Merge pull request diffblue#536 from diffblue/jd/feature/entry_point_passthrough_refactor

[SEC-580] Remove class names detection and replace with alternate capabilities

Author: JohnDumbell

driver/run.py

@@ -92,11 +92,10 @@ def create_parser():
     parser.add_argument("-L", "--libraries", nargs='+', default=[],
                         help="A list of disk paths to libraries you want to include into class path. A path "
                              "can either be a path-name of a JAR file, or a directory.")
-    parser.add_argument("-E", "--entry-point", type=str,
-                        help="Allows you to specify a Java function which will be considered by the analyser as the "
+    parser.add_argument("-E", "--entry-point", "--entry-points", nargs='+', default=[],
+                        help="Allows you to specify a list of Java functions which will be considered by the analyser as an "
                              "entry point. Typically, a function of a class implementing javax.servlet.http.HttpServlet "
-                             "is a good candidate. When not specified, all functions of all classes are considered "
-                             "as potential entry points. The function must be fully classified (i.e. with the package "
+                             "is a good candidate. The function must be fully classified (i.e. with the package "
                              "and class included).")
     parser.add_argument("-R", "--results-dir", type=str,
                         help="A directory into which all results from the analysis of the given Java web applicaton "
@@ -229,17 +228,8 @@ def prepare_scan(cmdline):
         configuration["collectedClassesInfoPath"] = \
             os.path.join(cmdline.common_dir, "collected_classes_info.json")
 
-    # If we have an entry point coming in, just replace all rules.
     if cmdline.entry_point:
-        class_name, method_name = cmdline.entry_point.rsplit('.', 1)
-        configuration["patternGroup"] = \
-            [{
-                "id": "General",
-                "patterns": [{
-                    "methodPattern": {"names": [re.escape(method_name)]},
-                    "classPattern": {"names": [re.escape(class_name)]}
-                }]
-            }]
+        configuration["entryPoints"] = cmdline.entry_point
 
     print("Copying config and updating with generated values.")
 
@@ -369,10 +359,6 @@ def __main():
               "a WAR file: " + os.path.abspath(cmdline.input_path))
         return
 
-    if cmdline.entry_point is not None and len(cmdline.entry_point) == 0:
-        print("ERROR[--entry-point (-E)]: The entry point is empty. It must represent a fully classified function nane.")
-        return
-
     if cmdline.results_dir is None:
         print("ERROR[--results-dir (-R)]: The root directory where all results from the analysis should be saved into "
               "was not specified.")

src/java-class-info/class_pattern.cpp

@@ -4,17 +4,11 @@
 
 bool class_patternt::is_empty() const
 {
-  return names.empty() && annotations.empty() && extends.empty() &&
-         implements.empty();
+  return annotations.empty() && extends.empty() && implements.empty();
 }
 
 class_patternt::class_patternt(const jsont &json)
 {
-  for(const jsont &element : json[json_namest::names].array)
-  {
-    names.emplace_back(element.value);
-  }
-
   for(const jsont &element : json[json_namest::extends].array)
   {
     extends.push_back(element.value);

src/java-class-info/class_pattern.h

@@ -17,7 +17,6 @@ class class_patternt
 
   explicit class_patternt(const jsont &j);
 
-  std::vector<std::regex> names;
   std::vector<std::string> extends;
   std::vector<std::string> implements;
   std::vector<std::string> annotations;
@@ -30,7 +29,6 @@ class class_patternt
   class json_namest
   {
   public:
-    static constexpr const char *names = "names";
     static constexpr const char *extends = "extends";
     static constexpr const char *implements = "implements";
     static constexpr const char *annotations = "annotations";

src/java-class-info/default_config.json

@@ -3,6 +3,7 @@
   "collectedClassesInfoPath": "",
   "detectedEntryPointsPath": "",
   "diConfigurationPath": "",
+  "entryPoints": [],
   "patternGroup": [
     {
       "id": "Spring MVC",

src/java-class-info/default_config.schema.json

@@ -25,6 +25,15 @@
       "default": ""
     },
 
+    "entryPoints": {
+      "type": "array",
+      "description": "An array of fully-qualified entry-points that the system should use instead of detection."
+      "items": {
+        "type": "string",
+        "description": "An individual entry-point to look at."
+      }
+    },
+
     "patternGroup": {
       "type": "array",
       "description": "A pattern group is a set of class and method patterns that when considered together are used by a certain framework or technique to signify a website / web service entry-point.",
@@ -91,14 +100,6 @@
                   "additionalProperties": false,
                   "properties": {
 
-                    "names": {
-                      "type": "array",
-                      "description": "An array of regular expressions that the class should match. Only one match needs to be found.",
-                      "items": {
-                        "type": "string"
-                      }
-                    },
-
                     "extends": {
                       "type": "array",
                       "description": "An array of fully-qualified classes that the class extend from. Only one match needs to be found.",

src/java-class-info/entry_point_detection.cpp

@@ -155,6 +155,18 @@ void entry_point_detectiont::find_entry_points(
 {
   const java_bytecode_parse_treet::classt &parsed_class =
     parse_tree.parsed_class;
+
+  if(this->entry_points.empty())
+    search_for_entry_points(parsed_class);
+  else
+    find_static_entry_points(parsed_class);
+}
+
+/// Use the patterns we've been given to search for valid entry-points
+/// in the target systems source.
+void entry_point_detectiont::search_for_entry_points(
+  const java_bytecode_parse_treet::classt &parsed_class)
+{
   const std::string &class_name = id2string(parsed_class.name);
 
   // for each group and pattern in those groups.
@@ -166,9 +178,6 @@ void entry_point_detectiont::find_entry_points(
       const class_patternt &class_patterns = pattern.class_patterns;
       if(!class_patterns.is_empty())
       {
-        if(!match_name(class_patterns.names, class_name))
-          continue;
-
         if(
           !match_extends(
             class_patterns.extends, id2string(parsed_class.super_class)))
@@ -249,3 +258,25 @@ void entry_point_detectiont::find_entry_points(
     }
   }
 }
+
+/// Attempt a search through any direct entry-points that we've been passed.
+void entry_point_detectiont::find_static_entry_points(
+  const java_bytecode_parse_treet::classt &parsed_class)
+{
+  const std::string &class_name = id2string(parsed_class.name);
+  for(const methodt &parsed_method : parsed_class.methods)
+  {
+    const std::string method_name = class_name + "." + id2string(parsed_method.name);
+    const std::string method_signature =
+      method_name + ":" + (parsed_method.signature.has_value()
+                             ? parsed_method.signature.value()
+                             : parsed_method.descriptor);
+
+    if(
+      this->entry_points.find(method_name) != entry_points.end() ||
+      this->entry_points.find(method_signature) != entry_points.end())
+    {
+      detected_entry_points.emplace_back(class_name, parsed_method);
+    }
+  }
+}

src/java-class-info/entry_point_detection.h

@@ -15,13 +15,15 @@ class entry_point_detectiont
 {
 public:
   entry_point_detectiont(generation_configurationt &config, messaget &message)
-    : pattern_group(config.pattern_group), log(message)
+    : entry_points(config.entry_points),
+      pattern_group(config.pattern_group),
+      log(message)
   {
   }
 
   bool enabled()
   {
-    return !pattern_group.empty();
+    return !pattern_group.empty() || !entry_points.empty();
   }
 
   void find_entry_points(java_bytecode_parse_treet &parse_tree);
@@ -32,7 +34,13 @@ class entry_point_detectiont
   }
 
 private:
+  void search_for_entry_points(
+    const java_bytecode_parse_treet::classt &parse_tree);
+  void find_static_entry_points(
+    const java_bytecode_parse_treet::classt &parse_tree);
+
   detected_entry_pointst detected_entry_points;
+  std::set<std::string> entry_points;
   std::vector<pattern_groupt> pattern_group;
   messaget log;
 };

src/java-class-info/generation_configuration.cpp

@@ -15,6 +15,11 @@ generation_configurationt::generation_configurationt(const jsont &json)
   {
     pattern_group.emplace_back(element);
   }
+  for(const jsont &element : json[json_namest::entry_points].array)
+  {
+    entry_points.insert(element.value);
+  }
+
   if(!pattern_group.empty())
   {
     if(detected_entry_points_path.empty())

src/java-class-info/generation_configuration.h

@@ -4,6 +4,7 @@
 #define SECURITY_SCANNER_GENERATION_CONFIGURATIONT_H
 
 #include "pattern_group.h"
+#include <set>
 #include <optional.h>
 
 /// Object representation of the main configuration file used to drive
@@ -14,6 +15,7 @@ class generation_configurationt
   explicit generation_configurationt(const jsont &json);
 
   std::vector<pattern_groupt> pattern_group;
+  std::set<std::string> entry_points;
   std::string collected_classes_path;
   std::string collected_classes_info_path;
   std::string detected_entry_points_path;
@@ -38,6 +40,7 @@ class generation_configurationt
     static constexpr const char *detected_entry_points_path =
       "detectedEntryPointsPath";
     static constexpr const char *di_configuration_path = "diConfigurationPath";
+    static constexpr const char *entry_points = "entryPoints";
   };
 
   std::vector<std::string> errors;