Enabling GDPR compliance checks

cloudpg/src/main/java/io/clouditor/graph/App.kt

@@ -174,6 +174,7 @@ object App : Callable<Int> {
                 .registerPass(GormDatabasePass())
                 .registerPass(PyMongoPass())
                 .registerPass(Psycopg2Pass())
+                .registerPass(PythonFileWritePass())
                 .processAnnotations(true)
 
         if (labelsEnabled) {

cloudpg/src/main/java/io/clouditor/graph/nodes/labels/PseudoIdentifier.kt

@@ -4,6 +4,7 @@ import de.fraunhofer.aisec.cpg.graph.Node
 
 open class PseudoIdentifier(labeledNode: Node) : DataLabel(labeledNode) {
     override fun areMergeable(l: Label): Boolean {
-        return l::class == PseudoIdentifier::class
+        return false
+        //return l::class == PseudoIdentifier::class
     }
 }

cloudpg/src/main/java/io/clouditor/graph/passes/DatabaseOperationPass.kt

@@ -41,9 +41,10 @@ abstract class DatabaseOperationPass : Pass() {
         connect: DatabaseConnect,
         storage: List<DatabaseStorage>,
         calls: List<CallExpression>,
-        app: Application?
+        app: Application?,
+        type: String
     ): DatabaseQuery {
-        val op = DatabaseQuery(modify, calls, storage, connect.to)
+        val op = DatabaseQuery(modify, type, calls, storage, connect.to)
         op.location = app?.location
 
         storage.forEach {

cloudpg/src/main/java/io/clouditor/graph/passes/FileWritePass.kt

@@ -0,0 +1,25 @@
+package io.clouditor.graph.passes
+
+import de.fraunhofer.aisec.cpg.TranslationResult
+import de.fraunhofer.aisec.cpg.graph.statements.expressions.CallExpression
+import de.fraunhofer.aisec.cpg.passes.Pass
+import io.clouditor.graph.Application
+import io.clouditor.graph.FileWrite
+import io.clouditor.graph.plusAssign
+
+abstract class FileWritePass: Pass() {
+
+    protected fun createFileWrite(
+        t: TranslationResult,
+        call: CallExpression,
+        app: Application?
+    ): FileWrite {
+        // Create node
+        val fileWriteNode = FileWrite(call)
+        // Add to functionalities if necessary
+        app?.functionalities?.plusAssign(fileWriteNode)
+        // Add to translation result
+        t += fileWriteNode
+        return fileWriteNode
+    }
+}

cloudpg/src/main/java/io/clouditor/graph/passes/GormDatabasePass.kt

@@ -13,6 +13,7 @@ import de.fraunhofer.aisec.cpg.processing.IVisitor
 import de.fraunhofer.aisec.cpg.processing.strategy.Strategy
 import io.clouditor.graph.*
 import io.clouditor.graph.nodes.getStorageOrCreate
+import io.clouditor.graph.utils.DatabaseQueryType
 
 class GormDatabasePass : DatabaseOperationPass() {
     override fun accept(t: TranslationResult) {
@@ -116,7 +117,16 @@ class GormDatabasePass : DatabaseOperationPass() {
 
             val op =
                 app?.functionalities?.filterIsInstance<DatabaseConnect>()?.firstOrNull()?.let {
-                    val op = createDatabaseQuery(result, false, it, mutableListOf(), calls, app)
+                    val op =
+                        createDatabaseQuery(
+                            result,
+                            false,
+                            it,
+                            mutableListOf(),
+                            calls,
+                            app,
+                            DatabaseQueryType.READ.toString()
+                        )
                     op.name = call.name
 
                     // loop through the calls and set DFG edges
@@ -144,7 +154,8 @@ class GormDatabasePass : DatabaseOperationPass() {
                             it,
                             mutableListOf(),
                             mutableListOf(call),
-                            app
+                            app,
+                            DatabaseQueryType.CREATE.toString()
                         )
                     op.name = call.name
 
@@ -165,7 +176,8 @@ class GormDatabasePass : DatabaseOperationPass() {
                             it,
                             mutableListOf(),
                             mutableListOf(call),
-                            app
+                            app,
+                            DatabaseQueryType.UPDATE.toString()
                         )
                     op.name = call.name
 

cloudpg/src/main/java/io/clouditor/graph/passes/HttpClientPass.kt

@@ -16,7 +16,7 @@ abstract class HttpClientPass : Pass() {
         app: Application?
     ): HttpRequest {
         val endpoints = getEndpointsForUrl(t, url, method)
-        val request = HttpRequest(call, body, endpoints)
+        val request = HttpRequest(call, body, endpoints, url)
         request.name = method
         request.location = call.location
 

cloudpg/src/main/java/io/clouditor/graph/passes/golang/GoFileWritePass.kt

@@ -0,0 +1,35 @@
+package io.clouditor.graph.passes.python
+
+import de.fraunhofer.aisec.cpg.ExperimentalPython
+import de.fraunhofer.aisec.cpg.TranslationResult
+import de.fraunhofer.aisec.cpg.graph.Node
+import de.fraunhofer.aisec.cpg.graph.statements.expressions.MemberCallExpression
+import de.fraunhofer.aisec.cpg.processing.IVisitor
+import de.fraunhofer.aisec.cpg.processing.strategy.Strategy
+import io.clouditor.graph.findApplicationByTU
+import io.clouditor.graph.passes.FileWritePass
+
+@ExperimentalPython
+class GoFileWritePass: FileWritePass() {
+    override fun accept(t: TranslationResult) {
+        for (tu in t.translationUnits) {
+            tu.accept(
+                Strategy::AST_FORWARD,
+                object : IVisitor<Node?>() {
+                    // check all MemberCallExpressions
+                    fun visit(r: MemberCallExpression) {
+                        // look for writeFile() call of os library
+                        if (r.name == "WriteFile" && r.base.name == "os") {
+                            createFileWrite(t, r, t.findApplicationByTU(tu))
+                        }
+                    }
+                }
+            )
+        }
+    }
+
+    override fun cleanup() {
+        // Nothing to do
+    }
+
+}

cloudpg/src/main/java/io/clouditor/graph/passes/python/Psycopg2Pass.kt

@@ -9,6 +9,7 @@ import de.fraunhofer.aisec.cpg.processing.strategy.Strategy
 import io.clouditor.graph.*
 import io.clouditor.graph.nodes.getStorageOrCreate
 import io.clouditor.graph.passes.DatabaseOperationPass
+import io.clouditor.graph.utils.DatabaseQueryType
 
 class Psycopg2Pass : DatabaseOperationPass() {
 
@@ -148,7 +149,16 @@ class Psycopg2Pass : DatabaseOperationPass() {
             val dbName = dbStorage.firstOrNull()?.name
             val storage = connect.to.map { it.getStorageOrCreate(table ?: "", dbName) }
 
-            val op = createDatabaseQuery(result, false, connect, storage, mutableListOf(call), app)
+            val op =
+                createDatabaseQuery(
+                    result,
+                    false,
+                    connect,
+                    storage,
+                    mutableListOf(call),
+                    app,
+                    DatabaseQueryType.UNKNOWN.toString()
+                )
             op.name = call.name
 
             // in the select case, the arguments are just arguments to the query itself and flow

cloudpg/src/main/java/io/clouditor/graph/passes/python/PyMongoPass.kt

@@ -10,6 +10,7 @@ import de.fraunhofer.aisec.cpg.processing.strategy.Strategy
 import io.clouditor.graph.*
 import io.clouditor.graph.nodes.getStorageOrCreate
 import io.clouditor.graph.passes.DatabaseOperationPass
+import io.clouditor.graph.utils.DatabaseQueryType
 import java.net.URI
 
 class PyMongoPass : DatabaseOperationPass() {
@@ -168,14 +169,68 @@ class PyMongoPass : DatabaseOperationPass() {
         var (connect, storage) = pair
         var op: DatabaseQuery? = null
         if (mce.name == "insert_one") {
-            op = createDatabaseQuery(t, true, connect, storage, listOf(mce), app)
+            op =
+                createDatabaseQuery(
+                    t,
+                    true,
+                    connect,
+                    storage,
+                    listOf(mce),
+                    app,
+                    DatabaseQueryType.CREATE.toString()
+                )
 
             // data flows from first argument to op
             mce.arguments.firstOrNull()?.addNextDFG(op)
         }
 
         if (mce.name == "find" || mce.name == "find_one") {
-            op = createDatabaseQuery(t, false, connect, storage, listOf(mce), app)
+            op =
+                createDatabaseQuery(
+                    t,
+                    false,
+                    connect,
+                    storage,
+                    listOf(mce),
+                    app,
+                    DatabaseQueryType.READ.toString()
+                )
+            // data flows from first argument to op
+            mce.arguments.firstOrNull()?.addNextDFG(op)
+
+            // and towards the DFG target(s) of the call
+            mce.nextDFG.forEach { op!!.addNextDFG(it) }
+        }
+
+        if (mce.name == "delete_one" || mce.name == "delete_many") {
+            op =
+                createDatabaseQuery(
+                    t,
+                    true,
+                    connect,
+                    storage,
+                    listOf(mce),
+                    app,
+                    DatabaseQueryType.DELETE.toString()
+                )
+            // data flows from first argument to op
+            mce.arguments.firstOrNull()?.addNextDFG(op)
+
+            // and towards the DFG target(s) of the call
+            mce.nextDFG.forEach { op!!.addNextDFG(it) }
+        }
+
+        if (mce.name == "update_one" || mce.name == "update_many") {
+            op =
+                createDatabaseQuery(
+                    t,
+                    true,
+                    connect,
+                    storage,
+                    listOf(mce),
+                    app,
+                    DatabaseQueryType.UPDATE.toString()
+                )
             // data flows from first argument to op
             mce.arguments.firstOrNull()?.addNextDFG(op)
 

cloudpg/src/main/java/io/clouditor/graph/passes/python/PythonFileWritePass.kt

@@ -0,0 +1,34 @@
+package io.clouditor.graph.passes.python
+
+import de.fraunhofer.aisec.cpg.ExperimentalPython
+import de.fraunhofer.aisec.cpg.TranslationResult
+import de.fraunhofer.aisec.cpg.graph.Node
+import de.fraunhofer.aisec.cpg.graph.statements.expressions.MemberCallExpression
+import de.fraunhofer.aisec.cpg.processing.IVisitor
+import de.fraunhofer.aisec.cpg.processing.strategy.Strategy
+import io.clouditor.graph.findApplicationByTU
+import io.clouditor.graph.passes.FileWritePass
+
+@ExperimentalPython
+class PythonFileWritePass: FileWritePass() {
+    override fun accept(t: TranslationResult) {
+        for (tu in t.translationUnits) {
+            tu.accept(
+                Strategy::AST_FORWARD,
+                object : IVisitor<Node?>() {
+                    fun visit(r: MemberCallExpression) {
+                        // look for write() call
+                        if (r.name == "write") {
+                            createFileWrite(t, r, t.findApplicationByTU(tu))
+                        }
+                    }
+                }
+            )
+        }
+    }
+
+    override fun cleanup() {
+        // Nothing to do
+    }
+
+}

cloudpg/src/main/java/io/clouditor/graph/passes/python/RequestsPass.kt

@@ -29,6 +29,10 @@ class RequestsPass : HttpClientPass() {
                             handleClientRequest(tu, t, r, "GET")
                         } else if (r.name == "post" && r.base.name == "requests") {
                             handleClientRequest(tu, t, r, "POST")
+                        } else if (r.name == "delete" && r.base.name == "requests") {
+                            handleClientRequest(tu, t, r, "DELETE")
+                        } else if (r.name == "put" && r.base.name == "requests") {
+                            handleClientRequest(tu, t, r, "PUT")
                         }
                     }
                 }

cloudpg/src/main/java/io/clouditor/graph/utils/DatabaseQueryType.kt

@@ -0,0 +1,9 @@
+package io.clouditor.graph.utils
+
+enum class DatabaseQueryType {
+    CREATE,
+    READ,
+    UPDATE,
+    DELETE,
+    UNKNOWN
+}