From b7ae64befa8f7f3b7ebe4377ad796ca57e1be9f6 Mon Sep 17 00:00:00 2001 From: sarpsahinalp Date: Wed, 27 Nov 2024 23:06:21 +0100 Subject: [PATCH] Address the changes! --- ...JavaSecurityTestCaseFactoryAndBuilder.java | 6 +- .../integration/ArchitectureSecurityTest.java | 147 +++++++++++++++++- .../testuser/ArchitectureSecurityUser.java | 84 +++++++--- .../packageImport/PackageImportPenguin.java | 13 ++ .../ThirdPartyAccessPenguin.java} | 4 +- .../ThreadAccessPenguin.java | 5 + 6 files changed, 235 insertions(+), 24 deletions(-) create mode 100644 src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/packageImport/PackageImportPenguin.java rename src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/{student/Student.java => thirdPartyAccess/ThirdPartyAccessPenguin.java} (83%) diff --git a/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java b/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java index 4c5a4ed..ef717e8 100644 --- a/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java +++ b/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java @@ -46,6 +46,10 @@ public class JavaSecurityTestCaseFactoryAndBuilder implements SecurityTestCaseAbstractFactoryAndBuilder { // + /** + * The package name where the main classes reside. + */ + private static final String ARES_PACKAGE = "de.tum.cit.ase.ares"; /** * The build tool used in the project (e.g., Maven or Gradle). */ @@ -380,7 +384,7 @@ public void executeSecurityTestCases() { "allowedListedClasses", Stream.concat( Arrays.stream(testClasses), - ("de.tum.cit.ase.ares").equals(packageName) ? Arrays.stream(functionClasses) : Stream.of("de.tum.cit.ase.ares") + (ARES_PACKAGE).equals(packageName) ? Arrays.stream(functionClasses) : Stream.of(ARES_PACKAGE) ).toArray(String[]::new), javaAOPMode.toString()); javaArchUnitTestCases.forEach(javaArchitectureTestCase -> javaArchitectureTestCase.executeArchitectureTestCase(javaArchitectureMode)); diff --git a/src/test/java/de/tum/cit/ase/ares/integration/ArchitectureSecurityTest.java b/src/test/java/de/tum/cit/ase/ares/integration/ArchitectureSecurityTest.java index c4101f5..1ac45de 100644 --- a/src/test/java/de/tum/cit/ase/ares/integration/ArchitectureSecurityTest.java +++ b/src/test/java/de/tum/cit/ase/ares/integration/ArchitectureSecurityTest.java @@ -1,11 +1,156 @@ package de.tum.cit.ase.ares.integration; +import de.tum.cit.ase.ares.integration.testuser.ArchitectureSecurityUser; +import de.tum.cit.ase.ares.testutilities.TestTest; +import de.tum.cit.ase.ares.testutilities.UserBased; import de.tum.cit.ase.ares.testutilities.UserTestResults; import org.junit.platform.testkit.engine.Events; +import static de.tum.cit.ase.ares.testutilities.CustomConditions.testFailedWith; + +@UserBased(ArchitectureSecurityUser.class) public class ArchitectureSecurityTest { - // TODO Sarp: Implement tests @UserTestResults private static Events tests; + + // + @TestTest + void testArchUnitFileAccess() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitFileAccess", SecurityException.class)); + } + + @TestTest + void testWalaFileAccess() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaFileAccess", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitNetworkAccess() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitNetworkAccess", SecurityException.class)); + } + + @TestTest + void testWalaNetworkAccess() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaNetworkAccess", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitCommandExecution() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitCommandExecution", SecurityException.class)); + } + + @TestTest + void testWalaCommandExecution() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaCommandExecution", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitThreadCreation() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitThreadCreation", SecurityException.class)); + } + + @TestTest + void testWalaThreadCreation() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWaLaThreadCreation", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitPackageImport() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitPackageImport", SecurityException.class)); + } + + @TestTest + void testWalaPackageImport() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaPackageImport", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitJVMTermination() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitJVMTermination", SecurityException.class)); + } + + @TestTest + void testWalaJVMTermination() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaJVMTermination", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitReflection() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitReflection", SecurityException.class)); + } + + @TestTest + void testWalaReflection() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaReflection", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitSerialization() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitSerialization", SecurityException.class)); + } + + @TestTest + void testWalaSerialization() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaSerialization", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitClassloading() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitClassloading", SecurityException.class)); + } + + @TestTest + void testWalaClassloading() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaClassloading", SecurityException.class)); + } + // + + // + @TestTest + void testArchUnitThirdPartyPackageAccess() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testArchUnitThirdPartyPackageAccess", SecurityException.class)); + } + + @TestTest + void testWalaThirdPartyPackageAccess() { + tests.assertThatEvents().haveExactly(1, + testFailedWith("testWalaThirdPartyPackageAccess", SecurityException.class)); + } + // } diff --git a/src/test/java/de/tum/cit/ase/ares/integration/testuser/ArchitectureSecurityUser.java b/src/test/java/de/tum/cit/ase/ares/integration/testuser/ArchitectureSecurityUser.java index 21670cf..33b4f5e 100644 --- a/src/test/java/de/tum/cit/ase/ares/integration/testuser/ArchitectureSecurityUser.java +++ b/src/test/java/de/tum/cit/ase/ares/integration/testuser/ArchitectureSecurityUser.java @@ -9,18 +9,35 @@ @StrictTimeout(5) public class ArchitectureSecurityUser { + // @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/classloading") - void testArchUnitClassloading() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/fileSystem") + void testArchUnitFileAccess() { // do nothing } @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/classloading") - void testWalaClassloading() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/fileSystem") + void testWalaFileAccess() { + // do nothing + } + // + + // + @PublicTest + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/network") + void testArchUnitNetworkAccess() { + // do nothing + } + + @PublicTest + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/network") + void testWalaNetworkAccess() { // do nothing } + // + // @PublicTest @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/commandexecution") void testArchUnitCommandExecution() { @@ -32,31 +49,51 @@ void testArchUnitCommandExecution() { void testWalaCommandExecution() { // do nothing } + // + // @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/fileSystem") - void testArchUnitFileAccess() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thread_manipulation") + void testArchUnitThreadCreation() { // do nothing } @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/fileSystem") - void testWalaFileAccess() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thread_manipulation") + void testWalaThreadCreation() { // do nothing } + // + // @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/network") - void testArchUnitNetworkAccess() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/packageImport") + void testArchUnitPackageImport() { // do nothing } @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/network") - void testWalaNetworkAccess() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/packageImport") + void testWalaPackageImport() { + // do nothing + } + // + + // + @PublicTest + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/jvmTermination") + void testArchUnitJVMTermination() { + // do nothing + } + + @PublicTest + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/jvmTermination") + void testWalaJVMTermination() { // do nothing } + // + // @PublicTest @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/reflection") void testArchUnitReflection() { @@ -68,7 +105,9 @@ void testArchUnitReflection() { void testWalaReflection() { // do nothing } + // + // @PublicTest @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/serialization") void testArchUnitSerialization() { @@ -80,29 +119,34 @@ void testArchUnitSerialization() { void testWalaSerialization() { // do nothing } + // + // @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdpartypackage") - void testArchUnitThirdPartyPackageAccess() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/classloading") + void testArchUnitClassloading() { // do nothing } @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdpartypackage") - void testWalaThirdPartyPackageAccess() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/classloading") + void testWalaClassloading() { // do nothing } + // + // @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/jvmTermination") - void testArchUnitJVMTermination() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdPartyAccess") + void testArchUnitThirdPartyPackageAccess() { // do nothing } @PublicTest - @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/jvmTermination") - void testWalaJVMTermination() { + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicyWala.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdPartyAccess") + void testWalaThirdPartyPackageAccess() { // do nothing } + // } diff --git a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/packageImport/PackageImportPenguin.java b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/packageImport/PackageImportPenguin.java new file mode 100644 index 0000000..6ab1232 --- /dev/null +++ b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/packageImport/PackageImportPenguin.java @@ -0,0 +1,13 @@ +package de.tum.cit.ase.ares.integration.testuser.subject.architectureTests.packageImport; + +import ch.qos.logback.core.FileAppender; + +import java.io.IOException; + +public class PackageImportPenguin { + + void accessPathThroughThirdPartyPackage() throws IOException { + FileAppender fileAppender = new FileAppender(); + fileAppender.openFile("path/to/file"); + } +} diff --git a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/student/Student.java b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdPartyAccess/ThirdPartyAccessPenguin.java similarity index 83% rename from src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/student/Student.java rename to src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdPartyAccess/ThirdPartyAccessPenguin.java index 9409bca..f276d4e 100644 --- a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/student/Student.java +++ b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thirdPartyAccess/ThirdPartyAccessPenguin.java @@ -1,10 +1,10 @@ -package de.tum.cit.ase.ares.integration.testuser.subject.architectureTests.student; +package de.tum.cit.ase.ares.integration.testuser.subject.architectureTests.thirdPartyAccess; import de.tum.cit.ase.ares.integration.testuser.subject.architectureTests.thirdpartypackage.ThirdPartyPackagePenguin; import java.io.IOException; -public class Student { +public class ThirdPartyAccessPenguin { public void accessPathThroughThirdPartyPackage() throws IOException { ThirdPartyPackagePenguin.accessFileSystem(); } diff --git a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thread_manipulation/ThreadAccessPenguin.java b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thread_manipulation/ThreadAccessPenguin.java index 0e2e9c0..8b16226 100644 --- a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thread_manipulation/ThreadAccessPenguin.java +++ b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/architectureTests/thread_manipulation/ThreadAccessPenguin.java @@ -1,4 +1,9 @@ package de.tum.cit.ase.ares.integration.testuser.subject.architectureTests.thread_manipulation; public class ThreadAccessPenguin { + + void createThread() { + Thread thread = new Thread(); + thread.start(); + } }