Ares: ArchUnit Command Execution

src/main/java/de/tum/cit/ase/ares/api/architecturetest/java/FileHandlerConstants.java

@@ -13,6 +13,7 @@ public class FileHandlerConstants {
     public static final Path JAVA_NETWORK_ACCESS_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "network-access-methods.txt");
     public static final Path JAVA_JVM_TERMINATION_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "jvm-termination-methods.txt");
     public static final Path JAVA_REFLECTION_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "reflection-methods.txt");
+    public static final Path JAVA_COMMAND_EXECUTION_METHODS = Path.of(JAVA_METHODS_DIRECTORY + "command-execution-methods.txt");
 
     private FileHandlerConstants() {
         throw new IllegalArgumentException("FileHandlerConstants is a utility class and should not be instantiated");

src/main/java/de/tum/cit/ase/ares/api/architecturetest/java/JavaArchitectureTestCase.java

@@ -6,10 +6,7 @@
 import de.tum.cit.ase.ares.api.policy.PackageImport;
 
 import java.io.IOException;
-import java.nio.file.Path;
-import java.util.ArrayList;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -78,7 +75,7 @@ public void runArchitectureTestCase(JavaClasses classes) {
                 case PACKAGE_IMPORT ->  JavaArchitectureTestCaseCollection.noClassesShouldImportForbiddenPackages(allowedPackages).check(classes);
                 case THREAD_CREATION -> throw new UnsupportedOperationException("Thread creation not implemented yet");
                 case COMMAND_EXECUTION ->
-                        throw new UnsupportedOperationException("Command execution not implemented yet");
+                        JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_EXECUTE_COMMANDS.check(classes);
                 case NETWORK_CONNECTION ->
                         JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_ACCESS_NETWORK.check(classes);
                 default -> throw new UnsupportedOperationException("Not implemented yet");

src/main/java/de/tum/cit/ase/ares/api/architecturetest/java/postcompile/JavaArchitectureTestCaseCollection.java

@@ -1,13 +1,11 @@
 package de.tum.cit.ase.ares.api.architecturetest.java.postcompile;
 
-import com.google.common.collect.ImmutableMap;
 import com.tngtech.archunit.base.DescribedPredicate;
 import com.tngtech.archunit.core.domain.JavaAccess;
 import com.tngtech.archunit.core.domain.JavaClass;
 import com.tngtech.archunit.lang.ArchRule;
 import com.tngtech.archunit.lang.syntax.ArchRuleDefinition;
 import de.tum.cit.ase.ares.api.architecturetest.java.FileHandlerConstants;
-import de.tum.cit.ase.ares.api.architecturetest.java.JavaSupportedArchitectureTestCase;
 
 import java.io.IOException;
 import java.nio.file.Files;
@@ -16,9 +14,6 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import static de.tum.cit.ase.ares.api.architecturetest.java.JavaSupportedArchitectureTestCase.FILESYSTEM_INTERACTION;
-import static de.tum.cit.ase.ares.api.architecturetest.java.JavaSupportedArchitectureTestCase.NETWORK_CONNECTION;
-
 /**
  * This class runs the security rules on the architecture for the post-compile mode.
  */
@@ -28,26 +23,16 @@ private JavaArchitectureTestCaseCollection() {
         throw new IllegalArgumentException("This class should not be instantiated");
     }
 
-    public static final String LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED = "Could not load the architecture rule file content";
     /**
-     * Map to store the forbidden methods for the supported architectural test cases
+     * Error message for when the forbidden methods could not be loaded from the file
      */
-    private static final ImmutableMap.Builder<String, Set<String>> FORBIDDEN_METHODS_FOR_SUPPORTED_ARCHITECTURAL_TEST_CASE = ImmutableMap.builder();
-
-
-    /**
-     * Load pre file contents
-     */
-    public static void loadForbiddenMethodsFromFile(Path filePath, String key) throws IOException {
-        Set<String> content = new HashSet<>(Files.readAllLines(filePath));
-        FORBIDDEN_METHODS_FOR_SUPPORTED_ARCHITECTURAL_TEST_CASE.put(key, content);
-    }
+    public static final String LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED = "Could not load the architecture rule file content";
 
     /**
-     * Get the content of a file from the architectural rules storage
+     * Load forbidden methods from a file
      */
-    public static Set<String> getForbiddenMethods(String key) {
-        return FORBIDDEN_METHODS_FOR_SUPPORTED_ARCHITECTURAL_TEST_CASE.build().get(key);
+    public static Set<String> getForbiddenMethods(Path filePath) throws IOException {
+        return new HashSet<>(Files.readAllLines(filePath));
     }
 
     /**
@@ -68,11 +53,10 @@ public static String getArchitectureRuleFileContent(String key) throws IOExcepti
                 public boolean test(JavaAccess<?> javaAccess) {
                     if (forbiddenMethods == null) {
                         try {
-                            loadForbiddenMethodsFromFile(FileHandlerConstants.JAVA_FILESYSTEM_INTERACTION_METHODS, JavaSupportedArchitectureTestCase.FILESYSTEM_INTERACTION.name());
+                            forbiddenMethods = getForbiddenMethods(FileHandlerConstants.JAVA_FILESYSTEM_INTERACTION_METHODS);
                         } catch (IOException e) {
                             throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
                         }
-                        forbiddenMethods = getForbiddenMethods(FILESYSTEM_INTERACTION.name());
                     }
 
                     return forbiddenMethods.stream().anyMatch(method -> javaAccess.getTarget().getFullName().startsWith(method));
@@ -90,11 +74,10 @@ public boolean test(JavaAccess<?> javaAccess) {
                 public boolean test(JavaAccess<?> javaAccess) {
                     if (forbiddenMethods == null) {
                         try {
-                            loadForbiddenMethodsFromFile(FileHandlerConstants.JAVA_NETWORK_ACCESS_METHODS, JavaSupportedArchitectureTestCase.NETWORK_CONNECTION.name());
+                            forbiddenMethods = getForbiddenMethods(FileHandlerConstants.JAVA_NETWORK_ACCESS_METHODS);
                         } catch (IOException e) {
                             throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
                         }
-                        forbiddenMethods = getForbiddenMethods(NETWORK_CONNECTION.name());
                     }
 
                     return forbiddenMethods.stream().anyMatch(method -> javaAccess.getTarget().getFullName().startsWith(method));
@@ -120,10 +103,19 @@ public boolean test(JavaClass javaClass) {
      */
     public static final ArchRule NO_CLASSES_SHOULD_USE_REFLECTION = ArchRuleDefinition.noClasses()
             .should(new TransitivelyAccessesMethodsCondition(new DescribedPredicate<>("uses reflection") {
+                private Set<String> forbiddenMethods;
+
                 @Override
                 public boolean test(JavaAccess<?> javaAccess) {
-                    return javaAccess.getTarget().getFullName().startsWith("java.lang.reflect")
-                            || javaAccess.getTarget().getFullName().startsWith("sun.reflect.misc");
+                    if (forbiddenMethods == null) {
+                        try {
+                            forbiddenMethods = getForbiddenMethods(FileHandlerConstants.JAVA_REFLECTION_METHODS);
+                        } catch (IOException e) {
+                            throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
+                        }
+                    }
+
+                    return forbiddenMethods.stream().anyMatch(method -> javaAccess.getTarget().getFullName().startsWith(method));
                 }
             }));
 
@@ -138,14 +130,31 @@ public boolean test(JavaAccess<?> javaAccess) {
                 public boolean test(JavaAccess<?> javaAccess) {
                     if (forbiddenMethods == null) {
                         try {
-                            loadForbiddenMethodsFromFile(FileHandlerConstants.JAVA_JVM_TERMINATION_METHODS, "JVM_TERMINATION");
+                            forbiddenMethods = getForbiddenMethods(FileHandlerConstants.JAVA_JVM_TERMINATION_METHODS);
                         } catch (IOException e) {
                             throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
                         }
-                        forbiddenMethods = getForbiddenMethods("JVM_TERMINATION");
                     }
 
                     return forbiddenMethods.stream().anyMatch(method -> javaAccess.getTarget().getFullName().startsWith(method));
                 }
             })));
+
+    public static final ArchRule NO_CLASSES_SHOULD_EXECUTE_COMMANDS = ArchRuleDefinition.noClasses()
+            .should(new TransitivelyAccessesMethodsCondition(new DescribedPredicate<>("executes commands") {
+                private Set<String> forbiddenMethods;
+
+                @Override
+                public boolean test(JavaAccess<?> javaAccess) {
+                    if (forbiddenMethods == null) {
+                        try {
+                            forbiddenMethods = getForbiddenMethods(FileHandlerConstants.JAVA_COMMAND_EXECUTION_METHODS);
+                        } catch (IOException e) {
+                            throw new IllegalStateException(LOAD_FORBIDDEN_METHODS_FROM_FILE_FAILED, e);
+                        }
+                    }
+
+                    return forbiddenMethods.stream().anyMatch(method -> javaAccess.getTarget().getFullName().startsWith(method));
+                }
+            }));
 }

src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java

@@ -75,7 +75,7 @@ public JavaSecurityTestCaseFactoryAndBuilder(SecurityPolicy securityPolicy, Path
     private void parseTestCasesToBeCreated() {
         Supplier<List<?>>[] methods = new Supplier[]{securityPolicy::iAllowTheFollowingFileSystemInteractionsForTheStudents,
                 securityPolicy::iAllowTheFollowingNetworkConnectionsForTheStudents,
-//                securityPolicy::iAllowTheFollowingCommandExecutionsForTheStudents,
+                securityPolicy::iAllowTheFollowingCommandExecutionsForTheStudents,
 //                securityPolicy::iAllowTheFollowingThreadCreationsForTheStudents,
         };
 

src/main/resources/archunit/files/java/methods/command-execution-methods.txt

@@ -0,0 +1,2 @@
+java.lang.Runtime.exec
+java.lang.ProcessBuilder

src/test/java/de/tum/cit/ase/ares/integration/testuser/CommandExecutionUser.java

@@ -0,0 +1,25 @@
+package de.tum.cit.ase.ares.integration.testuser;
+
+import de.tum.cit.ase.ares.api.*;
+import de.tum.cit.ase.ares.api.jupiter.Public;
+import de.tum.cit.ase.ares.api.jupiter.PublicTest;
+import de.tum.cit.ase.ares.api.localization.UseLocale;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.TestMethodOrder;
+
+import java.io.IOException;
+
+@Public
+@UseLocale("en")
+@AllowThreads(maxActiveCount = 100)
+@MirrorOutput(MirrorOutput.MirrorOutputPolicy.DISABLED)
+@StrictTimeout(5)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+@WhitelistPath(value = "target/**", type = PathType.GLOB)
+@BlacklistPath(value = "**Test*.{java,class}", type = PathType.GLOB)
+public class CommandExecutionUser {
+
+    @PublicTest
+    @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/commandexecution")
+    void executeCommand() throws IOException {}
+}

src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/commandexecution/CommandExecutingStudent.java

@@ -0,0 +1,25 @@
+package de.tum.cit.ase.ares.integration.testuser.subject.commandexecution;
+
+import java.io.IOException;
+
+public class CommandExecutingStudent {
+
+    public void method() throws IOException {
+        ProcessBuilder processBuilder = new ProcessBuilder();
+        processBuilder.start();
+    }
+
+    public void method2() throws IOException {
+        ProcessBuilder processBuilder = new ProcessBuilder();
+        processBuilder.command("ls");
+        processBuilder.start();
+    }
+
+    public void method3() throws IOException {
+        Runtime.getRuntime().exec("ls");
+    }
+
+    public void method4() throws IOException {
+        Runtime.getRuntime().exec(new String[] {"ls"});
+    }
+}