Introduce Length Type Keyword

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/CokoCpgBackend.kt

@@ -77,7 +77,7 @@ class CokoCpgBackend(config: BackendConfiguration) :
      */
     override fun order(baseNodes: Op, block: Order.() -> Unit): OrderEvaluator =
         OrderEvaluator(
-            baseNodes = baseNodes.cpgGetNodes(),
+            baseNodes = baseNodes.cpgGetNodes().keys,
             order = Order().apply(block)
         )
 

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/dsl/DataItemCpgDsl.kt

@@ -42,9 +42,9 @@ fun DataItem<*>.cpgGetAllNodes(): Nodes =
 context(CokoBackend)
 fun DataItem<*>.cpgGetNodes(): Nodes {
     return when (this@DataItem) {
-        is ReturnValueItem -> op.cpgGetNodes().flatMap { it.getVariableInNextDFGOrThis() }
+        is ReturnValueItem -> op.cpgGetNodes().flatMap { it.key.getVariableInNextDFGOrThis() }
         is Value -> [email protected]()
-        is ArgumentItem -> op.cpgGetNodes().map { it.arguments[index] } // TODO: Do we count starting at 0 or 1?
+        is ArgumentItem -> op.cpgGetNodes().map { it.key.arguments[index] } // TODO: Do we count starting at 0 or 1?
     }
 }
 

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/dsl/ImplementationDsl.kt

@@ -24,10 +24,14 @@
 import de.fraunhofer.aisec.codyze.specificationLanguages.coko.core.modelling.*
 import de.fraunhofer.aisec.cpg.TranslationResult
 import de.fraunhofer.aisec.cpg.graph.*
-import de.fraunhofer.aisec.cpg.graph.declarations.ValueDeclaration
+import de.fraunhofer.aisec.cpg.graph.declarations.*
 import de.fraunhofer.aisec.cpg.graph.statements.expressions.*
 import de.fraunhofer.aisec.cpg.query.dataFlow
 import de.fraunhofer.aisec.cpg.query.executionPath
+import de.fraunhofer.aisec.cpg.query.max
+import de.fraunhofer.aisec.cpg.query.min
+import de.fraunhofer.aisec.cpg.query.sizeof
+import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.Result.*
 
 //
 // all functions/properties defined here must use CokoBackend
@@ -36,7 +40,8 @@
 val CokoBackend.cpg: TranslationResult
     get() = this.backendData as TranslationResult
 
+
 /** Get all [Nodes] that are associated with this [Op]. */
 context(CokoBackend)
 fun Op.cpgGetAllNodes(): Collection<CallExpression> =
     when (this@Op) {
@@ -60,34 +65,47 @@
  * [Definition]s.
  */
 context(CokoBackend)
-fun Op.cpgGetNodes(): Collection<CallExpression> =
+fun Op.cpgGetNodes(): Map<CallExpression, Result> =
     when (this@Op) {
-        is FunctionOp ->
-            [email protected]
-                .flatMap { def ->
-                    [email protected](def.fqn) {
-                        def.signatures.any { sig ->
-                            cpgSignature(*sig.parameters.toTypedArray()) &&
-                                sig.unorderedParameters.all { it?.cpgFlowsTo(arguments) ?: false }
-                        }
+        is FunctionOp -> {
+            val results = mutableListOf<Result>()
+            val fqn = [email protected] {
+                def ->
+                [email protected](def.fqn)  {
+                    def.signatures.any {
+                        sig ->
+                        // We consider a result, when both the signature and the flow are not invalid
+                        // However, if at least one of them is OPEN, we propagate this information to the caller
+                        val signature = cpgSignature(*sig.parameters.toTypedArray())
+                        val flow = sig.unorderedParameters.allResult { it?.cpgFlowsTo(arguments) }
+                        results.add(signature.and(flow))
+                        signature != INVALID && flow != INVALID
                     }
                 }
-        is ConstructorOp ->
-            [email protected]
-                .flatMap { sig ->
+            }
+            fqn.zip(results).toMap()
+        }
+        is ConstructorOp -> {
+            val results = mutableListOf<Result>()
+            val fqn = [email protected] {
+                sig ->
                     [email protected]([email protected]) {
-                        cpgSignature(*sig.parameters.toTypedArray()) &&
-                            sig.unorderedParameters.all { it?.cpgFlowsTo(arguments) ?: false }
+                        val signature = cpgSignature(*sig.parameters.toTypedArray())
+                        val flow = sig.unorderedParameters.allResult { it?.cpgFlowsTo(arguments) }
+                        results.add(signature.and(flow))
+                        signature != INVALID && flow != INVALID
                     }
-                }
-        is GroupingOp -> [email protected] { it.cpgGetNodes() }
+            }
+            fqn.zip(results).toMap()
+        }
+        is GroupingOp -> [email protected] { it.cpgGetNodes().entries }.associate { it.toPair() }
         is ConditionalOp -> {
             val resultNodes = resultOp.cpgGetNodes()
             val conditionNodes = conditionOp.cpgGetNodes()
             resultNodes.filter { resultNode ->
                 conditionNodes.any { conditionNode ->
                     // TODO: Is it correct to use the EOG relationship here?
-                    val result = executionPath(conditionNode, resultNode)
+                    val result = executionPath(conditionNode.key, resultNode.key)
                     result.value
                 }
             }
@@ -148,7 +166,7 @@
  * - If this is a Collection, we check if at least one of the elements flows to [that]
  * - If this is a [Node], we use the DFG of the CPG.
  */
-infix fun Any.cpgFlowsTo(that: Node): Boolean =
+infix fun Any.cpgFlowsTo(that: Node): Result =
     this.cpgFlowsTo(listOf(that))
 
 // it should only be available in the context of a CallExpression
@@ -159,22 +177,57 @@
  * - If this is a Collection, we check if at least one of the elements flows to [that]
  * - If this is a [Node], we use the DFG of the CPG.
  */
-infix fun Any.cpgFlowsTo(that: Collection<Node>): Boolean =
-    if (this is Wildcard) {
-        true
-    } else {
+infix fun Any.cpgFlowsTo(that: Collection<Node>): Result =
+    Result.convert(
         when (this) {
+            is Wildcard -> true
             is String -> that.any {
                 val regex = Regex(this)
                 regex.matches((it as? Expression)?.evaluate()?.toString().orEmpty()) || regex.matches(it.code.orEmpty())
             }
-            is Iterable<*> -> this.any { it?.cpgFlowsTo(that) ?: false }
-            is Array<*> -> this.any { it?.cpgFlowsTo(that) ?: false }
+            // Separate cases for IntRange and LongRange result in a huge performance boost for large ranges
+            is LongRange, is IntRange -> checkRange(that)
+            is Iterable<*> -> this.anyResult { it?.cpgFlowsTo(that) }
+            is Array<*> -> this.anyResult { it?.cpgFlowsTo(that) }
             is Node -> that.any { dataFlow(this, it).value }
-            is ParameterGroup -> this.parameters.all { it?.cpgFlowsTo(that) ?: false }
+            is ParameterGroup -> this.parameters.allResult { it?.cpgFlowsTo(that) }
+            is Length -> checkLength(that)
             else -> this in that.map { (it as Expression).evaluate() }
         }
+    )
+
+private fun Any.checkRange(that: Collection<Node>): Boolean {
+    when (this) {
+        // I would love to combine the following two cases, but any implementation loses the benefit of
+        // quickly reading the last value of the range, therefore making the whole distinction useless.
+        is IntRange -> {
+            return that.all {
+                val minValue = min(it).value.toInt()
+                val maxValue = max(it).value.toInt()
+                minValue > this.first && maxValue < this.last
+            }
+        }
+        is LongRange -> {
+            return that.all {
+                val minValue = min(it).value.toInt()
+                val maxValue = max(it).value.toInt()
+                minValue > this.first && maxValue < this.last
+            }
+        }
+        else -> throw IllegalArgumentException("Unexpected type")
     }
+}
+
+private fun Length.checkLength(that: Collection<Node>): Result {
+    return Result.convert(that.all {
+        val size = sizeof(it).value
+        if (size == -1) {
+            // Handle case where size could not be determined -> OPEN Finding
+            return OPEN
+        }
+        size in this.value
+    })
+}
 
 context(CokoBackend)
 // TODO: better description
@@ -195,21 +248,20 @@
  * are not important to the analysis
  */
 @Suppress("UnsafeCallOnNullableType")
-fun CallExpression.cpgSignature(vararg parameters: Any?, hasVarargs: Boolean = false): Boolean {
+fun CallExpression.cpgSignature(vararg parameters: Any?, hasVarargs: Boolean = false): Result {
     // checks if amount of parameters is the same as amount of arguments of this CallExpression
-    return cpgCheckArgsSize(parameters, hasVarargs) &&
+    if(cpgCheckArgsSize(parameters, hasVarargs)) {
         // checks if the CallExpression matches with the parameters
-        parameters.withIndex().all { (i: Int, parameter: Any?) ->
+        return parameters.withIndex().allResult { (i: Int, parameter: Any?) ->
             when (parameter) {
                 // if any parameter is null, signature returns false
-                null -> false
+                null -> INVALID
                 is ParamWithType ->
                     // if `parameter` is a `ParamWithType` object we want to check the type and
                     // if there is dataflow
-                    cpgCheckType(parameter.type, i) &&
-                        parameter.param cpgFlowsTo arguments[i]
+                    if (cpgCheckType(parameter.type, i)) parameter.param cpgFlowsTo arguments[i] else INVALID
                 // checks if the type of the argument is the same
-                is Type -> cpgCheckType(parameter, i)
+                is Type -> Result.convert(cpgCheckType(parameter, i))
                 // check if any of the Nodes of the Op flow to the argument
                 is Op -> parameter.cpgGetNodes() cpgFlowsTo arguments[i]
                 // check if any of the Nodes of the DataItem flow to the argument
@@ -218,6 +270,8 @@
                 else -> parameter cpgFlowsTo arguments[i]
             }
         }
+    }
+    return INVALID
 }
 
 /** Checks the [type] against the type of the argument at [index] for the Call Expression */

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/dsl/Result.kt

@@ -0,0 +1,71 @@
+package de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl
+
+import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.Result.*
+
+/**
+ * A data class that serves as a ternary value for the analysis result.
+ *
+ * OPEN is used where we cannot deduce either VALID or INVALID results because of lack of information.
+ */
+enum class Result {
+    VALID,
+    INVALID,
+    OPEN;
+
+    companion object {
+        fun convert(from: Any?): Result {
+            return when(from) {
+                is Result -> from
+                is Boolean -> if (from) VALID else INVALID
+                else -> OPEN
+            }
+        }
+    }
+}
+
+/** returns VALID if all Results are VALID, otherwise returns OPEN if any result is OPEN, otherwise returns INVALID */
+inline fun <T> Iterable<T>.allResult(predicate: (T) -> Result?): Result {
+    var invalidFlag = false
+    for (element in this) {
+        if (predicate(element) == OPEN) return OPEN
+        else if (predicate(element) == INVALID)invalidFlag = true
+    }
+    return if (invalidFlag) INVALID else VALID
+}
+
+/** returns VALID if any Result is VALID, otherwise returns OPEN if any result is OPEN, otherwise returns INVALID */
+inline fun <T> Iterable<T>.anyResult(predicate: (T) -> Result?): Result {
+    var openFlag = false
+    for (element in this) {
+        if (predicate(element) == VALID) return VALID
+        else if (predicate(element) == OPEN) openFlag = true
+    }
+    return if (openFlag) OPEN else INVALID
+}
+
+/** returns VALID if all Results are VALID, otherwise returns OPEN if any result is OPEN, otherwise returns INVALID */
+inline fun <T> Array<T>.allResult(predicate: (T) -> Result?): Result {
+    var invalidFlag = false
+    for (element in this) {
+        if (predicate(element) == OPEN) return OPEN
+        else if (predicate(element) == INVALID)invalidFlag = true
+    }
+    return if (invalidFlag) INVALID else VALID
+}
+
+/** returns VALID if any Result is VALID, otherwise returns OPEN if any result is OPEN, otherwise returns INVALID */
+inline fun <T> Array<T>.anyResult(predicate: (T) -> Result?): Result {
+    var openFlag = false
+    for (element in this) {
+        if (predicate(element) == VALID) return VALID
+        else if (predicate(element) == OPEN) openFlag = true
+    }
+    return if (openFlag) OPEN else INVALID
+}
+
+/** precedence order for ternary and: OPEN > INVALID > VALID */
+fun Result.and(other: Result): Result {
+    return if (this == OPEN || other == OPEN) OPEN
+    else if (this == INVALID || other == INVALID) INVALID
+    else VALID
+}

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/evaluators/CpgWheneverEvaluator.kt

@@ -331,7 +331,7 @@ class CpgWheneverEvaluator(premise: ConditionComponent) : WheneverEvaluator(prem
         callConditionComponent: CallConditionComponent,
         premiseNode: Node? = null
     ): EvaluationResult {
-        val callNodes = callConditionComponent.op.cpgGetNodes().filterWithDistanceToPremise(premiseNode)
+        val callNodes = callConditionComponent.op.cpgGetNodes().keys.filterWithDistanceToPremise(premiseNode)
         return EvaluationResult(callNodes, emptyList(), Problems())
     }
 

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/evaluators/FollowsEvaluator.kt

@@ -38,10 +38,10 @@ class FollowsEvaluator(val ifOp: Op, val thenOp: Op) : Evaluator {
 
     override fun evaluate(context: EvaluationContext): List<CpgFinding> {
         val (unreachableThisNodes, thisNodes) =
-            with(this@CokoCpgBackend) { ifOp.cpgGetNodes().toSet() }
+            with(this@CokoCpgBackend) { ifOp.cpgGetNodes().keys }
                 .partition { it.isUnreachable() }
 
-        val thatNodes = with(this@CokoCpgBackend) { thenOp.cpgGetNodes().toSet() }
+        val thatNodes = with(this@CokoCpgBackend) { thenOp.cpgGetNodes().keys }
 
         val findings = mutableListOf<CpgFinding>()
 

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/evaluators/NeverEvaluator.kt

@@ -17,6 +17,7 @@ package de.fraunhofer.aisec.codyze.backends.cpg.coko.evaluators
 
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.CokoCpgBackend
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.CpgFinding
+import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.Result
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.cpgGetNodes
 import de.fraunhofer.aisec.codyze.specificationLanguages.coko.core.EvaluationContext
 import de.fraunhofer.aisec.codyze.specificationLanguages.coko.core.Evaluator
@@ -51,11 +52,20 @@ class NeverEvaluator(val forbiddenOps: List<Op>) : Evaluator {
             if (nodes.isNotEmpty()) {
                 // This means there are calls to the forbidden op, so Fail findings are added
                 for (node in nodes) {
+                    if (node.value == Result.OPEN) {
+                        findings.add(
+                            CpgFinding(
+                                message = "Not enough information to evaluate \"${node.key.code}\"",
+                                kind = Finding.Kind.Open,
+                                node = node.key
+                            )
+                        )
+                    }
                     findings.add(
                         CpgFinding(
-                            message = "Violation against rule: \"${node.code}\". $failMessage",
+                            message = "Violation against rule: \"${node.key.code}\". $failMessage",
                             kind = Finding.Kind.Fail,
-                            node = node
+                            node = node.key
                         )
                     )
                 }

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/coko/evaluators/OnlyEvaluator.kt

@@ -17,6 +17,7 @@
 
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.CokoCpgBackend
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.CpgFinding
+import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.Result
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.cpgGetAllNodes
 import de.fraunhofer.aisec.codyze.backends.cpg.coko.dsl.cpgGetNodes
 import de.fraunhofer.aisec.codyze.specificationLanguages.coko.core.EvaluationContext
@@ -39,9 +40,11 @@
     private val defaultPassMessage = "Call is in compliance with rule"
 
     override fun evaluate(context: EvaluationContext): List<CpgFinding> {
-        val correctNodes =
-            with(this@CokoCpgBackend) { ops.flatMap { it.cpgGetNodes() } }
-                .toSet()
+
+        val correctAndOpen = with(this@CokoCpgBackend) {
+            ops.flatMap { it.cpgGetNodes().entries }.associate { it.toPair() }
+        }
+        val correctAndOpenNodes = correctAndOpen.keys.toSet()
 
         val distinctOps = ops.toSet()
         val allNodes =
@@ -50,7 +53,7 @@
 
         // `correctNodes` is a subset of `allNodes`
         // we want to find nodes in `allNodes` that are not contained in `correctNodes` since they are violations
-        val violatingNodes = allNodes.minus(correctNodes)
+        val violatingNodes = allNodes.minus(correctAndOpenNodes)
 
         val ruleAnnotation = context.rule.findAnnotation<Rule>()
         val failMessage = ruleAnnotation?.failMessage?.takeIf { it.isNotEmpty() } ?: defaultFailMessage
@@ -67,7 +70,16 @@
             )
         }
 
-        for (node in correctNodes) {
+        for (node in correctAndOpenNodes) {
+            if (correctAndOpen[node] == Result.OPEN) {
+                findings.add(
+                    CpgFinding(
+                        message = "Not enough information to evaluate \"${node.code}\"",
+                        kind = Finding.Kind.Open,
+                        node = node
+                    )
+                )
+            }
             findings.add(
                 CpgFinding(
                     message = "Complies with rule: \"${node.code}\". $passMessage",