Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Length Type Keyword #876

Draft
wants to merge 20 commits into
base: main
Choose a base branch
from
Draft

Introduce Length Type Keyword #876

wants to merge 20 commits into from

Conversation

CodingDepot
Copy link
Collaborator

@CodingDepot CodingDepot commented Jun 17, 2024
edited
Loading

This adds the new Length() Type to use in Coko queries.
This enables rules to verify the length of an argument, e.g. how many bytes a salt parameter can assume.
One issue with the implementation if that when the length can not be determined (length == -1), false positives may be produced. The current evaluator structure makes it hard to propagate an open result from the length check to the Finding.
(Refer to #886)

Additionally, this PR includes an optimization for Ranges given as arguments for Only and Never evaluators:
By only verifying that every possible value lies within the upper and lower bounds of the range we do not have to iterate over every value in the range. This is especially noticeable when specifying a huge range of allowed parameter values.

Tasks:

  • implement Length keyword
  • write unit tests for the new keyword
  • restructure Evaluator to enable propagation of false positive knowledge

@CodingDepot CodingDepot added the enhancement New feature or request label Jun 17, 2024
@CodingDepot CodingDepot requested a review from fwendland June 17, 2024 10:00
@CodingDepot CodingDepot self-assigned this Jun 17, 2024
@codecov Codecov
Copy link

codecov bot commented Jun 17, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 78.94737% with 4 lines in your changes missing coverage. Please review.

Project coverage is 77.22%. Comparing base (6377273) to head (a60f69b).
Report is 5 commits behind head on main.

Files Patch % Lines
.../codyze/backends/cpg/coko/dsl/ImplementationDsl.kt 77.77% 1 Missing and 3 partials ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main     #876      +/-   ##
============================================
+ Coverage     77.20%   77.22%   +0.01%     
  Complexity      250      250              
============================================
  Files            59       59              
  Lines          1882     1901      +19     
  Branches        265      273       +8     
============================================
+ Hits           1453     1468      +15     
- Misses          308      309       +1     
- Partials        121      124       +3
Flag Coverage Δ
unittests 77.22% <78.94%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@CodingDepot CodingDepot mentioned this pull request Jun 17, 2024
Draft
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 1, 2024
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

detekt found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@CodingDepot
Copy link
Collaborator Author

This PR is waiting for an update to the SizeEvaluator in the CPG to cover more cases

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 10, 2024
View reviewed changes
...pg/src/test/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/dsl/ImplementationDslTest.kt
}
}

val results = arrayOf(1, 0, 1, 2)

Check warning

Code scanning / detekt

Using `Array<Primitive>` leads to implicit boxing and a performance hit. Warning test

Using Array<Primitive> leads to implicit boxing and a performance hit.
...pg/src/test/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/dsl/ImplementationDslTest.kt
}
}

val results = arrayOf(1, 0, 1, 2)

Check warning

Code scanning / detekt

Using `Array<Primitive>` leads to implicit boxing and a performance hit. Warning test

Using Array<Primitive> leads to implicit boxing and a performance hit.
@CodingDepot CodingDepot mentioned this pull request Jul 10, 2024
Merged
@CodingDepot
Copy link
Collaborator Author

Moved everything regarding the new OPEN result into #886.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fwendland fwendland Awaiting requested review from fwendland

At least 1 approving review is required to merge this pull request.

Assignees

@CodingDepot CodingDepot

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@CodingDepot