codyze icon indicating copy to clipboard operation
codyze copied to clipboard

Published 20 hours ago verified publisher icon Fraunhofer-AISEC

Unfinished loading finding descriptions in LSP

Open fwendland opened this issue 3 years ago • 2 comments

When using the LSP interface with Eclipse the findingDescription.json isn't fully loaded and parsed, before it's used.

Here is an excerpt from a log file:

19:16:20,710 INFO AnalysisServer Registering builtin de.fraunhofer.aisec.codyze.crymlin.builtin.SplitDisjoint //... 19:16:21,143 INFO AnalysisServer LSP server started 19:16:21,144 INFO AnalysisServer Parsing MARK files in /opt/codyze/mark 19:16:21,642 INFO CpgDocumentService Handling didOpen for file: file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java 19:16:21,643 DEBUG CpgDocumentService Starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java 19:16:21,644 DEBUG CpgDocumentService Really starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java // ... 19:16:23,503 INFO AnalysisServer Loading MARK from directory /opt/codyze/mark 19:16:23,527 INFO AnalysisServer Loading MARK file /opt/codyze/mark/bouncycastle/KeyGenerator.mark // ... 19:16:25,970 INFO AnalysisServer Loaded 60 entities and 40 rules. 19:16:25,971 INFO FindingDescription Parsing MARK description file from /opt/codyze/mark/findingDescription.json //... 19:16:26,854 INFO Evaluator Got 8 findings in analysis context: [Rule ID_4_01 verified, Rule ID_2_1_2_3_01 violated, Rule ID_2_1_3_01 verified, Rule ID_2_01 verified, Rule BouncyCastleProvider_MessageDigest violated, Rule BouncyCastleProvider_SecureRandom violated, Rule ID_2_1_01 verified, Rule BouncyCastleProvider_Cipher violated] 19:16:26,855 INFO CpgDocumentService Analysis for file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java done. Returning 8 findings. 19:16:26,856 INFO CpgDocumentService Finding short description: null 19:16:26,857 INFO CpgDocumentService Finding short description: null 19:16:26,857 INFO CpgDocumentService Finding short description: null 19:16:26,857 INFO CpgDocumentService Finding short description: null 19:16:26,857 INFO CpgDocumentService Finding short description: null 19:16:26,857 INFO CpgDocumentService Finding short description: null 19:16:27,415 INFO FindingDescription Loaded 68 description(s) 19:16:27,415 DEBUG FindingDescription Descriptions: {InvalidProvider_AlgorithmParameterGenerator=de.fraunhofer.aisec.codyze.analysis.FindingDescription$FindingDescriptionItem@63b2418e, /* ... */}

Seemingly, the CpgDocumentService access the finding descriptions before they are fully parsed and available through FindingDescription. This method https://github.com/Fraunhofer-AISEC/codyze/blob/ec0dd43b79bfc6f8b6bc3a955288328b84cbbdad/src/main/java/de/fraunhofer/aisec/codyze/analysis/FindingDescription.kt#L47 appears to finish evaluation too late.

This might be caused by some threaded execution and insufficent synchronisation.

fwendland avatar Sep 16 '21 07:09 fwendland

Using the LSP-based plugin for VScode seems to work flawlessly. Is this somehow related to something Eclipse-specific?

oxisto avatar Sep 17 '21 18:09 oxisto

Maybe. I'm gone test some more.

fwendland avatar Sep 20 '21 07:09 fwendland