Unfinished loading finding descriptions in LSP #263

fwendland · 2021-09-16T07:20:08Z

When using the LSP interface with Eclipse the findingDescription.json isn't fully loaded and parsed, before it's used.

Here is an excerpt from a log file:

19:16:20,710 INFO AnalysisServer Registering builtin de.fraunhofer.aisec.codyze.crymlin.builtin.SplitDisjoint
//...
19:16:21,143 INFO AnalysisServer LSP server started
19:16:21,144 INFO AnalysisServer Parsing MARK files in /opt/codyze/mark
19:16:21,642 INFO CpgDocumentService Handling didOpen for file: file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
19:16:21,643 DEBUG CpgDocumentService Starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
19:16:21,644 DEBUG CpgDocumentService Really starting analysis of file file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java
// ...
19:16:23,503 INFO AnalysisServer Loading MARK from directory /opt/codyze/mark
19:16:23,527 INFO AnalysisServer Loading MARK file /opt/codyze/mark/bouncycastle/KeyGenerator.mark
// ...
19:16:25,970 INFO AnalysisServer Loaded 60 entities and 40 rules.
19:16:25,971 INFO FindingDescription Parsing MARK description file from /opt/codyze/mark/findingDescription.json
//...
19:16:26,854 INFO Evaluator Got 8 findings in analysis context: [Rule ID_4_01 verified, Rule ID_2_1_2_3_01 violated, Rule ID_2_1_3_01 verified, Rule ID_2_01 verified, Rule BouncyCastleProvider_MessageDigest violated, Rule BouncyCastleProvider_SecureRandom violated, Rule ID_2_1_01 verified, Rule BouncyCastleProvider_Cipher violated]
19:16:26,855 INFO CpgDocumentService Analysis for file:///home/aisec/dev/ews-2021-06-codyze/Java-Demo/src/de/frauhofer/aisec/codyze/demo/Main.java done. Returning 8 findings.
19:16:26,856 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:26,857 INFO CpgDocumentService Finding short description: null
19:16:27,415 INFO FindingDescription Loaded 68 description(s)
19:16:27,415 DEBUG FindingDescription Descriptions:
{InvalidProvider_AlgorithmParameterGenerator=de.fraunhofer.aisec.codyze.analysis.FindingDescription$FindingDescriptionItem@63b2418e, /* ... */}

Seemingly, the CpgDocumentService access the finding descriptions before they are fully parsed and available through FindingDescription. This method

codyze/src/main/java/de/fraunhofer/aisec/codyze/analysis/FindingDescription.kt

Line 47 in ec0dd43

    
           val map = mapper.readValue<Map<String, FindingDescriptionItem>>(descriptionFile)

appears to finish evaluation too late.

This might be caused by some threaded execution and insufficent synchronisation.

The text was updated successfully, but these errors were encountered:

oxisto · 2021-09-17T18:06:55Z

Using the LSP-based plugin for VScode seems to work flawlessly. Is this somehow related to something Eclipse-specific?

fwendland · 2021-09-20T07:17:50Z

Maybe. I'm gone test some more.

fwendland added the bug Something isn't working label Sep 16, 2021

fwendland added this to the 2.0.0 milestone Sep 16, 2021

fwendland removed this from the 2.x.y milestone Dec 27, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unfinished loading finding descriptions in LSP #263

Unfinished loading finding descriptions in LSP #263

fwendland commented Sep 16, 2021

oxisto commented Sep 17, 2021

fwendland commented Sep 20, 2021

Unfinished loading finding descriptions in LSP #263

Unfinished loading finding descriptions in LSP #263

Comments

fwendland commented Sep 16, 2021

oxisto commented Sep 17, 2021

fwendland commented Sep 20, 2021