Merge pull request diffblue#352 from diffblue/owen-jones-diffblue/add-entry-point-option

owen-jones-diffblue · web-flow · commit b6f1e0d901df · 2018-03-09T13:44:56.000Z
SEC-263: Add entry point option to security-scanner pipeline
diff --git a/driver/mkbench.py b/driver/mkbench.py
@@ -71,7 +71,7 @@ def _read_info_of_class_files(class_files, temp_dir, verbosity):
     return classes_info, java_class_info_call_duration
 
 
-def collect_java_binaries(app_path, list_of_classpaths, temp_dir, output_json, verbosity):
+def collect_java_binaries(app_path, list_of_classpaths, entry_point, temp_dir, output_json, verbosity):
     prof_start_time = time.time()
     prof = dict()
 
@@ -135,7 +135,8 @@ def collect_java_binaries(app_path, list_of_classpaths, temp_dir, output_json, v
     with open(output_json, "w") as ofile:
         ofile.write(json.dumps({
             "jar": java_binaries.jar_file,
-            "classpath": sorted([p for p in list_of_classpaths + java_binaries.classpath_jar_files if os.path.exists(p)])
+            "classpath": sorted([p for p in list_of_classpaths + java_binaries.classpath_jar_files if os.path.exists(p)]),
+            "entry-point": entry_point
             }, sort_keys=True, indent=4))
 
     # Lastly, we complete and return statistics from this stage.
diff --git a/driver/run.py b/driver/run.py
@@ -88,6 +88,12 @@ def __parse_cmd_line():
     parser.add_argument("-L", "--libraries", nargs='+', default=[],
                         help="A list of disk paths to libraries you want to include into class path. A path "
                              "can either be a path-name of a JAR file, or a directory.")
+    parser.add_argument("-E", "--entry-point", type=str,
+                        help="Allows you to specify a Java function which will be considered by the analyser as the "
+                             "entry point. Typically, a function of a class implementing javax.servlet.http.HttpServlet "
+                             "is a good candidate. When not specified, all functions of all classes are considered "
+                             "as potential entry points. The function must be fully classified (i.e. with the package "
+                             "and class included).")
     parser.add_argument("-R", "--results-dir", type=str,
                          help="A directory into which all results from the analysis of the given Java web applicaton "
                               "will be written.")
@@ -166,6 +172,7 @@ def evaluate(cmdline, common_libraries):
         cmdline.libraries + (common_libraries["diffblue_models_library"]["files"] if cmdline.use_models_library else [])
                           + (common_libraries["apache_tomcat"]["files"] if cmdline.use_apache_tomcat else [])
                           + (common_libraries["spring_framework"]["files"] if cmdline.use_spring_framework else []),
+        cmdline.entry_point,
         cmdline.temp_dir,
         classes_jar_pathname,
         cmdline.verbosity
@@ -275,6 +282,10 @@ def __main():
               "a WAR file: " + os.path.abspath(cmdline.input_path))
         return
 
+    if cmdline.entry_point is not None and len(cmdline.entry_point) == 0:
+        print("ERROR[--entry-point (-E)]: The entry point is empty. It must represent a fully classified function nane.")
+        return
+
     if cmdline.results_dir is None:
         print("ERROR[--results-dir (-R)]: The root directory where all results from the analysis should be saved into "
               "was not specified.")
diff --git a/src/driver/sec_driver_parse_options.cpp b/src/driver/sec_driver_parse_options.cpp
@@ -448,14 +448,16 @@ void sec_driver_parse_optionst::help()
     "\n"
     "Analyses:\n"
     "\n"
-    " --security-scanner file_name perform taint analysis using configuration in given file\n"
+    " --security-scanner file_name perform taint analysis using configuration "
+    "                              in given JSON file\n"
     " --unreachable-instructions   list dead code\n"
     " --intervals                  interval analysis\n"
     " --non-null                   non-null analysis\n"
     "\n"
     "Analysis options:\n"
     " --json file_name             output results in JSON format to given file\n"
     " --xml file_name              output results in XML format to given file\n"
+    " --function                   set main function name\n"
     "\n"
     "C/C++ frontend options:\n"
     " -I path                      set include path (C/C++)\n"
diff --git a/src/taint-analysis/taint_config.cpp b/src/taint-analysis/taint_config.cpp
@@ -246,5 +246,8 @@ void taint_build_cmdline_from_config(
       classpaths.push_back(classpath.value);
     static_cast<cmdline_updatert*>(&cmdline)->add_to_classpaths(classpaths);
   }
+  attr_it = cfg.object.find("entry-point");
+  if (attr_it != cfg.object.cend())
+    cmdline.set("function", attr_it->second.value);
   cmdline.set("lazy-methods");
 }

Original file line number	Diff line number	Diff line change
`@@ -246,5 +246,8 @@ void taint_build_cmdline_from_config(`
`246`	`246`	`classpaths.push_back(classpath.value);`
`247`	`247`	`static_cast<cmdline_updatert*>(&cmdline)->add_to_classpaths(classpaths);`
`248`	`248`	`}`
	`249`	`+ attr_it = cfg.object.find("entry-point");`
	`250`	`+ if (attr_it != cfg.object.cend())`
	`251`	`+ cmdline.set("function", attr_it->second.value);`
`249`	`252`	`cmdline.set("lazy-methods");`
`250`	`253`	`}`