Merge pull request #3 from secdec/feature/jsp-support

Feature/jsp support

Author: dylemma

codepulse/src/main/scala/com/secdec/codepulse/data/bytecode/CodeForestBuilder.scala

@@ -89,6 +89,15 @@ class CodeForestBuilder {
 		recurse(startNode, treePath.child)
 	}
 
+	def getOrAddJsp(path: List[String], size: Int): CodeTreeNode = {
+		def recurse(parent: CodeTreeNode, path: List[String]): CodeTreeNode = path match {
+			case className :: Nil => addChildMethod(parent, className, size)
+			case packageNode :: rest => recurse(addChildPackage(parent, packageNode), rest)
+		}
+
+		recurse(addRootPackage("JSPs"), path)
+	}
+
 	protected def addRootPackage(name: String) = roots.find { node =>
 		node.name == name && node.kind == CodeTreeNodeKind.Pkg
 	} getOrElse {

codepulse/src/main/scala/com/secdec/codepulse/data/jsp/JasperJspAdapter.scala

@@ -0,0 +1,64 @@
+/*
+ * Code Pulse: A real-time code coverage testing tool. For more information
+ * see http://code-pulse.com
+ *
+ * Copyright (C) 2014 Applied Visions - http://securedecisions.avi.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.secdec.codepulse.data.jsp
+
+import com.secdec.codepulse.data.bytecode.CodeForestBuilder
+import java.io.File
+import com.secdec.codepulse.data.bytecode.CodeTreeNode
+
+/** Data adapter to help populate `CodeForestBuilder` with JSP info.
+  * This implementation is specific to what Jasper does for JSP.
+  *
+  * @author robertf
+  */
+class JasperJspAdapter extends JspAdapter {
+	private val jsps = List.newBuilder[String]
+	private val webinfs = List.newBuilder[String]
+
+	def addJsp(path: String) = jsps += path
+	def addWebinf(path: String) = webinfs += path
+
+	def build(codeForestBuilder: CodeForestBuilder): List[(String, Int)] = {
+		val jsps = this.jsps.result
+		val webinfs = this.webinfs.result
+
+		val jspClasses = Set.newBuilder[String]
+
+		for (webinf <- webinfs) {
+			val parent = Option(new File(webinf).getParent) getOrElse ""
+			val parentLen = parent.length
+			jspClasses ++= jsps
+				.filter(_.startsWith(parent))
+				.map(_.substring(parentLen))
+		}
+
+		// build up
+		jspClasses.result.toList map { clazz =>
+			val jspClassName = JasperUtils.makeJavaClass(clazz)
+			val displayName = clazz.split('/').filter(!_.isEmpty).toList
+			val node = codeForestBuilder.getOrAddJsp(displayName, 10)
+			jspClassName -> node.id
+		}
+	}
+}
+
+object JasperJspAdapter {
+	lazy val default = new JasperJspAdapter
+}

codepulse/src/main/scala/com/secdec/codepulse/data/jsp/JasperJspMapper.scala

@@ -0,0 +1,47 @@
+/*
+ * Code Pulse: A real-time code coverage testing tool. For more information
+ * see http://code-pulse.com
+ *
+ * Copyright (C) 2014 Applied Visions - http://securedecisions.avi.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.secdec.codepulse.data.jsp
+
+import com.secdec.codepulse.data.trace.TreeNodeDataAccess
+
+/** Handles mapping of Jasper JSP method signatures down to their JSP node.
+  *
+  * @param basePackage the base package for the JSPs (e.g., org.apache.jsp)
+  * @param nodeData `TreeNodeDataAccess` to map against
+  *
+  * @author robertf
+  */
+class JasperJspMapper(basePackage: String, nodeData: TreeNodeDataAccess) extends JspMapper {
+	private val basePrefix = s"${basePackage.replace('.', '/')}/"
+	private lazy val basePrefixLength = basePrefix.length
+
+	def map(signature: String): Option[Int] = if (signature startsWith basePrefix) {
+		val className = signature.drop(basePrefixLength).takeWhile(_ != '.').replace('/', '.')
+		nodeData.getNodeIdForJsp(className)
+	} else None
+
+	def getInclusion(jspClass: String) = s"^$basePrefix${jspClass.replace('.', '/')}"
+}
+
+object JasperJspMapper {
+	val DefaultBasePackage = "org.apache.jsp"
+	def apply(nodeData: TreeNodeDataAccess): JasperJspMapper = apply(DefaultBasePackage, nodeData)
+	def apply(basePackage: String, nodeData: TreeNodeDataAccess): JasperJspMapper = new JasperJspMapper(basePackage, nodeData)
+}

codepulse/src/main/scala/com/secdec/codepulse/data/jsp/JasperUtils.scala

@@ -0,0 +1,71 @@
+/*
+ * Code Pulse: A real-time code coverage testing tool. For more information
+ * see http://code-pulse.com
+ *
+ * Copyright (C) 2014 Applied Visions - http://securedecisions.avi.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.secdec.codepulse.data.jsp
+
+/** Utilities for Jasper interaction. Most of the ideas here are taken from Jasper's
+  * source (most notably, JspUtil and JspCompilationContext). A lot of the code within
+  * was simply translated directly from Java to Scala.
+  */
+private[jsp] object JasperUtils {
+	private val JavaKeywords = Set(
+		"abstract", "assert", "boolean", "break", "byte", "case", "catch",
+		"char", "class", "const", "continue", "default", "do", "double",
+		"else", "enum", "extends", "final", "finally", "float", "for",
+		"goto", "if", "implements", "import", "instanceof", "int",
+		"interface", "long", "native", "new", "package", "private",
+		"protected", "public", "return", "short", "static", "strictfp",
+		"super", "switch", "synchronized", "this", "throw", "throws",
+		"transient", "try", "void", "volatile", "while")
+
+	def isJavaKeyword(key: String) = JavaKeywords.contains(key)
+
+	def mangleChar(ch: Char) = {
+		val result = new Array[Char](5)
+		result(0) = '_'
+		result(1) = Character.forDigit((ch >> 12) & 0xf, 16)
+		result(2) = Character.forDigit((ch >> 8) & 0xf, 16)
+		result(3) = Character.forDigit((ch >> 4) & 0xf, 16)
+		result(4) = Character.forDigit((ch) & 0xf, 16)
+		new String(result)
+	}
+
+	def makeJavaIdentifier(identifier: String, periodToUnderscore: Boolean = true) = {
+		val modifiedIdentifier = new StringBuilder(identifier.length);
+		if (!Character.isJavaIdentifierStart(identifier charAt 0))
+			modifiedIdentifier.append('_');
+
+		for (ch <- identifier) {
+			if (Character.isJavaIdentifierPart(ch) &&
+				(ch != '_' || !periodToUnderscore))
+				modifiedIdentifier append ch
+			else if (ch == '.' && periodToUnderscore)
+				modifiedIdentifier append '_'
+			else
+				modifiedIdentifier append mangleChar(ch)
+		}
+
+		if (isJavaKeyword(modifiedIdentifier.toString()))
+			modifiedIdentifier append '_'
+
+		modifiedIdentifier.toString
+	}
+
+	def makeJavaClass(path: String) = path.split('/').filter(!_.isEmpty).map(makeJavaIdentifier(_)) mkString "."
+}

codepulse/src/main/scala/com/secdec/codepulse/data/jsp/JspAdapter.scala

@@ -0,0 +1,32 @@
+/*
+ * Code Pulse: A real-time code coverage testing tool. For more information
+ * see http://code-pulse.com
+ *
+ * Copyright (C) 2014 Applied Visions - http://securedecisions.avi.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.secdec.codepulse.data.jsp
+
+import com.secdec.codepulse.data.bytecode.CodeForestBuilder
+
+/** Base trait for an implementation of JSP support.
+  *
+  * @author robertf
+  */
+trait JspAdapter {
+	def addJsp(path: String): Unit
+	def addWebinf(path: String): Unit
+	def build(cfb: CodeForestBuilder): List[(String, Int)]
+}

codepulse/src/main/scala/com/secdec/codepulse/data/jsp/JspMapper.scala

@@ -0,0 +1,29 @@
+/*
+ * Code Pulse: A real-time code coverage testing tool. For more information
+ * see http://code-pulse.com
+ *
+ * Copyright (C) 2014 Applied Visions - http://securedecisions.avi.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.secdec.codepulse.data.jsp
+
+/** Base trait for JSP signature mappers.
+  *
+  * @author robertf
+  */
+trait JspMapper {
+	def map(signature: String): Option[Int]
+	def getInclusion(jspClass: String): String
+}

codepulse/src/main/scala/com/secdec/codepulse/data/trace/TreeNodeData.scala

@@ -42,15 +42,24 @@ trait TreeNodeDataAccess {
 
 	def getNode(id: Int): Option[TreeNode]
 
-	def getNodeId(signature: String): Option[Int]
-	def getNode(signature: String): Option[TreeNode]
+	def getNodeIdForSignature(signature: String): Option[Int]
+	def getNodeForSignature(signature: String): Option[TreeNode]
 
-	def foreachMapping(f: (String, Int) => Unit): Unit
-	def iterateMappings[T](f: Iterator[(String, Int)] => T): T
+	def foreachMethodMapping(f: (String, Int) => Unit): Unit
+	def iterateMethodMappings[T](f: Iterator[(String, Int)] => T): T
 
 	def mapMethodSignature(signature: String, nodeId: Int): Unit
 	def mapMethodSignatures(signatures: Iterable[(String, Int)]): Unit = signatures foreach { case (signature, nodeId) => mapMethodSignature(signature, nodeId) }
 
+	def getNodeIdForJsp(jspClass: String): Option[Int]
+	def getNodeForJsp(jspClass: String): Option[TreeNode]
+
+	def foreachJspMapping(f: (String, Int) => Unit): Unit
+	def iterateJspMappings[T](f: Iterator[(String, Int)] => T): T
+
+	def mapJsp(jspClass: String, nodeId: Int): Unit
+	def mapJsps(jsps: Iterable[(String, Int)]): Unit = jsps foreach { case (jspPath, nodeId) => mapJsp(jspPath, nodeId) }
+
 	def storeNode(node: TreeNode): Unit
 	def storeNodes(nodes: Iterable[TreeNode]) = nodes foreach storeNode
 }

codepulse/src/main/scala/com/secdec/codepulse/data/trace/slick/SlickTreeNodeDataAccess.scala

@@ -41,21 +41,21 @@ private[slick] class SlickTreeNodeDataAccess(dao: TreeNodeDataDao, db: Database)
 		dao get id
 	}
 
-	def getNode(sig: String): Option[TreeNode] = db withSession { implicit session =>
-		dao get sig
+	def getNodeForSignature(sig: String): Option[TreeNode] = db withSession { implicit session =>
+		dao getForSignature sig
 	}
 
-	def getNodeId(sig: String): Option[Int] = db withSession { implicit session =>
-		dao getId sig
+	def getNodeIdForSignature(sig: String): Option[Int] = db withSession { implicit session =>
+		dao getIdForSignature sig
 	}
 
-	def foreachMapping(f: (String, Int) => Unit) {
-		iterateMappings { _.foreach { case (method, nodeId) => f(method, nodeId) } }
+	def foreachMethodMapping(f: (String, Int) => Unit) {
+		iterateMethodMappings { _.foreach { case (method, nodeId) => f(method, nodeId) } }
 	}
 
-	def iterateMappings[T](f: Iterator[(String, Int)] => T): T = {
+	def iterateMethodMappings[T](f: Iterator[(String, Int)] => T): T = {
 		db withSession { implicit session =>
-			dao.iterateMappingsWith(f)
+			dao iterateMethodMappingsWith f
 		}
 	}
 
@@ -67,6 +67,32 @@ private[slick] class SlickTreeNodeDataAccess(dao: TreeNodeDataDao, db: Database)
 		dao storeMethodSignatures signatures
 	}
 
+	def getNodeForJsp(jspPath: String): Option[TreeNode] = db withSession { implicit session =>
+		dao getForJsp jspPath
+	}
+
+	def getNodeIdForJsp(jspPath: String): Option[Int] = db withSession { implicit session =>
+		dao getIdForJsp jspPath
+	}
+
+	def foreachJspMapping(f: (String, Int) => Unit) {
+		iterateJspMappings { _.foreach { case (method, nodeId) => f(method, nodeId) } }
+	}
+
+	def iterateJspMappings[T](f: Iterator[(String, Int)] => T): T = {
+		db withSession { implicit session =>
+			dao iterateJspMappingsWith f
+		}
+	}
+
+	def mapJsp(jspClass: String, nodeId: Int) = db withTransaction { implicit transaction =>
+		dao.storeJsp(jspClass, nodeId)
+	}
+
+	override def mapJsps(jsps: Iterable[(String, Int)]) = db withTransaction { implicit transaction =>
+		dao storeJsps jsps
+	}
+
 	def storeNode(node: TreeNode) = db withTransaction { implicit transaction =>
 		dao storeNode node
 	}