Merge branch 'dev/llc' into dev/java-parse

Author: Lenny Halseth

agent/src/main/java/com/codedx/codepulse/agent/trace/InstrumentationClassVisitor.java

@@ -1,3 +1,23 @@
+/*
+ * Copyright 2018 Secure Decisions, a division of Applied Visions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This material is based on research sponsored by the Department of Homeland
+ * Security (DHS) Science and Technology Directorate, Cyber Security Division
+ * (DHS S&T/CSD) via contract number HHSP233201600058C.
+ */
+
 package com.codedx.codepulse.agent.trace;
 
 import org.objectweb.asm.ClassVisitor;

agent/src/main/java/com/codedx/codepulse/agent/trace/InstrumentationMethodVisitor.java

@@ -1,3 +1,23 @@
+/*
+ * Copyright 2018 Secure Decisions, a division of Applied Visions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This material is based on research sponsored by the Department of Homeland
+ * Security (DHS) Science and Technology Directorate, Cyber Security Division
+ * (DHS S&T/CSD) via contract number HHSP233201600058C.
+ */
+
 package com.codedx.codepulse.agent.trace;
 
 import org.objectweb.asm.Label;

codepulse/src/main/scala/com/secdec/codepulse/data/storage/ZippedStorage.scala

@@ -200,11 +200,8 @@ class ZippedStorage(zipFile: ZipFile) extends Storage {
 						}
 				}
 
-				lazy val recurse = entry.isDirectory || (recursive &&
-					Storage.isZip(entry.getName) &&
-					find(s"$filename/${entry.getName}", nestedPath, new CloseShieldInputStream(zipStream), true)(predicate))
-
-				predicate(filename, entryPath, entry, zipStream) || recurse
+				predicate(filename, entryPath, entry, zipStream) ||
+					((entry.isDirectory || (recursive && Storage.isZip(entry.getName))) && (find(s"$filename/${entry.getName}", nestedPath, new CloseShieldInputStream(zipStream), true)(predicate)))
 			}
 		} finally {
 			zipStream.close

codepulse/src/main/scala/com/secdec/codepulse/input/InputFileProcessor.scala

@@ -0,0 +1,68 @@
+/*
+ * Copyright 2018 Secure Decisions, a division of Applied Visions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This material is based on research sponsored by the Department of Homeland
+ * Security (DHS) Science and Technology Directorate, Cyber Security Division
+ * (DHS S&T/CSD) via contract number HHSP233201600058C.
+ */
+
+package com.secdec.codepulse.input
+
+import akka.actor.{Actor, Stash}
+import com.codedx.codepulse.utility.Loggable
+import com.secdec.codepulse.data.storage.Storage
+import com.secdec.codepulse.events.GeneralEventBus
+import com.secdec.codepulse.input.bytecode.ByteCodeProcessor
+import com.secdec.codepulse.input.dotnet.DotNETProcessor
+import com.secdec.codepulse.processing.{ProcessEnvelope, ProcessStatus}
+import com.secdec.codepulse.processing.ProcessStatus.{DataInputAvailable, ProcessDataAvailable}
+
+class InputFileProcessor(eventBus: GeneralEventBus) extends Actor with Stash with Loggable {
+
+  import com.secdec.codepulse.util.Actor._
+
+  val languageProcessors: List[LanguageProcessor] = new ByteCodeProcessor :: new DotNETProcessor :: Nil
+
+  override def receive = {
+    case ProcessEnvelope(_, DataInputAvailable(identifier, storage, treeNodeData, sourceData, post)) => {
+      try {
+        val languageProcessor = languageProcessors.find(x => x.canProcess(storage))
+        if (languageProcessor.isDefined) {
+          languageProcessor.get.process(storage, treeNodeData, sourceData)
+          post()
+          eventBus.publish(ProcessDataAvailable(identifier, storage, treeNodeData, sourceData))
+        }
+      } catch {
+        case exception: Exception => eventBus.publish(ProcessStatus.asEnvelope(ProcessStatus.Failed(identifier, "InputFileProcessor", Some(exception))))
+      }
+    }
+
+    case CanProcessFile(file) => {
+      try {
+        Storage(file) match {
+          case Some(storage) => {
+            val languageProcessor = languageProcessors.find(x => x.canProcess(storage))
+            sender ! languageProcessor.isDefined
+          }
+          case _ => sender ! false
+        }
+      } catch {
+        case ex: Exception => {
+          logAndSendFailure(logger, "Unable to complete can-process test for input file", sender, ex)
+        }
+      }
+    }
+  }
+}

codepulse/src/main/scala/com/secdec/codepulse/input/bytecode/ByteCodeProcessor.scala

@@ -22,27 +22,16 @@ package com.secdec.codepulse.input.bytecode
 import java.io.InputStream
 import scala.collection.mutable.{ HashMap, MultiMap, Set }
 
-import akka.actor.{ Actor, Stash }
-import com.google.common.io.CharStreams
-import com.secdec.codepulse.data.bytecode.parse.ParseListener
 import com.secdec.codepulse.data.bytecode.{ AsmVisitors, CodeForestBuilder, CodeTreeNodeKind }
 import com.secdec.codepulse.data.jsp.{ JasperJspAdapter, JspAnalyzer }
 import com.secdec.codepulse.data.model.{ MethodSignatureNode, SourceDataAccess, TreeNodeDataAccess, TreeNodeImporter }
 import com.secdec.codepulse.data.storage.Storage
-import com.secdec.codepulse.events.GeneralEventBus
 import com.secdec.codepulse.input.pathnormalization.{ FilePath, NestedPath, PathNormalization }
-import com.secdec.codepulse.input.{ CanProcessFile, LanguageProcessor }
-import com.secdec.codepulse.parsers.java9.Java9Parser.CompilationUnitContext
-import com.secdec.codepulse.parsers.java9.{ Java9Lexer, Java9Parser }
-import com.secdec.codepulse.processing.{ ProcessEnvelope, ProcessStatus }
-import com.secdec.codepulse.processing.ProcessStatus.{ DataInputAvailable, ProcessDataAvailable }
+import com.secdec.codepulse.input.LanguageProcessor
 import com.secdec.codepulse.util.SmartLoader.Success
 import com.secdec.codepulse.util.SmartLoader
 import org.apache.commons.io.FilenameUtils
 import net.liftweb.common.Loggable
-//import org.antlr.v4.runtime.CharStreams
-//import org.antlr.v4.runtime.CommonTokenStream
-//import org.antlr.v4.runtime.tree.ParseTreeWalker
 import org.apache.commons.io.input.CloseShieldInputStream
 import com.github.javaparser.JavaParser
 import com.github.javaparser.ParseException
@@ -53,35 +42,14 @@ import com.github.javaparser.ast.body.ClassOrInterfaceDeclaration
 import com.github.javaparser.ast.CompilationUnit
 import com.github.javaparser.ast.PackageDeclaration
 
-class ByteCodeProcessor(eventBus: GeneralEventBus) extends Actor with Stash with LanguageProcessor with Loggable {
+class ByteCodeProcessor() extends LanguageProcessor with Loggable {
 	val group = "Classes"
 	val traceGroups = (group :: CodeForestBuilder.JSPGroupName :: Nil).toSet
 	val sourceExtensions = List("java", "jsp")
 
-	def receive = {
-		case ProcessEnvelope(_, DataInputAvailable(identifier, storage, treeNodeData, sourceData, post)) => {
-			try {
-				if(canProcess(storage)) {
-					process(storage, treeNodeData, sourceData)
-					post()
-					eventBus.publish(ProcessDataAvailable(identifier, storage, treeNodeData, sourceData))
-				}
-			} catch {
-				case exception: Exception => eventBus.publish(ProcessStatus.asEnvelope(ProcessStatus.Failed(identifier, "Java ByteCode Processor", Some(exception))))
-			}
-		}
-
-		case CanProcessFile(file) => {
-			Storage(file) match {
-				case Some(storage) => sender ! canProcess(storage)
-				case _ => sender ! false
-			}
-		}
-	}
-
 	def canProcess(storage: Storage): Boolean = {
 		storage.find() { (filename, entryPath, entry, contents) =>
-			!entry.isDirectory && FilenameUtils.getExtension(entry.getName) == "class"
+			!entry.isDirectory && (FilenameUtils.getExtension(entry.getName) == "class" || FilenameUtils.getExtension(entry.getName) == "jsp")
 		}
 	}
 

codepulse/src/main/scala/com/secdec/codepulse/input/dotnet/DotNETProcessor.scala

@@ -22,48 +22,23 @@ package com.secdec.codepulse.input.dotnet
 import java.io.File
 import scala.collection.mutable.{ HashMap, MultiMap, Set }
 
-import akka.actor.{ Actor, Stash }
 import com.secdec.codepulse.data.bytecode.{ CodeForestBuilder, CodeTreeNodeKind }
 import com.secdec.codepulse.data.dotnet.{ DotNet, SymbolReaderHTTPServiceConnector, SymbolService }
 import com.secdec.codepulse.data.model.{ MethodSignatureNode, SourceDataAccess, TreeNodeDataAccess, TreeNodeImporter }
 import com.secdec.codepulse.data.storage.Storage
-import com.secdec.codepulse.events.GeneralEventBus
-import com.secdec.codepulse.input.{ CanProcessFile, LanguageProcessor }
-import com.secdec.codepulse.processing.{ ProcessEnvelope, ProcessStatus }
-import com.secdec.codepulse.processing.ProcessStatus.{ DataInputAvailable, ProcessDataAvailable }
+import com.secdec.codepulse.input.LanguageProcessor
 import com.secdec.codepulse.input.pathnormalization.{ FilePath, NestedPath, PathNormalization }
 import scala.language.postfixOps
 import org.apache.commons.io.FilenameUtils
 
-class DotNETProcessor(eventBus: GeneralEventBus) extends Actor with Stash with LanguageProcessor {
+class DotNETProcessor() extends LanguageProcessor {
 	val group = "Classes"
 	val traceGroups = (group :: Nil).toSet
 	val sourceExtensions = List("cs", "vb", "fs", "fsi", "fsx", "fsscript", "cpp")
 
 	val symbolService = new SymbolService
 	symbolService.create
 
-	def receive = {
-		case ProcessEnvelope(_, DataInputAvailable(identifier, storage, treeNodeData, sourceData, post)) => {
-			try {
-				if(canProcess(storage)) {
-					process(storage, treeNodeData, sourceData)
-					post()
-					eventBus.publish(ProcessDataAvailable(identifier, storage, treeNodeData, sourceData))
-				}
-			} catch {
-				case exception: Exception => eventBus.publish(ProcessStatus.Failed(identifier, "dotNET Processor", Some(exception)))
-			}
-		}
-
-		case CanProcessFile(file) => {
-			Storage(file) match {
-				case Some(storage) => sender ! canProcess(storage)
-				case _ => sender ! false
-			}
-		}
-	}
-
 	def canProcess(storage: Storage): Boolean = {
 		storage.find() { (_, _, entry, _) =>
 			val extension = FilenameUtils.getExtension(entry.getName)

codepulse/src/main/scala/com/secdec/codepulse/input/project/ProjectInput.scala

@@ -20,71 +20,57 @@
 package com.secdec.codepulse.input.project
 
 import java.io.File
-import scala.concurrent.ExecutionContext.Implicits.global
 
-import akka.actor.{ Actor, ActorRef, Stash }
-import scala.collection.mutable.{ Map => MutableMap }
+import scala.concurrent.ExecutionContext.Implicits.global
+import akka.actor.{Actor, ActorRef, Stash}
+import com.codedx.codepulse.utility.Loggable
 
-import com.secdec.codepulse.data.model.{ ProjectData, ProjectId }
-import com.secdec.codepulse.data.storage.{ Storage, StorageManager }
+import scala.collection.mutable.{Map => MutableMap}
+import com.secdec.codepulse.data.model.{ProjectData, ProjectId}
+import com.secdec.codepulse.data.storage.{Storage, StorageManager}
 import com.secdec.codepulse.events.GeneralEventBus
-import com.secdec.codepulse.input.LanguageProcessor
 import com.secdec.codepulse.processing.ProcessEnvelope
 import com.secdec.codepulse.processing.ProcessStatus._
-import com.secdec.codepulse.tracer.{ BootVar, generalEventBus, projectDataProvider, projectManager }
+import com.secdec.codepulse.tracer.{BootVar, generalEventBus, projectDataProvider, projectManager}
 
 trait ProjectLoader {
 	protected def createProject: ProjectData
 }
 
-case class CreateProject(processors: List[BootVar[ActorRef]], inputFile: File, load: (ProjectData, Storage, GeneralEventBus) => Unit)
+case class CreateProject(inputFile: File, load: (ProjectData, Storage, GeneralEventBus) => Unit)
+
+class ProjectInputActor extends Actor with Stash with ProjectLoader with Loggable {
 
-class ProjectInputActor extends Actor with Stash with ProjectLoader {
+	import com.secdec.codepulse.util.Actor._
 
 	val projectCreationProcessors = MutableMap.empty[String, List[BootVar[ActorRef]]]
 
 	val projectProcessingSuccesses = MutableMap.empty[String, Integer]
 
 	val projectProcessingFailures = MutableMap.empty[String, Integer]
 
-	// TODO: handle data input by creating a project and broadcasting with 'DataInputAvailable' with project payload
-	// TODO: capture failed state to cause a failed message and redirect (as necessary) for the user
-
 	def receive = {
-		case CreateProject(processors, inputFile, load) => {
-			val projectData = createProject
-			addProjectCreators(projectData, processors)
-
-			StorageManager.storeInput(projectData.id, inputFile) match {
-				case Some(storage) =>
-					load(projectData, storage, generalEventBus)
-					sender ! projectData
-				case _ => throw new IllegalStateException(s"Unable to create storage for project ${projectData.id.num}")
+		case CreateProject(inputFile, load) => {
+			try {
+				val projectData = createProject
+				StorageManager.storeInput(projectData.id, inputFile) match {
+					case Some(storage) =>
+						load(projectData, storage, generalEventBus)
+						sender ! projectData
+					case _ => sender ! akka.actor.Status.Failure(new IllegalStateException(s"Unable to create storage for project ${projectData.id.num}"))
+				}
+			}
+			catch {
+				case ex: Exception => {
+					logAndSendFailure(logger, "Unable to complete create-project operation for input file", sender, ex)
+				}
 			}
 		}
-		case ProcessEnvelope(_, ProcessDataAvailable(identifier, file, treeNodeData, sourceData)) => {
-			val numberOfProcessors = projectCreationProcessors.get(identifier).get.length
-			val succeeded = projectProcessorSucceeded(identifier)
-			val failed = projectProcessingFailures.get(identifier).get
-
-			val remaining = numberOfProcessors - (succeeded + failed)
-
-			if(remaining == 0 && succeeded >= 1) {
+		case ProcessEnvelope(_, ProcessDataAvailable(identifier, _, _, _)) => {
 				projectManager getProject ProjectId(identifier.toInt) foreach(_.notifyLoadingFinished())
-				clearProjectCreators(identifier)
-			}
 		}
 		case ProcessEnvelope(_, Failed(identifier, action, Some(exception))) if action != "Dependency Check" => {
-			val numberOfProcessors = projectCreationProcessors.get(identifier).get.length
-			val succeeded = projectProcessingSuccesses.get(identifier).get
-			val failed = projectProcessorFailed(identifier)
-
-			val remaining = numberOfProcessors - (succeeded + failed)
-
-			if(remaining == 0 && failed == numberOfProcessors) {
 				projectManager.removeUnloadedProject(ProjectId(identifier.toInt), exception.getMessage)
-				clearProjectCreators(identifier)
-			}
 		}
 	}
 
@@ -94,33 +80,4 @@ class ProjectInputActor extends Actor with Stash with ProjectLoader {
 
 		projectData
 	}
-
-	protected def addProjectCreators(projectData: ProjectData, processors: List[BootVar[ActorRef]]): Integer = {
-		val id = projectData.id.num.toString
-		projectCreationProcessors.put(id, processors)
-		projectProcessingSuccesses.put(id, 0)
-		projectProcessingFailures.put(id, 0)
-		processors.length
-	}
-
-	protected def clearProjectCreators(projectId: String) = {
-		projectCreationProcessors.remove(projectId)
-		projectProcessingSuccesses.remove(projectId)
-		projectProcessingFailures.remove(projectId)
-	}
-
-	protected def projectProcessorSucceeded(projectId: String): Integer = {
-		incrementProcessor(projectId, projectProcessingSuccesses)
-	}
-
-	protected def projectProcessorFailed(projectId: String) = {
-		incrementProcessor(projectId, projectProcessingFailures)
-	}
-
-	private def incrementProcessor(key: String, map: MutableMap[String, Integer]): Integer = {
-		val count = map.get(key).get + 1
-		map.update(key, count)
-
-		count
-	}
 }