这是indexloc提供的服务,不要输入任何密码
Skip to content

Initial commit of cwe_checker plugin. #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 23, 2018
Merged

Initial commit of cwe_checker plugin. #163

merged 7 commits into from
Oct 23, 2018

Conversation

@tbarabosch
Copy link
Contributor

@tbarabosch tbarabosch commented Oct 9, 2018

No description provided.

jstucke
jstucke requested changes Oct 9, 2018
View reviewed changes
src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
cwe_message = cwe_message.replace('.', '').replace('32u', '')

return CweWarning(cwe_name, plugin_version, cwe_message)
except Exception as e:
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a less general exception handling would be preferred (i.e. catching only expected exceptions like IndexError, etc.)

src/plugins/analysis/cwe_checker/test/test_cwe_checker.py Outdated
@@ -0,0 +1,50 @@
import os

from common_helper_files import get_dir_of_file
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

imports seem to be redundant

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated

return CweWarning(cwe_name, plugin_version, cwe_message)
except Exception as e:
logging.error('[CweWarningParser] Error while parsing CWE warning: %s.' % str(e))
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

according to our coding guidelines, the .format() function should be used for string formatting

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
output, return_code = execute_shell_command_get_return_code(bap_command)
if return_code != 0:
logging.error('[%s] Could not get module versions from Bap plugin: %i (%s). I tried the following command %s',
self.NAME, return_code, output, bap_command)
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
arch_type = file_object.processed_analysis['file_type']['full'].lower()
for supported_arch in self.SUPPORTED_ARCHS:
if supported_arch in arch_type:
return True
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the builtins any and all are handy for cases like this, e.g.

if any(supported_arch in arch_type for supported_arch in self.SUPPORTED_ARCHS):
    return True

(just a suggestion)

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
bap_command)
if return_code != 0:
logging.error('[%s] Could not communicate with Bap plugin: %i (%s).',
self.NAME, return_code, output)
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
'''
if not self._is_supported_file_type(file_object):
logging.debug('[%s] %s is not an ELF executable.',
self.NAME, file_object.file_path)
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
elif not self._is_supported_arch(file_object):
logging.debug('[%s] %s\'s arch is not supported (%s)',
self.NAME, file_object.file_path,
file_object.processed_analysis['cpu_architecture']['summary'])
Copy link
Collaborator

@jstucke jstucke Oct 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

@jstucke
Copy link
Collaborator

jstucke commented Oct 10, 2018

Also, it would be nice if you could add some more tests because the coverage is relatively low:
coverage.zip

dorpvom
dorpvom previously requested changes Oct 11, 2018
View reviewed changes
Copy link
Member

@dorpvom dorpvom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests crash with [Errno 12] Cannot allocate memory. Please check where that is coming from.

@tbarabosch
Copy link
Contributor Author

tbarabosch commented Oct 15, 2018

@dorpvom There were still calls to the dockerized component. I monkeypatched them. There should be no calls to external programs.
@jstucke I think I have tested the relevant components (parsers). The rest of this plugin is just wrapper code that calls cwe_checker (either locally or in Docker).

@tbarabosch
Copy link
Contributor Author

tbarabosch commented Oct 15, 2018

I've pushed the required changes.

jstucke
jstucke approved these changes Oct 15, 2018
View reviewed changes
src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
bap_command = self._build_bap_command_for_modules_versions()
output, return_code = execute_shell_command_get_return_code(bap_command)
if return_code != 0:
logging.error('Could not get module versions from Bap plugin: {} ({}). I tried the following command %s'.format(
Copy link
Collaborator

@jstucke jstucke Oct 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forgot one %s when fixing the string format style

@codecov-io
Copy link

codecov-io commented Oct 17, 2018
edited
Loading

Codecov Report

Merging #163 into master will decrease coverage by 0.06%.
The diff coverage is 89.61%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #163      +/-   ##
==========================================
- Coverage   95.79%   95.72%   -0.07%     
==========================================
  Files         309      311       +2     
  Lines       15326    15480     +154     
==========================================
+ Hits        14682    14819     +137     
- Misses        644      661      +17
Impacted Files Coverage Δ
...gins/analysis/cwe_checker/test/test_cwe_checker.py 100% <100%> (ø)
...c/plugins/analysis/cwe_checker/code/cwe_checker.py 85.04% <85.04%> (ø)
...test/integration/scheduler/test_cycle_with_tags.py 98.11% <0%> (-1.89%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ebe2105...678bf82. Read the comment docs.

weidenba
weidenba suggested changes Oct 17, 2018
View reviewed changes
Copy link
Contributor

@weidenba weidenba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please increase the test coverage.

src/plugins/analysis/cwe_checker/code/cwe_checker.py
return bap_command

@staticmethod
def _parse_bap_output(output):
Copy link
Contributor

@weidenba weidenba Oct 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a static method. It should be easy to test it?

src/plugins/analysis/cwe_checker/code/cwe_checker.py

return res

def _is_supported_arch(self, file_object):
Copy link
Contributor

@weidenba weidenba Oct 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be easy to test as well.

src/plugins/analysis/cwe_checker/code/cwe_checker.py Outdated
This function handles only ELF executable. Otherwise it returns an empty dictionary.
It calls the external BAP plugin cwe_checker.
'''
if not self._is_supported_file_type(file_object):
Copy link
Contributor

@weidenba weidenba Oct 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use the Whitlist functionality

src/plugins/analysis/cwe_checker/code/cwe_checker.py
bap_command = '{} {} --pass=cwe-checker --cwe-checker-module_versions=true'.format(PATH_TO_BAP, '/bin/true')
return bap_command

def _build_bap_command(self, file_object):
Copy link
Contributor

@weidenba weidenba Oct 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be easy to test?

src/plugins/analysis/cwe_checker/test/test_cwe_checker.py Outdated

class MockFileObject(object):

def __init__(self, file_path):
Copy link
Contributor

@weidenba weidenba Oct 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This Mock is not used at all?

@weidenba weidenba merged commit c7ba4e4 into master Oct 23, 2018
@weidenba weidenba deleted the cwe_checker_plugin branch October 23, 2018 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jstucke jstucke jstucke approved these changes

@dorpvom dorpvom dorpvom left review comments

+1 more reviewer

@weidenba weidenba weidenba approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jstucke jstucke

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@tbarabosch @jstucke @codecov-io @weidenba @dorpvom @any333