Skip to content

Commit

Permalink
Add network and reflection methods
Browse files Browse the repository at this point in the history
  • Loading branch information
sarpsahinalp committed Aug 19, 2024
1 parent 4edf0a9 commit 7b94567
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,10 @@
*/
public class FileHandlerConstants {

public static final Path JAVA_FILESYSTEM_INTERACTION_METHODS = Path.of("src" + File.separator + "main" + File.separator + "resources" + File.separator + "archunit" + File.separator + "files" + File.separator + "java" + File.separator + "methods" + File.separator + "file-system-access-methods.txt");
public static final Path JAVA_JVM_TERMINATION_METHODS = Path.of("src" + File.separator + "main" + File.separator + "resources" + File.separator + "archunit" + File.separator + "files" + File.separator + "java" + File.separator + "methods" + File.separator + "jvm-termination-methods.txt");
private static final String JAVA_METHODS_DIRECTORY = "src" + File.separator + "main" + File.separator + "resources" + File.separator + "archunit" + File.separator + "files" + File.separator + "java" + File.separator + "methods" + File.separator;
public static final Path JAVA_FILESYSTEM_INTERACTION_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "file-system-access-methods.txt");
public static final Path JAVA_NETWORK_ACCESS_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "network-access-methods.txt");
public static final Path JAVA_JVM_TERMINATION_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "jvm-termination-methods.txt");

private FileHandlerConstants() {
throw new IllegalArgumentException("FileHandlerConstants is a utility class and should not be instantiated");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import java.util.Set;

import static de.tum.cit.ase.ares.api.architecturetest.java.JavaSupportedArchitectureTestCase.FILESYSTEM_INTERACTION;
import static de.tum.cit.ase.ares.api.architecturetest.java.JavaSupportedArchitectureTestCase.NETWORK_CONNECTION;

/**
* This class runs the security rules on the architecture for the post-compile mode.
Expand All @@ -28,6 +29,7 @@ private JavaArchitectureTestCaseCollection() {
throw new IllegalArgumentException("This class should not be instantiated");
}

public static final String LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED = "Could not load the architecture rule file content";
/**
* Map to store the forbidden methods for the supported architectural test cases
*/
Expand Down Expand Up @@ -69,7 +71,7 @@ public boolean test(JavaAccess<?> javaAccess) {
try {
loadForbiddenMethodsFromFile(FileHandlerConstants.JAVA_FILESYSTEM_INTERACTION_METHODS, JavaSupportedArchitectureTestCase.FILESYSTEM_INTERACTION.name());
} catch (IOException e) {
throw new IllegalStateException("Could not load the architecture rule file content", e);
throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
}
forbiddenMethods = getForbiddenMethods(FILESYSTEM_INTERACTION.name());
}
Expand All @@ -80,10 +82,22 @@ public boolean test(JavaAccess<?> javaAccess) {
}));

public static final ArchRule NO_CLASSES_SHOULD_ACCESS_NETWORK = ArchRuleDefinition.noClasses()
.should(new TransitivelyAccessesMethodsCondition(new DescribedPredicate<JavaAccess<?>>("accesses network") {
.should(new TransitivelyAccessesMethodsCondition(new DescribedPredicate<>("accesses network") {
private Set<String> forbiddenMethods;

@Override
public boolean test(JavaAccess<?> javaAccess) {
return javaAccess.getTarget().getFullName().startsWith("java.net");
if (forbiddenMethods == null) {
try {
loadForbiddenMethodsFromFile(FileHandlerConstants.JAVA_NETWORK_ACCESS_METHODS, JavaSupportedArchitectureTestCase.NETWORK_CONNECTION.name());
} catch (IOException e) {
throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
}
forbiddenMethods = getForbiddenMethods(NETWORK_CONNECTION.name());
}

Optional<Set<String>> methods = Optional.ofNullable(forbiddenMethods);
return methods.map(strings -> strings.stream().anyMatch(method -> javaAccess.getTarget().getFullName().startsWith(method))).orElse(false);
}
}));

Expand All @@ -98,7 +112,7 @@ public boolean test(JavaClass javaClass) {
});

public static final ArchRule NO_CLASSES_SHOULD_USE_REFLECTION = ArchRuleDefinition.noClasses()
.should(new TransitivelyAccessesMethodsCondition(new DescribedPredicate<JavaAccess<?>>("uses reflection") {
.should(new TransitivelyAccessesMethodsCondition(new DescribedPredicate<>("uses reflection") {
@Override
public boolean test(JavaAccess<?> javaAccess) {
return javaAccess.getTarget().getFullName().startsWith("java.lang.reflect")
Expand All @@ -116,7 +130,7 @@ public boolean test(JavaAccess<?> javaAccess) {
try {
loadForbiddenMethodsFromFile(FileHandlerConstants.JAVA_JVM_TERMINATION_METHODS, "JVM_TERMINATION");
} catch (IOException e) {
throw new IllegalStateException("Could not load the architecture rule file content", e);
throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
}
forbiddenMethods = getForbiddenMethods("JVM_TERMINATION");
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
java.net
java.net.http
javax.net
javax.net.ssl
com.sun.net.httpserver
sun.net.httpserver
jdk.net
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
sun.reflect.misc
java.lang.reflect
java.lang.reflect
java.lang.invoke

0 comments on commit 7b94567

Please sign in to comment.