prepare heise devsec

MagpieBridge · Sep 13, 2019 · d7e4920 · d7e4920
1 parent 594a6dd
commit d7e4920
Show file tree

Hide file tree

Showing 13 changed files with 208 additions and 125 deletions.
diff --git a/monaco-example/package-lock.json b/monaco-example/package-lock.json
diff --git a/monaco-example/src/client.ts b/monaco-example/src/client.ts
@@ -22,24 +22,45 @@ monaco.languages.register({
 });
 
 // create Monaco editor
-const value = `package example;
-
+const value = `import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
 
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
+public class RSA {
+  private PublicKey publicKey;
+  private PrivateKey privateKey;
 
-/**
- * This code contains a misuse example CogniCrypt_SAST of a Cipher object. 
- * CogniCrypt_SAST reports that the string argument to Cipher.getInstance("AES/ECB/PKCS5Padding") does not correspond the CrySL specification. 
- *
- */
-public class ConstraintErrorExample {
-	public static void main(String...args) throws NoSuchAlgorithmException, NoSuchPaddingException {
-		Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");  
-	}
-}
+  public RSA() throws NoSuchAlgorithmException {
+    KeyPairGenerator kpgen = KeyPairGenerator.getInstance("RSA");
+    kpgen.initialize(512);
+    KeyPair keyPair = kpgen.generateKeyPair();
+    this.privateKey = keyPair.getPrivate();
+    this.publicKey = keyPair.getPublic();
+  }
 
+  public byte[] sign(String message) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
+    Signature instance = Signature.getInstance("SHA256withRSA");
+    byte[] bytes = message.getBytes();
+    instance.update(bytes); 
+    instance.sign();
+    return bytes;
+  }
+
+  public boolean verify(String message, byte[] signature)
+      throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+    Signature instance = Signature.getInstance("SHA256withRSA");
+    instance.initVerify(publicKey);
+    instance.update(message.getBytes());
+    boolean isVerfied = instance.verify(signature);
+    return isVerfied;
+  } 
+  
+}
 `
 
 const editor = monaco.editor.create(document.getElementById("container")!, {

diff --git a/monaco-example/src/index.html b/monaco-example/src/index.html
@@ -8,6 +8,6 @@
 
 <body>
 	<h2>Monaco Example</h2>
-	<div id="container" style="width:800px;height:600px;border:1px solid grey"></div>
+	<div id="container" style="width:1000px;height:800px;border:1px solid grey"></div>
 	<script src="main.bundle.js"></script>
 </html>
diff --git a/pom.xml b/pom.xml
@@ -13,10 +13,10 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		 <magpiebridge.version>0.0.1-SNAPSHOT</magpiebridge.version>
+		<magpiebridge.version>0.0.1-SNAPSHOT</magpiebridge.version>
 		<futuresoot.version>4.0.0.3</futuresoot.version>
-   		<flowdroid.version>2.7.1</flowdroid.version>
-		<crypto.version>2.1.1</crypto.version> 
+		<flowdroid.version>2.7.1</flowdroid.version>
+		<crypto.version>2.1.1</crypto.version>
 	</properties>
 
 	<dependencies>
@@ -72,7 +72,7 @@
 			<artifactId>org.eclipse.lsp4j.websockets</artifactId>
 			<version>0.6.0-SNAPSHOT</version>
 		</dependency>
-		 <dependency>
+		<dependency>
 			<groupId>org.eclipse.platform</groupId>
 			<artifactId>org.eclipse.core.runtime</artifactId>
 			<version>3.15.0</version>
@@ -81,12 +81,18 @@
 			<groupId>org.eclipse.jdt</groupId>
 			<artifactId>org.eclipse.jdt.core</artifactId>
 			<version>3.15.0</version>
-		</dependency> 
+		</dependency>
 		<!-- flowdroid(used for Android) -->
 		<dependency>
 			<groupId>de.tud.sse</groupId>
 			<artifactId>soot-infoflow</artifactId>
 			<version>${flowdroid.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>com.google.guava</groupId>
+					<artifactId>guava</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>de.tud.sse</groupId>
@@ -161,18 +167,9 @@
 					<target>1.8</target>
 				</configuration>
 			</plugin>
-			<!-- <plugin>
-				<groupId>com.coveo</groupId>
-				<artifactId>fmt-maven-plugin</artifactId>
-				<version>2.8</version>
-				<executions>
-					<execution>
-						<goals>
-							<goal>check</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin> -->
+			<!-- <plugin> <groupId>com.coveo</groupId> <artifactId>fmt-maven-plugin</artifactId> 
+				<version>2.8</version> <executions> <execution> <goals> <goal>check</goal> 
+				</goals> </execution> </executions> </plugin> -->
 		</plugins>
 	</build>
 	<repositories>

diff --git a/src/main/java/CryptoDemoMain.java b/src/main/java/CryptoDemoMain.java
@@ -1,6 +1,7 @@
 import java.io.File;
 import magpiebridge.core.IProjectService;
 import magpiebridge.core.MagpieServer;
+import magpiebridge.core.ServerConfiguration;
 import magpiebridge.projectservice.java.AndroidProjectService;
 import magpiebridge.projectservice.java.JavaProjectService;
 import org.apache.commons.cli.CommandLine;
@@ -39,7 +40,7 @@ public static void main(String... args) throws ParseException {
     } else config = cmd.getOptionValue("c");
     String ruleDirPath = new File(config + "/JCA_rules").getAbsolutePath();
     String flowdroidConfigPath = new File(config).getAbsolutePath();
-    MagpieServer server = new MagpieServer();
+    MagpieServer server = new MagpieServer(new ServerConfiguration());
     String language = "java";
     if (!android) {
       IProjectService javaProjectService = new JavaProjectService();