Skip to content
GitLab

Quantitative Security Assessment (QSA) · Changes

Page history
Update Quantitative Security Assessment (QSA) authored by Miltos's avatar Miltos
Hide whitespace changes
Inline Side-by-side
Quantitative-Security-Assessment-(QSA).md
View page @ 1caf04d6
...@@ -14,7 +14,7 @@ The only prerequisite for the installation of the QSA mechanism is to have the l ...@@ -14,7 +14,7 @@ The only prerequisite for the installation of the QSA mechanism is to have the l
The QSA mechanism is available for download on [DockerHub](https://hub.docker.com/r/siavvasm/sdk4ed-dependability-toolbox/tags). In order to install it locally, you need to execute the following command on your terminal (assuming that Docker Engine is already installed on your system): The QSA mechanism is available for download on [DockerHub](https://hub.docker.com/r/siavvasm/sdk4ed-dependability-toolbox/tags). In order to install it locally, you need to execute the following command on your terminal (assuming that Docker Engine is already installed on your system):
~~~ ~~~
docker run -p 8080:8080 --name vm4sec-qsa -it siavvasm/vm4sec-security-assessment:latest bash ./catalina.sh run docker run -p 8080:8080 --name vm4sec-qsa -e DB_IP=<IP of the MongoDB> -e DB_PORT=<The PORT of the MongoDB> -d siavvasm/vm4sec-security-assessment:latest bash ./catalina.sh run
~~~ ~~~
The above command will download the Docker Image of the latest version of the QSA mechanism locally and will generate a Docker Container named vm4sec-qsa. It will also start the Tomcat Server that hosts the services. Hence, after the execution of this command the QSA will be up and running and the services will be invokable at port 8080 of your local machine. More specifically, the services will reside at the following end point: The above command will download the Docker Image of the latest version of the QSA mechanism locally and will generate a Docker Container named vm4sec-qsa. It will also start the Tomcat Server that hosts the services. Hence, after the execution of this command the QSA will be up and running and the services will be invokable at port 8080 of your local machine. More specifically, the services will reside at the following end point:
...@@ -25,13 +25,9 @@ The above command will download the Docker Image of the latest version of the QS ...@@ -25,13 +25,9 @@ The above command will download the Docker Image of the latest version of the QS
In the above endpoint, you should replace the &lt;your_local_host_ip&gt; placeholder with the IP of your local machine on which the QSA docker container is running. In the above endpoint, you should replace the &lt;your_local_host_ip&gt; placeholder with the IP of your local machine on which the QSA docker container is running.
In case that you don't want to see the log files of the Tomcat Server that hosts the services of the Dependability Toolbox, you should replace the "./catakina.sh run" parameter of the above command with "./startup.sh". For your convenience, the full command that should be executed is presented below: The environmental variables DB_IP and DB_PORT should be used in order to define the IP and the PORT of the MongoDB, in which the results of the analysis should be stored. This is necessary if you are willing to use the [Dashboard]() instead of the standalone service, as the Dashboard receives the results of the QSA analysis directly from the MongoDB. Setting up a MongoDB for the purposes of the VM4SEC Platform is an easy process. Instructions on how to set up the dedicated MongoDB can be found [here]().
~~~ **Attention:** You can use a different port than the 8080 on your local machine, as long as the correct mapping is done in the _docker run_ command. For instance, if you wish the docker container to listen to the 8089 port, you should define "-p 8089:8080" in the aforementioned commands. It should be noted, that in that case, if you are willing to use also the Dashboard, this change should be applied to the Docker File of the dashboard in order to declare where the services reside. For more information please check the [Dashboard Wiki Page]().
docker run -p 8080:8080 --name vm4sec-qsa -it siavvasm/vm4sec-security-assessment:latest bash ./startup.sh
~~~
Attention: You can use a different port than the 8080 on your local machine, as long as the correct mapping is done in the _docker run_ command. For instance, if you wish the docker container to listen to the 8089 port, you should define "-p 8089:8080" in the aforementioned commands. It should be noted, that in that case, if you are willing to use also the Dashboard, this change should be applied to the Docker File of the dashboard in order to declare where the services reside. For more information please check the [Dashboard Wiki Page]().
# Execution of the QSA mechanism (as a Microservice) # Execution of the QSA mechanism (as a Microservice)
...@@ -39,14 +35,13 @@ In this section, we describe how the QSA mechanism can be used as an individual ...@@ -39,14 +35,13 @@ In this section, we describe how the QSA mechanism can be used as an individual
## Execution of the Docker Container ## Execution of the Docker Container
Having the QSA Container already deployed on your local machine (see the [Installation](dependability-toolbox-installation) section for more information), it can be started, paused, and stopped using common Docker commands. For your convenience, some indicative commands are provided in this section. First of all, in order to start the Dependability Toolbox docker container, you need to execute the following commands on your terminal: Having the QSA Container already deployed on your local machine (see the [Installation](dependability-toolbox-installation) section for more information), it can be started, paused, and stopped using common Docker commands. In particular, in order to start the QSA mechanism you need to execute the following command on your terminal:
~~~ ~~~
docker start vm4sec-qsa docker start vm4sec-qsa
docker exec -it vm4sec-qsa ./catalina.sh run
~~~ ~~~
The first command starts the docker container of the QSA, whereas the second one starts the Tomcat Server that hosts the three services of the toolbox. If it is not necessary to view the console of the Tomcat Server, in the second command you need to replace the "./catalina.sh run" parameter with "./startup.sh". This will start the Docker Container, as well as the Tomcat Server that hosts the QSA API.
In order to stop the QSA container, you need to execute the following command: In order to stop the QSA container, you need to execute the following command:
...@@ -62,7 +57,7 @@ After starting the Docker Container of the QSA back-end, its web services are up ...@@ -62,7 +57,7 @@ After starting the Docker Container of the QSA back-end, its web services are up
<local_IP>:<defined_port>/DependabilityToolbox/SecurityAssessment <local_IP>:<defined_port>/DependabilityToolbox/SecurityAssessment
``` ```
where the <local_IP> is the IP of the local machine on which the Dependability Toolbox Docker Container has been deployed, whereas the <defined_port> is the port of the Tomcat Server that is defined by the user during the installation (please see the [Installation](dependability-toolbox-installation) section). In the following, a more detailed description of how the main analysis service can be used is provided. where the <local_IP> is the IP of the local machine on which the QSA Docker Container has been deployed, whereas the <defined_port> is the port of the container that is defined by the user during the installation (please see the [Installation](dependability-toolbox-installation) section). This port is by default 8080, if not stated otherwise during the execution of the _docker run_ command. In the following, a more detailed description of how the main analysis service can be used is provided.
### Quantitative Security Assessment Service ### Quantitative Security Assessment Service
...@@ -77,6 +72,8 @@ The *Quantitative Security Assessment (QSA)* web service allows the user to eval ...@@ -77,6 +72,8 @@ The *Quantitative Security Assessment (QSA)* web service allows the user to eval
It should be noted that in case that the selected software project is private (i.e., proprietary), the credentials of the user need to be provided to the submitted request in the form of a Basic Authentication header. In order to ensure confidentiality, HTTPS is used for the cases of the private projects. It should be noted that in case that the selected software project is private (i.e., proprietary), the credentials of the user need to be provided to the submitted request in the form of a Basic Authentication header. In order to ensure confidentiality, HTTPS is used for the cases of the private projects.
**Attention:** If the selected project is a GitHub repository, in the Basic Authentication header, instead of the password you need to provide the Private Access Token (PAT). This is a change that has been made by GitHub, and is active since February 2022.
The output of the Quantitative Security Assessment web service is a JSON file containing the security assessment report, which includes the security index, the security scores of the model properties and characteristics, and the detailed static analysis results (provided that the user selected “yes” in the “inspection” parameter). The inspection parameter is very useful as it allows the selection of the level of detail of the produced security assessment report based on the user needs. The produced reports are usually very long especially for very large projects, since they contain the raw results, which are long lists of static analysis alerts. By setting the value of this parameter to ”no”, only the security index and the scores of the properties and the characteristics of the model are presented, leading to the production of much more lightweight security assessment reports. The output of the Quantitative Security Assessment web service is a JSON file containing the security assessment report, which includes the security index, the security scores of the model properties and characteristics, and the detailed static analysis results (provided that the user selected “yes” in the “inspection” parameter). The inspection parameter is very useful as it allows the selection of the level of detail of the produced security assessment report based on the user needs. The produced reports are usually very long especially for very large projects, since they contain the raw results, which are long lists of static analysis alerts. By setting the value of this parameter to ”no”, only the security index and the scores of the properties and the characteristics of the model are presented, leading to the production of much more lightweight security assessment reports.
For better understanding, an example is presented in the following demonstrating how the Quantitative Security Assessment web service can be invoked through a curl command for assessing the security of a software project. In the given example, a simple [HelloWorldJavaCompiled](https://github.com/siavvasm/HelloWorldJavaCompiled) Java Project that it is available on GitHub is used. For better understanding, an example is presented in the following demonstrating how the Quantitative Security Assessment web service can be invoked through a curl command for assessing the security of a software project. In the given example, a simple [HelloWorldJavaCompiled](https://github.com/siavvasm/HelloWorldJavaCompiled) Java Project that it is available on GitHub is used.
...@@ -102,7 +99,21 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -102,7 +99,21 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
"issues": [ "issues": [
{ {
"propertyName": "Misused_Functionality", "propertyName": "Misused_Functionality",
"issues": [] "issues": [
{
"ruleName": "AtLeastOneConstructor",
"ruleSetName": "Controversial",
"packageName": "miltos.diploma",
"description": "\nEach class should declare at least one constructor\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/controversial.html#AtLeastOneConstructor",
"priority": 3,
"beginLine": 3,
"endLine": 33,
"beginCol": 8,
"endCol": 1,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
}
]
}, },
{ {
"propertyName": "Exception_Handling", "propertyName": "Exception_Handling",
...@@ -123,8 +134,423 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -123,8 +134,423 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
"beginCol": 9, "beginCol": 9,
"endCol": 26, "endCol": 26,
"classPath": "src/main/java/miltos/diploma/App.java" "classPath": "src/main/java/miltos/diploma/App.java"
}, ... },
... {
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 12,
"endLine": 12,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 13,
"endLine": 13,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 14,
"endLine": 14,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 21,
"endLine": 21,
"beginCol": 9,
"endCol": 26,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 22,
"endLine": 22,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 23,
"endLine": 23,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 24,
"endLine": 24,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 27,
"endLine": 27,
"beginCol": 9,
"endCol": 26,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 28,
"endLine": 28,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 29,
"endLine": 29,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 30,
"endLine": 30,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 33,
"endLine": 33,
"beginCol": 9,
"endCol": 26,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 34,
"endLine": 34,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 35,
"endLine": 35,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 36,
"endLine": 36,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 39,
"endLine": 39,
"beginCol": 9,
"endCol": 26,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 40,
"endLine": 40,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 41,
"endLine": 41,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 42,
"endLine": 42,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 11,
"endLine": 11,
"beginCol": 9,
"endCol": 26,
"classPath": "src/main/java/miltos/diploma/ClassToCheck.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 12,
"endLine": 12,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/ClassToCheck.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 13,
"endLine": 13,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/ClassToCheck.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 14,
"endLine": 14,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/ClassToCheck.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 10,
"endLine": 10,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 14,
"endLine": 14,
"beginCol": 17,
"endCol": 34,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 19,
"endLine": 19,
"beginCol": 25,
"endCol": 42,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 25,
"endLine": 25,
"beginCol": 25,
"endCol": 42,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 31,
"endLine": 31,
"beginCol": 25,
"endCol": 42,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 42,
"endLine": 42,
"beginCol": 9,
"endCol": 26,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 13,
"endLine": 13,
"beginCol": 33,
"endCol": 50,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 15,
"endLine": 15,
"beginCol": 33,
"endCol": 50,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "SystemPrintln",
"ruleSetName": "Java Logging",
"packageName": "miltos.diploma",
"description": "\nSystem.out.println is used\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/logging-java.html#SystemPrintln",
"priority": 2,
"beginLine": 24,
"endLine": 24,
"beginCol": 25,
"endCol": 42,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
}
] ]
}, },
{ {
...@@ -142,12 +568,33 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -142,12 +568,33 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
"beginCol": 30, "beginCol": 30,
"endCol": 42, "endCol": 42,
"classPath": "src/main/java/miltos/diploma/App.java" "classPath": "src/main/java/miltos/diploma/App.java"
} },
] {
}, "ruleName": "LocalVariableCouldBeFinal",
{ "ruleSetName": "Optimization",
"propertyName": "Resource_Handling", "packageName": "miltos.diploma",
"issues": [ "description": "\nLocal variable 'dummyClass' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 17,
"endLine": 17,
"beginCol": 17,
"endCol": 56,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{
"ruleName": "LocalVariableCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nLocal variable 'uC' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 44,
"endLine": 44,
"beginCol": 17,
"endCol": 52,
"classPath": "src/main/java/miltos/diploma/App.java"
},
{ {
"ruleName": "MethodArgumentCouldBeFinal", "ruleName": "MethodArgumentCouldBeFinal",
"ruleSetName": "Optimization", "ruleSetName": "Optimization",
...@@ -159,14 +606,188 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -159,14 +606,188 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
"endLine": 9, "endLine": 9,
"beginCol": 30, "beginCol": 30,
"endCol": 42, "endCol": 42,
"classPath": "src/main/java/miltos/diploma/App.java" "classPath": "src/main/java/miltos/diploma/ClassToCheck.java"
},
{
"ruleName": "DataflowAnomalyAnalysis",
"ruleSetName": "Controversial",
"packageName": "miltos.diploma",
"description": "\nFound 'DD'-anomaly for variable 'x' (lines '12'-'13').\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/controversial.html#DataflowAnomalyAnalysis",
"priority": 5,
"beginLine": 12,
"endLine": 13,
"beginCol": 17,
"endCol": 22,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "DataflowAnomalyAnalysis",
"ruleSetName": "Controversial",
"packageName": "miltos.diploma",
"description": "\nFound 'DU'-anomaly for variable 'ThisIsAwronglySpelledVariable' (lines '16'-'39').\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/controversial.html#DataflowAnomalyAnalysis",
"priority": 5,
"beginLine": 16,
"endLine": 39,
"beginCol": 21,
"endCol": 53,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "LocalVariableCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nLocal variable 'ThisIsAwronglySpelledVariable' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 16,
"endLine": 16,
"beginCol": 17,
"endCol": 53,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "LocalVariableCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nLocal variable 'uC' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 37,
"endLine": 37,
"beginCol": 17,
"endCol": 52,
"classPath": "src/main/java/miltos/diploma/DummyClass.java"
},
{
"ruleName": "MethodArgumentCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nParameter 'k' is not assigned and could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#MethodArgumentCouldBeFinal",
"priority": 3,
"beginLine": 5,
"endLine": 5,
"beginCol": 54,
"endCol": 58,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "MethodArgumentCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nParameter 'x' is not assigned and could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#MethodArgumentCouldBeFinal",
"priority": 3,
"beginLine": 5,
"endLine": 5,
"beginCol": 33,
"endCol": 37,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "MethodArgumentCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nParameter 'y' is not assigned and could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#MethodArgumentCouldBeFinal",
"priority": 3,
"beginLine": 5,
"endLine": 5,
"beginCol": 40,
"endCol": 44,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "MethodArgumentCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nParameter 'z' is not assigned and could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#MethodArgumentCouldBeFinal",
"priority": 3,
"beginLine": 5,
"endLine": 5,
"beginCol": 47,
"endCol": 51,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "DataflowAnomalyAnalysis",
"ruleSetName": "Controversial",
"packageName": "miltos.diploma",
"description": "\nFound 'DU'-anomaly for variable 'var' (lines '7'-'32').\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/controversial.html#DataflowAnomalyAnalysis",
"priority": 5,
"beginLine": 7,
"endLine": 32,
"beginCol": 21,
"endCol": 39,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "LocalVariableCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nLocal variable 'var' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 7,
"endLine": 7,
"beginCol": 17,
"endCol": 39,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "LocalVariableCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nLocal variable 's' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 21,
"endLine": 21,
"beginCol": 17,
"endCol": 29,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
},
{
"ruleName": "LocalVariableCouldBeFinal",
"ruleSetName": "Optimization",
"packageName": "miltos.diploma",
"description": "\nLocal variable 'dummyClass' could be declared final\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/optimizations.html#LocalVariableCouldBeFinal",
"priority": 3,
"beginLine": 30,
"endLine": 30,
"beginCol": 17,
"endCol": 56,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
} }
] ]
}, },
{ {
"propertyName": "Null_Pointer", "propertyName": "Resource_Handling",
"issues": [] "issues": []
}, },
{
"propertyName": "Null_Pointer",
"issues": [
{
"ruleName": "PositionLiteralsFirstInComparisons",
"ruleSetName": "Design",
"packageName": "miltos.diploma",
"description": "\nPosition literals first in String comparisons\n",
"externalInfoUrl": "https://pmd.github.io/pmd-5.4.1/pmd-java/rules/java/design.html#PositionLiteralsFirstInComparisons",
"priority": 3,
"beginLine": 23,
"endLine": 23,
"beginCol": 21,
"endCol": 32,
"classPath": "src/main/java/miltos/diploma/UselessClass.java"
}
]
},
{ {
"propertyName": "Synchronization", "propertyName": "Synchronization",
"issues": [] "issues": []
...@@ -175,37 +796,109 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -175,37 +796,109 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
"metrics": { "metrics": {
"metricSet": [ "metricSet": [
{ {
"className": "miltos.diploma.App", "className": "/opt/apache-tomcat-8.0.53/bin/gitRepo/HelloWorldJavaCompiled_28520144_1646386841492/src/test/java/miltos/diploma/AppTest.java",
"wmc": 4, "wmc": 3,
"dit": 2,
"noc": 0,
"cbo": 4,
"rfc": 1,
"lcom": 3,
"ca": 0,
"ce": 0,
"npm": 3,
"lcom3": 3.0,
"loc": 11,
"dam": 0.0,
"moa": 0,
"mfa": 0.0,
"cam": 0.0,
"ic": 0,
"cbm": 0,
"amc": 0.0
},
{
"className": "/opt/apache-tomcat-8.0.53/bin/gitRepo/HelloWorldJavaCompiled_28520144_1646386841492/src/main/java/miltos/diploma/DummyClass.java",
"wmc": 6,
"dit": 1,
"noc": 0,
"cbo": 1,
"rfc": 2,
"lcom": 3,
"ca": 0,
"ce": 0,
"npm": 3,
"lcom3": 3.0,
"loc": 31,
"dam": 0.0,
"moa": 0,
"mfa": 0.0,
"cam": 0.0,
"ic": 0,
"cbm": 0,
"amc": 0.0
},
{
"className": "/opt/apache-tomcat-8.0.53/bin/gitRepo/HelloWorldJavaCompiled_28520144_1646386841492/src/main/java/miltos/diploma/App.java",
"wmc": 1,
"dit": 1,
"noc": 0,
"cbo": 2,
"rfc": 3,
"lcom": 0,
"ca": 0,
"ce": 0,
"npm": 1,
"lcom3": 0.0,
"loc": 28,
"dam": 0.0,
"moa": 0,
"mfa": 0.0,
"cam": 0.0,
"ic": 0,
"cbm": 0,
"amc": 0.0
},
{
"className": "/opt/apache-tomcat-8.0.53/bin/gitRepo/HelloWorldJavaCompiled_28520144_1646386841492/src/main/java/miltos/diploma/ClassToCheck.java",
"wmc": 1,
"dit": 1, "dit": 1,
"noc": 0, "noc": 0,
"cbo": 0, "cbo": 0,
"rfc": 4, "rfc": 1,
"lcom": 1, "lcom": 0,
"ca": 0, "ca": 0,
"ce": 0, "ce": 0,
"npm": 4, "npm": 1,
"lcom3": 2.0, "lcom3": 0.0,
"loc": 18, "loc": 8,
"dam": 0.0, "dam": 0.0,
"moa": 0, "moa": 0,
"mfa": 0.0, "mfa": 0.0,
"cam": 0.5, "cam": 0.0,
"ic": 0, "ic": 0,
"cbm": 0, "cbm": 0,
"amc": 3.5, "amc": 0.0
"methods": [ },
{ {
"methodName": "public static void main(String[] args)", "className": "/opt/apache-tomcat-8.0.53/bin/gitRepo/HelloWorldJavaCompiled_28520144_1646386841492/src/main/java/miltos/diploma/UselessClass.java",
"cyclComplexity": 1, "wmc": 5,
"loc": 0 "dit": 1,
}, "noc": 0,
{ "cbo": 1,
"methodName": "public void _init_()", "rfc": 3,
"cyclComplexity": 1, "lcom": 0,
"loc": 0 "ca": 0,
} "ce": 0,
] "npm": 1,
"lcom3": 0.0,
"loc": 23,
"dam": 0.0,
"moa": 0,
"mfa": 0.0,
"cam": 0.0,
"ic": 0,
"cbm": 0,
"amc": 0.0
} }
] ]
}, },
...@@ -214,68 +907,172 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -214,68 +907,172 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
{ {
"name": "Resource_Handling", "name": "Resource_Handling",
"description": "", "description": "",
"thresholds": [ "eval": 1.0,
0.0024,
0.0582,
0.102
],
"eval": 0.5236957387495023,
"profile": [
0.0,
0.0,
1.0,
0.0,
0.0
],
"positive": false, "positive": false,
"measure": { "measure": {
"value": 1.0, "value": 0.0,
"normValue": 0.05555555555555555, "normValue": 0.0,
"type": 1, "type": 1,
"metricName": "", "metricName": "",
"rulesetPath": "./Rulesets/resourceHandRuleSet.xml", "rulesetPath": "./Rulesets/resourceHandRuleSet.xml",
"tool": "PMD", "tool": "PMD",
"normalizer": 18 "normalizer": 101
} }
}, },
{ {
"name": "Assignment", "name": "Assignment",
"eval": 0.6227018385291767 "description": "",
"eval": 0.5946944548682274,
"positive": false,
"measure": {
"value": 16.0,
"normValue": 0.15841584158415842,
"type": 1,
"metricName": "",
"rulesetPath": "./Rulesets/assignmentRuleSet.xml",
"tool": "PMD",
"normalizer": 101
}
}, },
{ {
"name": "Exception_Handling", "name": "Exception_Handling",
"description": "",
"eval": 1.0, "eval": 1.0,
"positive": false,
"measure": {
"value": 0.0,
"normValue": 0.0,
"type": 1,
"metricName": "",
"rulesetPath": "./Rulesets/exceptionRuleSet.xml",
"tool": "PMD",
"normalizer": 101
}
},
{ {
"name": "Misused_Functionality", "name": "Misused_Functionality",
"eval": 1.0 "description": "",
"eval": 0.7838211768775131,
"positive": false,
"measure": {
"value": 1.0,
"normValue": 0.009900990099009901,
"type": 1,
"metricName": "",
"rulesetPath": "./Rulesets/badFunRuleSet.xml",
"tool": "PMD",
"normalizer": 101
}
}, },
{ {
"name": "Synchronization", "name": "Synchronization",
"eval": 1.0 "description": "",
"eval": 1.0,
"positive": false,
"measure": {
"value": 0.0,
"normValue": 0.0,
"type": 1,
"metricName": "",
"rulesetPath": "./Rulesets/synchRuleSet.xml",
"tool": "PMD",
"normalizer": 101
}
}, },
{ {
"name": "Null_Pointer", "name": "Null_Pointer",
"eval": 1.0 "description": "",
"eval": 0.056338028169013996,
"positive": false,
"measure": {
"value": 1.0,
"normValue": 0.009900990099009901,
"type": 1,
"metricName": "",
"rulesetPath": "./Rulesets/npeRuleSet.xml",
"tool": "PMD",
"normalizer": 101
}
}, },
{ {
"name": "Logging", "name": "Logging",
"description": "",
"thresholds": [
0.0,
0.0012,
0.0065
],
"eval": 0.0, "eval": 0.0,
}, "positive": false,
{ "measure": {
"name": "Complexity", "value": 33.0,
"eval": 0.955947912812109, "normValue": 0.32673267326732675,
"type": 1,
"metricName": "",
"rulesetPath": "./Rulesets/logRuleSet.xml",
"tool": "PMD",
"normalizer": 101
}
}, },
{ {
"name": "Cohesion", "name": "Cohesion",
"eval": 1.0, "description": "How cohesive is your code",
"eval": 0.9981886528832659,
"positive": false,
"measure": {
"value": 126.0,
"normValue": 1.2475247524752475,
"type": 0,
"metricName": "LCOM",
"rulesetPath": "",
"tool": "CKJM",
"normalizer": 101
}
}, },
{ {
"name": "Coupling", "name": "Coupling",
"eval": 1.0, "description": "Evaluates the total number of efferent and afferent coupling of the system.",
"eval": 0.9276916139363239,
"positive": false,
"measure": {
"value": 154.0,
"normValue": 1.5247524752475248,
"type": 0,
"metricName": "CBO",
"rulesetPath": "",
"tool": "CKJM",
"normalizer": 101
}
},
{
"name": "Complexity",
"description": "The total complexity of the system",
"eval": 0.9720755315513135,
"positive": false,
"measure": {
"value": 370.0,
"normValue": 3.6633663366336635,
"type": 0,
"metricName": "WMC",
"rulesetPath": "",
"tool": "CKJM",
"normalizer": 101
}
}, },
{ {
"name": "Encapsulation", "name": "Encapsulation",
"eval": 1.0, "description": "The level of the encapsulation of the system",
"eval": 0.9661646982762996,
"positive": false,
"measure": {
"value": 234.0,
"normValue": 2.3168316831683167,
"type": 0,
"metricName": "RFC",
"rulesetPath": "",
"tool": "CKJM",
"normalizer": 101
}
} }
] ]
}, },
...@@ -283,20 +1080,20 @@ After submitting the request, the Quantitative Security Assessment (QSA) service ...@@ -283,20 +1080,20 @@ After submitting the request, the Quantitative Security Assessment (QSA) service
"characteristics": [ "characteristics": [
{ {
"name": "Confidentiality", "name": "Confidentiality",
"eval": 0.7756464616674826 "eval": 0.76967916527018
}, },
{ {
"name": "Integrity", "name": "Integrity",
"eval": 0.837155432254497 "eval": 0.7531998110938893
}, },
{ {
"name": "Availability", "name": "Availability",
"eval": 0.7964089283274383 "eval": 0.656356091876636
} }
] ]
}, },
"security_index": { "security_index": {
"eval": 0.8029899670557309, "eval": 0.7263390482446271,
} }
} }
``` ```
......