Add 201 parametric crypto (JCA) misuses #427

akwick · 2019-03-07T20:18:56Z

All misuses are listed in the dataset.yml-file (JCA-Param-All).

Removed Vidyas dataset through commit b7e53c6.

…(unable to build with gradle) - added new data sets

…wing an exception

- correted function definitions in each misuse

- added missing misuse in nettygameserver dataset - removed unneccesary correct-usages from selected data sets. Now correct-usages only have file with correct usage of the respective misuse.

- added data sets for gradle projects

- updated paths in dragonite-java data set

Minimize corrected examples for misuses Minimize correct example for instagram4j Add correct usages for jeesuite-libs Minimized corrected examples Add correct usage for dragonite-java Add minimal corrected examples

Add some clarifications or minor changes for the description while inspecting the misuse.yml for minimizing the corrected examples. Minor changes in misuse.ymls Minor change Minor changes

akwick · 2019-05-15T15:20:37Z

Thank you very much for preparing this Pull Request. The number of misuse examples you gathered is impressive and a huge contribution to the research community. I'm happy to accept this PR into MUBench, after cleanup.

I'm currently trying to compile the dataset. I'll report if there's any failures. Afterwards, I'll run a test experiment to ensure that all builds produce correct data for running detectors. For the time being, please find detailed comments inline and some more general comments here:
* Please improve the correct usage examples:
  
  1. They should be minimal examples of correct usage, corresponding to the respective misuse.
  2. They should not be copies of files from other projects, since this might violate respective licenses.
  3. They should not contain Chinese/Japanese comments, commented out code, ...

Addressed in commit 8cbfda3.

* Please remove the `.DS_Store` files.

* Please do not make `detectors/Findbugs/configs/core-all-api-misuses.xml` executable.

Findbugs

* This PR seems to contain data for a second experiment with Findbugs. Can the two be separated into two PRs?

* Please do not add a detector JAR (`Findbugs.jar`) to the benchmark. Detector jars are downloaded during runtime.

* What's the difference between `security-api-misuses.xml` and `security-api-misuse.xml`?

Signed-off-by: Anna-Katharina Wickert <wickert@st.informatik.tu-darmstadt.de>

All identified misuses are due to the JCA and the JCA isn't part of any project added. Thus, the flag should be false.

The complete dataset contains some projects which are currently not compilable.

akwick · 2019-05-16T08:12:03Z

[INFO   ] Compiling project 'abixen-platform' version 99fe499...
[ERROR  ] Exception in CompileVersionTask: Failed to execute 'mvn dependency:build-classpath -DincludeScope=compile -pl :abixen-platform-web-content-service -am clean install':
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:2.17:check (validate) on project abixen-platform-web-content-service: Failed during checkstyle execution: Unable to find configuration file at location: ../../abixen-platform/checkstyle.xml: Could not find resource '../../abixen-platform/checkstyle.xml'. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :abixen-platform-web-content-service

abixen-platform is already removed from the set of the projects which didn't compile currently.

We have to remove the two misuses of openzaly as this project isn't available any more on GitHub.

We have to remove the two misuses of the openzaly projects as the project isn't publicy available any more. Remove openzaly We have to remove the two misuses of openzaly as this project isn't available any more on GitHub. Remove openzaly data

…Bench into thesis-2018-anam-dodhy

akwick · 2019-05-16T08:34:35Z

[INFO   ] Fetching project 'openzaly' version 91bd03b from git:https://github.com/akaxincom/openzaly#91bd03be...
[ERROR  ] Exception in CheckoutTask: Failed to execute 'git clone https://github.com/akaxincom/openzaly . --quiet -c core.askpass=true': === ERROR ===
remote: Repository not found.
fatal: Authentication failed for 'https://github.com/akaxincom/openzaly/'

:( I had to remove this project from the dataset in commit db6c7b2.

akwick · 2019-05-16T08:49:15Z

[INFO   ] Compiling project 'public-cms' version f2c72f0...
[ERROR  ] Exception in CompileVersionTask: Failed to execute 'mvn dependency:build-classpath -DincludeScope=compile clean compile':
[ERROR] The goal you specified requires a project to execute but there is no POM in this directory (/mubench/checkouts/public-cms/f2c72f0/build). Please verify you invoked Maven from the correct directory. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MissingProjectException

This issue is fixed with commit 1a58711.

mubench> pipeline compile --only public-cms
[INFO   ] Starting benchmark...
[INFO   ] All requirements satisfied. You're good to go.

akwick · 2019-05-16T10:43:11Z

[INFO   ] Compiling project 'symmetric-ds' version c42f0e0...
[ERROR  ] Exception in CompileVersionTask: Failed to execute 'gradle :compileJava --debug':

Fix this issue in commit 2a5971f.

mubench> pipeline compile --force-compile --only  symmetric-ds
[INFO   ] Starting benchmark...
[INFO   ] All requirements satisfied. You're good to go.
[INFO   ] Compiling project 'symmetric-ds' version c42f0e0...

mubench> pipeline compile --only ha-bridge --force-compile [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Compiling project 'ha-bridge' version c25f08f... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.2'... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.3'... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.4'... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.5'... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.6'... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.7'... [INFO ] Compiling correct usage for misuse 'ha-bridge.c25f08f.8'..

pipeline compile --only instagram4j [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Compiling correct usage for misuse 'instagram4j.ae85b2b.1'...

mubench> pipeline compile --only jeesuite-libs [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Compiling correct usage for misuse 'jeesuite-libs.2a545bd.3'... [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled.

mubench> pipeline compile --only nettygameserver [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Correct usage already compiled. [INFO ] Compiling correct usage for misuse 'nettygameserver.c069be1.2'... [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled.

mubench> pipeline compile --only smart [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Compiling correct usage for misuse 'smart.9e018a6.6'... [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled

mubench> pipeline compile --only whatsmars [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Compiling correct usage for misuse 'whatsmars.917b029.6'... [INFO ] Correct usage already compiled. [INFO ] Compiling correct usage for misuse 'whatsmars.917b029.8'... [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled. [INFO ] Correct usage already compiled.

Vidya N and others added 30 commits June 6, 2018 00:58

added new datasets

a4f3df1

changed characteristics to violations

dcdbbbc

update dataset cloudstack

e29497d

updated dataset wicket

db611d4

build commands

a9e6798

Findbugs

d6ef915

added Findbugs

256ee61

adding Findbugs

6748599

adding Findbugs

688af87

config files

8af0733

- added new data sets

917c26d

- deleted data sets: kafka-eagle (compilation error), dragonite-java …

6fabda1

…(unable to build with gradle) - added new data sets

- added new datasets

119bc97

- new data sets created

4a0f75a

- added 2 new data sets out of which dragonite-java is currently thro…

228fa65

…wing an exception

- violation types updated

3c4a759

- added correct-usages for selected projects

44290eb

- corrected paths in version.yml and in individual misuses

2a65cf5

- correted function definitions in each misuse

- updated violation types in jeesuite-libs dataset

b6aac7e

- added a new data sets for dbeaver-core

04df24c

- added missing misuse in nettygameserver dataset - removed unneccesary correct-usages from selected data sets. Now correct-usages only have file with correct usage of the respective misuse.

- updated Game-server data set with a missing misuse

518f55a

- added data sets for gradle projects

- removed non gradle projects from the "gradle data" folder

d8812b5

- updated paths in dragonite-java data set

- adding google data search metadata file

45d1e54

Update metadata.html

c2dd56d

Update metadata.html

02734bf

Update metadata.html

a2bb205

Update metadata.html

fe5821a

Update metadata.html

544eacf

- updated google data set metadata

61c8644

Merge branch 'master' of https://github.com/anam-dodhy/MUBench

42d0a71

akwick added 4 commits May 8, 2019 16:56

Add all datasets from stg master

7ac8a96

Add description to findbugs dataset

5cc1ee5

Minimize correct examples for misuses

8cbfda3

Minimize corrected examples for misuses Minimize correct example for instagram4j Add correct usages for jeesuite-libs Minimized corrected examples Add correct usage for dragonite-java Add minimal corrected examples

Minor changes in misuse.yml-files

1effe62

Add some clarifications or minor changes for the description while inspecting the misuse.yml for minimizing the corrected examples. Minor changes in misuse.ymls Minor change Minor changes

akwick added 5 commits May 15, 2019 20:53

Fix cmd commands for public-cms

1a58711

Signed-off-by: Anna-Katharina Wickert <wickert@st.informatik.tu-darmstadt.de>

Reset to commit 76edd65

c042a9d

Reset to 8d9e1fa for worpressa

5055704

Signed-off-by: Anna-Katharina Wickert <wickert@st.informatik.tu-darmstadt.de>

Specify internal flag to false in misuse files

347ce9c

All identified misuses are due to the JCA and the JCA isn't part of any project added. Thus, the flag should be false.

Add information not all projects compilable

43f5c93

The complete dataset contains some projects which are currently not compilable.

akwick added 3 commits May 16, 2019 10:13

Remove openzaly

5789ef1

We have to remove the two misuses of openzaly as this project isn't available any more on GitHub.

Remove openzaly

db6c7b2

We have to remove the two misuses of the openzaly projects as the project isn't publicy available any more. Remove openzaly We have to remove the two misuses of openzaly as this project isn't available any more on GitHub. Remove openzaly data

Merge branch 'thesis-2018-anam-dodhy' of https://github.com/akwick/MU…

7f30252

…Bench into thesis-2018-anam-dodhy

Fix build cmds

2a5971f

akwick added 7 commits May 26, 2019 07:33

Fix dragonite-java

30704f7

Fix instagram4j

c52cc8c

pipeline compile --only instagram4j [INFO ] Starting benchmark... [INFO ] All requirements satisfied. You're good to go. [INFO ] Compiling correct usage for misuse 'instagram4j.ae85b2b.1'...

salsolatragus force-pushed the master branch 3 times, most recently from 8f1f1a5 to edd7d88 Compare September 20, 2019 10:53

knewbury01 mentioned this pull request Nov 28, 2019

IV falsely detected as not properly generated (reopen #68) CROSSINGTUD/CryptoAnalysis#208

Closed

Merge branch 'stg-tud:master' into thesis-2018-anam-dodhy

8fcb6ea

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add 201 parametric crypto (JCA) misuses #427

Add 201 parametric crypto (JCA) misuses #427

akwick commented Mar 7, 2019

akwick commented May 15, 2019

Findbugs

akwick commented May 16, 2019

akwick commented May 16, 2019

akwick commented May 16, 2019 •

edited

Loading

akwick commented May 16, 2019

Add 201 parametric crypto (JCA) misuses #427

Are you sure you want to change the base?

Add 201 parametric crypto (JCA) misuses #427

Conversation

akwick commented Mar 7, 2019

akwick commented May 15, 2019

Findbugs

akwick commented May 16, 2019

akwick commented May 16, 2019

akwick commented May 16, 2019 • edited Loading

akwick commented May 16, 2019

akwick commented May 16, 2019 •

edited

Loading