assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0 = detectionStore.getDetectionValues().get(0); + assertThat(value0).isInstanceOf(ValueAction.class); + assertThat(value0.asString()).isEqualTo("DigestingMessageSigner"); + + DetectionStore store_1 = + getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); + assertThat(store_1.getDetectionValues()).hasSize(1); + assertThat(store_1.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0_1 = store_1.getDetectionValues().get(0); + assertThat(value0_1).isInstanceOf(OperationMode.class); + assertThat(value0_1.asString()).isEqualTo("1"); + + List> stores = + getStoresOfValueType(ValueAction.class, detectionStore.getChildren()); + + DetectionStore store_2 = stores.get(0); + assertThat(store_2.getDetectionValues()).hasSize(1); + assertThat(store_2.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0_2 = store_2.getDetectionValues().get(0); + assertThat(value0_2).isInstanceOf(ValueAction.class); + assertThat(value0_2.asString()).isEqualTo("SPHINCS256Signer"); + + List> stores_2 = + getStoresOfValueType(ValueAction.class, store_2.getChildren()); + + DetectionStore store_2_1 = stores_2.get(0); + assertThat(store_2_1.getDetectionValues()).hasSize(1); + assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_2_1 = store_2_1.getDetectionValues().get(0); + assertThat(value0_2_1).isInstanceOf(ValueAction.class); + assertThat(value0_2_1.asString()).isEqualTo("SHAKEDigest"); + + DetectionStore store_2_2 = stores_2.get(1); + assertThat(store_2_2.getDetectionValues()).hasSize(1); + assertThat(store_2_2.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_2_2 = store_2_2.getDetectionValues().get(0); + assertThat(value0_2_2).isInstanceOf(ValueAction.class); + assertThat(value0_2_2.asString()).isEqualTo("SHAKEDigest"); + + DetectionStore store_3 = stores.get(1); + assertThat(store_3.getDetectionValues()).hasSize(1); + assertThat(store_3.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_3 = store_3.getDetectionValues().get(0); + assertThat(value0_3).isInstanceOf(ValueAction.class); + assertThat(value0_3.asString()).isEqualTo("SHA256Digest"); + + /* + * Translation + */ + + assertThat(nodes).hasSize(1); + + // Signature + INode signatureNode = nodes.get(0); + assertThat(signatureNode.getKind()).isEqualTo(Signature.class); + assertThat(signatureNode.getChildren()).hasSize(4); + assertThat(signatureNode.asString()).isEqualTo("SPHINCS-256"); + + // MessageDigest under Signature + INode messageDigestNode = signatureNode.getChildren().get(MessageDigest.class); + assertThat(messageDigestNode).isNotNull(); + assertThat(messageDigestNode.getChildren()).hasSize(4); + assertThat(messageDigestNode.asString()).isEqualTo("SHA256"); + + // Digest under MessageDigest under Signature + INode digestNode = messageDigestNode.getChildren().get(Digest.class); + assertThat(digestNode).isNotNull(); + assertThat(digestNode.getChildren()).isEmpty(); + assertThat(digestNode.asString()).isEqualTo("DIGEST"); + + // Oid under MessageDigest under Signature + INode oidNode = messageDigestNode.getChildren().get(Oid.class); + assertThat(oidNode).isNotNull(); + assertThat(oidNode.getChildren()).isEmpty(); + assertThat(oidNode.asString()).isEqualTo("2.16.840.1.101.3.4.2.1"); + + // DigestSize under MessageDigest under Signature + INode digestSizeNode = messageDigestNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); + + // BlockSize under MessageDigest under Signature + INode blockSizeNode = messageDigestNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode).isNotNull(); + assertThat(blockSizeNode.getChildren()).isEmpty(); + assertThat(blockSizeNode.asString()).isEqualTo("512"); + + // MergeableCollection under Signature + INode mergeableCollectionNode = signatureNode.getChildren().get(MergeableCollection.class); + assertThat(mergeableCollectionNode).isNotNull(); + assertThat(mergeableCollectionNode.getChildren()).isEmpty(); + assertThat(mergeableCollectionNode.asString()).isEqualTo("[SHAKE, SHAKE]"); + + // Sign under Signature + INode signNode = signatureNode.getChildren().get(Sign.class); + assertThat(signNode).isNotNull(); + assertThat(signNode.getChildren()).isEmpty(); + assertThat(signNode.asString()).isEqualTo("SIGN"); + + // ParameterSetIdentifier under Signature + INode parameterSetIdentifierNode = + signatureNode.getChildren().get(ParameterSetIdentifier.class); + assertThat(parameterSetIdentifierNode).isNotNull(); + assertThat(parameterSetIdentifierNode.getChildren()).isEmpty(); + assertThat(parameterSetIdentifierNode.asString()).isEqualTo("256"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTest.java index ceae07d8..b9d0386f 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcDigestingStateAwareMessageSignerTest.java @@ -19,8 +19,23 @@ */ package com.ibm.plugin.rules.detection.bc.signer; +import static org.assertj.core.api.Assertions.assertThat; + import com.ibm.engine.detection.DetectionStore; +import com.ibm.engine.model.IValue; +import com.ibm.engine.model.OperationMode; +import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.DigestContext; +import com.ibm.engine.model.context.SignatureContext; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Oid; +import com.ibm.mapper.model.Signature; +import com.ibm.mapper.model.functionality.Digest; +import com.ibm.mapper.model.functionality.Sign; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; @@ -48,6 +63,108 @@ public void asserts( int findingId, @NotNull DetectionStore detectionStore, @NotNull List nodes) { - // TODO: + /* + * Detection Store + */ + + assertThat(detectionStore.getDetectionValues()).hasSize(1); + assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0 = detectionStore.getDetectionValues().get(0); + assertThat(value0).isInstanceOf(ValueAction.class); + assertThat(value0.asString()).isEqualTo("DigestingStateAwareMessageSigner"); + + DetectionStore store_1 = + getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); + assertThat(store_1.getDetectionValues()).hasSize(1); + assertThat(store_1.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0_1 = store_1.getDetectionValues().get(0); + assertThat(value0_1).isInstanceOf(OperationMode.class); + assertThat(value0_1.asString()).isEqualTo("1"); + + List> stores = + getStoresOfValueType(ValueAction.class, detectionStore.getChildren()); + + DetectionStore store_2 = stores.get(0); + assertThat(store_2.getDetectionValues()).hasSize(1); + assertThat(store_2.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0_2 = store_2.getDetectionValues().get(0); + assertThat(value0_2).isInstanceOf(ValueAction.class); + assertThat(value0_2.asString()).isEqualTo("GMSSStateAwareSigner"); + + DetectionStore store_2_1 = + getStoreOfValueType(ValueAction.class, store_2.getChildren()); + assertThat(store_2_1.getDetectionValues()).hasSize(1); + assertThat(store_2_1.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_2_1 = store_2_1.getDetectionValues().get(0); + assertThat(value0_2_1).isInstanceOf(ValueAction.class); + assertThat(value0_2_1.asString()).isEqualTo("SHAKEDigest"); + + DetectionStore store_3 = stores.get(1); + assertThat(store_3.getDetectionValues()).hasSize(1); + assertThat(store_3.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_3 = store_3.getDetectionValues().get(0); + assertThat(value0_3).isInstanceOf(ValueAction.class); + assertThat(value0_3.asString()).isEqualTo("SHA256Digest"); + + /* + * Translation + */ + + assertThat(nodes).hasSize(1); + + // Signature + INode signatureNode = nodes.get(0); + assertThat(signatureNode.getKind()).isEqualTo(Signature.class); + assertThat(signatureNode.getChildren()).hasSize(3); + assertThat(signatureNode.asString()).isEqualTo("GMSS"); + + // MessageDigest under Signature + INode messageDigestNode = signatureNode.getChildren().get(MessageDigest.class); + assertThat(messageDigestNode).isNotNull(); + assertThat(messageDigestNode.getChildren()).hasSize(4); + assertThat(messageDigestNode.asString()).isEqualTo("SHA256"); + + // Oid under MessageDigest under Signature + INode oidNode = messageDigestNode.getChildren().get(Oid.class); + assertThat(oidNode).isNotNull(); + assertThat(oidNode.getChildren()).isEmpty(); + assertThat(oidNode.asString()).isEqualTo("2.16.840.1.101.3.4.2.1"); + + // DigestSize under MessageDigest under Signature + INode digestSizeNode = messageDigestNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); + + // BlockSize under MessageDigest under Signature + INode blockSizeNode = messageDigestNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode).isNotNull(); + assertThat(blockSizeNode.getChildren()).isEmpty(); + assertThat(blockSizeNode.asString()).isEqualTo("512"); + + // Digest under MessageDigest under Signature + INode digestNode = messageDigestNode.getChildren().get(Digest.class); + assertThat(digestNode).isNotNull(); + assertThat(digestNode.getChildren()).isEmpty(); + assertThat(digestNode.asString()).isEqualTo("DIGEST"); + + // ExtendableOutputFunction under Signature + INode extendableOutputFunctionNode = + signatureNode.getChildren().get(ExtendableOutputFunction.class); + assertThat(extendableOutputFunctionNode).isNotNull(); + assertThat(extendableOutputFunctionNode.getChildren()).hasSize(1); + assertThat(extendableOutputFunctionNode.asString()).isEqualTo("SHAKE"); + + // Digest under ExtendableOutputFunction under Signature + INode digestNode1 = extendableOutputFunctionNode.getChildren().get(Digest.class); + assertThat(digestNode1).isNotNull(); + assertThat(digestNode1.getChildren()).isEmpty(); + assertThat(digestNode1.asString()).isEqualTo("DIGEST"); + + // Sign under Signature + INode signNode = signatureNode.getChildren().get(Sign.class); + assertThat(signNode).isNotNull(); + assertThat(signNode.getChildren()).isEmpty(); + assertThat(signNode.asString()).isEqualTo("SIGN"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSignerTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSignerTest.java index bdd05299..0c8c5e4b 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSignerTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/signer/BcISO9796d2PSSSignerTest.java @@ -19,13 +19,31 @@ */ package com.ibm.plugin.rules.detection.bc.signer; +import static org.assertj.core.api.Assertions.assertThat; + import com.ibm.engine.detection.DetectionStore; +import com.ibm.engine.model.IValue; +import com.ibm.engine.model.OperationMode; +import com.ibm.engine.model.SaltSize; +import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.CipherContext; +import com.ibm.engine.model.context.DigestContext; +import com.ibm.engine.model.context.SignatureContext; +import com.ibm.mapper.model.BlockSize; +import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Oid; +import com.ibm.mapper.model.Padding; +import com.ibm.mapper.model.ProbabilisticSignatureScheme; +import com.ibm.mapper.model.PublicKeyEncryption; +import com.ibm.mapper.model.SaltLength; +import com.ibm.mapper.model.functionality.Digest; +import com.ibm.mapper.model.functionality.Sign; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; import org.jetbrains.annotations.NotNull; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.sonar.java.checks.verifier.CheckVerifier; import org.sonar.plugins.java.api.JavaCheck; @@ -34,7 +52,6 @@ import org.sonar.plugins.java.api.tree.Tree; class BcISO9796d2PSSSignerTest extends TestBase { - @Disabled("Duplication of te OperationMode creates duplicated translated nodes") @Test void test() { CheckVerifier.newVerifier() @@ -50,7 +67,135 @@ public void asserts( int findingId, @NotNull DetectionStore detectionStore, @NotNull List nodes) { - // TODO: First fix the issue `DuplicateDependingRulesTest`, and it should lead to the - // correct results for this test + + if (findingId == 0 || findingId == 1) { + return; + } + + /* + * Detection Store + */ + + assertThat(detectionStore.getDetectionValues()).hasSize(1); + assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0 = detectionStore.getDetectionValues().get(0); + assertThat(value0).isInstanceOf(ValueAction.class); + assertThat(value0.asString()).isEqualTo("ISO9796d2PSSSigner"); + + DetectionStore store_1 = + getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); + assertThat(store_1.getDetectionValues()).hasSize(1); + assertThat(store_1.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0_1 = store_1.getDetectionValues().get(0); + assertThat(value0_1).isInstanceOf(OperationMode.class); + assertThat(value0_1.asString()).isEqualTo("1"); + + DetectionStore store_2 = + getStoreOfValueType(SaltSize.class, detectionStore.getChildren()); + assertThat(store_2.getDetectionValues()).hasSize(1); + assertThat(store_2.getDetectionValueContext()).isInstanceOf(SignatureContext.class); + IValue value0_2 = store_2.getDetectionValues().get(0); + assertThat(value0_2).isInstanceOf(SaltSize.class); + assertThat(value0_2.asString()).isEqualTo("256"); + + List> stores = + getStoresOfValueType(ValueAction.class, detectionStore.getChildren()); + + DetectionStore store_3 = stores.get(0); + assertThat(store_3.getDetectionValues()).hasSize(1); + assertThat(store_3.getDetectionValueContext()).isInstanceOf(CipherContext.class); + IValue value0_3 = store_3.getDetectionValues().get(0); + assertThat(value0_3).isInstanceOf(ValueAction.class); + assertThat(value0_3.asString()).isEqualTo("ISO9796d1Encoding"); + + DetectionStore store_3_1 = + getStoreOfValueType(ValueAction.class, store_3.getChildren()); + assertThat(store_3_1.getDetectionValues()).hasSize(1); + assertThat(store_3_1.getDetectionValueContext()).isInstanceOf(CipherContext.class); + IValue value0_3_1 = store_3_1.getDetectionValues().get(0); + assertThat(value0_3_1).isInstanceOf(ValueAction.class); + assertThat(value0_3_1.asString()).isEqualTo("RSAEngine"); + + DetectionStore store_4 = stores.get(1); + assertThat(store_4.getDetectionValues()).hasSize(1); + assertThat(store_4.getDetectionValueContext()).isInstanceOf(DigestContext.class); + IValue value0_4 = store_4.getDetectionValues().get(0); + assertThat(value0_4).isInstanceOf(ValueAction.class); + assertThat(value0_4.asString()).isEqualTo("SHA256Digest"); + + /* + * Translation + */ + + assertThat(nodes).hasSize(1); + + // ProbabilisticSignatureScheme + INode probabilisticSignatureSchemeNode = nodes.get(0); + assertThat(probabilisticSignatureSchemeNode.getKind()) + .isEqualTo(ProbabilisticSignatureScheme.class); + assertThat(probabilisticSignatureSchemeNode.getChildren()).hasSize(4); + assertThat(probabilisticSignatureSchemeNode.asString()).isEqualTo("ISO 9796-PSS"); + + // Sign under ProbabilisticSignatureScheme + INode signNode = probabilisticSignatureSchemeNode.getChildren().get(Sign.class); + assertThat(signNode).isNotNull(); + assertThat(signNode.getChildren()).isEmpty(); + assertThat(signNode.asString()).isEqualTo("SIGN"); + + // MessageDigest under ProbabilisticSignatureScheme + INode messageDigestNode = + probabilisticSignatureSchemeNode.getChildren().get(MessageDigest.class); + assertThat(messageDigestNode).isNotNull(); + assertThat(messageDigestNode.getChildren()).hasSize(4); + assertThat(messageDigestNode.asString()).isEqualTo("SHA256"); + + // BlockSize under MessageDigest under ProbabilisticSignatureScheme + INode blockSizeNode = messageDigestNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode).isNotNull(); + assertThat(blockSizeNode.getChildren()).isEmpty(); + assertThat(blockSizeNode.asString()).isEqualTo("512"); + + // Oid under MessageDigest under ProbabilisticSignatureScheme + INode oidNode2 = messageDigestNode.getChildren().get(Oid.class); + assertThat(oidNode2).isNotNull(); + assertThat(oidNode2.getChildren()).isEmpty(); + assertThat(oidNode2.asString()).isEqualTo("2.16.840.1.101.3.4.2.1"); + + // DigestSize under MessageDigest under ProbabilisticSignatureScheme + INode digestSizeNode = messageDigestNode.getChildren().get(DigestSize.class); + assertThat(digestSizeNode).isNotNull(); + assertThat(digestSizeNode.getChildren()).isEmpty(); + assertThat(digestSizeNode.asString()).isEqualTo("256"); + + // Digest under MessageDigest under ProbabilisticSignatureScheme + INode digestNode = messageDigestNode.getChildren().get(Digest.class); + assertThat(digestNode).isNotNull(); + assertThat(digestNode.getChildren()).isEmpty(); + assertThat(digestNode.asString()).isEqualTo("DIGEST"); + + // SaltLength under ProbabilisticSignatureScheme + INode saltLengthNode = probabilisticSignatureSchemeNode.getChildren().get(SaltLength.class); + assertThat(saltLengthNode).isNotNull(); + assertThat(saltLengthNode.getChildren()).isEmpty(); + assertThat(saltLengthNode.asString()).isEqualTo("256"); + + // PublicKeyEncryption under ProbabilisticSignatureScheme + INode publicKeyEncryptionNode2 = + probabilisticSignatureSchemeNode.getChildren().get(PublicKeyEncryption.class); + assertThat(publicKeyEncryptionNode2).isNotNull(); + assertThat(publicKeyEncryptionNode2.getChildren()).hasSize(2); + assertThat(publicKeyEncryptionNode2.asString()).isEqualTo("RSA"); + + // Padding under PublicKeyEncryption under ProbabilisticSignatureScheme + INode paddingNode1 = publicKeyEncryptionNode2.getChildren().get(Padding.class); + assertThat(paddingNode1).isNotNull(); + assertThat(paddingNode1.getChildren()).isEmpty(); + assertThat(paddingNode1.asString()).isEqualTo("ISO 9796"); + + // Oid under PublicKeyEncryption under ProbabilisticSignatureScheme + INode oidNode3 = publicKeyEncryptionNode2.getChildren().get(Oid.class); + assertThat(oidNode3).isNotNull(); + assertThat(oidNode3.getChildren()).isEmpty(); + assertThat(oidNode3.asString()).isEqualTo("1.2.840.113549.1.1.1"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcAESWrapEngineTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcAESWrapEngineTest.java index e3178de2..27caf24b 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcAESWrapEngineTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcAESWrapEngineTest.java @@ -26,8 +26,10 @@ import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; -import com.ibm.mapper.model.BlockCipher; +import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.model.Oid; import com.ibm.mapper.model.functionality.Encapsulate; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; @@ -63,7 +65,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("AES"); + assertThat(value0.asString()).isEqualTo("AESWrapEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); @@ -79,14 +81,26 @@ public void asserts( assertThat(nodes).hasSize(1); - // com.ibm.mapper.model.Algorithm - INode blockCipherNode = nodes.get(0); - assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(2); - assertThat(blockCipherNode.asString()).isEqualTo("AES"); + // KeyWrap + INode keyWrapNode = nodes.get(0); + assertThat(keyWrapNode.getKind()).isEqualTo(KeyWrap.class); + assertThat(keyWrapNode.getChildren()).hasSize(3); + assertThat(keyWrapNode.asString()).isEqualTo("AES"); - // Encapsulate under com.ibm.mapper.model.Algorithm - INode encapsulateNode = blockCipherNode.getChildren().get(Encapsulate.class); + // Oid under KeyWrap + INode oidNode = keyWrapNode.getChildren().get(Oid.class); + assertThat(oidNode).isNotNull(); + assertThat(oidNode.getChildren()).isEmpty(); + assertThat(oidNode.asString()).isEqualTo("2.16.840.1.101.3.4.1"); + + // BlockSize under KeyWrap + INode blockSizeNode = keyWrapNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode).isNotNull(); + assertThat(blockSizeNode.getChildren()).isEmpty(); + assertThat(blockSizeNode.asString()).isEqualTo("128"); + + // Encapsulate under KeyWrap + INode encapsulateNode = keyWrapNode.getChildren().get(Encapsulate.class); assertThat(encapsulateNode).isNotNull(); assertThat(encapsulateNode.getChildren()).isEmpty(); assertThat(encapsulateNode.asString()).isEqualTo("ENCAPSULATE"); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTest.java index 169d9dcc..33885f6c 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcDSTU7624WrapEngineTest.java @@ -27,8 +27,8 @@ import com.ibm.engine.model.OperationMode; import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.functionality.Encapsulate; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; @@ -66,7 +66,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("DSTU 7624:2014"); + assertThat(value0.asString()).isEqualTo("DSTU7624WrapEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); @@ -90,21 +90,20 @@ public void asserts( assertThat(nodes).hasSize(1); - // BlockCipher - INode blockCipherNode = nodes.get(0); - assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(2); - assertThat(blockCipherNode.asString()).isEqualTo("DSTU 7624:2014"); + // KeyWrap + INode keyWrapNode = nodes.get(0); + assertThat(keyWrapNode.getKind()).isEqualTo(KeyWrap.class); + assertThat(keyWrapNode.getChildren()).hasSize(2); + assertThat(keyWrapNode.asString()).isEqualTo("Kalyna-256"); - // BlockSize under BlockCipher - INode blockSizeNode = - blockCipherNode.getChildren().get(com.ibm.mapper.model.BlockSize.class); + // BlockSize under KeyWrap + INode blockSizeNode = keyWrapNode.getChildren().get(com.ibm.mapper.model.BlockSize.class); assertThat(blockSizeNode).isNotNull(); assertThat(blockSizeNode.getChildren()).isEmpty(); assertThat(blockSizeNode.asString()).isEqualTo("256"); - // Encapsulate under BlockCipher - INode encapsulateNode = blockCipherNode.getChildren().get(Encapsulate.class); + // Encapsulate under KeyWrap + INode encapsulateNode = keyWrapNode.getChildren().get(Encapsulate.class); assertThat(encapsulateNode).isNotNull(); assertThat(encapsulateNode.getChildren()).isEmpty(); assertThat(encapsulateNode.asString()).isEqualTo("ENCAPSULATE"); diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcRFC3394WrapEngineTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcRFC3394WrapEngineTest.java index b47f0fcf..30fc4099 100644 --- a/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcRFC3394WrapEngineTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/detection/bc/wrapper/BcRFC3394WrapEngineTest.java @@ -27,7 +27,10 @@ import com.ibm.engine.model.ValueAction; import com.ibm.engine.model.context.CipherContext; import com.ibm.mapper.model.BlockCipher; +import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.model.Oid; import com.ibm.mapper.model.functionality.Encapsulate; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; @@ -63,7 +66,6 @@ public void asserts( if (findingId == 0 || findingId == 2) { return; } - /* * Detection Store */ @@ -72,7 +74,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("RFC 3394"); + assertThat(value0.asString()).isEqualTo("RFC3394WrapEngine"); DetectionStore store_1 = getStoreOfValueType(OperationMode.class, detectionStore.getChildren()); @@ -88,7 +90,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("AES"); + assertThat(value0_2.asString()).isEqualTo("AESFastEngine"); /* * Translation @@ -96,16 +98,46 @@ public void asserts( assertThat(nodes).hasSize(1); - // BlockCipher - INode blockCipherNode1 = nodes.get(0); - assertThat(blockCipherNode1.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode1.getChildren()).hasSize(2); - assertThat(blockCipherNode1.asString()).isEqualTo("AES"); - - // Encapsulate under BlockCipher - INode encapsulateNode1 = blockCipherNode1.getChildren().get(Encapsulate.class); - assertThat(encapsulateNode1).isNotNull(); - assertThat(encapsulateNode1.getChildren()).isEmpty(); - assertThat(encapsulateNode1.asString()).isEqualTo("ENCAPSULATE"); + // KeyWrap + INode keyWrapNode = nodes.get(0); + assertThat(keyWrapNode.getKind()).isEqualTo(KeyWrap.class); + assertThat(keyWrapNode.getChildren()).hasSize(4); + assertThat(keyWrapNode.asString()).isEqualTo("AES"); + + // Oid under KeyWrap + INode oidNode = keyWrapNode.getChildren().get(Oid.class); + assertThat(oidNode).isNotNull(); + assertThat(oidNode.getChildren()).isEmpty(); + assertThat(oidNode.asString()).isEqualTo("2.16.840.1.101.3.4.1"); + + // BlockSize under KeyWrap + INode blockSizeNode = keyWrapNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode).isNotNull(); + assertThat(blockSizeNode.getChildren()).isEmpty(); + assertThat(blockSizeNode.asString()).isEqualTo("128"); + + // Encapsulate under KeyWrap + INode encapsulateNode = keyWrapNode.getChildren().get(Encapsulate.class); + assertThat(encapsulateNode).isNotNull(); + assertThat(encapsulateNode.getChildren()).isEmpty(); + assertThat(encapsulateNode.asString()).isEqualTo("ENCAPSULATE"); + + // BlockCipher under KeyWrap + INode blockCipherNode = keyWrapNode.getChildren().get(BlockCipher.class); + assertThat(blockCipherNode).isNotNull(); + assertThat(blockCipherNode.getChildren()).hasSize(2); + assertThat(blockCipherNode.asString()).isEqualTo("AES"); + + // Oid under BlockCipher under KeyWrap + INode oidNode1 = blockCipherNode.getChildren().get(Oid.class); + assertThat(oidNode1).isNotNull(); + assertThat(oidNode1.getChildren()).isEmpty(); + assertThat(oidNode1.asString()).isEqualTo("2.16.840.1.101.3.4.1"); + + // BlockSize under BlockCipher under KeyWrap + INode blockSizeNode1 = blockCipherNode.getChildren().get(BlockSize.class); + assertThat(blockSizeNode1).isNotNull(); + assertThat(blockSizeNode1.getChildren()).isEmpty(); + assertThat(blockSizeNode1.asString()).isEqualTo("128"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParameterFindingsTest.java b/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParameterFindingsTest.java index 34dbe350..5a2343c1 100644 --- a/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParameterFindingsTest.java +++ b/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParameterFindingsTest.java @@ -29,13 +29,12 @@ import com.ibm.mapper.model.INode; import com.ibm.mapper.model.MaskGenerationFunction; import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.Padding; import com.ibm.mapper.model.PublicKeyEncryption; -import com.ibm.mapper.model.padding.OAEP; import com.ibm.plugin.TestBase; import com.ibm.plugin.rules.detection.bc.BouncyCastleJars; import java.util.List; import org.jetbrains.annotations.NotNull; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.sonar.java.checks.verifier.CheckVerifier; import org.sonar.plugins.java.api.JavaCheck; @@ -55,7 +54,6 @@ class DuplicateParameterFindingsTest extends TestBase { * each with the two possible contexts, which is not expected and makes impossible to * distinguish the two hashes from their contexts. */ - @Disabled @Test void test() { CheckVerifier.newVerifier() @@ -82,7 +80,7 @@ public void asserts( assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0 = detectionStore.getDetectionValues().get(0); assertThat(value0).isInstanceOf(ValueAction.class); - assertThat(value0.asString()).isEqualTo("OAEP"); + assertThat(value0.asString()).isEqualTo("OAEPEncoding"); List> valueActionStores = getStoresOfValueType(ValueAction.class, detectionStore.getChildren()); @@ -96,7 +94,7 @@ public void asserts( assertThat(store_2.getDetectionValueContext()).isInstanceOf(CipherContext.class); IValue value0_2 = store_2.getDetectionValues().get(0); assertThat(value0_2).isInstanceOf(ValueAction.class); - assertThat(value0_2.asString()).isEqualTo("RSA"); + assertThat(value0_2.asString()).isEqualTo("RSAEngine"); DetectionStore store_3 = valueActionStores.get(1); @@ -104,7 +102,7 @@ public void asserts( assertThat(store_3.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_4 = store_3.getDetectionValues().get(0); assertThat(value0_4).isInstanceOf(ValueAction.class); - assertThat(value0_4.asString()).isEqualTo("SHA-3"); + assertThat(value0_4.asString()).isEqualTo("SHA3Digest"); DetectionStore store_4 = valueActionStores.get(2); @@ -112,7 +110,7 @@ public void asserts( assertThat(store_4.getDetectionValueContext()).isInstanceOf(DigestContext.class); IValue value0_5 = store_4.getDetectionValues().get(0); assertThat(value0_5).isInstanceOf(ValueAction.class); - assertThat(value0_5.asString()).isEqualTo("SHA-512"); + assertThat(value0_5.asString()).isEqualTo("SHA512Digest"); /* * Translation @@ -123,18 +121,18 @@ public void asserts( // PublicKeyEncryption INode publicKeyEncryptionNode1 = nodes.get(0); assertThat(publicKeyEncryptionNode1.getKind()).isEqualTo(PublicKeyEncryption.class); - assertThat(publicKeyEncryptionNode1.getChildren()).hasSize(5); - assertThat(publicKeyEncryptionNode1.asString()).isEqualTo("RSA"); + assertThat(publicKeyEncryptionNode1.getChildren()).hasSize(4); + assertThat(publicKeyEncryptionNode1.asString()).isEqualTo("RSA-OAEP"); // MessageDigest under PublicKeyEncryption INode messageDigestNode = publicKeyEncryptionNode1.getChildren().get(MessageDigest.class); assertThat(messageDigestNode).isNotNull(); - assertThat(messageDigestNode.getChildren()).isEmpty(); - assertThat(messageDigestNode.asString()).isEqualTo("SHA-3"); + assertThat(messageDigestNode.getChildren()).hasSize(1); + assertThat(messageDigestNode.asString()).isEqualTo("SHA3"); // OptimalAsymmetricEncryptionPadding under PublicKeyEncryption INode optimalAsymmetricEncryptionPaddingNode = - publicKeyEncryptionNode1.getChildren().get(OAEP.class); + publicKeyEncryptionNode1.getChildren().get(Padding.class); assertThat(optimalAsymmetricEncryptionPaddingNode).isNotNull(); assertThat(optimalAsymmetricEncryptionPaddingNode.getChildren()).isEmpty(); assertThat(optimalAsymmetricEncryptionPaddingNode.asString()).isEqualTo("OAEP"); @@ -143,7 +141,14 @@ public void asserts( INode maskGenerationFunctionNode = publicKeyEncryptionNode1.getChildren().get(MaskGenerationFunction.class); assertThat(maskGenerationFunctionNode).isNotNull(); - assertThat(maskGenerationFunctionNode.getChildren()).isEmpty(); - assertThat(maskGenerationFunctionNode.asString()).isEqualTo("SHA-512"); + assertThat(maskGenerationFunctionNode.getChildren()).hasSize(2); + assertThat(maskGenerationFunctionNode.asString()).isEqualTo("MGF1"); + + // MessageDigest under MaskGenerationFunction under PublicKeyEncryption + INode messageDigestNode1 = + maskGenerationFunctionNode.getChildren().get(MessageDigest.class); + assertThat(messageDigestNode1).isNotNull(); + assertThat(messageDigestNode1.getChildren()).hasSize(4); + assertThat(messageDigestNode1.asString()).isEqualTo("SHA512"); } } diff --git a/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParametersFinding2Test.java b/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParametersFinding2Test.java new file mode 100644 index 00000000..4605eb51 --- /dev/null +++ b/java/src/test/java/com/ibm/plugin/rules/issues/DuplicateParametersFinding2Test.java @@ -0,0 +1,133 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.plugin.rules.issues; + +import static org.assertj.core.api.Assertions.assertThat; + +import com.ibm.engine.detection.DetectionStore; +import com.ibm.engine.model.IValue; +import com.ibm.engine.model.ValueAction; +import com.ibm.engine.model.context.IDetectionContext; +import com.ibm.engine.model.factory.ValueActionFactory; +import com.ibm.engine.rule.IDetectionRule; +import com.ibm.engine.rule.builder.DetectionRuleBuilder; +import com.ibm.mapper.model.INode; +import com.ibm.plugin.TestBase; +import java.util.List; +import org.jetbrains.annotations.NotNull; +import org.junit.jupiter.api.Test; +import org.sonar.java.checks.verifier.CheckVerifier; +import org.sonar.plugins.java.api.JavaCheck; +import org.sonar.plugins.java.api.JavaFileScannerContext; +import org.sonar.plugins.java.api.semantic.Symbol; +import org.sonar.plugins.java.api.tree.Tree; + +class DuplicateParametersFinding2Test extends TestBase { + + static IDetectionContext detectionContext = + new IDetectionContext() { + @NotNull @Override + public Class type() { + return IDetectionContext.class; + } + }; + + public static List> seatRules = + List.of( + new DetectionRuleBuilder() + .createDetectionRule() + .forObjectTypes( + "com.ibm.example.DuplicateParametersFinding2TestFile$LeatherSeats") + .forConstructor() + .shouldBeDetectedAs(new ValueActionFactory<>("LeatherSeats")) + .withoutParameters() + .buildForContext(detectionContext) + .inBundle(() -> "testBundle") + .withoutDependingDetectionRules(), + new DetectionRuleBuilder() + .createDetectionRule() + .forObjectTypes( + "com.ibm.example.DuplicateParametersFinding2TestFile$HeatedSeats") + .forConstructor() + .shouldBeDetectedAs(new ValueActionFactory<>("HeatedSeats")) + .withoutParameters() + .buildForContext(detectionContext) + .inBundle(() -> "testBundle") + .withoutDependingDetectionRules()); + + public DuplicateParametersFinding2Test() { + super( + List.of( + new DetectionRuleBuilder() + .createDetectionRule() + .forObjectTypes( + "com.ibm.example.DuplicateParametersFinding2TestFile$Car") + .forConstructor() + .shouldBeDetectedAs(new ValueActionFactory<>("Car")) + .withMethodParameter( + "com.ibm.example.DuplicateParametersFinding2TestFile$SeatInterface") + .addDependingDetectionRules(seatRules) + .withMethodParameter( + "com.ibm.example.DuplicateParametersFinding2TestFile$SeatInterface") + .addDependingDetectionRules(seatRules) + .buildForContext(detectionContext) + .inBundle(() -> "testBundle") + .withoutDependingDetectionRules())); + } + + @Override + public void asserts( + int findingId, + @NotNull DetectionStore detectionStore, + @NotNull List nodes) { + /* + * Detection Store + */ + + assertThat(detectionStore.getDetectionValues()).hasSize(1); + IValue value0 = detectionStore.getDetectionValues().get(0); + assertThat(value0).isInstanceOf(ValueAction.class); + assertThat(value0.asString()).isEqualTo("Car"); + + List> stores = + getStoresOfValueType(ValueAction.class, detectionStore.getChildren()); + assertThat(stores).hasSize(2); + + DetectionStore store_1 = stores.get(0); + assertThat(store_1.getDetectionValues()).hasSize(1); + IValue value0_1 = store_1.getDetectionValues().get(0); + assertThat(value0_1).isInstanceOf(ValueAction.class); + assertThat(value0_1.asString()).isEqualTo("LeatherSeats"); + + DetectionStore store_2 = stores.get(1); + assertThat(store_2.getDetectionValues()).hasSize(1); + IValue value0_2 = store_2.getDetectionValues().get(0); + assertThat(value0_2).isInstanceOf(ValueAction.class); + assertThat(value0_2.asString()).isEqualTo("HeatedSeats"); + } + + @Test + void test() { + CheckVerifier.newVerifier() + .onFile("src/test/files/rules/issues/DuplicateParametersFinding2TestFile.java") + .withChecks(this) + .verifyIssues(); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/ITranslator.java b/mapper/src/main/java/com/ibm/mapper/ITranslator.java index 73313711..572a8728 100644 --- a/mapper/src/main/java/com/ibm/mapper/ITranslator.java +++ b/mapper/src/main/java/com/ibm/mapper/ITranslator.java @@ -24,6 +24,7 @@ import com.ibm.engine.model.context.IDetectionContext; import com.ibm.engine.rule.IBundle; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.collections.MergeableCollection; import com.ibm.mapper.utils.DetectionLocation; import java.util.ArrayList; import java.util.HashMap; @@ -193,10 +194,43 @@ private void append( for (INode parentNode : copyParentNodes) { newNodesCollection.forEach( childNode -> { - if (parentNode.hasChildOfType(childNode.getKind()).isPresent()) { - final INode newParent = parentNode.deepCopy(); - newParent.put(childNode); - newRoots.add(newParent); + Optional existingNodeOpt = + parentNode.hasChildOfType(childNode.getKind()); + if (existingNodeOpt.isPresent()) { + INode existingNode = existingNodeOpt.get(); + /* Special case of multiple `MergeableCollection`: we merge them */ + if (childNode instanceof MergeableCollection addedCollectionNode + && existingNode + instanceof + MergeableCollection existingCollectionNode + /* this 3rd condition ensures that both nodes have the same *exact* class */ + && addedCollectionNode + .getClass() + .equals(existingCollectionNode.getClass())) { + + List mergedCollection = + new ArrayList<>(existingCollectionNode.getCollection()); + mergedCollection.addAll(addedCollectionNode.getCollection()); + + MergeableCollection mergedCollectionNode = + new MergeableCollection(mergedCollection); + + addedCollectionNode + .getChildren() + .values() + .forEach(mergedCollectionNode::put); + existingCollectionNode + .getChildren() + .values() + .forEach(mergedCollectionNode::put); + + parentNode.put(mergedCollectionNode); + + } else { + final INode newParent = parentNode.deepCopy(); + newParent.put(childNode); + newRoots.add(newParent); + } } else { parentNode.put(childNode); } diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcSignatureMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcSignatureMapper.java index 39a9aa70..6354bfcb 100644 --- a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcSignatureMapper.java +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcSignatureMapper.java @@ -54,9 +54,10 @@ public Optional parse( private Optional map( @Nonnull String signerString, @Nonnull DetectionLocation detectionLocation) { return switch (signerString) { - // case "DigestingMessageSigner" -> Optional.of(); - // case "DigestingStateAwareMessageSigner" -> Optional.of(); - case "DSADigestSigner" -> + case "DigestingMessageSigner", + "DigestingStateAwareMessageSigner", + "GenericSigner", + "DSADigestSigner" -> Optional.of( new Algorithm(ITranslator.UNKNOWN, Signature.class, detectionLocation)); case "Ed25519ctxSigner" -> Optional.of(new Ed25519(detectionLocation)); @@ -64,9 +65,6 @@ private Optional map( case "Ed25519Signer" -> Optional.of(new Ed25519(detectionLocation)); case "Ed448phSigner" -> Optional.of(new Ed448(detectionLocation)); case "Ed448Signer" -> Optional.of(new Ed448(detectionLocation)); - case "GenericSigner" -> - Optional.of( - new Algorithm(ITranslator.UNKNOWN, Signature.class, detectionLocation)); case "ISO9796d2PSSSigner" -> Optional.of(new ISO9796(ProbabilisticSignatureScheme.class, detectionLocation)); case "ISO9796d2Signer" -> Optional.of(new ISO9796(detectionLocation)); diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcWrapperMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcWrapperMapper.java index 55f21bc5..d15c31ff 100644 --- a/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcWrapperMapper.java +++ b/mapper/src/main/java/com/ibm/mapper/mapper/bc/BcWrapperMapper.java @@ -23,8 +23,17 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Unknown; -import com.ibm.mapper.model.algorithms.AESWrap; +import com.ibm.mapper.model.algorithms.AES; +import com.ibm.mapper.model.algorithms.Aria; +import com.ibm.mapper.model.algorithms.Camellia; +import com.ibm.mapper.model.algorithms.DESede; +import com.ibm.mapper.model.algorithms.Kalyna; +import com.ibm.mapper.model.algorithms.RC2; +import com.ibm.mapper.model.algorithms.SEED; +import com.ibm.mapper.model.algorithms.gost.CryptoPro; +import com.ibm.mapper.model.algorithms.gost.GOST28147; import com.ibm.mapper.utils.DetectionLocation; import java.util.Optional; import javax.annotation.Nonnull; @@ -46,21 +55,24 @@ public Optional parse( private Optional map( @Nonnull String streamCipherString, @Nonnull DetectionLocation detectionLocation) { return switch (streamCipherString) { - /* TODO: how should Wrap be handled? Should all BlockCiphers be duplicated with a Wrap version like for AES? */ - case "AESWrapEngine" -> Optional.of(new AESWrap(detectionLocation)); - case "AESWrapPadEngine" -> Optional.of(new AESWrap(detectionLocation)); - // case "ARIAWrapEngine" -> Optional.of(); - // case "ARIAWrapPadEngine" -> Optional.of(); - // case "CamelliaWrapEngine" -> Optional.of(); - // case "CryptoProWrapEngine" -> Optional.of(); - // case "DESedeWrapEngine" -> Optional.of(); - // case "GOST28147WrapEngine" -> Optional.of(); - // case "RC2WrapEngine" -> Optional.of(); - // case "SEEDWrapEngine" -> Optional.of(); - // case "DSTU7624WrapEngine" -> Optional.of(); - // case "RFC3211WrapEngine" -> Optional.of(); - // case "RFC3394WrapEngine" -> Optional.of(); - // case "RFC5649WrapEngine" -> Optional.of(); + case "AESWrapEngine", "AESWrapPadEngine", "RFC3394WrapEngine", "RFC5649WrapEngine" -> + Optional.of(new AES(KeyWrap.class, detectionLocation)); + case "ARIAWrapEngine", "ARIAWrapPadEngine" -> + Optional.of(new Aria(KeyWrap.class, new Aria(detectionLocation))); + case "CamelliaWrapEngine" -> + Optional.of(new Camellia(KeyWrap.class, new Camellia(detectionLocation))); + case "CryptoProWrapEngine" -> Optional.of(new CryptoPro(detectionLocation)); + case "DESedeWrapEngine" -> + Optional.of(new DESede(KeyWrap.class, new DESede(detectionLocation))); + case "GOST28147WrapEngine" -> + Optional.of(new GOST28147(KeyWrap.class, new GOST28147(detectionLocation))); + case "RC2WrapEngine" -> Optional.of(new RC2(KeyWrap.class, new RC2(detectionLocation))); + case "SEEDWrapEngine" -> + Optional.of(new SEED(KeyWrap.class, new SEED(detectionLocation))); + case "DSTU7624WrapEngine" -> + Optional.of(new Kalyna(KeyWrap.class, new Kalyna(detectionLocation))); + case "RFC3211WrapEngine" -> + Optional.of(new RC2(KeyWrap.class, new RC2(detectionLocation))); default -> { final Algorithm algorithm = new Algorithm(streamCipherString, BlockCipher.class, detectionLocation); diff --git a/mapper/src/main/java/com/ibm/mapper/mapper/jca/JcaCipherMapper.java b/mapper/src/main/java/com/ibm/mapper/mapper/jca/JcaCipherMapper.java index ab2942fe..278454d3 100644 --- a/mapper/src/main/java/com/ibm/mapper/mapper/jca/JcaCipherMapper.java +++ b/mapper/src/main/java/com/ibm/mapper/mapper/jca/JcaCipherMapper.java @@ -22,15 +22,15 @@ import com.ibm.mapper.mapper.IMapper; import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.IAlgorithm; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.model.PasswordBasedEncryption; import com.ibm.mapper.model.algorithms.AES; -import com.ibm.mapper.model.algorithms.AESWrap; import com.ibm.mapper.model.algorithms.Blowfish; import com.ibm.mapper.model.algorithms.ChaCha20; import com.ibm.mapper.model.algorithms.DES; -import com.ibm.mapper.model.algorithms.DESedeWrap; +import com.ibm.mapper.model.algorithms.DESede; import com.ibm.mapper.model.algorithms.Poly1305; import com.ibm.mapper.model.algorithms.RC2; import com.ibm.mapper.model.algorithms.RC4; @@ -103,17 +103,21 @@ private Optional map( case "AES_192" -> Optional.of(new AES(192, detectionLocation)); case "AES_256" -> Optional.of(new AES(256, detectionLocation)); - case "AESWRAP" -> Optional.of(new AESWrap(detectionLocation)); - case "AESWRAP_128" -> Optional.of(new AESWrap(128, detectionLocation)); - case "AESWRAP_192" -> Optional.of(new AESWrap(192, detectionLocation)); - case "AESWRAP_256" -> Optional.of(new AESWrap(256, detectionLocation)); + case "AESWRAP" -> Optional.of(new AES(KeyWrap.class, detectionLocation)); + case "AESWRAP_128" -> + Optional.of(new AES(KeyWrap.class, new AES(128, detectionLocation))); + case "AESWRAP_192" -> + Optional.of(new AES(KeyWrap.class, new AES(192, detectionLocation))); + case "AESWRAP_256" -> + Optional.of(new AES(KeyWrap.class, new AES(256, detectionLocation))); case "RC4", "ARCFOUR", "ARC4" -> Optional.of(new RC4(detectionLocation)); case "RC2", "ARC2" -> Optional.of(new RC2(detectionLocation)); case "BLOWFISH" -> Optional.of(new Blowfish(detectionLocation)); case "DES" -> Optional.of(new DES(detectionLocation)); case "DESEDE" -> Optional.of(new TripleDES(detectionLocation)); - case "DESEDEWRAP", "TRIPLEDESWRAP" -> Optional.of(new DESedeWrap(detectionLocation)); + case "DESEDEWRAP", "TRIPLEDESWRAP" -> + Optional.of(new DESede(KeyWrap.class, new DESede(detectionLocation))); case "CHACHA20" -> Optional.of(new ChaCha20(detectionLocation)); case "CHACHA20-POLY1305" -> { final ChaCha20 chaCha20 = new ChaCha20(detectionLocation); diff --git a/mapper/src/main/java/com/ibm/mapper/model/ClassicalBitSecurityLevel.java b/mapper/src/main/java/com/ibm/mapper/model/ClassicalBitSecurityLevel.java index 6e25f346..63839fe3 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/ClassicalBitSecurityLevel.java +++ b/mapper/src/main/java/com/ibm/mapper/model/ClassicalBitSecurityLevel.java @@ -23,10 +23,6 @@ import java.util.Objects; import javax.annotation.Nonnull; -/** - * @deprecated - */ -@Deprecated(since = "1.2.0") public final class ClassicalBitSecurityLevel extends Property { @Nonnull private final Integer bitSecurityLevel; // in bit diff --git a/mapper/src/main/java/com/ibm/mapper/model/KeyEncapsulationMechanism.java b/mapper/src/main/java/com/ibm/mapper/model/KeyEncapsulationMechanism.java index e8e294b2..59009be0 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/KeyEncapsulationMechanism.java +++ b/mapper/src/main/java/com/ibm/mapper/model/KeyEncapsulationMechanism.java @@ -19,4 +19,10 @@ */ package com.ibm.mapper.model; +/** + * Represents key encapsulation mechanism (KEM) for public-key cryptosystems (as + * defined in {@link https://en.wikipedia.org/wiki/Key_encapsulation_mechanism}). + * + *

For symmetric encryption algorithms, use {@code KeyWrap} instead. + */ public interface KeyEncapsulationMechanism extends IPrimitive {} diff --git a/mapper/src/main/java/com/ibm/mapper/model/KeyWrap.java b/mapper/src/main/java/com/ibm/mapper/model/KeyWrap.java new file mode 100644 index 00000000..d47d03f5 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/KeyWrap.java @@ -0,0 +1,28 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model; + +/** + * Represents key encapsulation for symmetric encryption algorithms (as defined in + * {@link https://en.wikipedia.org/wiki/Key_wrap}). + * + *

For public-key cryptosystems, use {@code KeyEncapsulationMechanism} instead. + */ +public interface KeyWrap extends IPrimitive {} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/AES.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/AES.java index d23adfca..f9d34739 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/AES.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/AES.java @@ -25,13 +25,16 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class AES extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class AES extends Algorithm + implements BlockCipher, AuthenticatedEncryption, KeyWrap, Mac { private static final String NAME = "AES"; // Rijndael @Override diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/AESWrap.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/AESWrap.java deleted file mode 100644 index 7301ccb6..00000000 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/AESWrap.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * SonarQube Cryptography Plugin - * Copyright (C) 2024 IBM - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to you under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.ibm.mapper.model.algorithms; - -import com.ibm.mapper.model.Algorithm; -import com.ibm.mapper.model.AuthenticatedEncryption; -import com.ibm.mapper.model.BlockCipher; -import com.ibm.mapper.model.IPrimitive; -import com.ibm.mapper.model.KeyLength; -import com.ibm.mapper.model.Mode; -import com.ibm.mapper.model.Padding; -import com.ibm.mapper.utils.DetectionLocation; -import javax.annotation.Nonnull; -import org.jetbrains.annotations.NotNull; - -public final class AESWrap extends Algorithm implements BlockCipher, AuthenticatedEncryption { - // https://datatracker.ietf.org/doc/html/rfc3394 - - private static final String NAME = "AESWrap"; - - @Override - public @NotNull String asString() { - final StringBuilder sb = new StringBuilder(this.name); - this.hasChildOfType(KeyLength.class).ifPresent(k -> sb.append(k.asString())); - this.hasChildOfType(Mode.class).ifPresent(m -> sb.append("-").append(m.asString())); - this.hasChildOfType(Padding.class).ifPresent(p -> sb.append("-").append(p.asString())); - return sb.toString(); - } - - public AESWrap(@NotNull DetectionLocation detectionLocation) { - super(NAME, BlockCipher.class, detectionLocation); - } - - public AESWrap(int keyLength, @NotNull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new KeyLength(keyLength, detectionLocation)); - } - - public AESWrap( - int keyLength, @Nonnull Mode mode, @NotNull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new KeyLength(keyLength, detectionLocation)); - this.put(mode); - } - - public AESWrap( - int keyLength, - @Nonnull Mode mode, - @Nonnull Padding padding, - @NotNull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new KeyLength(keyLength, detectionLocation)); - this.put(mode); - this.put(padding); - } - - public AESWrap(@Nonnull final Class asKind, @Nonnull AESWrap aesWrap) { - super(aesWrap, asKind); - } -} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Aria.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Aria.java index 4b2235dd..bf804b0e 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Aria.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Aria.java @@ -24,13 +24,14 @@ import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class Aria extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class Aria extends Algorithm implements BlockCipher, AuthenticatedEncryption, KeyWrap { private static final String NAME = "Aria"; public Aria(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Blowfish.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Blowfish.java index 24fcb6e6..117c36dd 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Blowfish.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Blowfish.java @@ -24,13 +24,14 @@ import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class Blowfish extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class Blowfish extends Algorithm implements BlockCipher, AuthenticatedEncryption, Mac { private static final String NAME = "Blowfish"; public Blowfish(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Camellia.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Camellia.java index d63b58d8..1161e233 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Camellia.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Camellia.java @@ -24,13 +24,16 @@ import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class Camellia extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class Camellia extends Algorithm + implements BlockCipher, AuthenticatedEncryption, KeyWrap, Mac { private static final String NAME = "Camellia"; public Camellia(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DES.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DES.java index 63dfd339..f9603783 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DES.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DES.java @@ -22,16 +22,16 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class DES extends Algorithm implements BlockCipher { +public final class DES extends Algorithm implements BlockCipher, Mac { // https://en.wikipedia.org/wiki/Data_Encryption_Standard private static final String NAME = "DES"; @@ -49,7 +49,6 @@ public DES(@NotNull DetectionLocation detectionLocation) { super(NAME, BlockCipher.class, detectionLocation); this.put(new KeyLength(56, detectionLocation)); this.put(new BlockSize(64, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(56, detectionLocation)); } public DES(int keyLength, @NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESede.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESede.java index 89378266..a6dc231e 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESede.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESede.java @@ -24,13 +24,15 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class DESede extends Algorithm implements BlockCipher { +public final class DESede extends Algorithm implements BlockCipher, KeyWrap, Mac { // https://en.wikipedia.org/wiki/Triple_DES private static final String NAME = "DESede"; // TripleDES, 3DES, TDES diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESedeWrap.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESedeWrap.java deleted file mode 100644 index 7f521ad9..00000000 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/DESedeWrap.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * SonarQube Cryptography Plugin - * Copyright (C) 2024 IBM - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to you under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.ibm.mapper.model.algorithms; - -import com.ibm.mapper.model.Algorithm; -import com.ibm.mapper.model.BlockCipher; -import com.ibm.mapper.model.IPrimitive; -import com.ibm.mapper.model.KeyLength; -import com.ibm.mapper.model.Mode; -import com.ibm.mapper.model.Padding; -import com.ibm.mapper.utils.DetectionLocation; -import javax.annotation.Nonnull; -import org.jetbrains.annotations.NotNull; - -public final class DESedeWrap extends Algorithm implements BlockCipher { - private static final String NAME = "DESedeWrap"; // TripleDESWrap - - @Override - public @NotNull String asString() { - final StringBuilder sb = new StringBuilder(this.name); - this.hasChildOfType(KeyLength.class).ifPresent(k -> sb.append(k.asString())); - this.hasChildOfType(Mode.class).ifPresent(m -> sb.append("-").append(m.asString())); - this.hasChildOfType(Padding.class).ifPresent(p -> sb.append("-").append(p.asString())); - return sb.toString(); - } - - public DESedeWrap(@NotNull DetectionLocation detectionLocation) { - super(NAME, BlockCipher.class, detectionLocation); - } - - public DESedeWrap(int keyLength, @NotNull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new KeyLength(keyLength, detectionLocation)); - } - - public DESedeWrap( - int keyLength, @Nonnull Mode mode, @NotNull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new KeyLength(keyLength, detectionLocation)); - this.put(mode); - } - - public DESedeWrap( - int keyLength, - @Nonnull Mode mode, - @Nonnull Padding padding, - @NotNull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new KeyLength(keyLength, detectionLocation)); - this.put(mode); - this.put(padding); - } - - public DESedeWrap( - @Nonnull final Class asKind, @NotNull DESedeWrap deSedeWrap) { - super(deSedeWrap, asKind); - } -} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java index e0e94498..41bc1761 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/HarakaV2.java @@ -21,7 +21,6 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.IPrimitive; @@ -54,7 +53,6 @@ public String asString() { public HarakaV2(@Nonnull DetectionLocation detectionLocation) { super(NAME, MessageDigest.class, detectionLocation); this.put(new DigestSize(256, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(256, detectionLocation)); } public HarakaV2(int blockSize, @Nonnull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java index 74966a2e..8b589bfa 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Kalyna.java @@ -22,15 +22,14 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.INode; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Mac; import com.ibm.mapper.utils.DetectionLocation; -import java.util.Optional; import javax.annotation.Nonnull; -public final class Kalyna extends Algorithm implements BlockCipher, Mac { +public final class Kalyna extends Algorithm implements BlockCipher, Mac, KeyWrap { // https://en.wikipedia.org/wiki/Kalyna_(cipher) // https://eprint.iacr.org/2015/650.pdf @@ -44,18 +43,8 @@ public final class Kalyna extends Algorithm implements BlockCipher, Mac { @Nonnull public String asString() { StringBuilder builtName = new StringBuilder(this.name); - - Optional blockSize = this.hasChildOfType(BlockSize.class); - Optional keyLength = this.hasChildOfType(KeyLength.class); - - if (blockSize.isPresent() && keyLength.isPresent()) { - builtName - .append("-") - .append(blockSize.get().asString()) - .append("/") - .append(keyLength.get().asString()); - } - + this.hasChildOfType(BlockSize.class).ifPresent(b -> builtName.append("-" + b.asString())); + this.hasChildOfType(KeyLength.class).ifPresent(k -> builtName.append("/" + k.asString())); return builtName.toString(); } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java index 51706e3e..41a38a58 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/KangarooTwelve.java @@ -20,21 +20,20 @@ package com.ibm.mapper.model.algorithms; import com.ibm.mapper.model.Algorithm; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.DigestSize; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.NumberOfIterations; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public final class KangarooTwelve extends Algorithm implements MessageDigest { +public final class KangarooTwelve extends Algorithm implements ExtendableOutputFunction { // https://eprint.iacr.org/2016/770.pdf private static final String NAME = "KangarooTwelve"; public KangarooTwelve(@Nonnull DetectionLocation detectionLocation) { super(NAME, MessageDigest.class, detectionLocation); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); this.put(new NumberOfIterations(12, detectionLocation)); } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java index 827cef49..dfb9bc0a 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Keccak.java @@ -21,7 +21,6 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.utils.DetectionLocation; @@ -36,11 +35,6 @@ public Keccak(@Nonnull DetectionLocation detectionLocation) { super(NAME, MessageDigest.class, detectionLocation); } - public Keccak(int capacity, @Nonnull DetectionLocation detectionLocation) { - this(detectionLocation); - this.put(new ClassicalBitSecurityLevel(capacity / 2, detectionLocation)); - } - public Keccak(@Nonnull final Class asKind, @Nonnull Keccak keccak) { super(keccak, asKind); } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java index d9e42148..4a6b89a1 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/MarsupilamiFourteen.java @@ -20,7 +20,6 @@ package com.ibm.mapper.model.algorithms; import com.ibm.mapper.model.Algorithm; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.NumberOfIterations; @@ -34,7 +33,6 @@ public final class MarsupilamiFourteen extends Algorithm implements MessageDiges public MarsupilamiFourteen(@Nonnull DetectionLocation detectionLocation) { super(NAME, MessageDigest.class, detectionLocation); - this.put(new ClassicalBitSecurityLevel(256, detectionLocation)); this.put(new NumberOfIterations(14, detectionLocation)); } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java index 792f1208..55ba322e 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ParallelHash.java @@ -21,17 +21,17 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.DigestSize; -import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public final class ParallelHash extends Algorithm implements MessageDigest { +public final class ParallelHash extends Algorithm implements ExtendableOutputFunction { // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf private static final String NAME = "ParallelHash"; public ParallelHash(@Nonnull DetectionLocation detectionLocation) { - super(NAME, MessageDigest.class, detectionLocation); + super(NAME, ExtendableOutputFunction.class, detectionLocation); } public ParallelHash(int digestSize, @Nonnull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC2.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC2.java index cb51e4d4..7aaa607c 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC2.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC2.java @@ -23,13 +23,14 @@ import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class RC2 extends Algorithm implements BlockCipher { +public final class RC2 extends Algorithm implements BlockCipher, KeyWrap { private static final String NAME = "RC2"; // ARC2 public RC2(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC6.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC6.java index 902de050..5076a5d3 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC6.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RC6.java @@ -25,12 +25,13 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public final class RC6 extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class RC6 extends Algorithm implements BlockCipher, AuthenticatedEncryption, Mac { // https://en.wikipedia.org/wiki/RC6 private static final String NAME = "RC6"; diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/RFC3211Wrap.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RFC3211Wrap.java new file mode 100644 index 00000000..8c7fb7e4 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/RFC3211Wrap.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class RFC3211Wrap extends Algorithm implements KeyWrap { + // https://datatracker.ietf.org/doc/html/rfc3211#section-2.3.1 + + private static final String NAME = "RFC 3211"; + + public RFC3211Wrap(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyWrap.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SEED.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SEED.java index f056c136..fcb21286 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SEED.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SEED.java @@ -24,13 +24,14 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class SEED extends Algorithm implements BlockCipher { +public final class SEED extends Algorithm implements BlockCipher, KeyWrap { // https://en.wikipedia.org/wiki/SEED private static final String NAME = "SEED"; diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SM4.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SM4.java index 3485489c..90a18a22 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/SM4.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/SM4.java @@ -23,12 +23,13 @@ import com.ibm.mapper.model.AuthenticatedEncryption; import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.IPrimitive; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; import org.jetbrains.annotations.NotNull; -public final class SM4 extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class SM4 extends Algorithm implements BlockCipher, AuthenticatedEncryption, Mac { private static final String NAME = "SM4"; // SMS4 public SM4(@NotNull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java index a6e2b6bd..1c7a3713 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/TupleHash.java @@ -21,17 +21,17 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.DigestSize; -import com.ibm.mapper.model.MessageDigest; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public final class TupleHash extends Algorithm implements MessageDigest { +public final class TupleHash extends Algorithm implements ExtendableOutputFunction { // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf private static final String NAME = "TupleHash"; public TupleHash(@Nonnull DetectionLocation detectionLocation) { - super(NAME, MessageDigest.class, detectionLocation); + super(NAME, ExtendableOutputFunction.class, detectionLocation); } public TupleHash(int digestSize, @Nonnull DetectionLocation detectionLocation) { diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Twofish.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Twofish.java index e8633ac0..9b5fa4d7 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Twofish.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Twofish.java @@ -25,12 +25,13 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public final class Twofish extends Algorithm implements BlockCipher, AuthenticatedEncryption { +public final class Twofish extends Algorithm implements BlockCipher, AuthenticatedEncryption, Mac { // https://en.wikipedia.org/wiki/Twofish private static final String NAME = "Twofish"; diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java index 01747c25..8db53e50 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/Xoodyak.java @@ -21,7 +21,6 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.NumberOfIterations; @@ -37,7 +36,6 @@ public final class Xoodyak extends Algorithm public Xoodyak(@Nonnull DetectionLocation detectionLocation) { this(MessageDigest.class, detectionLocation); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); this.put(new NumberOfIterations(12, detectionLocation)); } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ascon/Ascon.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ascon/Ascon.java index fd8e0ded..b139f68a 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/ascon/Ascon.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/ascon/Ascon.java @@ -22,7 +22,6 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; import com.ibm.mapper.model.BlockCipher; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; @@ -48,6 +47,5 @@ protected Ascon( @Nonnull final Class asKind, @NotNull DetectionLocation detectionLocation) { super(name, asKind, detectionLocation); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/blake/BLAKE2X.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/blake/BLAKE2X.java index 1b8961f8..e9633fe8 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/blake/BLAKE2X.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/blake/BLAKE2X.java @@ -20,17 +20,18 @@ package com.ibm.mapper.model.algorithms.blake; import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public final class BLAKE2X extends Algorithm implements MessageDigest { +public final class BLAKE2X extends Algorithm implements ExtendableOutputFunction { // https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2 private static final String NAME = "BLAKE2X"; public BLAKE2X(@Nonnull MessageDigest blake2, @Nonnull DetectionLocation detectionLocation) { - super(NAME, MessageDigest.class, detectionLocation); + super(NAME, ExtendableOutputFunction.class, detectionLocation); this.put(blake2); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Delirium.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Delirium.java index 0fd2494e..c1ecc6b8 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Delirium.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Delirium.java @@ -20,7 +20,6 @@ package com.ibm.mapper.model.algorithms.elephant; import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.TagLength; import com.ibm.mapper.utils.DetectionLocation; import org.jetbrains.annotations.NotNull; @@ -32,6 +31,5 @@ public Delirium(@NotNull DetectionLocation detectionLocation) { super(NAME, detectionLocation); this.put(new BlockSize(200, detectionLocation)); this.put(new TagLength(128, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(127, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Dumbo.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Dumbo.java index 4b1b272c..6e6755dd 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Dumbo.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Dumbo.java @@ -20,7 +20,6 @@ package com.ibm.mapper.model.algorithms.elephant; import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.TagLength; import com.ibm.mapper.utils.DetectionLocation; import org.jetbrains.annotations.NotNull; @@ -32,6 +31,5 @@ public Dumbo(@NotNull DetectionLocation detectionLocation) { super(NAME, detectionLocation); this.put(new BlockSize(160, detectionLocation)); this.put(new TagLength(64, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(112, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Jumbo.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Jumbo.java index 97fc8274..ba4bdc7d 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Jumbo.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/elephant/Jumbo.java @@ -20,7 +20,6 @@ package com.ibm.mapper.model.algorithms.elephant; import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.TagLength; import com.ibm.mapper.utils.DetectionLocation; import org.jetbrains.annotations.NotNull; @@ -32,6 +31,5 @@ public Jumbo(@NotNull DetectionLocation detectionLocation) { super(NAME, detectionLocation); this.put(new BlockSize(176, detectionLocation)); this.put(new TagLength(64, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(127, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/CryptoPro.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/CryptoPro.java new file mode 100644 index 00000000..d96d6df4 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/CryptoPro.java @@ -0,0 +1,35 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.algorithms.gost; + +import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.KeyWrap; +import com.ibm.mapper.utils.DetectionLocation; +import javax.annotation.Nonnull; + +public class CryptoPro extends Algorithm implements KeyWrap { + // https://datatracker.ietf.org/doc/html/rfc4357#section-6.3 + + private static final String NAME = "CryptoPro"; + + public CryptoPro(@Nonnull DetectionLocation detectionLocation) { + super(NAME, KeyWrap.class, detectionLocation); + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java index 774bf862..53e754dc 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/gost/GOST28147.java @@ -25,6 +25,7 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.Mac; import com.ibm.mapper.model.Mode; import com.ibm.mapper.utils.DetectionLocation; @@ -32,8 +33,9 @@ import org.jetbrains.annotations.NotNull; public final class GOST28147 extends Algorithm - implements BlockCipher, AuthenticatedEncryption, Mac { + implements BlockCipher, AuthenticatedEncryption, Mac, KeyWrap { // https://www.rfc-editor.org/rfc/rfc5830 + // Key Wrap: https://datatracker.ietf.org/doc/html/rfc4357#section-6.1 private static final String NAME = "GOST28147"; // Magma, GOST 28147-89 (RFC 5830) diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128.java index c3312c1a..533acb36 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128.java @@ -19,7 +19,6 @@ */ package com.ibm.mapper.model.algorithms.grain; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.InitializationVectorLength; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.StreamCipher; @@ -33,6 +32,5 @@ public Grain128(@Nonnull DetectionLocation detectionLocation) { super(NAME, StreamCipher.class, detectionLocation); this.put(new KeyLength(128, detectionLocation)); this.put(new InitializationVectorLength(96, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEAD.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEAD.java index f2bdd65b..8d9bc00a 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEAD.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEAD.java @@ -20,13 +20,12 @@ package com.ibm.mapper.model.algorithms.grain; import com.ibm.mapper.model.AuthenticatedEncryption; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.InitializationVectorLength; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public class Grain128AEAD extends Grain { +public class Grain128AEAD extends Grain implements AuthenticatedEncryption { // https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/grain-128aead-spec-round2.pdf private static final String NAME = "Grain-128AEAD"; @@ -35,6 +34,5 @@ public Grain128AEAD(@Nonnull DetectionLocation detectionLocation) { super(NAME, AuthenticatedEncryption.class, detectionLocation); this.put(new KeyLength(128, detectionLocation)); this.put(new InitializationVectorLength(96, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEADv2.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEADv2.java index 1be27022..578233e8 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEADv2.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128AEADv2.java @@ -20,13 +20,12 @@ package com.ibm.mapper.model.algorithms.grain; import com.ibm.mapper.model.AuthenticatedEncryption; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.InitializationVectorLength; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.utils.DetectionLocation; import javax.annotation.Nonnull; -public class Grain128AEADv2 extends Grain { +public class Grain128AEADv2 extends Grain implements AuthenticatedEncryption { // https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/grain-128aead-spec-final.pdf private static final String NAME = "Grain-128AEADv2"; @@ -35,6 +34,5 @@ public Grain128AEADv2(@Nonnull DetectionLocation detectionLocation) { super(NAME, AuthenticatedEncryption.class, detectionLocation); this.put(new KeyLength(128, detectionLocation)); this.put(new InitializationVectorLength(96, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128a.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128a.java index 210050c3..caa59adb 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128a.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grain128a.java @@ -19,7 +19,6 @@ */ package com.ibm.mapper.model.algorithms.grain; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.InitializationVectorLength; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.StreamCipher; @@ -33,6 +32,5 @@ public Grain128a(@Nonnull DetectionLocation detectionLocation) { super(NAME, StreamCipher.class, detectionLocation); this.put(new KeyLength(128, detectionLocation)); this.put(new InitializationVectorLength(96, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv0.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv0.java index b28b0b12..85c725cd 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv0.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv0.java @@ -19,7 +19,6 @@ */ package com.ibm.mapper.model.algorithms.grain; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.InitializationVectorLength; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.StreamCipher; @@ -35,6 +34,5 @@ public Grainv0(@Nonnull DetectionLocation detectionLocation) { super(NAME, StreamCipher.class, detectionLocation); this.put(new KeyLength(80, detectionLocation)); this.put(new InitializationVectorLength(64, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(80, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv1.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv1.java index 10cbfe82..26a32921 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv1.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/grain/Grainv1.java @@ -19,7 +19,6 @@ */ package com.ibm.mapper.model.algorithms.grain; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.InitializationVectorLength; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.StreamCipher; @@ -33,6 +32,5 @@ public Grainv1(@Nonnull DetectionLocation detectionLocation) { super(NAME, StreamCipher.class, detectionLocation); this.put(new KeyLength(80, detectionLocation)); this.put(new InitializationVectorLength(64, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(80, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java index bd10c289..5fef5acc 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/isap/Isap.java @@ -21,7 +21,6 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.IPrimitive; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.NonceLength; @@ -48,6 +47,5 @@ protected Isap(@Nonnull String name, @NotNull DetectionLocation detectionLocatio this.put(new KeyLength(128, detectionLocation)); this.put(new NonceLength(128, detectionLocation)); this.put(new TagLength(128, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(128, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/shake/CSHAKE.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/shake/CSHAKE.java index 5781c09e..9cdd504f 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/shake/CSHAKE.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/shake/CSHAKE.java @@ -20,21 +20,21 @@ package com.ibm.mapper.model.algorithms.shake; import com.ibm.mapper.model.Algorithm; +import com.ibm.mapper.model.ExtendableOutputFunction; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.IPrimitive; -import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.ParameterSetIdentifier; import com.ibm.mapper.utils.DetectionLocation; import java.util.Optional; import javax.annotation.Nonnull; -public final class CSHAKE extends Algorithm implements MessageDigest { +public final class CSHAKE extends Algorithm implements ExtendableOutputFunction { // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf private static final String NAME = "cSHAKE"; // customizable SHAKE public CSHAKE(@Nonnull DetectionLocation detectionLocation) { - super(NAME, MessageDigest.class, detectionLocation); + super(NAME, ExtendableOutputFunction.class, detectionLocation); } /** Returns a name of the form "cSHAKEXXX" where XXX is the parameter set identifer */ diff --git a/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java index ab86ebea..f6c51868 100644 --- a/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java +++ b/mapper/src/main/java/com/ibm/mapper/model/algorithms/sparkle/Schwaemm.java @@ -22,7 +22,6 @@ import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.AuthenticatedEncryption; import com.ibm.mapper.model.BlockCipher; -import com.ibm.mapper.model.ClassicalBitSecurityLevel; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.KeyLength; import com.ibm.mapper.model.NonceLength; @@ -71,6 +70,5 @@ public Schwaemm(int rate, int capacity, @Nonnull DetectionLocation detectionLoca this.put(new KeyLength(capacity, detectionLocation)); this.put(new TagLength(capacity, detectionLocation)); this.put(new NonceLength(rate, detectionLocation)); - this.put(new ClassicalBitSecurityLevel(capacity - 8, detectionLocation)); } } diff --git a/mapper/src/main/java/com/ibm/mapper/model/collections/MergeableCollection.java b/mapper/src/main/java/com/ibm/mapper/model/collections/MergeableCollection.java new file mode 100644 index 00000000..f652e9c2 --- /dev/null +++ b/mapper/src/main/java/com/ibm/mapper/model/collections/MergeableCollection.java @@ -0,0 +1,54 @@ +/* + * SonarQube Cryptography Plugin + * Copyright (C) 2024 IBM + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.ibm.mapper.model.collections; + +import com.ibm.mapper.model.INode; +import java.util.List; +import javax.annotation.Nonnull; +import org.jetbrains.annotations.NotNull; + +/** + * This is a special collection of INode: when multiple {@code MergeableCollection} are appended to + * a parent node, they get merged (only one {@code MergeableCollection} is actually appended, + * containing the merged collection and the merged list of children). + * + *

This differs from the default behavior, in which the root nodes are duplicated to create + * multiple trees, each containing one instance of the various {@code MergeableCollection}. + */ +public class MergeableCollection extends AbstractAssetCollection { + + public MergeableCollection(@NotNull List collection) { + super(collection, MergeableCollection.class); + } + + private MergeableCollection(@Nonnull MergeableCollection mergeableCollection) { + super(mergeableCollection.collection, mergeableCollection.kind); + } + + @Nonnull + @Override + public INode deepCopy() { + MergeableCollection copy = new MergeableCollection(this); + for (INode child : this.children.values()) { + copy.children.put(child.getKind(), child.deepCopy()); + } + return copy; + } +} diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/UsualPerformActions.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/UsualPerformActions.java index d8ca03c7..3456229d 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/UsualPerformActions.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/UsualPerformActions.java @@ -62,6 +62,14 @@ private UsualPerformActions() { return roots; }; + /** + * When there is a parent node and a child node of the same {@code kind}, this action will merge + * both. In detail, it will put all the children nodes of the parent as children of the child + * node, and will replace the parent node by the child node in the tree of nodes. + * + * @param kind - The kind of the parent and child nodes + * @return A reorganization action (a {@code Function3}) + */ @Nonnull public static final IFunctionPerformReorganization performMergeParentAndChildOfSameKind( Class kind) { diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AeadBlockCipherReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AeadBlockCipherReorganizer.java index dd14205a..195ee353 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AeadBlockCipherReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AeadBlockCipherReorganizer.java @@ -27,7 +27,6 @@ import com.ibm.mapper.reorganizer.builder.ReorganizerRuleBuilder; import java.util.List; import javax.annotation.Nonnull; -import org.jetbrains.annotations.Unmodifiable; public final class AeadBlockCipherReorganizer { @@ -36,7 +35,7 @@ private AeadBlockCipherReorganizer() { } @Nonnull - private static final IReorganizerRule MERGE_AE_PARENT_AND_CHILD = + public static final IReorganizerRule MERGE_AE_PARENT_AND_CHILD = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(AuthenticatedEncryption.class) @@ -51,7 +50,7 @@ private AeadBlockCipherReorganizer() { AuthenticatedEncryption.class)); @Nonnull - private static final IReorganizerRule MOVE_TAG_LENGTH_UNDER_MAC = + public static final IReorganizerRule MOVE_TAG_LENGTH_UNDER_MAC = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(AuthenticatedEncryption.class) @@ -75,10 +74,4 @@ private AeadBlockCipherReorganizer() { node.removeChildOfType(TagLength.class); return roots; }); - - @Unmodifiable - @Nonnull - public static List rules() { - return List.of(MERGE_AE_PARENT_AND_CHILD, MOVE_TAG_LENGTH_UNDER_MAC); - } } diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AsymmetricBlockCipherReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AsymmetricBlockCipherReorganizer.java index 532ebd68..4fdf1d6a 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AsymmetricBlockCipherReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/AsymmetricBlockCipherReorganizer.java @@ -20,19 +20,15 @@ package com.ibm.mapper.reorganizer.rules; import com.ibm.mapper.ITranslator; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.DigestSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.MessageDigest; import com.ibm.mapper.model.PublicKeyEncryption; -import com.ibm.mapper.model.padding.OAEP; import com.ibm.mapper.reorganizer.IReorganizerRule; +import com.ibm.mapper.reorganizer.UsualPerformActions; import com.ibm.mapper.reorganizer.builder.ReorganizerRuleBuilder; -import java.util.ArrayList; import java.util.List; -import java.util.Map; import javax.annotation.Nonnull; -import org.jetbrains.annotations.Unmodifiable; public final class AsymmetricBlockCipherReorganizer { @@ -41,7 +37,7 @@ private AsymmetricBlockCipherReorganizer() { } @Nonnull - private static final IReorganizerRule MERGE_PKE = + public static final IReorganizerRule MERGE_PKE_PARENT_AND_CHILD = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(PublicKeyEncryption.class) @@ -53,39 +49,11 @@ private AsymmetricBlockCipherReorganizer() { .forNodeKind(PublicKeyEncryption.class) .noAction())) .perform( - (node, parent, roots) -> { - INode newPke = - node.getChildren() - .get(PublicKeyEncryption.class) - .deepCopy(); - - for (Map.Entry, INode> childKeyValue : - node.getChildren().entrySet()) { - if (!childKeyValue.getKey().equals(PublicKeyEncryption.class)) { - newPke.put(childKeyValue.getValue()); - } - } - - if (parent == null) { - // `node` is a root node - // Create a copy of the roots list - List rootsCopy = new ArrayList<>(roots); - for (int i = 0; i < rootsCopy.size(); i++) { - if (rootsCopy.get(i).equals(node)) { - rootsCopy.set(i, newPke); - break; - } - } - return rootsCopy; - } else { - // Replace the previous PublicKeyEncryption node - parent.put(newPke); - return roots; - } - }); + UsualPerformActions.performMergeParentAndChildOfSameKind( + PublicKeyEncryption.class)); @Nonnull - private static final IReorganizerRule INVERT_DIGEST_AND_ITS_SIZE = + public static final IReorganizerRule INVERT_DIGEST_AND_ITS_SIZE = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(DigestSize.class) @@ -96,57 +64,24 @@ private AsymmetricBlockCipherReorganizer() { .forNodeKind(MessageDigest.class) .noAction())) .perform( - (node, parent, roots) -> { + (digestSizeNode, parent, roots) -> { if (parent == null) { // Do nothing return roots; } INode messageDigestChild = - node.getChildren().get(MessageDigest.class).deepCopy(); + digestSizeNode.getChildren().get(MessageDigest.class); /* Append the DigestSize (without its DigestSize) child to the new DigestSize */ - INode digestSize = node.deepCopy(); - digestSize.removeChildOfType(MessageDigest.class); - messageDigestChild.put(digestSize); + digestSizeNode.removeChildOfType(MessageDigest.class); + messageDigestChild.put(digestSizeNode); + + // Remove the DigestSize from the parent + parent.removeChildOfType(DigestSize.class); // Append the MessageDigest to the parent parent.put(messageDigestChild); return roots; }); - - @Nonnull - private static final IReorganizerRule MOVE_HASH_UNDER_OAEP = - new ReorganizerRuleBuilder() - .createReorganizerRule() - .forNodeKind(BlockCipher.class) - .includingChildren( - List.of( - new ReorganizerRuleBuilder() - .createReorganizerRule() - .forNodeKind(OAEP.class) - .noAction(), - new ReorganizerRuleBuilder() - .createReorganizerRule() - .forNodeKind(MessageDigest.class) - .noAction())) - .perform( - (node, parent, roots) -> { - INode oaepChild = node.getChildren().get(OAEP.class); - INode messageDigestChild = - node.getChildren().get(MessageDigest.class).deepCopy(); - - // Add the message digest under the OAEP node - oaepChild.put(messageDigestChild); - // Remove the message digest from the BlockCipher's children - node.removeChildOfType(MessageDigest.class); - - return roots; - }); - - @Unmodifiable - @Nonnull - public static List rules() { - return List.of(MERGE_PKE, INVERT_DIGEST_AND_ITS_SIZE, MOVE_HASH_UNDER_OAEP); - } } diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/BlockCipherReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/BlockCipherReorganizer.java index 9fee8683..f15e349c 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/BlockCipherReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/BlockCipherReorganizer.java @@ -19,16 +19,11 @@ */ package com.ibm.mapper.reorganizer.rules; -import com.ibm.mapper.model.Algorithm; import com.ibm.mapper.model.BlockCipher; -import com.ibm.mapper.model.INode; import com.ibm.mapper.reorganizer.IReorganizerRule; +import com.ibm.mapper.reorganizer.UsualPerformActions; import com.ibm.mapper.reorganizer.builder.ReorganizerRuleBuilder; -import java.util.ArrayList; import java.util.List; -import java.util.Map; -import javax.annotation.Nonnull; -import org.jetbrains.annotations.Unmodifiable; public final class BlockCipherReorganizer { @@ -36,7 +31,7 @@ private BlockCipherReorganizer() { // private } - private static final IReorganizerRule MERGE_BLOCK_CIPHER_PARENT_AND_CHILD = + public static final IReorganizerRule MERGE_BLOCK_CIPHER_PARENT_AND_CHILD = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(BlockCipher.class) @@ -47,41 +42,6 @@ private BlockCipherReorganizer() { .forNodeKind(BlockCipher.class) .noAction())) .perform( - (node, parent, roots) -> { - Algorithm newBlockCipher = - (Algorithm) - node.getChildren() - .get(BlockCipher.class) - .deepCopy(); - - for (Map.Entry, INode> childKeyValue : - node.getChildren().entrySet()) { - if (!childKeyValue.getKey().equals(BlockCipher.class)) { - newBlockCipher.put(childKeyValue.getValue()); - } - } - - if (parent == null) { - // `node` is a root node - // Create a copy of the roots list - List rootsCopy = new ArrayList<>(roots); - for (int i = 0; i < rootsCopy.size(); i++) { - if (rootsCopy.get(i).equals(node)) { - rootsCopy.set(i, newBlockCipher); - break; - } - } - return rootsCopy; - } else { - // Replace the previous BlockCipher node - parent.put(newBlockCipher); - return roots; - } - }); - - @Unmodifiable - @Nonnull - public static List rules() { - return List.of(MERGE_BLOCK_CIPHER_PARENT_AND_CHILD); - } + UsualPerformActions.performMergeParentAndChildOfSameKind( + BlockCipher.class)); } diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/CipherParameterReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/CipherParameterReorganizer.java index 06c16e75..1b56ad93 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/CipherParameterReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/CipherParameterReorganizer.java @@ -29,7 +29,6 @@ import com.ibm.mapper.reorganizer.builder.ReorganizerRuleBuilder; import java.util.List; import javax.annotation.Nonnull; -import org.jetbrains.annotations.Unmodifiable; public final class CipherParameterReorganizer { @@ -39,7 +38,7 @@ private CipherParameterReorganizer() { /* Used for AEADParameters */ @Nonnull - private static final IReorganizerRule MOVE_KEY_LENGTH_UP = + public static final IReorganizerRule MOVE_KEY_LENGTH_UNDER_TAG_LENGTH_UP = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(TagLength.class) @@ -51,8 +50,7 @@ private CipherParameterReorganizer() { .noAction())) .perform( (node, parent, roots) -> { - INode keyLengthChild = - node.getChildren().get(KeyLength.class).deepCopy(); + INode keyLengthChild = node.getChildren().get(KeyLength.class); if (parent == null) { // Do nothing return roots; @@ -66,7 +64,7 @@ private CipherParameterReorganizer() { }); @Nonnull - private static final IReorganizerRule MOVE_NODES_UNDER_ENCRYPT_UP = + public static final IReorganizerRule MOVE_NODES_UNDER_ENCRYPT_UP = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(Encrypt.class) @@ -74,17 +72,10 @@ private CipherParameterReorganizer() { .perform(UsualPerformActions.performMovingChildrenUp); @Nonnull - private static final IReorganizerRule MOVE_NODES_UNDER_DECRYPT_UP = + public static final IReorganizerRule MOVE_NODES_UNDER_DECRYPT_UP = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(Decrypt.class) .withAnyNonNullChildren() .perform(UsualPerformActions.performMovingChildrenUp); - - @Unmodifiable - @Nonnull - public static List rules() { - return List.of( - MOVE_KEY_LENGTH_UP, MOVE_NODES_UNDER_ENCRYPT_UP, MOVE_NODES_UNDER_DECRYPT_UP); - } } diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java index 710eab4d..e4644829 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/MacReorganizer.java @@ -28,6 +28,7 @@ import com.ibm.mapper.model.Mode; import com.ibm.mapper.model.Padding; import com.ibm.mapper.model.StreamCipher; +import com.ibm.mapper.model.TagLength; import com.ibm.mapper.reorganizer.IReorganizerRule; import com.ibm.mapper.reorganizer.builder.ReorganizerRuleBuilder; import java.util.ArrayList; @@ -35,7 +36,6 @@ import java.util.List; import java.util.Map; import javax.annotation.Nonnull; -import org.jetbrains.annotations.Unmodifiable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -47,7 +47,7 @@ private MacReorganizer() { } @Nonnull - private static final IReorganizerRule MERGE_UNKNOWN_MAC_AND_CIPHER = + public static final IReorganizerRule MERGE_UNKNOWN_MAC_PARENT_AND_CIPHER_CHILD = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(Mac.class) @@ -61,10 +61,8 @@ private MacReorganizer() { .perform( (node, parent, roots) -> { Algorithm blockCipher = - (Algorithm) - node.getChildren() - .get(BlockCipher.class) - .deepCopy(); + (Algorithm) node.getChildren().get(BlockCipher.class); + /* TODO: doing this is not ideal because we "lose" the original class (i.e. AES) of the node, which prevents class-specific enrichment */ INode newMac = new Algorithm(blockCipher, Mac.class); for (Map.Entry, INode> childKeyValue : @@ -92,8 +90,18 @@ private MacReorganizer() { } }); + /** + * A reorganizer rule for moving cipher configuration nodes (e.g., Mode, Padding, BlockSize) + * under their respective cipher parent nodes (BlockCipher or StreamCipher) within a {@code Mac} + * node. + * + *

This rule is designed to enforce a hierarchical structure where cryptographic + * configuration parameters such as {@code Mode}, {@code Padding}, and {@code BlockSize} are + * directly associated with their corresponding cipher (either a {@code BlockCipher} or {@code + * StreamCipher}), rather than being children of the {@code Mac} node. + */ @Nonnull - private static final IReorganizerRule MOVE_NODES_UNDER_CIPHER = + public static final IReorganizerRule MOVE_SOME_MAC_CHILDREN_UNDER_BLOCKCIPHER = new ReorganizerRuleBuilder() .createReorganizerRule() .forNodeKind(Mac.class) @@ -154,83 +162,26 @@ private MacReorganizer() { return roots; }); - /* - private static final IReorganizerRule RENAME_MAC = + @Nonnull + public static final IReorganizerRule MOVE_TAG_LENGTH_UNDER_MAC = new ReorganizerRuleBuilder() .createReorganizerRule() - .forNodeKind(HMAC.class) + .forNodeKind(Mac.class) .withDetectionCondition( - (node, parent, roots) -> { - return node.asString().contains(ITranslator.UNKNOWN) - && (node.hasChildOfType(BlockCipher.class).isPresent() - || node.hasChildOfType(StreamCipher.class) - .isPresent() - || node.hasChildOfType(MessageDigest.class) - .isPresent()); - }) + (node, parent, roots) -> + parent != null + && parent.hasChildOfType(TagLength.class).isPresent()) .perform( (node, parent, roots) -> { - // Get the child node which defines the name of the Mac - // Typically, a BlockCipher, StreamCipher or MessageDigest - INode referenceChild = null; - for (Map.Entry, INode> entry : - node.getChildren().entrySet()) { - Class kind = entry.getKey(); - if (kind.equals(BlockCipher.class) - || kind.equals(StreamCipher.class) - || kind.equals(MessageDigest.class)) { - if (referenceChild != null) { - // Detect when there are mutliple "reference" children - LOGGER.warn( - "Mac name must be determined by a BlockCipher, StreamCipher or MessageDigest child, but the mac has several of these children. It will use the " - + kind.getSimpleName()); - } - referenceChild = entry.getValue(); - } - } - - // Create the new name of the Mac node by replacing the UNKNOWN part. - // TODO: This is a simple version where we use only the name of the reference child, - // but it could be modified to include infromation from a potential mode or size subchild - String newMacName = - node.asString() - .replace( - ITranslator.UNKNOWN, - referenceChild.asString()); - - // Create the new Mac node - DetectionLocation detectionLocation = - ((IAsset) node).getDetectionContext(); - HMAC newMac = - new HMAC(new Algorithm(newMacName, detectionLocation)); - - // Add all the Mac children to the new Mac node - for (Map.Entry, INode> childKeyValue : - node.getChildren().entrySet()) { - newMac.put(childKeyValue.getValue()); - } - if (parent == null) { - // `node` is a root node - // Create a copy of the roots list - List rootsCopy = new ArrayList<>(roots); - for (int i = 0; i < rootsCopy.size(); i++) { - if (rootsCopy.get(i).equals(node)) { - rootsCopy.set(i, newMac); - break; - } - } - return rootsCopy; - } else { - // Replace the previous Mac node - parent.put(newMac); return roots; } - });*/ + INode tagLengthChild = parent.getChildren().get(TagLength.class); - @Unmodifiable - @Nonnull - public static List rules() { - return List.of(MERGE_UNKNOWN_MAC_AND_CIPHER, MOVE_NODES_UNDER_CIPHER); // RENAME_MAC - } + // Append the TagLength to the Mac node and remove it from the + // parent node + node.put(tagLengthChild); + parent.removeChildOfType(TagLength.class); + return roots; + }); } diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/SignatureReorganizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/SignatureReorganizer.java index 3a9ccd22..27e4d2b2 100644 --- a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/SignatureReorganizer.java +++ b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/SignatureReorganizer.java @@ -45,7 +45,7 @@ private SignatureReorganizer() { } @Nonnull - public static final IReorganizerRule MERGE_SIGNATURE_UNKNOWN_PARENT_AND_CHILD = + public static final IReorganizerRule MERGE_UNKNOWN_SIGNATURE_PARENT_AND_CHILD = new ReorganizerRuleBuilder() .createReorganizerRule("MERGE_SIGNATURE_UNKNOWN_PARENT_AND_CHILD") .forNodeKind(Signature.class) diff --git a/python/src/main/java/com/ibm/plugin/translation/translator/contexts/PycaCipherContextTranslator.java b/python/src/main/java/com/ibm/plugin/translation/translator/contexts/PycaCipherContextTranslator.java index d4b75d93..8c2d56f9 100644 --- a/python/src/main/java/com/ibm/plugin/translation/translator/contexts/PycaCipherContextTranslator.java +++ b/python/src/main/java/com/ibm/plugin/translation/translator/contexts/PycaCipherContextTranslator.java @@ -32,8 +32,8 @@ import com.ibm.mapper.model.BlockSize; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.algorithms.AES; -import com.ibm.mapper.model.algorithms.AESWrap; import com.ibm.mapper.model.functionality.Decrypt; import com.ibm.mapper.model.functionality.Encapsulate; import com.ibm.mapper.model.functionality.Encrypt; @@ -117,7 +117,11 @@ public final class PycaCipherContextTranslator implements IContextTranslation switch (str.toUpperCase().trim()) { case "AES" -> - new AESWrap(128, detectionLocation); + new AES( + KeyWrap.class, + new AES( + 128, + detectionLocation)); default -> null; }) .map( diff --git a/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingTest.java b/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingTest.java index 380a4b65..a42fe232 100644 --- a/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingTest.java +++ b/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingTest.java @@ -25,9 +25,9 @@ import com.ibm.engine.model.CipherAction; import com.ibm.engine.model.IValue; import com.ibm.engine.model.context.CipherContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.functionality.Encapsulate; import com.ibm.plugin.TestBase; import java.util.List; @@ -68,9 +68,9 @@ public void asserts( // BlockCipher INode blockCipherNode = nodes.get(0); - assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(2); - assertThat(blockCipherNode.asString()).isEqualTo("AESWrap128"); + assertThat(blockCipherNode.getKind()).isEqualTo(KeyWrap.class); + assertThat(blockCipherNode.getChildren()).hasSize(4); + assertThat(blockCipherNode.asString()).isEqualTo("AES128"); // KeyLength under BlockCipher INode keyLengthNode = blockCipherNode.getChildren().get(KeyLength.class); diff --git a/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingWithPaddingTest.java b/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingWithPaddingTest.java index 89cae6ec..2a11ed13 100644 --- a/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingWithPaddingTest.java +++ b/python/src/test/java/com/ibm/plugin/rules/detection/wrapping/PycaWrappingWithPaddingTest.java @@ -25,9 +25,9 @@ import com.ibm.engine.model.CipherAction; import com.ibm.engine.model.IValue; import com.ibm.engine.model.context.CipherContext; -import com.ibm.mapper.model.BlockCipher; import com.ibm.mapper.model.INode; import com.ibm.mapper.model.KeyLength; +import com.ibm.mapper.model.KeyWrap; import com.ibm.mapper.model.functionality.Encapsulate; import com.ibm.plugin.TestBase; import java.util.List; @@ -68,9 +68,9 @@ public void asserts( // BlockCipher INode blockCipherNode = nodes.get(0); - assertThat(blockCipherNode.getKind()).isEqualTo(BlockCipher.class); - assertThat(blockCipherNode.getChildren()).hasSize(2); - assertThat(blockCipherNode.asString()).isEqualTo("AESWrap128"); + assertThat(blockCipherNode.getKind()).isEqualTo(KeyWrap.class); + assertThat(blockCipherNode.getChildren()).hasSize(4); + assertThat(blockCipherNode.asString()).isEqualTo("AES128"); // KeyLength under BlockCipher INode keyLengthNode = blockCipherNode.getChildren().get(KeyLength.class);