Merge pull request #10 from secure-software-engineering/qwel-xml-export

Export QWEL XML file

Author: oshando

swan_assist/README.md

@@ -13,37 +13,51 @@ The tool helps users that write static analyses to create list of SWAN for their
 Moreover, users can manually inspect the proper usage of the methods detected by SWAN. 
 
 
-## Setting Up the Plugin
+## Downloading the Project
 
-The project can be downloaded using any of the methods below.  the project using either of the following methods:
-##### Method 1: Cloning Project 
-1) Select the **File>Project from Version Control>Git** option, enter the repository’s URL and then select **Clone** to import the project.
-2) Go to **File>Project Structure** to edit the project settings. 
-    3) For **Project SDK**, select the most recent Java SDK version.
-    4) Select **Modules** from the left panel/
-        1) Click the **Add** button and then **Import Module**. 
-        2) In the window that appears, open the ``/swan_assist`` directory of the project.
+The project can be downloaded using either of the following methods:
 
-##### Method 2: Downloading Project
-1) Download the project from Github and then use the **File>Project from Existing Resources** from the menu to import the project. 
-2) Select the ``/swan_assist`` directory in the downloaded project's root folder and select **Open**.
+##### Method 1: Cloning the Project 
+1) Select the **File>Project from Version Control>Git** option, enter the repository’s URL and then select **Clone** to import the project. The project will contain the following directories: ``swan_core`` (SWAN core application), ``swan_assist`` (IntelliJ Plugin) and ``swan_datasets`` (datasets for the research paper).
+2) To configure the project settings and modules, go to **File>Project Structure**. 
+3) For **Project SDK**, select the corresponding Java SDK version.
+4) Select **Modules** from the left panel and remove the existing module that was automatically created.
+5) Click the **Add** button and then **Import Module** to create the SWAN Core module. Follow the steps in the [Setting up the Project Modules](https://github.com/secure-software-engineering/swan/tree/master/swan_assist#setting-up-the-project-modules) section to finish configuring the core module as well as the plugin module.
 
-##### Importing Project Module
-After following the steps of either Method 1 or 2, the **Import Module** dialog will appear. Follow the steps below to setup the project module.
-1) Select **Import module from external module** and then the **Gradle** option.
-2) Select the **Use auto-import** option. 
-3) If the correct Gradle JVM isn’t selected, you can change it. 
+		
+##### Method 2: Downloading Project ZIP
+1) Download and extract the project resources from GitHub.
+2) In Intellij, use the **File>Project from Existing Resources** to import the project modules. This can also be done from the IntelliJ start screen.  
+3) Follow the steps in the [Setting up the Project Modules](https://github.com/secure-software-engineering/swan/tree/master/swan_assist#setting-up-the-project-modules) section to finish configuring the core module as well as the plugin module.
 
-The module should then be built. 
+## Setting up the Project Modules
 
+##### SWAN Core
+1) In the window that appears, open the ``/swan_core`` directory of the project. 
+2) Select the **Import module from external Model** radio button and also select **Maven**. 
+3) The default settings in the dialogs that appear can be used. 
+4) Close the **Project Settings** dialog so that IntelliJ will index the new project module.
+
+##### SWAN Assist
+1) Return to the **Project Structure** dialog and Select **Modules** from the left panel.
+2) Click the **Add** button and then **Import Module**. 
+3) In the window that appears, open the ``/swan_assist`` directory. Select the **Import module from external Model** radio button and also select **Gradle**. 
+4) The default settings in the dialogs that appear can be used. The plugin module should now be indexed. 
+
+The core and plugin modules should now be imported. 
 
 ## Running the Plugin
-To run the plugin:
 
-1) Select the **Run Configuration** drop down menu and select **Edit Configurations** or from the **Run** menu select **Edit Configurations**. 
+The plugin uses ``swan_core`` dependency from [Maven Central](https://mvnrepository.com/artifact/de.upb.cs.swt/swan_core). If the version in the plugin's ``build.gradle`` file is not available on Maven Central, perform the following steps:
+1) Run the Maven ``install`` command of the ``swan_core`` project from the console or using the Maven Plugin.
+2) Add ``mavenLocal()`` in the ``repositories`` section of the ``build.gradle`` file. The locally installed library can now be use by the plugin.
+
+##### To run the plugin:
+
+1) Select the **Run Configuration** drop down menu and select **Edit Configurations** or from the **Run** menu, select **Edit Configurations**. 
 2) Click the **Add** button and select **Gradle**. 
-3) Select the **swan_assist** Gradle module that was just created and enter ``:runIde`` as the value for **Tasks** - this tasks will run the plugin in a new instance of IntelliJ. 
-4) When the new instance of IntelliJ launches, use the open option to select the project found in ``/test-project`` directory. You may need to set a project SDK, if one isn’t automatically configured. 
+3) Select the **swan_assist** Gradle module that was just created and enter ``:runIde`` as the value for **Tasks** - this task will run the plugin in a new instance of IntelliJ. The plugin can also be executed using the Gradle Plugin in IntelliJ: Open the Gradle Tool Window, expand the ``intellij`` task and double click on ``runIde``. The other tasks can be used as necessary.
+4) When the new instance of IntelliJ launches, use the open option to select the project found in ``/test-project`` directory. You may need to set a project SDK, if one isn’t automatically configured for the project. 
 
 Logs for the plugin will appear in the initial instance of IntelliJ.
 

swan_assist/build.gradle

@@ -1,33 +1,33 @@
 plugins {
-    id 'java'
     id 'org.jetbrains.intellij' version '0.4.8'
+    id 'java'
 }
 
 group 'de.fraunhofer'
-version '1.0-SNAPSHOT'
+version '1.1'
 
 sourceCompatibility = 1.8
 
 repositories {
     mavenCentral()
+    mavenLocal()
 }
 
 dependencies {
     compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1'
-    compile group:'de.upb.cs.swt', name: 'swan_core', version: '1.3.0'
+    compile group:'de.upb.cs.swt', name: 'swan_core', version: '1.4.0'
     compile group: 'ca.mcgill.sable', name: 'soot', version: '3.3.0'
     compile group: 'org.slf4j', name: 'slf4j-api', version: '1.7.5'
     compile group: 'org.slf4j', name: 'slf4j-simple', version : '1.7.5'
-    testCompile group: 'junit', name: 'junit', version: '4.12'
 }
 
 intellij {
     version '2018.3.6'
-    intellij.updateSinceUntilBuild false
 }
 
 patchPluginXml {
-    changeNotes """
-      Add change notes here.<br>
-      <em>most HTML tags may be used</em>"""
+    changeNotes "Initial release of the SWAN_Assist plugin: <br>add, delete and update methods of interest list" +
+            "<br>- suggest methods" +
+            "<br>- filter list" +
+            "<br>- import and export configuration file"
 }

swan_assist/src/main/resources/META-INF/plugin.xml

@@ -1,22 +1,30 @@
 <idea-plugin>
-    <id>de.fraunhofer.swan_assist</id>
+    <id>de.fraunhofer.iem.swan_assist</id>
     <name>SWAN_Assist</name>
     <vendor email="support@iem.fraunhofer.de" url="https://www.iem.fraunhofer.de/">Fraunhofer IEM</vendor>
 
-    <description>IDE support for the identification of configured methods for static analyses</description>
+    <description> SWAN_Assist provides a GUI support for SWAN -a machine-learning approach for detection of
+        methods of interest for security in Java libraries. The user is able to interact with the learning
+        process by giving feedback on the methods of interest. The tool helps users that write static analyses
+        to create list of security methods for weakness detection for their specific Java libraries.
+        Users can manually inspect the proper usage of the methods detected by SWAN.
+    </description>
 
     <!-- please see http://www.jetbrains.org/intellij/sdk/docs/basics/getting_started/plugin_compatibility.html
          on how to target different products -->
-    <!-- uncomment to enable plugin in all products
+    <!-- uncomment to enable plugin in all products-->
     <depends>com.intellij.modules.lang</depends>
-    -->
+    <depends>com.intellij.modules.java</depends>
+
 
     <idea-version since-build="181"/>
 
     <extensions defaultExtensionNs="com.intellij">
         <codeInsight.lineMarkerProvider language="JAVA"
                                         implementationClass="de.fraunhofer.iem.swan.assist.ui.markers.ErrorLineMarker"/>
         <toolWindow id="SWAN_Assist" anchor="right" factoryClass="de.fraunhofer.iem.swan.assist.ui.SummaryToolWindow" icon="PluginIcons.SWAN_ASSIST"/>
+        <applicationService serviceInterface="de.fraunhofer.iem.swan.assist.ui.LoggerService"
+                            serviceImplementation="de.fraunhofer.iem.swan.assist.ui.impl.LoggerServiceImpl"/>
     </extensions>
 
     <actions>
@@ -59,7 +67,7 @@
             </action>
         </group>
 
-        <group id="SWAN_Assist.MethodActionGroup" class="de.fraunhofer.iem.swan.assist.actions.method.MethodActionGroup" text="Method"
+        <group id="SWAN_Assist.MethodActionGroup" class="de.fraunhofer.iem.swan.assist.actions.method.MethodActionGroup" text="Method Options"
                popup="true" icon="PluginIcons.FILTER_ACTION">
 
         </group>
@@ -88,7 +96,7 @@
             </action>
 
             <action id="SWAN_Assist.MethodListAction" class="de.fraunhofer.iem.swan.assist.actions.method.MethodListAction"
-                    text="View Methods List" >
+                    text="View Methods List">
             </action>
             <separator/>
             <action id="SWAN_Assist.Editor.ImportAction" class="de.fraunhofer.iem.swan.assist.actions.ImportAction"

swan_assist/src/main/resources/config.properties

@@ -1,6 +1,6 @@
 log_suffix = _swanassist_log.txt
 output_dir_name = swan-assist
-output_json_suffix = output.json
+output_json_suffix = swan_results.json
 input_json_suffix = config_input.json
 train_config_file = trainingmethods.json
 swan_default_param_value = internal

swan_assist/src/main/resources/swan_core_config.properties

@@ -1 +1,2 @@
-output_train_arff_data = false
+output_train_arff_data = false
+output_file_name = swan_results

swan_assist/test-project/scheduler-methods.json

@@ -1,34 +1,5 @@
 {
   "methods":[
-    {
-      "securityLevel":"none",
-      "cwe":[
-      ],
-      "dataOut":{
-        "parameters":[
-
-        ],
-        "return":false
-      },
-      "framework":"",
-      "discovery":"",
-      "name":"com.example.scheduler.testproject.Utils.hashPassword",
-      "link":"",
-      "comment":"",
-      "type":[
-        "sanitizer"
-      ],
-      "parameters":[
-        "java.lang.String"
-      ],
-      "return":"java.lang.String",
-      "dataIn":{
-        "parameters":[
-
-        ],
-        "return":false
-      }
-    },
     {
       "securityLevel":"none",
       "cwe":[
@@ -716,7 +687,7 @@
       },
       "framework":"",
       "discovery":"",
-      "name":"com.example.scheduler.testproject.ExampleSQLiOpenRedirect.encodeforSQL",
+      "name":"com.example.scheduler.testproject.Utils.encodeForSQL",
       "link":"",
       "comment":"",
       "type":[

swan_core/pom.xml

@@ -6,7 +6,7 @@
 	<groupId>de.upb.cs.swt</groupId>
 	<artifactId>swan_core</artifactId>
 	<packaging>jar</packaging>
-	<version>1.3.0</version>
+	<version>1.4.0</version>
 
 	<name>SWAN Weakness Detector</name>
 	<description>SWAN is a machine-learning approach for detection of methods of interest for security in Java libraries.</description>
@@ -72,7 +72,12 @@
 			<artifactId>json-simple</artifactId>
 			<version>1.1.1</version>
 		</dependency>
-	</dependencies>
+        <dependency>
+            <groupId>org.jdom</groupId>
+            <artifactId>jdom2</artifactId>
+            <version>2.0.6</version>
+        </dependency>
+    </dependencies>
 
 	<distributionManagement>
 		<snapshotRepository>

swan_core/src/main/java/de/fraunhofer/iem/swan/Learner.java

@@ -16,6 +16,7 @@
 
 import de.fraunhofer.iem.swan.data.Category;
 import de.fraunhofer.iem.swan.data.Method;
+import de.fraunhofer.iem.swan.util.SwanConfig;
 import weka.classifiers.Evaluation;
 import weka.classifiers.bayes.BayesNet;
 import weka.classifiers.bayes.NaiveBayes;
@@ -214,22 +215,8 @@ else if (WEKA_LEARNER_ALL.equals("Logistic"))
                 throw new Exception("Wrong WEKA learner!");
             // System.out.println("Classifier created: " + WEKA_LEARNER_ALL);
 
-            Properties config = new Properties();
-            InputStream input = getClass().getClassLoader().getResourceAsStream("swan_core_config.properties");;
-
-            try {
-                config.load(input);
-            } catch (IOException e) {
-                e.printStackTrace();
-            } finally {
-                if (input != null) {
-                    try {
-                        input.close();
-                    } catch (IOException e) {
-                        e.printStackTrace();
-                    }
-                }
-            }
+            SwanConfig swanConfig = new SwanConfig();
+            Properties config = swanConfig.getConfig();
 
             if (Boolean.parseBoolean(config.getProperty("output_train_arff_data"))) {
                 // Save arff data.
@@ -242,7 +229,6 @@ else if (WEKA_LEARNER_ALL.equals("Logistic"))
                 fileName = fileName.replace(", ", "_");
                 saver.setFile(new File("Train_" + fileName + ".arff"));
                 saver.writeBatch();
-
             }
 
             //System.out.println( "Arff data saved at: " + saver.retrieveFile().getCanonicalPath());