Ares: ArchUnit Command Execution

src/main/java/de/tum/cit/ase/ares/api/aop/AOPSecurityTestCase.java

@@ -27,7 +27,7 @@ public interface AOPSecurityTestCase {
      *
      * @return a {@link String} representing the content of the aspect configuration file.
      */
-    @Nonnull String writeAOPSecurityTestCase();
+    @Nonnull String writeAOPSecurityTestCase(@Nonnull String aomMode);
 
     /**
      * Executes the aspect configuration in any programming language.
@@ -38,5 +38,5 @@ public interface AOPSecurityTestCase {
      * with the security configurations in place.
      * </p>
      */
-    void executeAOPSecurityTestCase();
+    void executeAOPSecurityTestCase(@Nonnull String aomMode);
 }

src/main/java/de/tum/cit/ase/ares/api/aop/java/JavaAOPMode.java

@@ -106,14 +106,14 @@ public List<Path> targetsToCopyTo(@Nonnull Path projectPath, @Nonnull String pac
                     new String[]{"aop", "java", "aspectj", "adviceandpointcut", "JavaAspectJFileSystemPointcutDefinitions.aj"}
             );
             case INSTRUMENTATION -> Stream.of(
-                    new String[]{"aop", "java", "instrumentation", "advice", "JavaInstrumentationAdviceToolbox.java"},
-                    new String[]{"aop", "java", "instrumentation", "advice", "JavaInstrumentationDeletePathAdvice.java"},
-                    new String[]{"aop", "java", "instrumentation", "advice", "JavaInstrumentationExecutePathAdvice.java"},
-                    new String[]{"aop", "java", "instrumentation", "advice", "JavaInstrumentationOverwritePathAdvice.java"},
-                    new String[]{"aop", "java", "instrumentation", "advice", "JavaInstrumentationReadPathAdvice.java"},
-                    new String[]{"aop", "java", "instrumentation", "pointcut", "JavaInstrumentationBindingDefinitions.java"},
-                    new String[]{"aop", "java", "instrumentation", "pointcut", "JavaInstrumentationPointcutDefinitions.java"},
-                    new String[]{"aop", "java", "instrumentation", "JavaInstrumentationAgent.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "advice", "JavaInstrumentationAdviceToolbox.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "advice", "JavaInstrumentationDeletePathAdvice.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "advice", "JavaInstrumentationExecutePathAdvice.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "advice", "JavaInstrumentationOverwritePathAdvice.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "advice", "JavaInstrumentationReadPathAdvice.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "pointcut", "JavaInstrumentationBindingDefinitions.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "pointcut", "JavaInstrumentationPointcutDefinitions.java"},
+                    new String[]{"api", "aop", "java", "instrumentation", "JavaInstrumentationAgent.java"},
                     new String[]{"META-INF", "MANIFEST.MF"}
             );
         }).map(pathParticles -> FileTools.resolveOnTests(projectPath, packageName, pathParticles)).toList();
@@ -180,7 +180,7 @@ public String[] fileValue(@Nonnull String packageName) {
      */
     @Nonnull
     public Path targetToCopyTo(@Nonnull Path projectPath, @Nonnull String packageName) {
-        return FileTools.resolveOnTests(projectPath, packageName, "aop", "java", "JavaSecurityTestCaseSettings.java");
+        return FileTools.resolveOnTests(projectPath, packageName, "api", "aop", "java", "JavaSecurityTestCaseSettings.java");
     }
     //</editor-fold>
 

src/main/java/de/tum/cit/ase/ares/api/aop/java/JavaSecurityTestCase.java

@@ -30,12 +30,14 @@ public class JavaSecurityTestCase implements AOPSecurityTestCase {
     /**
      * The type of security test case supported by this class (e.g., file system, network, etc.).
      */
-    @Nonnull private final JavaSecurityTestCaseSupported javaSecurityTestCaseSupported;
+    @Nonnull
+    private final JavaSecurityTestCaseSupported javaSecurityTestCaseSupported;
 
     /**
      * The resource accesses permitted as defined in the security policy.
      */
-    @Nonnull private final ResourceAccesses resourceAccesses;
+    @Nonnull
+    private final ResourceAccesses resourceAccesses;
     //</editor-fold>
 
     //<editor-fold desc="Constructor">
@@ -44,7 +46,7 @@ public class JavaSecurityTestCase implements AOPSecurityTestCase {
      * Initializes the configuration with the given support type and resource accesses.
      *
      * @param javaSecurityTestCaseSupported the type of security test case being supported, must not be null.
-     * @param resourceAccesses the resource accesses permitted by the security policy, must not be null.
+     * @param resourceAccesses              the resource accesses permitted by the security policy, must not be null.
      */
     public JavaSecurityTestCase(@Nonnull JavaSecurityTestCaseSupported javaSecurityTestCaseSupported, @Nonnull ResourceAccesses resourceAccesses) {
         this.javaSecurityTestCaseSupported = javaSecurityTestCaseSupported;
@@ -62,9 +64,9 @@ public JavaSecurityTestCase(@Nonnull JavaSecurityTestCaseSupported javaSecurityT
      * String[][], and int[].
      * </p>
      *
-     * @param dataType the data type of the advice setting (e.g., "String", "String[]"), must not be null.
+     * @param dataType      the data type of the advice setting (e.g., "String", "String[]"), must not be null.
      * @param adviceSetting the name of the advice setting to generate, must not be null.
-     * @param value the value to be assigned to the advice setting, can be null.
+     * @param value         the value to be assigned to the advice setting, can be null.
      * @return a formatted string representing the advice setting definition.
      * @throws SecurityException if the value does not match the expected data type or formatting errors occur.
      */
@@ -167,10 +169,10 @@ private static String generateAdviceSettingValue(@Nonnull String dataType, @Nonn
      * @param value         the value to assign to the advice setting, can be null.
      * @throws SecurityException if there is any error during field access or value assignment.
      */
-    public void setJavaAdviceSettingValue(@Nonnull String adviceSetting, @Nullable Object value) {
+    public static void setJavaAdviceSettingValue(@Nonnull String adviceSetting, @Nullable Object value, @Nonnull String aopMode) {
         try {
             @Nullable ClassLoader customClassLoader = Thread.currentThread().getContextClassLoader();
-            @Nonnull Class<?> adviceSettingsClass = Class.forName("de.tum.cit.ase.ares.api.aop.java.JavaSecurityTestCaseSettings", true, customClassLoader);
+            @Nonnull Class<?> adviceSettingsClass = Class.forName("de.tum.cit.ase.ares.api.aop.java.JavaSecurityTestCaseSettings", true, aopMode.equals("INSTRUMENTATION") ? null : customClassLoader);
             @Nonnull Field field = adviceSettingsClass.getDeclaredField(adviceSetting);
             field.setAccessible(true);
             field.set(null, value);
@@ -234,7 +236,7 @@ public void setJavaAdviceSettingValue(@Nonnull String adviceSetting, @Nullable O
     /**
      * Extracts the permitted file paths from the provided configurations based on the given predicate.
      *
-     * @param configs the list of JavaSecurityTestCase configurations, must not be null.
+     * @param configs   the list of JavaSecurityTestCase configurations, must not be null.
      * @param predicate a filter for determining which paths are permitted, must not be null.
      * @return a list of permitted paths.
      */
@@ -262,7 +264,8 @@ private List<String> getPermittedFilePaths(@Nonnull String filePermission) {
             case "overwrite" -> FilePermission::overwriteAllFiles;
             case "execute" -> FilePermission::executeAllFiles;
             case "delete" -> FilePermission::deleteAllFiles;
-            default -> throw new IllegalArgumentException("Ares Security Error (Reason: Ares-Code; Stage: Creation): Invalid file permission: " + filePermission);
+            default ->
+                    throw new IllegalArgumentException("Ares Security Error (Reason: Ares-Code; Stage: Creation): Invalid file permission: " + filePermission);
         };
         return resourceAccesses.regardingFileSystemInteractions()
                 .stream()
@@ -278,7 +281,7 @@ private List<String> getPermittedFilePaths(@Nonnull String filePermission) {
     /**
      * Extracts the permitted network hosts from the provided configurations based on the given predicate.
      *
-     * @param configs the list of JavaSecurityTestCase configurations, must not be null.
+     * @param configs   the list of JavaSecurityTestCase configurations, must not be null.
      * @param predicate a filter for determining which hosts are permitted, must not be null.
      * @return a list of permitted hosts.
      */
@@ -296,7 +299,7 @@ private static List<String> extractHosts(@Nonnull List<JavaSecurityTestCase> con
     /**
      * Extracts the permitted network ports from the provided configurations based on the given predicate.
      *
-     * @param configs the list of JavaSecurityTestCase configurations, must not be null.
+     * @param configs   the list of JavaSecurityTestCase configurations, must not be null.
      * @param predicate a filter for determining which ports are permitted, must not be null.
      * @return a list of permitted ports.
      */
@@ -324,7 +327,8 @@ private List<String> getPermittedNetworkHosts(@Nonnull String networkPermission)
             case "connect" -> NetworkPermission::openConnections;
             case "send" -> NetworkPermission::sendData;
             case "receive" -> NetworkPermission::receiveData;
-            default -> throw new IllegalArgumentException("Ares Security Error (Reason: Ares-Code; Stage: Creation): Invalid network permission: " + networkPermission);
+            default ->
+                    throw new IllegalArgumentException("Ares Security Error (Reason: Ares-Code; Stage: Creation): Invalid network permission: " + networkPermission);
         };
         return resourceAccesses.regardingNetworkConnections()
                 .stream()
@@ -345,7 +349,8 @@ private List<Integer> getPermittedNetworkPorts(@Nonnull String networkPermission
             case "connect" -> NetworkPermission::openConnections;
             case "send" -> NetworkPermission::sendData;
             case "receive" -> NetworkPermission::receiveData;
-            default -> throw new IllegalArgumentException("Ares Security Error (Reason: Ares-Code; Stage: Creation): Invalid network permission: " + networkPermission);
+            default ->
+                    throw new IllegalArgumentException("Ares Security Error (Reason: Ares-Code; Stage: Creation): Invalid network permission: " + networkPermission);
         };
         return resourceAccesses.regardingNetworkConnections()
                 .stream()
@@ -490,7 +495,7 @@ private List<String> getPermittedThreadClasses() {
      */
     @Override
     @Nonnull
-    public String writeAOPSecurityTestCase() {
+    public String writeAOPSecurityTestCase(@Nonnull String aomMode) {
         return "";
     }
     //</editor-fold>
@@ -500,9 +505,9 @@ public String writeAOPSecurityTestCase() {
     /**
      * Writes the aspect configuration content based on the provided security test cases.
      *
-     * @param aomMode             the AOP mode (AspectJ or Instrumentation), must not be null.
-     * @param restrictedPackage    the restricted package, must not be null.
-     * @param allowedListedClasses the list of allowed classes in the restricted package, must not be null.
+     * @param aomMode               the AOP mode (AspectJ or Instrumentation), must not be null.
+     * @param restrictedPackage     the restricted package, must not be null.
+     * @param allowedListedClasses  the list of allowed classes in the restricted package, must not be null.
      * @param javaSecurityTestCases the list of security test cases to be used, must not be null.
      * @return a string representing the content of the AOP security test case configuration file.
      */
@@ -542,30 +547,30 @@ public static String writeAOPSecurityTestCaseFile(
      * Executes the AOP security test case by setting Java advice settings.
      */
     @Override
-    public void executeAOPSecurityTestCase() {
+    public void executeAOPSecurityTestCase(@Nonnull String aomMode) {
         switch (javaSecurityTestCaseSupported) {
             case FILESYSTEM_INTERACTION -> Map.of(
                     "pathsAllowedToBeRead", getPermittedFilePaths("read").toArray(String[]::new),
                     "pathsAllowedToBeOverwritten", getPermittedFilePaths("overwrite").toArray(String[]::new),
                     "pathsAllowedToBeExecuted", getPermittedFilePaths("execute").toArray(String[]::new),
                     "pathsAllowedToBeDeleted", getPermittedFilePaths("delete").toArray(String[]::new)
-            ).forEach(this::setJavaAdviceSettingValue);
+            ).forEach((k, v) -> JavaSecurityTestCase.setJavaAdviceSettingValue(k, v, aomMode));
             case NETWORK_CONNECTION -> Map.of(
                     "hostsAllowedToBeConnectedTo", getPermittedNetworkHosts("connect"),
                     "portsAllowedToBeConnectedTo", getPermittedNetworkPorts("connect"),
                     "hostsAllowedToBeSentTo", getPermittedNetworkHosts("send"),
                     "portsAllowedToBeSentTo", getPermittedNetworkPorts("send"),
                     "hostsAllowedToBeReceivedFrom", getPermittedNetworkHosts("receive"),
                     "portsAllowedToBeReceivedFrom", getPermittedNetworkPorts("receive")
-            ).forEach(this::setJavaAdviceSettingValue);
+            ).forEach((k, v) -> JavaSecurityTestCase.setJavaAdviceSettingValue(k, v, aomMode));
             case COMMAND_EXECUTION -> Map.of(
                     "commandsAllowedToBeExecuted", getPermittedCommands(),
                     "argumentsAllowedToBePassed", getPermittedArguments()
-            ).forEach(this::setJavaAdviceSettingValue);
+            ).forEach((k, v) -> JavaSecurityTestCase.setJavaAdviceSettingValue(k, v, aomMode));
             case THREAD_CREATION -> Map.of(
                     "threadNumberAllowedToBeCreated", getPermittedNumberOfThreads(),
                     "threadClassAllowedToBeCreated", getPermittedThreadClasses()
-            ).forEach(this::setJavaAdviceSettingValue);
+            ).forEach((k, v) -> JavaSecurityTestCase.setJavaAdviceSettingValue(k, v, aomMode));
         }
     }
     //</editor-fold>

src/main/java/de/tum/cit/ase/ares/api/aop/java/JavaSecurityTestCaseSettings.java

@@ -29,7 +29,7 @@ private JavaSecurityTestCaseSettings() {
     /**
      * Resets the configuration settings to their default values.
      */
-    private static String aomMode = null;
+    private static String aopMode = null;
 
     /**
      * The package that is restricted from certain operations.
@@ -39,16 +39,7 @@ private JavaSecurityTestCaseSettings() {
     /**
      * List of classes that are allowed to be instrumented.
      */
-    private static String[] allowedListedClasses = {
-            "de.tum.cit.ase.ares.api.aop.java.JavaSecurityTestCaseSettings",
-            "de.tum.cit.ase.ares.api.aop.instrumentation.adviceandpointcut.JavaInstrumentationAdviceToolbox",
-            "de.tum.cit.ase.ares.api.aop.instrumentation.adviceandpointcut.JavaInstrumentationReadPathAdvice",
-            "de.tum.cit.ase.ares.api.aop.instrumentation.adviceandpointcut.JavaWritePathAdvice",
-            "de.tum.cit.ase.ares.api.aop.instrumentation.adviceandpointcut.JavaInstrumentationExecutePathAdvice",
-            "de.tum.cit.ase.ares.api.aop.java.pointcut.instrumentation.JavaInstrumentationPointcutDefinitions",
-            "de.tum.cit.ase.ares.api.aop.java.pointcut.instrumentation.JavaInstrumentationBindingDefinitions",
-            "de.tum.cit.ase.ares.api.aop.java.instrumentation.JavaInstrumentationAgent"
-    };
+    private static String[] allowedListedClasses = null;
 
     /**
      * Paths that are allowed to be read.
@@ -124,18 +115,9 @@ private JavaSecurityTestCaseSettings() {
      * Resets the configuration settings to their default values.
      */
     private static void reset() {
-        JavaSecurityTestCaseSettings.aomMode = null;
+        JavaSecurityTestCaseSettings.aopMode = null;
         JavaSecurityTestCaseSettings.restrictedPackage = null;
-        JavaSecurityTestCaseSettings.allowedListedClasses = new String[]{
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.advice.JavaInstrumentationAdviceToolbox",
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.advice.JavaInstrumentationReadPathAdvice",
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.advice.JavaInstrumentationOverwritePathAdvice",
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.advice.JavaInstrumentationExecutePathAdvice",
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.pointcut.JavaInstrumentationPointcutDefinitions",
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.pointcut.JavaInstrumentationBindingDefinitions",
-                "de.tum.cit.ase.ares.api.aop.java.instrumentation.JavaInstrumentationAgent",
-                "de.tum.cit.ase.ares.api.aop.java.JavaSecurityTestCaseSettings"
-        };
+        JavaSecurityTestCaseSettings.allowedListedClasses = null;
         JavaSecurityTestCaseSettings.pathsAllowedToBeRead = null;
         JavaSecurityTestCaseSettings.pathsAllowedToBeOverwritten = null;
         JavaSecurityTestCaseSettings.pathsAllowedToBeExecuted = null;