Merge pull request #829 from CROSSINGTUD/fix/classpath-parser

Integrate new CrySL parser that supports classpaths

Author: schlichtig

CryptoAnalysis/pom.xml

@@ -120,6 +120,12 @@
             <version>3.17.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>1.80</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>com.google.crypto.tink</groupId>
             <artifactId>tink</artifactId>

CryptoAnalysis/src/main/java/crypto/analysis/CryptoScanner.java

@@ -25,7 +25,9 @@
 import crypto.predicates.PredicateAnalysis;
 import crysl.CrySLParser;
 import crysl.rule.CrySLRule;
+import java.io.File;
 import java.io.IOException;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -55,9 +57,21 @@ public CryptoScanner() {
     }
 
     public final Collection<CrySLRule> readRules(String rulesetPath) {
+        return readRules(rulesetPath, "");
+    }
+
+    public final Collection<CrySLRule> readRules(String rulesetPath, String classPath) {
         try {
-            CrySLParser parser = new CrySLParser();
-            return parser.parseRulesFromDirectory(rulesetPath);
+            if (classPath.isEmpty()) {
+                CrySLParser parser = new CrySLParser();
+                return parser.parseRulesFromPath(rulesetPath);
+            } else {
+                Collection<String> pathSplits = Set.of(classPath.split(File.pathSeparator));
+                Collection<Path> paths = pathSplits.stream().map(Path::of).toList();
+
+                CrySLParser parser = new CrySLParser(paths);
+                return parser.parseRulesFromPath(rulesetPath);
+            }
         } catch (IOException e) {
             throw new CryptoAnalysisException("Could not read rules: " + e.getMessage());
         }

CryptoAnalysis/src/test/java/test/UsagePatternTestingFramework.java

@@ -103,6 +103,7 @@ public void beforeTestCaseExecution() {
         scanner.addResultsListener(resultsListener);
 
         scanner.scan(frameworkScope, rules);
+        scanner.reset();
 
         // Evaluate results
         Collection<Assertion> unsound = new ArrayList<>();

HeadlessJavaScanner/src/main/java/de/fraunhofer/iem/scanner/HeadlessJavaScanner.java

@@ -79,7 +79,7 @@ public int getTimeout() {
     public void scan() {
         // Read rules
         LOGGER.info("Reading rules from {}", settings.getRulesetPath());
-        Collection<CrySLRule> rules = super.readRules(settings.getRulesetPath());
+        Collection<CrySLRule> rules = readRules(settings.getRulesetPath(), settings.getSootPath());
         LOGGER.info("Found {} rules in {}", rules.size(), settings.getRulesetPath());
 
         // Initialize the reporters before the analysis to catch errors early

pom.xml

@@ -110,12 +110,6 @@
             <artifactId>slf4j-simple</artifactId>
             <version>2.0.17</version>
         </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk18on</artifactId>
-            <version>1.80</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>
@@ -130,7 +124,6 @@
                         <ignoredUnusedDeclaredDependencies>
                             <!-- The logger api requires a concrete provider that is not used by this project: https://www.slf4j.org/manual.html -->
                             <ignoredUnusedDeclaredDependency>org.slf4j:slf4j-simple</ignoredUnusedDeclaredDependency>
-                            <ignoredUnusedDeclaredDependencies>org.bouncycastle:bcprov-jdk18on</ignoredUnusedDeclaredDependencies>
                         </ignoredUnusedDeclaredDependencies>
                     </configuration>
                     <executions>