Splitting analysis module into two: analysis and cli

.github/workflows/release.yml

@@ -28,9 +28,20 @@ jobs:
           gradle-version: 7.6.1
           arguments: |
             publish
+            -PincludeDokka=true
             -PsemVer=${{inputs.semVer}}
             -Pactor=${{ secrets.MAVEN_CENTRAL_LOGIN }}
             -Ptoken=${{ secrets.MAVEN_CENTRAL_TOKEN }}
             -PgpgKey="${{ secrets.OSSRH_GPG_SECRET_KEY }}"
             -PgpgPassphrase=${{ secrets.OSSRH_GPG_SECRET_PASSPHRASE }}
-            -PrepoUrl=https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
+            -PrepoUrl=https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
+      - name: Upload release artifacts
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          files: |
+            jacodb-api/build/libs/jacodb-api-${{inputs.semVer}}.jar
+            jacodb-analysis/build/libs/jacodb-analysis-${{inputs.semVer}}.jar
+            jacodb-core/build/libs/jacodb-core-${{inputs.semVer}}.jar
+            jacodb-cli/build/libs/jacodb-cli-${{inputs.semVer}}.jar
+            jacodb-examples/build/libs/jacodb-examples-${{inputs.semVer}}.jar

build.gradle.kts

@@ -4,6 +4,7 @@ val kotlinVersion: String by rootProject
 val coroutinesVersion: String by rootProject
 val junit5Version: String by project
 val semVer: String? by project
+val includeDokka: String? by project
 
 group = "org.jacodb"
 
@@ -125,14 +126,17 @@ allprojects {
             archiveClassifier.set("javadoc")
         }
 
+
         val sourcesJar by creating(Jar::class) {
             archiveClassifier.set("sources")
             from(sourceSets.getByName("main").kotlin.srcDirs)
         }
 
         artifacts {
             archives(sourcesJar)
-            archives(dokkaJavadocJar)
+            if (includeDokka != null) {
+                archives(dokkaJavadocJar)
+            }
         }
     }
 
@@ -170,7 +174,7 @@ if (!repoUrl.isNullOrEmpty()) {
         listOf(
             project(":jacodb-api"),
             project(":jacodb-core"),
-//            project(":jacodb-analysis"),
+            project(":jacodb-analysis"),
         )
     ) {
         publishing {

docs/badges/coverage-summary.json

@@ -1 +1 @@
-{"branches": 68.34195614683419, "coverage": 70.38198957259596}
+{"branches": 68.14246846401187, "coverage": 69.80196523053665}

jacodb-analysis/build.gradle.kts

@@ -11,14 +11,13 @@ dependencies {
     api(project(":jacodb-api"))
 
     testImplementation(testFixtures(project(":jacodb-core")))
-    testFixturesImplementation(project(":jacodb-api"))
-    testFixturesImplementation("javax.servlet:servlet-api:2.5")
-    testImplementation("org.junit.jupiter:junit-jupiter-params:5.9.2")
-    testImplementation(files("src/testFixtures/resources/juliet.jar"))
-    testImplementation(files("src/testFixtures/resources/pointerbench.jar"))
-    testImplementation("joda-time:joda-time:2.12.5")
+    testImplementation(project(":jacodb-api"))
+    testImplementation(group = "javax.servlet", name = "servlet-api", version = "2.5")
+    testImplementation(group = "org.junit.jupiter", name = "junit-jupiter-params", version = "5.9.2")
+    testImplementation(files("src/test/resources/juliet.jar"))
+    testImplementation(files("src/test/resources/pointerbench.jar"))
+    testImplementation(group = "joda-time", name = "joda-time", version = "2.12.5")
 
-    implementation("org.jetbrains.kotlinx:kotlinx-cli:0.3.5")
-    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.4.1")
+    implementation(group = "org.jetbrains.kotlinx", name = "kotlinx-serialization-json", version = "1.4.1")
     implementation(group = "io.github.microutils", name = "kotlin-logging", version = "1.8.3")
 }

jacodb-analysis/src/main/kotlin/org/jacodb/analysis/AnalysisMain.kt

@@ -15,16 +15,8 @@
  */
 
 package org.jacodb.analysis
-import kotlinx.cli.ArgParser
-import kotlinx.cli.ArgType
-import kotlinx.cli.default
-import kotlinx.cli.required
 import kotlinx.coroutines.runBlocking
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.decodeFromString
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.encodeToStream
-import mu.KLogging
 import org.jacodb.analysis.analyzers.AliasAnalyzer
 import org.jacodb.analysis.analyzers.NpeAnalyzer
 import org.jacodb.analysis.analyzers.TaintAnalysisNode
@@ -41,12 +33,7 @@ import org.jacodb.api.JcClasspath
 import org.jacodb.api.JcMethod
 import org.jacodb.api.analysis.JcApplicationGraph
 import org.jacodb.api.cfg.JcInst
-import org.jacodb.api.ext.findClass
-import org.jacodb.impl.features.InMemoryHierarchy
-import org.jacodb.impl.features.Usages
 import org.jacodb.impl.features.usagesExt
-import org.jacodb.impl.jacodb
-import java.io.File
 import java.util.*
 
 @Serializable
@@ -95,38 +82,40 @@ class UnusedVariableAnalysisFactory : AnalysisEngineFactory {
     }
 
     override val name: String
-        get() = "Jacodb-Unused-Variable"
+        get() = "unused-variable"
 }
 
 abstract class FlowDroidFactory : AnalysisEngineFactory {
 
-    protected abstract fun getAnalyzer(graph: JcApplicationGraph): Analyzer
+    protected abstract val JcApplicationGraph.analyzer: Analyzer
 
     override fun createAnalysisEngine(
         graph: JcApplicationGraph,
         points2Engine: Points2Engine,
     ): AnalysisEngine {
-        val analyzer = getAnalyzer(graph)
+        val analyzer = graph.analyzer
         return TaintAnalysisWithPointsTo(graph, analyzer, points2Engine)
     }
 
     override val name: String
-        get() = "JacoDB-FlowDroid"
+        get() = "flow-droid"
 }
 
 class NPEAnalysisFactory : FlowDroidFactory() {
-    override fun getAnalyzer(graph: JcApplicationGraph): Analyzer {
-        return NpeAnalyzer(graph)
-    }
+    override val JcApplicationGraph.analyzer: Analyzer
+        get() {
+            return NpeAnalyzer(this)
+        }
 }
 
 class AliasAnalysisFactory(
     private val generates: (JcInst) -> List<TaintAnalysisNode>,
     private val isSink: (JcInst, DomainFact) -> Boolean,
 ) : FlowDroidFactory() {
-    override fun getAnalyzer(graph: JcApplicationGraph): Analyzer {
-        return AliasAnalyzer(graph, generates, isSink)
-    }
+    override val JcApplicationGraph.analyzer: Analyzer
+        get() {
+            return AliasAnalyzer(this, generates, isSink)
+        }
 }
 
 interface Points2EngineFactory : Factory {
@@ -140,7 +129,7 @@ interface GraphFactory : Factory {
 class JcSimplifiedGraphFactory(
     private val bannedPackagePrefixes: List<String>? = null
 ) : GraphFactory {
-    override val name: String = "JacoDB-graph simplified for IFDS"
+    override val name: String = "ifds-simplification"
 
     override fun createGraph(
         classpath: JcClasspath
@@ -154,7 +143,7 @@ class JcSimplifiedGraphFactory(
     }
 }
 
-class JcNaivePoints2EngineFactory : Points2EngineFactory {
+object JcNaivePoints2EngineFactory : Points2EngineFactory {
     override fun createPoints2Engine(
         graph: JcApplicationGraph,
     ): Points2Engine {
@@ -163,147 +152,10 @@ class JcNaivePoints2EngineFactory : Points2EngineFactory {
     }
 
     override val name: String
-        get() = "JacoDB-P2-Naive"
+        get() = "naive-p2"
 }
 
 inline fun <reified T : Factory> loadFactories(): List<T> {
     assert(T::class.java != Factory::class.java)
     return ServiceLoader.load(T::class.java).toList()
 }
-
-private inline fun <reified T : Factory> factoryChoice(): ArgType.Choice<T> {
-    val factories = loadFactories<T>()
-    val nameToFactory = { requiredFactoryName: String -> factories.single { it.name == requiredFactoryName } }
-    val factoryToName = { factory: T -> factory.name }
-
-    return ArgType.Choice(factories, nameToFactory, factoryToName)
-}
-
-private val logger = object : KLogging() {}.logger
-
-
-class AnalysisMain {
-    fun run(args: List<String>) = main(args.toTypedArray())
-}
-
-fun loadAnalysisEngineFactoriesByConfig(config: AnalysisConfig): List<AnalysisEngineFactory> {
-    return config.analyses.mapNotNull { (analysis, _) ->
-        when (analysis) {
-            "NPE" -> NPEAnalysisFactory()
-            "Unused" -> UnusedVariableAnalysisFactory()
-            else -> {
-                logger.error { "Unknown analysis type: $analysis" }
-                null
-            }
-        }
-    }
-}
-
-fun main(args: Array<String>) {
-    val parser = ArgParser("taint-analysis")
-    val configFilePath by parser.option(
-        ArgType.String,
-        fullName = "analysisConf",
-        shortName = "a",
-        description = "File with analysis configuration in JSON format"
-    ).required()
-    val cacheDirPath by parser.option(
-        ArgType.String,
-        fullName = "cachedir",
-        shortName = "c",
-        description = "Directory with caches for analysis. All parent directories will be created if not exists. Directory will be created if not exists. Directory must be empty."
-    ).required()
-    val startClasses by parser.option(
-        ArgType.String,
-        fullName = "start",
-        shortName = "s",
-        description = "classes from which to start the analysis"
-    ).required()
-    val outputPath by parser.option(
-        ArgType.String,
-        fullName = "output",
-        shortName = "o",
-        description = "File where analysis report will be written. All parent directories will be created if not exists. File will be created if not exists. Existing file will be overwritten."
-    ).default("report.txt") // TODO: create SARIF here
-    val graphFactory by parser.option(
-        factoryChoice<GraphFactory>(),
-        fullName = "graph-type",
-        shortName = "g",
-        description = "Type of code graph to be used by analysis."
-    ).default(JcSimplifiedGraphFactory())
-    val points2Factory by parser.option(
-        factoryChoice<Points2EngineFactory>(),
-        fullName = "points2",
-        shortName = "p2",
-        description = "Type of points-to engine."
-    ).default(JcNaivePoints2EngineFactory())
-    val classpath by parser.option(
-        ArgType.String,
-        fullName = "classpath",
-        shortName = "cp",
-        description = "Classpath for analysis. Used by JacoDB."
-    ).default(System.getProperty("java.class.path"))
-
-    parser.parse(args)
-
-    val outputFile = File(outputPath)
-
-    if (outputFile.exists() && outputFile.isDirectory) {
-        throw IllegalArgumentException("Provided path for output file is directory, please provide correct path")
-    } else if (outputFile.exists()) {
-        logger.info { "Output file $outputFile already exists, results will be overwritten" }
-    }
-
-    val cacheDir = File(cacheDirPath)
-
-    if (!cacheDir.exists()) {
-        cacheDir.mkdirs()
-    }
-
-    if (!cacheDir.isDirectory) {
-        throw IllegalArgumentException("Provided path to cache directory is not directory")
-    }
-
-    val configFile = File(configFilePath)
-    if (!configFile.isFile) {
-        throw IllegalArgumentException("Can't find provided config file $configFilePath")
-    }
-    val config = Json.decodeFromString<AnalysisConfig>(configFile.readText())
-
-    val classpathAsFiles = classpath.split(File.pathSeparatorChar).sorted().map { File(it) }
-    val classpathHash = classpath.hashCode()
-    val persistentPath = cacheDir.resolve("jacodb-for-$classpathHash")
-
-    val cp = runBlocking {
-        val jacodb = jacodb {
-            loadByteCode(classpathAsFiles)
-            persistent(persistentPath.absolutePath)
-            installFeatures(InMemoryHierarchy, Usages)
-        }
-        jacodb.classpath(classpathAsFiles)
-    }
-
-    val graph = graphFactory.createGraph(cp)
-    val points2Engine = points2Factory.createPoints2Engine(graph)
-    val startJcClasses = startClasses.split(";").map { cp.findClass(it) }
-
-    val analysisEngines = loadAnalysisEngineFactoriesByConfig(config).map {
-        it.createAnalysisEngine(graph, points2Engine)
-    }
-
-    val analysisResults = analysisEngines.map { engine ->
-        startJcClasses.forEach { clazz ->
-            clazz.declaredMethods.forEach {
-                engine.addStart(it)
-            }
-        }
-        engine.analyze()
-    }
-
-    val mergedResult = DumpableAnalysisResult(analysisResults.flatMap { it.foundVulnerabilities })
-
-    val json = Json { prettyPrint = true }
-    outputFile.outputStream().use { fileOutputStream ->
-        json.encodeToStream(mergedResult, fileOutputStream)
-    }
-}

jacodb-analysis/src/test/kotlin/org/jacodb/analysis/impl/AliasAnalysisTest.kt

@@ -146,7 +146,7 @@ class AliasAnalysisTest : BaseTest() {
             .plus("pointerbench.benchmark.internal")
 
         val graph = JcSimplifiedGraphFactory(bannedPackagePrefixes).createGraph(cp)
-        val points2Engine = JcNaivePoints2EngineFactory().createPoints2Engine(graph)
+        val points2Engine = JcNaivePoints2EngineFactory.createPoints2Engine(graph)
         val factory = AliasAnalysisFactory(::generates, ::isSink)
         val ifds = factory.createAnalysisEngine(graph, points2Engine)
         ifds.addStart(method)

jacodb-analysis/src/test/kotlin/org/jacodb/analysis/impl/JodaDateTimeAnalysisTest.kt

@@ -38,7 +38,7 @@ class JodaDateTimeAnalysisTest : BaseTest() {
         val clazz = cp.findClass<DateTime>()
 
         val graph = JcSimplifiedGraphFactory().createGraph(cp)
-        val points2Engine = JcNaivePoints2EngineFactory().createPoints2Engine(graph)
+        val points2Engine = JcNaivePoints2EngineFactory.createPoints2Engine(graph)
         val ifds = factory.createAnalysisEngine(graph, points2Engine)
         clazz.declaredMethods
             .forEach { ifds.addStart(it) }

jacodb-analysis/src/test/kotlin/org/jacodb/analysis/impl/NpeAnalysisTest.kt

@@ -24,7 +24,6 @@ import org.jacodb.analysis.NPEAnalysisFactory
 import org.jacodb.analysis.VulnerabilityInstance
 import org.jacodb.analysis.analyzers.NpeAnalyzer
 import org.jacodb.analysis.graph.JcApplicationGraphImpl
-import org.jacodb.analysis.samples.NPEExamples
 import org.jacodb.api.JcClassOrInterface
 import org.jacodb.api.JcMethod
 import org.jacodb.api.ext.constructors
@@ -37,6 +36,7 @@ import org.jacodb.impl.features.usagesExt
 import org.jacodb.testing.BaseTest
 import org.jacodb.testing.WithDB
 import org.jacodb.testing.allClasspath
+import org.jacodb.testing.analysis.NPEExamples
 import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.params.ParameterizedTest
@@ -273,7 +273,7 @@ class NpeAnalysisTest : BaseTest() {
 
     private fun findNpeSources(method: JcMethod): List<VulnerabilityInstance> {
         val graph = JcSimplifiedGraphFactory().createGraph(cp)
-        val points2Engine = JcNaivePoints2EngineFactory().createPoints2Engine(graph)
+        val points2Engine = JcNaivePoints2EngineFactory.createPoints2Engine(graph)
         val ifds = NPEAnalysisFactory().createAnalysisEngine(graph, points2Engine)
         ifds.addStart(method)
         val result = ifds.analyze()

jacodb-analysis/src/test/kotlin/org/jacodb/analysis/impl/UnusedVariableTest.kt

@@ -110,7 +110,7 @@ class UnusedVariableTest : BaseTest() {
 
     private fun findUnusedVariables(method: JcMethod): List<VulnerabilityInstance> {
         val graph = JcSimplifiedGraphFactory().createGraph(cp)
-        val points2Engine = JcNaivePoints2EngineFactory().createPoints2Engine(graph)
+        val points2Engine = JcNaivePoints2EngineFactory.createPoints2Engine(graph)
         val ifds = UnusedVariableAnalysisFactory().createAnalysisEngine(graph, points2Engine)
         ifds.addStart(method)
         val result = ifds.analyze()