TaintConfigValidationTest.java example

Explorer
find-sec-bugs-master
/**
 * Find Security Bugs
 * Copyright (c) Philippe Arteau, All rights reserved.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 3.0 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.
 */
package com.h3xstream.findsecbugs.taintanalysis;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.Arrays;

import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.fail;

import org.testng.annotations.Test;

public class TaintConfigValidationTest extends BaseConfigValidationTest {

    private static final boolean DEBUG = false;

    @Test
    public void validateGeneralTaintConfigAndSafeEncoders() throws IOException {
        for(String directory : Arrays.asList("/taint-config", "/safe-encoders")) {
            InputStream in = getClass().getResourceAsStream(directory);
            assertNotNull(in, "Unable list the resources in the taint-config directory");

            BufferedReader br = new BufferedReader(new InputStreamReader(in));
            String file;
            while ((file = br.readLine()) != null) {
                System.out.println("File : " + file);

                ////////////
                // Validate annotation (list of annotation with parameters)
                if ("taint-param-annotations.txt".equals(file)) {

                    BufferedReader br2 = new BufferedReader(new InputStreamReader(in));
                    String line;
                    while ((line = br2.readLine()) != null) {
                        String annotation = line.replace('/', '.');
                        validateClass(annotation, file);
                    }

                }
                ////////////
                // Validate method summaries
                else {
                    InputStream inFile = getClass().getResourceAsStream(directory+"/"+ file);
                    assertNotNull(inFile, "File not found: "+ directory+ "/"+file);

                    validateFile(inFile,file);
                }
            }
        }

    }

    /**
     * Processing of taint configuration files
     * @param inFile
     * @param origfileName
     * @throws IOException
     */
    public void validateFile(InputStream inFile, final String origfileName) throws IOException {
        loader.load(inFile, new TaintConfigLoader.TaintConfigReceiver() {
            @Override
            public void receiveTaintConfig(String typeSignature, String config) throws IOException {
                if (DEBUG) {
                    System.out.println("[?] fmn: " + typeSignature);
                }

                String className;
                if(typeSignature.startsWith("L") && typeSignature.endsWith(";")) {
                    String immutableType = typeSignature.substring(1,typeSignature.length()-1);
                    className = immutableType;
                }
                else {
                    String[] methodParts = typeSignature.split("\\.");
                    className = methodParts[0];
                }

                className = className.replace('/','.');

                //Test the validity of the class name
                validateClass(className, origfileName);
            }
        });
    }
}