Merge pull request diffblue#353 from diffblue/owen-jones-diffblue/improve-common-libraries-handling-security-analyser

owen-jones-diffblue · web-flow · commit 7a6359c51099 · 2018-03-12T13:12:53.000Z
Improve the handling of common libraries in security analyser
diff --git a/benchmarks/LIBRARIES/.gitignore b/benchmarks/LIBRARIES/.gitignore
@@ -1,4 +1,5 @@
 apache-tomcat-9
 openjdk-8
+oracle-jdk-8
 spring-framework
 
diff --git a/benchmarks/LIBRARIES/README.txt b/benchmarks/LIBRARIES/README.txt
@@ -34,6 +34,13 @@ of the sub-libraries:
              allows you to later remove/adopt/substitute some desired parts
              of the library.
 
+Where to find JAR with javax.crypto.*:
+    - This is not in OpenJDK. It is only in the Oracle's JDK, see:
+        https://stackoverflow.com/questions/14935447/why-am-i-getting-package-javax-crypto-does-not-exist
+    - The package can be downloaded from:
+        http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#JCE-1_2_2-G-JS
+
+
 Alternative installation:
 
 1. Download OpenJDK 8 .deb package, e.g. from:
@@ -45,6 +52,18 @@ Alternative installation:
 4. Copy the found "rt.jar" file into the created directory "openjdk-8".
 
 
+IMPORTANT NOTE: In order to analyse Sakai, we need to use Oracle's JDK 8,
+    because these packages are missing in the OpenJDK:
+        javax.crypto.*
+        sun.invoke.*
+        com.sum.jmx.*
+    You can download Oracle's JDK here:
+        http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
+    Then, you need to take these JARs from the directory 'jre/lib':
+        rt.jar
+        jce.jar
+
+
 (2) Apache Tomcat 9
 -------------------
 
diff --git a/driver/mkbench.py b/driver/mkbench.py
@@ -91,6 +91,11 @@ def collect_java_binaries(app_path, list_of_classpaths, entry_point, temp_dir, o
     java_binaries = CollectedJavaBinaries()
     _find_java_binaries(app_path, java_binaries)
 
+    java_libraries = CollectedJavaBinaries()
+    for path in list_of_classpaths:
+        if os.path.isdir(path):
+            _find_java_binaries(path, java_libraries)
+
     prof["num_classes"] = len(java_binaries.class_files)
     prof["num_classpath_jar_files"] = len(java_binaries.classpath_jar_files)
 
@@ -135,7 +140,7 @@ def collect_java_binaries(app_path, list_of_classpaths, entry_point, temp_dir, o
     with open(output_json, "w") as ofile:
         ofile.write(json.dumps({
             "jar": java_binaries.jar_file,
-            "classpath": sorted([p for p in list_of_classpaths + java_binaries.classpath_jar_files if os.path.exists(p)]),
+            "classpath": [p for p in java_binaries.classpath_jar_files + java_libraries.classpath_jar_files + list_of_classpaths if os.path.exists(p)],
             "entry-point": entry_point
             }, sort_keys=True, indent=4))
 
diff --git a/driver/run.py b/driver/run.py
@@ -15,53 +15,43 @@ def _get_my_dir(): return os.path.dirname(os.path.realpath(__file__))
 def _get_common_libraries():
 
     def get_benchmark_library_dir():
-        return os.path.join(_get_my_dir(), "../benchmarks/LIBRARIES")
+        return os.path.abspath(os.path.join(_get_my_dir(), "../benchmarks/LIBRARIES"))
 
     def get_diffblue_models_library_props():
-        props = {"diffblue_models_library": {"directory": None, "files": [], "error": None}}
-        directory = os.path.join(get_benchmark_library_dir(), "models/model/target")
-        if os.path.isdir(directory):
-            props["diffblue_models_library"]["directory"] = directory
-            pathname = os.path.join(directory, "models.jar")
-            if os.path.isfile(pathname):
-                props["diffblue_models_library"]["files"].append(pathname)
-            else:
-                props["diffblue_models_library"]["error"] = "Cannot access Diffblue Models Library's file " + pathname
+        props = {"diffblue_models_library": {"paths": [], "error": None}}
+        pathname = os.path.join(get_benchmark_library_dir(), "models", "model", "target", "models.jar")
+        if os.path.isfile(pathname):
+            props["diffblue_models_library"]["paths"].append(pathname)
+        else:
+            props["diffblue_models_library"]["error"] = "Cannot access Diffblue Models Library's file " + pathname
+            return props
+        pathname = os.path.join(get_benchmark_library_dir(), "oracle-jdk-8")
+        if os.path.isdir(pathname):
+            props["diffblue_models_library"]["paths"].append(pathname)
         else:
-            props["diffblue_models_library"]["error"] = "Cannot access Diffblue Models Library's directory " + directory
+            pathname = os.path.join(get_benchmark_library_dir(), "openjdk-8")
+            if os.path.isdir(pathname):
+                props["diffblue_models_library"]["paths"].append(pathname)
+            else:
+                print("Warning: cannot access JDK install directory " + pathname)
         return props
 
     def get_apache_tomcat_props():
-        props = {"apache_tomcat": {"directory": None, "files": [], "error": None}}
-        directory = os.path.join(get_benchmark_library_dir(), "apache-tomcat-9/lib")
+        props = {"apache_tomcat": {"paths": [], "error": None}}
+        directory = os.path.join(get_benchmark_library_dir(), "apache-tomcat-9", "lib")
         if os.path.isdir(directory):
-            props["apache_tomcat"]["directory"] = directory
-            pathname = os.path.join(directory, "servlet-api.jar")
-            if os.path.isfile(pathname):
-                props["apache_tomcat"]["files"].append(pathname)
-            else:
-                props["apache_tomcat"]["error"] = "Cannot access Apache Tomcat's file " + pathname
+            props["apache_tomcat"]["paths"].append(directory)
         else:
             props["apache_tomcat"]["error"] = "Cannot access Apache Tomcat's directory " + directory
         return props
 
     def get_spring_framework_props():
-        props = {"spring_framework": {"directory": None, "files": [], "error": None}}
-        directory = os.path.join(get_benchmark_library_dir(), "spring-framework/libs")
+        props = {"spring_framework": {"paths": [], "error": None}}
+        directory = os.path.join(get_benchmark_library_dir(), "spring-framework", "libs")
         if os.path.isdir(directory):
-            props["spring_framework"]["directory"] = directory
-            required_fname_prefixes = ["spring-core-", "spring-beans-"]
             for fname in os.listdir(directory):
-                if (fname.endswith(".RELEASE.jar") and any(fname.startswith(x) for x in required_fname_prefixes)):
-                    props["spring_framework"]["files"].append(os.path.join(directory, fname))
-            if len(props["spring_framework"]["files"]) != 2:
-                props["spring_framework"]["error"] = (
-                    "There are missing JAR files in Spring Framework's directory " + directory + "\n"
-                    "These were found:\n    " +
-                    "\n    ".join([os.path.basename(pathname) for pathname in props["spring_framework"]["files"]]) + "\n"
-                    "There are required:\n    " +
-                    "\n    ".join([x + "*.RELEASE.jar" for x in required_fname_prefixes])
-                )
+                if fname.endswith(".RELEASE.jar"):
+                    props["spring_framework"]["paths"].append(os.path.join(directory, fname))
         else:
             props["spring_framework"]["error"] = "Cannot access Spring Framework's directory " + directory
         return props
@@ -169,9 +159,10 @@ def evaluate(cmdline, common_libraries):
     classes_jar_pathname = os.path.abspath(os.path.join(cmdline.results_dir, "program.json"))
     prof["collect_java_binaries"] = mkbench.collect_java_binaries(
         cmdline.input_path,
-        cmdline.libraries + (common_libraries["diffblue_models_library"]["files"] if cmdline.use_models_library else [])
-                          + (common_libraries["apache_tomcat"]["files"] if cmdline.use_apache_tomcat else [])
-                          + (common_libraries["spring_framework"]["files"] if cmdline.use_spring_framework else []),
+        cmdline.libraries
+            + (common_libraries["diffblue_models_library"]["paths"] if cmdline.use_models_library else [])
+            + (common_libraries["apache_tomcat"]["paths"] if cmdline.use_apache_tomcat else [])
+            + (common_libraries["spring_framework"]["paths"] if cmdline.use_spring_framework else []),
         cmdline.entry_point,
         cmdline.temp_dir,
         classes_jar_pathname,
