/** * Generates textual, human-readable representation for given violations * * @param violations<Violation> * @return String containing textual representation for violations */ public static String toText(Collection<Violation> violations) { StringBuffer ret = new StringBuffer(); if (violations.size() == 0) { ret.append("No iflow violations found."); } else { int i = 0; for (Violation violation : violations) { i++; SecurityNode outgoing = violation.getSink(); SecurityNode from = violation.getSource(); ViolationPathes violationPathes = violation.getViolationPathes(); ret.append( i + ": There's Information flowing out at \n" + " IFlow Allowed : " + outgoing.getRequired() + " - Node " + outgoing + " - " + outgoing.getOperation() + " - " + outgoing.getLabel() + " - " + outgoing.getSource() + " - Row:" + outgoing.getSr() + "\n"); ret.append( "from \n" + " IFlow Annotated: " + from.getProvided() + " - Node " + from + " - " + from.getOperation() + " - " + from.getLabel() + " - " + from.getSource() + " - Row:" + from.getSr() + "\n"); if (violationPathes == null) { ret.append("no pathes available"); } else { ret.append(violationPathes.toString()); } ret.append("---\n"); } } return ret.toString(); }
/** * Determines security violations by applying slicing to all 'outgoing' and 'declassification' * nodes in this InterFlowCheckers Graph(=sdgParser) g * * @return List of violations: List<Violation> * @throws InterSlicePluginException * @throws NotInLatticeException */ public Collection<Violation> checkIFlow(boolean generateVioPathes) throws NotInLatticeException { Collection<Violation> ret = new LinkedList<Violation>(); // list to be returned // compute declassification information DeclassificationSummaryNodes dec = new DeclassificationSummaryNodes(g, l); dec.slice(); // get all outgoing nodes... Collection<SecurityNode> outgoingNodes = SDGTools.getInformationSinks(g); // ...add all declassification nodes... outgoingNodes.addAll(SDGTools.getDeclassificationNodes(g)); IFCSlicer is = new IFCSlicer(l, g); // ...and do slicing for each of these nodes for (SecurityNode temp : outgoingNodes) { long slicestart = System.currentTimeMillis(); if (TIME) System.out.println("Started slicing at " + slicestart); // NODES-KLEINOD: nicht loeschen :D // ((ProgressAnnouncer) is).addProgressListener(this); // do slicing Collection<Violation> violations = is.checkIFC(temp); long sliceend = System.currentTimeMillis(); if (TIME) System.out.println( "Finished slicing at " + sliceend + " | slice duration: " + (sliceend - slicestart)); // Transform SimpleViolations into Violations for (Violation vp : violations) { Violation vio = Violation.createViolation(temp, vp.getSink(), temp.getRequired()); ret.add(vio); } // add ViolationPathes if wished if (generateVioPathes) { ret = addViolationPathesChop(ret); } } // this.progressChanged("Done", 100, 100); return ret; }