Fraunhofer-AISEC · MariusAlbrecht · Apr 20, 2024 · Apr 20, 2024 · Apr 20, 2024 · Apr 20, 2024
@@ -24,6 +24,7 @@
  *
  */
 plugins {
+    id("cpg.application-conventions")
     id("cpg.library-conventions")
 }
 
@@ -40,8 +41,22 @@ publishing {
     }
 }
 
+application {
+    mainClass.set("de.fraunhofer.aisec.cpg.query.RuleRunnerKt")
+}
+
 dependencies {
     api(projects.cpgCore)
 
+    api(projects.cpgLanguageCxx)
+    api(projects.cpgLanguageJava)
+    // api(projects.cpgLanguageGo)
+
+    implementation(libs.sarif4k)
+
+    // Command line interface support
+    api(libs.picocli)
+    annotationProcessor(libs.picocli.codegen)
+
     testImplementation(testFixtures(projects.cpgCore))
 }
@@ -30,10 +30,7 @@ import de.fraunhofer.aisec.cpg.analysis.NumberSet
 import de.fraunhofer.aisec.cpg.analysis.SizeEvaluator
 import de.fraunhofer.aisec.cpg.analysis.ValueEvaluator
 import de.fraunhofer.aisec.cpg.graph.*
-import de.fraunhofer.aisec.cpg.graph.statements.expressions.CallExpression
 import de.fraunhofer.aisec.cpg.graph.statements.expressions.Expression
-import de.fraunhofer.aisec.cpg.graph.statements.expressions.Literal
-import de.fraunhofer.aisec.cpg.graph.statements.expressions.MemberExpression
 import de.fraunhofer.aisec.cpg.graph.types.Type
 
 /**
@@ -120,7 +117,7 @@ inline fun <reified T> Node.exists(
  */
 fun sizeof(n: Node?, eval: ValueEvaluator = SizeEvaluator()): QueryTree<Int> {
     // The cast could potentially go wrong, but if it's not an int, it's not really a size
-    return QueryTree(eval.evaluate(n) as? Int ?: -1, mutableListOf(), "sizeof($n)")
+    return QueryTree(eval.evaluate(n) as? Int ?: -1, mutableListOf(QueryTree(n)), "sizeof($n)")
 }
 
 /**
@@ -134,7 +131,7 @@ fun min(n: Node?, eval: ValueEvaluator = MultiValueEvaluator()): QueryTree<Numbe
         return QueryTree(evalRes, mutableListOf(QueryTree(n)), "min($n)")
     }
     // Extend this when we have other evaluators.
-    return QueryTree((evalRes as? NumberSet)?.min() ?: -1, mutableListOf(), "min($n)")
+    return QueryTree((evalRes as? NumberSet)?.min() ?: -1, mutableListOf(QueryTree(n)), "min($n)")
 }
 
 /**
@@ -155,7 +152,7 @@ fun min(n: List<Node>?, eval: ValueEvaluator = MultiValueEvaluator()): QueryTree
         }
         // Extend this when we have other evaluators.
     }
-    return QueryTree(result, mutableListOf(), "min($n)")
+    return QueryTree(result, mutableListOf(QueryTree(n)), "min($n)")
 }
 
 /**
@@ -176,7 +173,7 @@ fun max(n: List<Node>?, eval: ValueEvaluator = MultiValueEvaluator()): QueryTree
         }
         // Extend this when we have other evaluators.
     }
-    return QueryTree(result, mutableListOf(), "max($n)")
+    return QueryTree(result, mutableListOf(QueryTree(n)), "max($n)")
 }
 
 /**
@@ -190,7 +187,7 @@ fun max(n: Node?, eval: ValueEvaluator = MultiValueEvaluator()): QueryTree<Numbe
         return QueryTree(evalRes, mutableListOf(QueryTree(n)))
     }
     // Extend this when we have other evaluators.
-    return QueryTree((evalRes as? NumberSet)?.max() ?: -1, mutableListOf(), "max($n)")
+    return QueryTree((evalRes as? NumberSet)?.max() ?: -1, mutableListOf(QueryTree(n)), "max($n)")
 }
 
 /** Checks if a data flow is possible between the nodes [from] as a source and [to] as sink. */
@@ -250,8 +247,8 @@ fun executionPath(from: Node, to: Node): QueryTree<Boolean> {
  */
 fun executionPath(from: Node, predicate: (Node) -> Boolean): QueryTree<Boolean> {
     val evalRes = from.followNextEOGEdgesUntilHit(predicate)
-    val allPaths = evalRes.fulfilled.map { QueryTree(it) }.toMutableList()
-    allPaths.addAll(evalRes.failed.map { QueryTree(it) })
+    val allPaths = evalRes.fulfilled.map { QueryTree(it, it.map { QueryTree(it) }.toMutableList()) }
+    // allPaths.addAll(evalRes.failed.map { QueryTree(it) })
     return QueryTree(
         evalRes.fulfilled.isNotEmpty(),
         allPaths.toMutableList(),
@@ -320,91 +317,3 @@ val Expression.size: QueryTree<Int>
     get() {
         return sizeof(this)
     }
-
-/**
- * The minimal integer value of this expression. It uses the default argument for `eval` of [min]
- */
-val Expression.min: QueryTree<Number>
-    get() {
-        return min(this)
-    }
-
-/**
- * The maximal integer value of this expression. It uses the default argument for `eval` of [max]
- */
-val Expression.max: QueryTree<Number>
-    get() {
-        return max(this)
-    }
-
-/** Calls [ValueEvaluator.evaluate] for this expression, thus trying to resolve a constant value. */
-val Expression.value: QueryTree<Any?>
-    get() {
-        return QueryTree(evaluate(), mutableListOf(), "$this")
-    }
-
-/**
- * Calls [ValueEvaluator.evaluate] for this expression, thus trying to resolve a constant value. The
- * result is interpreted as an integer.
- */
-val Expression.intValue: QueryTree<Int>?
-    get() {
-        val evalRes = evaluate() as? Int ?: return null
-        return QueryTree(evalRes, mutableListOf(), "$this")
-    }
-
-/**
- * Does some magic to identify if the value which is in [from] also reaches [to]. To do so, it goes
- * some data flow steps backwards in the graph (ideally to find the last assignment) and then
- * follows this value to the node [to].
- */
-fun allNonLiteralsFromFlowTo(from: Node, to: Node, allPaths: List<List<Node>>): QueryTree<Boolean> {
-    return when (from) {
-        is CallExpression -> {
-            val prevEdges =
-                from.prevDFG
-                    .fold(mutableListOf<Node>()) { l, e ->
-                        if (e !is Literal<*>) {
-                            l.add(e)
-                        }
-                        l
-                    }
-                    .toMutableSet()
-            prevEdges.addAll(from.arguments)
-            // For a call, we collect the incoming data flows (typically only the arguments)
-            val prevQTs = prevEdges.map { allNonLiteralsFromFlowTo(it, to, allPaths) }
-            QueryTree(prevQTs.all { it.value }, prevQTs.toMutableList())
-        }
-        is Literal<*> ->
-            QueryTree(true, mutableListOf(QueryTree(from)), "DF Irrelevant for Literal node")
-        else -> {
-            // We go one step back to see if that one goes into to but also check that no assignment
-            // to from happens in the paths between from and to
-            val prevQTs = from.prevFullDFG.map { dataFlow(it, to) }.toMutableSet()
-            // The base flows into a MemberExpression, but we don't care about such a partial
-            // flow and are only interested in the prevDFG setting the field (if it exists). So, if
-            // there are multiple edges, we filter out partial edges.
-
-            val noAssignmentToFrom =
-                allPaths.none {
-                    it.any { it2 ->
-                        if (it2 is AssignmentHolder) {
-                            it2.assignments.any { assign ->
-                                val prevMemberFromExpr = (from as? MemberExpression)?.prevDFG
-                                val nextMemberToExpr = (assign.target as? MemberExpression)?.nextDFG
-                                assign.target == from ||
-                                    prevMemberFromExpr != null &&
-                                        nextMemberToExpr != null &&
-                                        prevMemberFromExpr.any { it3 ->
-                                            nextMemberToExpr.contains(it3)
-                                        }
-                            }
-                        } else {
-                            false
-                        }
-                    }
-                }
-            QueryTree(prevQTs.all { it.value } && noAssignmentToFrom, prevQTs.toMutableList())
-        }
-    }
-}
@@ -157,6 +157,50 @@ open class QueryTree<T>(
         }
         throw QueryException("Cannot compare objects of type ${this.value} and $other")
     }
+
+    operator fun plus(increment: Int): QueryTree<Number> {
+        if (this.value is Number) {
+            return QueryTree(
+                (value as Number).toInt() + increment,
+                mutableListOf(this),
+                "$value + $increment"
+            )
+        }
+        throw QueryException("Cannot add $increment to $value")
+    }
+
+    operator fun minus(decrement: Int): QueryTree<Number> {
+        if (this.value is Number) {
+            return QueryTree(
+                (value as Number).toInt() - decrement,
+                mutableListOf(this),
+                "$value - $decrement"
+            )
+        }
+        throw QueryException("Cannot subtract $decrement from $value")
+    }
+
+    operator fun times(multiplier: Int): QueryTree<Number> {
+        if (this.value is Number) {
+            return QueryTree(
+                (value as Number).toInt() * multiplier,
+                mutableListOf(this),
+                "$value * $multiplier"
+            )
+        }
+        throw QueryException("Cannot multiply $value by $multiplier")
+    }
+
+    operator fun div(divisor: Int): QueryTree<Number> {
+        if (this.value is Number) {
+            return QueryTree(
+                (value as Number).toInt() / divisor,
+                mutableListOf(this),
+                "$value / $divisor"
+            )
+        }
+        throw QueryException("Cannot divide $value by $divisor")
+    }
 }
 
 /** Performs a logical and (&&) operation between the values of two [QueryTree]s. */

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2024, Fraunhofer AISEC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *                    $$$$$$\  $$$$$$$\   $$$$$$\
+ *                   $$  __$$\ $$  __$$\ $$  __$$\
+ *                   $$ /  \__|$$ |  $$ |$$ /  \__|
+ *                   $$ |      $$$$$$$  |$$ |$$$$\
+ *                   $$ |      $$  ____/ $$ |\_$$ |
+ *                   $$ |  $$\ $$ |      $$ |  $$ |
+ *                   \$$$$$   |$$ |      \$$$$$   |
+ *                    \______/ \__|       \______/
+ *
+ */
+package de.fraunhofer.aisec.cpg.query
+
+import de.fraunhofer.aisec.cpg.query.Rule.Level
+import java.nio.file.Path
+import java.time.LocalDateTime
+import java.time.format.DateTimeFormatter
+import kotlin.io.path.createDirectories
+import kotlin.io.path.writeText
+
+interface Reporter {
+
+    /**
+     * Generates a report for the given rule
+     *
+     * @param rules the rule to generate the report for. The query result of the rule must be set by
+     *   calling [Rule.run] before calling this method
+     * @param minify if true, a minified version of the report is generated
+     * @return the report as a string that can be written to a file
+     */
+    fun report(
+        rules: Collection<Rule>,
+        minify: Boolean = false,
+        arguments: List<String> = ArrayList(0),
+    ): String
+
+    /**
+     * Maps a level to the respective format
+     *
+     * @param level the level to map
+     * @return the mapped level
+     */
+    fun mapLevel(level: Level): Any
+
+    /**
+     * Writes the report to a file
+     *
+     * @param report the report to write to a file. Should be generated by calling [report]
+     * @param path the path to write the report to. If unspecified, the default path is used
+     */
+    fun toFile(report: String, path: Path = getDefaultPath()) {
+        println("writing report to ${path.toAbsolutePath()}") // TODO: actual logging
+        path.parent.createDirectories() // create parent directories if they don't exist
+        path.writeText(report)
+    }
+
+    /**
+     * Gets the default path to write the report to. Currently, the default path is
+     * `$(pwd)/reports/report-<yyyy-MM-dd-HH-mm-ss>.sarif`
+     *
+     * @return the default path to write the report to
+     */
+    fun getDefaultPath(): Path {
+        // TODO: duplicates technically possible if multiple reports are generated in the same
+        // second
+        // TODO: base path should be configurable
+        // eg reports/sarif/report-2021-09-29-15-00-00.sarif
+        val timestamp: String =
+            LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyy-MM-dd-HH-mm-ss"))
+        return Path.of("reports", "report-$timestamp.sarif")
+    }
+}