Fraunhofer-AISEC/codyze

Unfinished loading finding descriptions in LSP

fwendland opened this issue · 2 comments

fwendland commented

When using the LSP interface with Eclipse the findingDescription.json isn't fully loaded and parsed, before it's used.

Here is an excerpt from a log file:

19:16:20,710 INFO AnalysisServer Registering builtin de.fraunhofer.aisec.codyze.crymlin.builtin.SplitDisjoint
//...
19:16:21,143 INFO AnalysisServer LSP server started
19:16:21,144 INFO AnalysisServer Parsing MARK files in /opt/codyze/mark
19:16:21,642 INFO CpgDocumentService Handling didOpen for file: file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
19:16:21,643 DEBUG CpgDocumentService Starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
19:16:21,644 DEBUG CpgDocumentService Really starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
// ...
19:16:23,503 INFO AnalysisServer Loading MARK from directory /opt/codyze/mark
19:16:23,527 INFO AnalysisServer Loading MARK file /opt/codyze/mark/bouncycastle/KeyGenerator.mark
// ...
19:16:25,970 INFO AnalysisServer Loaded 60 entities and 40 rules.
19:16:25,971 INFO FindingDescription Parsing MARK description file from /opt/codyze/mark/findingDescription.json
//...
19:16:26,854 INFO Evaluator Got 8 findings in analysis context: [Rule ID_4_01 verified, Rule ID_2_1_2_3_01 violated, Rule ID_2_1_3_01 verified, Rule ID_2_01 verified, Rule BouncyCastleProvider_MessageDigest violated, Rule BouncyCastleProvider_SecureRandom violated, Rule ID_2_1_01 verified, Rule BouncyCastleProvider_Cipher violated]
19:16:26,855 INFO CpgDocumentService Analysis for file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java done. Returning 8 findings.
19:16:26,856 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:27,415 INFO FindingDescription Loaded 68 description(s)
19:16:27,415 DEBUG FindingDescription Descriptions:
{InvalidProvider_AlgorithmParameterGenerator=de.fraunhofer.aisec.codyze.analysis.FindingDescription$FindingDescriptionItem@63b2418e, /* ... */}

Seemingly, the CpgDocumentService access the finding descriptions before they are fully parsed and available through FindingDescription. This method

codyze/src/main/java/de/fraunhofer/aisec/codyze/analysis/FindingDescription.kt

Line 47 in ec0dd43

val map = mapper.readValue<Map<String, FindingDescriptionItem>>(descriptionFile)

appears to finish evaluation too late.

This might be caused by some threaded execution and insufficent synchronisation.

oxisto commented

Using the LSP-based plugin for VScode seems to work flawlessly. Is this somehow related to something Eclipse-specific?

fwendland commented

Maybe. I'm gone test some more.