├── owl2java ├── .gitkeep ├── .gitignore ├── settings.gradle ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── src │ └── main │ │ └── kotlin │ │ └── io │ │ └── clouditor │ │ └── graph │ │ ├── Properties.kt │ │ └── GoStruct.kt ├── build.gradle.kts └── README.md ├── settings.gradle.kts ├── jitpack.yml ├── .vscode └── settings.json ├── figures └── propertygraphs.png ├── cloudpg ├── src │ └── main │ │ ├── java │ │ └── io │ │ │ └── clouditor │ │ │ └── graph │ │ │ ├── Test.java │ │ │ ├── nodes │ │ │ ├── HasLabels.kt │ │ │ ├── labels │ │ │ │ ├── DataLabel.kt │ │ │ │ ├── Identifier.kt │ │ │ │ ├── PseudoIdentifier.kt │ │ │ │ ├── GenericLabel.kt │ │ │ │ ├── PrivacyLabel.kt │ │ │ │ └── Label.kt │ │ │ ├── Builder.kt │ │ │ ├── Compute.kt │ │ │ ├── Signature.java │ │ │ ├── Database.kt │ │ │ └── Holder.kt │ │ │ ├── passes │ │ │ ├── CloudResourceDiscoveryPass.kt │ │ │ ├── HttpStatusCodesPass.kt │ │ │ └── python │ │ │ │ └── PythonLogPass.kt │ │ │ ├── docker │ │ │ └── DockerCompose.kt │ │ │ ├── testing │ │ │ └── TestConfig.kt │ │ │ ├── github │ │ │ └── Workflow.kt │ │ │ └── frontends │ │ │ └── ruby │ │ │ └── DeclarationHandler.kt │ │ └── resources │ │ └── log4j2.xml └── settings.gradle.kts ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── ppg-testing-library ├── Linkability │ ├── L3-linkability-of-inbound-data │ │ ├── Go-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ ├── Python-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ │ ├── Python │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ │ └── Go │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ ├── README.md │ │ │ └── server.go │ ├── L6-linkability-of-stored-data │ │ ├── Python │ │ │ ├── config.yml │ │ │ ├── client.py │ │ │ ├── README.md │ │ │ └── server.py │ │ ├── Python-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ │ ├── Go-validation │ │ │ ├── README.md │ │ │ ├── config.yml │ │ │ └── client.go │ │ └── Go │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ └── README.md │ ├── L7-linkability-of-retrieved-data │ │ ├── Go │ │ │ ├── client2.go │ │ │ ├── config.yml │ │ │ ├── client1.go │ │ │ └── README.md │ │ ├── Go-validation │ │ │ ├── README.md │ │ │ ├── client2.go │ │ │ ├── config.yml │ │ │ └── client1.go │ │ ├── Python-validation │ │ │ ├── README.md │ │ │ ├── client2.py │ │ │ ├── config.yml │ │ │ ├── client1.py │ │ │ └── server.py │ │ └── Python │ │ │ ├── client2.py │ │ │ ├── config.yml │ │ │ ├── client1.py │ │ │ ├── README.md │ │ │ └── server.py │ └── L5-linkability-of-shared-data │ │ ├── Go-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── client.go │ │ ├── third-party.go │ │ └── server.go │ │ ├── Python-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── client.py │ │ ├── third-party.py │ │ └── server.py │ │ ├── Go │ │ ├── config.yml │ │ ├── client.go │ │ ├── server.go │ │ ├── README.md │ │ └── third-party.go │ │ └── Python │ │ ├── config.yml │ │ ├── client.py │ │ ├── README.md │ │ ├── third-party.py │ │ └── server.py ├── Disclosure │ └── unencrypted-transmission │ │ ├── Go │ │ ├── config.yml │ │ ├── README.md │ │ ├── client.go │ │ └── server.go │ │ ├── Python │ │ ├── config.yml │ │ ├── server.py │ │ ├── README.md │ │ └── client.py │ │ ├── Go-validation │ │ ├── config.yml │ │ ├── README.md │ │ ├── client.go │ │ └── server.go │ │ └── Python-validation │ │ ├── config.yml │ │ ├── README.md │ │ ├── server.py │ │ └── client.py ├── Detectability │ ├── D2-detectable-communication │ │ ├── Go │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ ├── README.md │ │ │ └── server.go │ │ ├── Python │ │ │ ├── config.yml │ │ │ ├── server.py │ │ │ ├── client.py │ │ │ └── README.md │ │ ├── Go-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ └── Python-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ ├── D5-detectable-at-retrieval │ │ ├── Go │ │ │ ├── client2.go │ │ │ ├── config.yml │ │ │ ├── client1.go │ │ │ └── README.md │ │ ├── Go-validation │ │ │ ├── README.md │ │ │ ├── config.yml │ │ │ └── client.go │ │ ├── Python-validation │ │ │ ├── README.md │ │ │ ├── config.yml │ │ │ ├── client.py │ │ │ └── server.py │ │ └── Python │ │ │ ├── config.yml │ │ │ ├── client2.py │ │ │ ├── client1.py │ │ │ ├── README.md │ │ │ └── server.py │ └── D4-detectable-at-storage │ │ ├── Go-validation │ │ ├── README.md │ │ ├── config.yml │ │ └── client.go │ │ ├── Go │ │ ├── config.yml │ │ ├── client.go │ │ └── README.md │ │ ├── Python │ │ ├── config.yml │ │ ├── client.py │ │ ├── README.md │ │ └── server.py │ │ └── Python-validation │ │ ├── config.yml │ │ ├── README.md │ │ ├── client.py │ │ └── server.py ├── Non-Repudiation │ ├── NR2-non-repudiation-of-sending │ │ ├── Go-Logging │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ ├── README.md │ │ │ └── server.go │ │ ├── Python-Logging │ │ │ ├── config.yml │ │ │ ├── client.py │ │ │ ├── README.md │ │ │ └── server.py │ │ ├── Go-DigitalSignature │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ ├── Go-Logging-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ ├── Python-DigitalSignature │ │ │ ├── config.yml │ │ │ ├── server.py │ │ │ ├── README.md │ │ │ └── client.py │ │ ├── Python-Logging-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ │ ├── Go-DigitalSignature-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ └── Python-DigitalSignature-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── server.py │ │ │ └── client.py │ ├── NR5-non-repudiation-of-retrieved-data │ │ ├── Go-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── client.go │ │ ├── Python-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── server.py │ │ ├── Go-DigitalSignature │ │ │ ├── client2.go │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── client.go │ │ └── Python-DigitalSignature │ │ │ ├── client2.py │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── server.py │ │ │ └── client.py │ └── NR4-non-reputable-storage │ │ ├── Go-DigitalSignature-validation │ │ ├── README.md │ │ ├── config.yml │ │ └── client.go │ │ ├── Python-DigitalSignature-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── server.py │ │ └── client.py │ │ ├── Go-DigitalSignature │ │ ├── config.yml │ │ ├── README.md │ │ └── client.go │ │ └── Python-DigitalSignature │ │ ├── config.yml │ │ ├── README.md │ │ ├── server.py │ │ └── client.py ├── Unawareness │ ├── U4-no-erasure-or-rectification │ │ ├── Go-missing-PUT │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ └── README.md │ │ ├── Go-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── client.go │ │ ├── Go-missing-DELETE │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── client.go │ │ ├── Python-validation │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── config.yml │ │ ├── Python-missing-PUT │ │ │ ├── client.py │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── server.py │ │ └── Python-missing-DELETE │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ └── U3-no-access-or-portability │ │ ├── Go │ │ ├── config.yml │ │ ├── client.go │ │ ├── README.md │ │ └── server.go │ │ ├── Python │ │ ├── config.yml │ │ ├── client.py │ │ ├── README.md │ │ └── server.py │ │ ├── Go-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── client.go │ │ └── server.go │ │ └── Python-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── client.py │ │ └── server.py ├── Identifiability │ ├── I3-identifying-inbound-data │ │ ├── Go │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ ├── Python │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── server.py │ │ │ └── client.py │ │ ├── Go-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.go │ │ │ └── server.go │ │ └── Python-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ ├── I6-identifying-stored-data │ │ ├── Python │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ │ ├── Python-validation │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ ├── client.py │ │ │ └── server.py │ │ ├── Go-validation │ │ │ ├── README.md │ │ │ ├── config.yml │ │ │ └── client.go │ │ └── Go │ │ │ ├── config.yml │ │ │ ├── README.md │ │ │ └── client.go │ ├── I5-identifying-shared-data │ │ ├── Go-validation │ │ │ ├── README.md │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ ├── server.go │ │ │ └── third-party.go │ │ ├── Python-validation │ │ │ ├── README.md │ │ │ ├── config.yml │ │ │ ├── client.py │ │ │ ├── third-party.py │ │ │ └── server.py │ │ ├── Go │ │ │ ├── config.yml │ │ │ ├── client.go │ │ │ ├── README.md │ │ │ ├── server.go │ │ │ └── third-party.go │ │ └── Python │ │ │ ├── config.yml │ │ │ ├── client.py │ │ │ ├── README.md │ │ │ ├── third-party.py │ │ │ └── server.py │ └── I7-identifying-retrieved-data │ │ ├── Go-validation │ │ ├── README.md │ │ ├── client2.go │ │ ├── config.yml │ │ └── client1.go │ │ ├── Go │ │ ├── client2.go │ │ ├── config.yml │ │ ├── client1.go │ │ └── README.md │ │ ├── Python-validation │ │ ├── README.md │ │ ├── client2.py │ │ ├── config.yml │ │ ├── client1.py │ │ └── server.py │ │ └── Python │ │ ├── config.yml │ │ ├── client2.py │ │ ├── client1.py │ │ ├── README.md │ │ └── server.py └── Policy-Non-Compliance │ ├── NC5-disproportionate-storage-wo-processing │ ├── Python-validation │ │ ├── config.yml │ │ ├── README.md │ │ ├── client2.py │ │ ├── client.py │ │ └── server.py │ ├── Go-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── client2.go │ │ └── client.go │ ├── Go │ │ ├── config.yml │ │ ├── README.md │ │ └── client.go │ └── Python │ │ ├── config.yml │ │ ├── client.py │ │ ├── README.md │ │ └── server.py │ ├── NC1-disproportionate-collection │ ├── Go-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── server.go │ │ └── client.go │ ├── Python-validation │ │ ├── README.md │ │ ├── config.yml │ │ ├── client.py │ │ └── server.py │ ├── Go │ │ ├── config.yml │ │ ├── README.md │ │ ├── server.go │ │ └── client.go │ └── Python │ │ ├── config.yml │ │ ├── client.py │ │ ├── README.md │ │ └── server.py │ └── NC5-disproportionate-storage-wo-retrieval │ ├── Go-validation │ ├── README.md │ ├── config.yml │ ├── client2.go │ └── client.go │ ├── Python-validation │ ├── README.md │ ├── client2.py │ ├── config.yml │ ├── client.py │ └── server.py │ ├── Go │ ├── config.yml │ ├── README.md │ └── client.go │ └── Python │ ├── config.yml │ ├── client.py │ ├── README.md │ └── server.py ├── .gitattributes ├── .gitignore └── .github └── workflows └── build.yml /owl2java/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /owl2java/.gitignore: -------------------------------------------------------------------------------- 1 | output 2 | 3 | -------------------------------------------------------------------------------- /settings.gradle.kts: -------------------------------------------------------------------------------- 1 | include(":cloudpg") 2 | -------------------------------------------------------------------------------- /owl2java/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'owl2java' 2 | 3 | -------------------------------------------------------------------------------- /jitpack.yml: -------------------------------------------------------------------------------- 1 | before_install: 2 | - ./build-ontology.sh 3 | jdk: 4 | - openjdk11 5 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "java.configuration.updateBuildConfiguration": "interactive" 3 | } -------------------------------------------------------------------------------- /figures/propertygraphs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clouditor/cloud-property-graph/HEAD/figures/propertygraphs.png -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/Test.java: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph; 2 | 3 | 4 | 5 | public class Test { 6 | } 7 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clouditor/cloud-property-graph/HEAD/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /owl2java/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clouditor/cloud-property-graph/HEAD/owl2java/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/HasLabels.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes 2 | 3 | interface HasLabels { 4 | 5 | var labels: Map 6 | } 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: https://test.com -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-missing-PUT/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # 2 | # https://help.github.com/articles/dealing-with-line-endings/ 3 | # 4 | # These are explicitly windows files and should use crlf 5 | *.bat text eol=crlf 6 | 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: https://test.com -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | http.Get("http://test.com/getdata?name=client2name") 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: db 6 | name: mongo -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/passes/CloudResourceDiscoveryPass.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.passes 2 | 3 | import de.fraunhofer.aisec.cpg.passes.Pass 4 | 5 | abstract class CloudResourceDiscoveryPass : Pass() {} 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I3 Identifying Shared Data -- Go 2 | - Expected test outcome: No Identifying Shared Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | name: mongo -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/labels/DataLabel.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes.labels 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | 5 | open class DataLabel(labeledNode: Node) : Label(labeledNode) {} 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D2 Detectable Communication -- Go Validation 2 | - Expected test outcome: No Detectable Communication threat should be detected. -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D4 Detectable at Storage -- Go Validation 2 | - Expected test outcome: No Detectable at Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | http.Get("http://test.com/data?name=firstnamelastname") 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D5 Detectable at Retrieval -- Go Validation 2 | - Expected test outcome: No Detectable at Retrieval threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I3 Identifying Inbound Data -- Python 2 | - Expected test outcome: No Identifying Inbound Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I5 Identifying Shared Data -- Go Validation 2 | - Expected test outcome: No Identifying Shared Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I5 Identifying Stored Data -- Go Validation 2 | - Expected test outcome: No Identifying Stored Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Identifying Retrieved Data -- Go 2 | - Expected test outcome: No Identifying Retrieved Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | http.Get("http://test.com/data?Name=firstnamelastname") 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L3 Linkability of Inbound Data -- Go 2 | - Expected test outcome: No Linkability of Inbound Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U3 No Access Or Portability -- Go Validation 2 | - Expected test outcome: No No Access Or Portability threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D2 Detectable Communication -- Python Validation 2 | - Expected test outcome: No Detectable Communication threat should be detected. -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: db 6 | name: mongo 7 | storages: 8 | - userdata 9 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D5 Detectable at Retrieval -- Python Validation 2 | - Expected test outcome: No Detectable at Retrieval threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: Disclosure -- Unencrypted Transmission -- Go Validation 2 | - Expected test outcome: No Unencrypted Transmission threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I5 Identifying Stored Data -- Go Validation 2 | - Expected test outcome: No Identifying Stored Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Identifying Retrieved Data -- Python 2 | - Expected test outcome: No Identifying Retrieved Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L3 Linkability of Inbound Data -- Python 2 | - Expected test outcome: No Linkability of Inbound Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Go Validation 2 | - Threat description: No Non-Repudiation of Sending threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L6 Linkability of Stored Data -- Go Validation 2 | - Expected test outcome: No Linkability of Stored Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U3 No Access Or Portability -- Go Validation 2 | - Expected test outcome: No No Access Or Portability threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: Disclosure -- Unencrypted Transmission -- Go Validation 2 | - Expected test outcome: No Unencrypted Transmission threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I5 Identifying Shared Data -- Python Validation 2 | - Expected test outcome: No Identifying Shared Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: ID5 - Identifying Shared Data -- Python Validation 2 | - Threat description: No Non-Repudiation of Sending threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | directory: server 9 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go-validation/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | http.Get("http://other-domain.com/data?Name=firstnamelastname") 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | directory: client 7 | name: client 8 | - type: db 9 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L6 Linkability of Stored Data -- Python Validation 2 | - Expected test outcome: No Linkability of Stored Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Linkability of Retrieved Data -- Go Validation 2 | - Expected test outcome: No Linkability of Retrieved Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go-validation/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | http.Get("http://other-domain.com/data?name=firstnamelastname") 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-missing-DELETE/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U4 No Erasure Or Rectification -- Go Validation 2 | - Expected test outcome: No No Erasure Or Rectification threat should be detected here. 3 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: db 6 | name: mongo 7 | storages: 8 | - userdata 9 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: db 6 | name: mongo 7 | storages: 8 | - userdata 9 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Collection -- Go Validation 2 | - Expected test outcome: No Disproportionate Collection threat should be detected here. -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/docker/DockerCompose.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.docker 2 | 3 | data class DockerCompose(var version: String, var services: Map) 4 | 5 | data class Service(var image: String?, var ports: List) 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | directory: client 7 | name: client 8 | - type: db 9 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Linkability of Retrieved Data -- Python Validation 2 | - Expected test outcome: No Linkability of Retrieved Data threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-DigitalSignature/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | http.Get("http://test.com/data?name=firstnamelastname") 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Go Validation 2 | - Expected test outcome: No Disproportionate Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Go Validation 2 | - Expected test outcome: No Disproportionate Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U4 No Erasure Or Rectification -- Python Validation 2 | - Expected test outcome: No No Erasure Or Rectification threat should be detected here. 3 | -------------------------------------------------------------------------------- /owl2java/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client 7 | - type: db 8 | directory: server 9 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Go Logging Validation 2 | - Expected test outcome: No Non-Repudiation of Sending threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Go-DigitalSignature-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR4 Non-Reputable Storage -- Go Digital Signature Validation 2 | - Expected test outcome: No Non-Reputable Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Collection -- Python Validation 2 | - Expected test outcome: No Disproportionate Collection threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Go Validation 2 | - Expected test outcome: No Disproportionate Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Go Validation 2 | - Expected test outcome: No Disproportionate Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Python Logging Validation 2 | - Expected test outcome: No Non-Repudiation of Sending threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR4 Non-Reputable Storage -- Go Digital Signature Validation 2 | - Expected test outcome: No Non-Reputable Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR5 Non-Repudiation of Retrieved Data -- Go Validation 2 | - Expected test outcome: No Non-Repudiation of Retrieved Data should be detected here. 3 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR5 Non-Repudiation of Retrieved Data -- Python Validation 2 | - Expected test outcome: No Non-Repudiation of Retrieved Data should be detected here. 3 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Go Digital Signature Validation 2 | - Expected test outcome: No Non-Repudiation of Sending threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: third-party 6 | name: third-party 7 | host: third-party.com 8 | - type: client 9 | name: client -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Python Digital Signature Validation 2 | - Expected test outcome: No Non-Repudiation of Sending threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def get_data(): 6 | url = 'http://test.com/data' 7 | requests.get(url, params={"name": "name"}) 8 | 9 | if __name__ == '__main__': 10 | get_data() -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def get_data(): 6 | url = 'http://test.com/data' 7 | requests.get(url, params={"name": "name"}) 8 | 9 | if __name__ == '__main__': 10 | get_data() -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python-validation/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | requests.get(url) 8 | 9 | if __name__ == '__main__': 10 | query() 11 | 12 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python-validation/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | requests.get(url) 8 | 9 | if __name__ == '__main__': 10 | query() 11 | 12 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | directory: server 11 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: client 7 | name: client1 8 | - type: client 9 | name: client2 10 | - type: db 11 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: mongo 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | name: server 4 | host: test.com 5 | - type: client 6 | name: client1 7 | - type: client 8 | name: client2 9 | - type: db 10 | directory: server 11 | name: postgres -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python-validation/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def get_data(): 6 | url = 'http://other-domain.com/data' 7 | requests.get(url, params={"name": "name"}) 8 | 9 | if __name__ == '__main__': 10 | get_data() -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: client 7 | name: client1 8 | - type: client 9 | name: client2 10 | - type: db 11 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python-validation/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def get_data(): 6 | url = 'http://other-domain.com/data' 7 | requests.get(url, params={"name": "name"}) 8 | 9 | if __name__ == '__main__': 10 | get_data() -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: client 7 | name: client1 8 | - type: client 9 | name: client2 10 | - type: db 11 | name: mongo -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Go-DigitalSignature/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: mongo 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-DigitalSignature/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | requests.get(url, params={"data": "data"}) 8 | 9 | if __name__ == '__main__': 10 | query() 11 | 12 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: mongo 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: mongo 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | 4 | def query(): 5 | # @Identifier 6 | personal_data = {'name': 'name', 'password': 'password'} 7 | # the identifier is not sent anywhere 8 | 9 | if __name__ == '__main__': 10 | query() 11 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | 4 | def query(): 5 | # @Identifier 6 | personal_data = {'name': 'name', 'password': 'password'} 7 | # the identifier is not sent anywhere 8 | 9 | if __name__ == '__main__': 10 | query() 11 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | 4 | def query(): 5 | # @Identifier 6 | personal_data = {'name': 'name', 'password': 'password'} 7 | # the identifier is not sent anywhere 8 | 9 | if __name__ == '__main__': 10 | query() 11 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Go-DigitalSignature-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: mongo 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: mongo 9 | storages: 10 | - userdata 11 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python-validation/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D4 Detectable at Storage -- Python Validation 2 | - Threat description: The server offers an API to a database which leaks information about existing data. 3 | - Expected test outcome: No Detectable at Storage threat should be detected here. -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | //@Identifier 11 | identifier := url.Values{ 12 | "Name": {"firstname lastname"}, 13 | } 14 | http.PostForm("http://test.com/data", identifier) 15 | } 16 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/testing/TestConfig.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.testing 2 | 3 | data class TestConfig(var services: List) 4 | 5 | data class Service( 6 | var type: String, 7 | var directory: String?, 8 | var name: String, 9 | var host: String?, 10 | var storages: List? 11 | ) 12 | -------------------------------------------------------------------------------- /owl2java/src/main/kotlin/io/clouditor/graph/Properties.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph 2 | 3 | class Properties { 4 | var propertyType: String = "" 5 | var propertyName: String = "" 6 | var propertyProperty: String = "" 7 | var propertyDescription: String = "" 8 | var isRootClassNameResource = false 9 | var isInterface = false 10 | } -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | //@Identifier 11 | identifier := url.Values{ 12 | "Name": {"firstname lastname"}, 13 | } 14 | http.PostForm("http://test.com/data", identifier) 15 | } 16 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/labels/Identifier.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes.labels 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | 5 | class Identifier(labeledNode: Node) : PseudoIdentifier(labeledNode) { 6 | override fun areMergeable(l: Label): Boolean { 7 | return l::class == Identifier::class 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go/README.md: -------------------------------------------------------------------------------- 1 | ~~# Test Case Description: I3 Identifying Inbound Data -- Go 2 | - Threat description: A POST request with personal data is sent from client to server. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected~~ -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | //@Identifier 11 | identifier := url.Values{ 12 | "Name": {"firstname lastname"}, 13 | } 14 | http.PostForm("http://test.com/data", identifier) 15 | } 16 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "name": {"firstname lastname"}, 15 | } 16 | // the identifier is not sent anywhere 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go/client1.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | //@Identifier 9 | name := "firstname lastname" 10 | data := url.Values{ 11 | "Name": {name}, 12 | "Message": {"helloworld"}, 13 | } 14 | 15 | http.PostForm("http://test.com/data", data) 16 | } 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "name": {"firstname lastname"}, 15 | } 16 | // the identifier is not sent anywhere 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I3 Identifying Inbound Data -- Python 2 | - Threat description: A POST request with personal data is sent from client to server. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "name": {"firstname lastname"}, 15 | } 16 | // the identifier is not sent anywhere 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | 8 | #@PseudoIdentifier 9 | personal_data = {'name': 'firstname lastname'} 10 | requests.post(url, json = personal_data) 11 | 12 | if __name__ == '__main__': 13 | query() 14 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | 8 | personal_data = {'name': 'firstname lastname'} 9 | response = requests.post(url, data = personal_data) 10 | 11 | if __name__ == '__main__': 12 | query() 13 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/labels/PseudoIdentifier.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes.labels 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | 5 | open class PseudoIdentifier(labeledNode: Node) : DataLabel(labeledNode) { 6 | override fun areMergeable(l: Label): Boolean { 7 | return l::class == PseudoIdentifier::class 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/Builder.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | import io.clouditor.graph.Image 5 | 6 | /** 7 | * A builder represents something that builds an image or an application, i.e. a GitHub workflow. 8 | */ 9 | class Builder(val builds: MutableList = mutableListOf()) : Node() 10 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | 8 | #@PseudoIdentifier 9 | personal_data = {'name': 'firstname lastname'} 10 | requests.post(url, json = personal_data) 11 | 12 | if __name__ == '__main__': 13 | query() 14 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I6 Identifying Stored Data -- Go 2 | - Threat description: A POST request with personal data is sent from client to server which stored it in a database. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the server's database is detected 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I6 Identifying Stored Data -- Go 2 | - Threat description: A POST request with personal data is sent from client to server which stored it in a database. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the server's database is detected 6 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"hello world"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-PUT/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | 8 | #@PseudoIdentifier 9 | personal_data = {'name': 'firstname lastname'} 10 | requests.post(url, json = personal_data) 11 | 12 | if __name__ == '__main__': 13 | query() 14 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | //@Identifier 9 | identifier := url.Values{ 10 | "name": {"firstnamelastname"}, 11 | } 12 | http.PostForm("http://test.com/data", identifier) 13 | 14 | http.Get("http://test.com/data?name=firstnamelastname") 15 | } 16 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python/client2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def get_query(): 6 | #url = 'http://test.com/getdata' 7 | #requests.get(url, params={"name": "firstnamelastname"}) 8 | requests.get("http://test.com/getdata?name=firstnamelastname") 9 | 10 | if __name__ == '__main__': 11 | get_query() 12 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go/client1.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"hello world"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go/client1.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | func main() { 8 | //@Identifier 9 | identifier := url.Values{ 10 | "name": {"firstnamelastname"}, 11 | } 12 | http.PostForm("http://test.com/data", identifier) 13 | 14 | http.Get("http://test.com/data?name=firstnamelastname") 15 | } 16 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | //@Identifier 11 | name := "firstname lastname" 12 | data := url.Values{ 13 | "Name": {name}, 14 | "Message": {"helloworld"}, 15 | } 16 | 17 | http.PostForm("http://test.com/data", data) 18 | } 19 | 20 | -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/data", methods=['POST']) 8 | def collect_data(): 9 | content = request.json 10 | return "OK", 200 11 | 12 | if __name__ == '__main__': 13 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go-validation/client1.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@Identifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"hello world"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import json 4 | import requests 5 | 6 | def query(): 7 | url = 'http://test.com/data' 8 | #@Identifier 9 | personal_data = {'name': 'firstname lastname'} 10 | requests.post(url, json = personal_data) 11 | 12 | if __name__ == '__main__': 13 | query() 14 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/account", methods=['POST']) 8 | def account(): 9 | content = request.json 10 | return "OK", 200 11 | 12 | if __name__ == '__main__': 13 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go-validation/client1.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | func main() { 9 | //@PseudoIdentifier 10 | name := "firstname lastname" 11 | data := url.Values{ 12 | "Name": {name}, 13 | "Message": {"helloworld"}, 14 | } 15 | 16 | http.PostForm("http://test.com/data", data) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/data", methods=['POST']) 8 | def collect_data(): 9 | content = request.json 10 | return "OK", 200 11 | 12 | if __name__ == '__main__': 13 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import json 4 | import requests 5 | 6 | def query(): 7 | url = 'http://test.com/data' 8 | #@Identifier 9 | personal_data = {'name': 'firstname lastname'} 10 | requests.post(url, json = personal_data) 11 | 12 | if __name__ == '__main__': 13 | query() 14 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/account", methods=['POST']) 8 | def account(): 9 | content = request.json 10 | return "OK", 200 11 | 12 | if __name__ == '__main__': 13 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/account", methods=['POST']) 8 | def account(): 9 | content = request.json 10 | return "OK", 200 11 | 12 | if __name__ == '__main__': 13 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/account", methods=['POST']) 8 | def account(): 9 | content = request.json 10 | return "OK", 200 11 | 12 | if __name__ == '__main__': 13 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python/client1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() -------------------------------------------------------------------------------- /cloudpg/settings.gradle.kts: -------------------------------------------------------------------------------- 1 | /* 2 | * This file was generated by the Gradle 'init' task. 3 | * 4 | * The settings file is used to specify which projects to include in your build. 5 | * 6 | * Detailed information about configuring a multi-project build in Gradle can be found 7 | * in the user manual at https://docs.gradle.org/6.6.1/userguide/multi_project_builds.html 8 | */ 9 | 10 | rootProject.name = "cloud-property-graph" 11 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | query() 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | query() 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python/client1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def post_data(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | post_data() -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L3 Linkability Of Inbound Data -- Go 2 | - Threat description: A pseudo-identifier is sent to a server where they can be linked to other pseudo-identifiable data (which may be submitted via the same request). 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server is detected -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import json 4 | import requests 5 | 6 | def query(): 7 | url = 'test.com/data' 8 | #@Identifier 9 | name = "name" 10 | personal_data = { 11 | "Name": name, 12 | "Message": "hello world" 13 | } 14 | requests.post(url, json = personal_data) 15 | 16 | if __name__ == '__main__': 17 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "Name": {"firstname lastname"}, 15 | } 16 | _, err = http.PostForm("http://test.com/data", identifier) 17 | if err != nil { 18 | log.Fatal(err) 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D2 Detectable Communication -- Python 2 | - Threat description: A POST request with personal data is sent from client to server. This can be observed by other network participants, which then know that the person is using the service provided by the server. 3 | - Expected test outcome: 4 | - 1. The POST request is detected by another network participant -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/account' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "name": name, 11 | "password": "password" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L3 Linkability Of Inbound Data -- Python 2 | - Threat description: A pseudo-identifier is sent to a server where they can be linked to other pseudo-identifiable data (which may be submitted via the same request). 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server is detected -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | query() 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | 7 | app = Flask(__name__) 8 | 9 | @app.route("/data", methods=['POST']) 10 | def collect_data(): 11 | content = request.json 12 | return "OK", 200 13 | 14 | if __name__ == '__main__': 15 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python-validation/client1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def post_data(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | post_data() -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python/client1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def post_data(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | post_data() -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-DigitalSignature/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: client 7 | directory: client 8 | name: client 9 | - type: client 10 | name: client2 11 | - type: db 12 | directory: server 13 | name: mongo 14 | storages: 15 | - userdata 16 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go-validation/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | // a second client makes a get request to retrieve the data (which could also be another microservice in the backend) 9 | func query() { 10 | http.Get("http://test.com/data?name=firstnamelastname") 11 | } 12 | 13 | 14 | func main() { 15 | query() 16 | } 17 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-missing-PUT/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | // working query: MATCH p=(:Identifier)--()-[:DFG*]-(:HttpEndpoint) RETURN p 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "Name": {"firstname lastname"}, 15 | } 16 | http.PostForm("http://test.com/data", identifier) 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-DELETE/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-PUT/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def transfer_data(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | transfer_data() -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import json 4 | import requests 5 | 6 | def query(): 7 | url = 'test.com/data' 8 | #@Identifier 9 | name = "name" 10 | personal_data = { 11 | "Name": name, 12 | "Message": "hello world" 13 | } 14 | requests.post(url, json = personal_data) 15 | 16 | if __name__ == '__main__': 17 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Go Logging 2 | - Threat description: A message including personal data is sent from client to server where it is logged. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server is detected 6 | 3. The server's log operation of the tainted datum is detected -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go-validation/client2.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | // a second client makes a get request to retrieve the data (which could also be another microservice in the backend) 9 | func query() { 10 | http.Get("http://test.com/data?name=firstnamelastname") 11 | } 12 | 13 | 14 | func main() { 15 | query() 16 | } 17 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/Compute.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes 2 | 3 | import io.clouditor.graph.Container 4 | 5 | fun Container.isInSelector(selector: Map): Boolean { 6 | for (entry in selector.entries) { 7 | if (!labels.containsKey(entry.key) || labels[entry.key] != entry.value) { 8 | // fail fast 9 | return false 10 | } 11 | } 12 | 13 | return true 14 | } 15 | -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: Disclosure -- Unencrypted Transmission -- Go 2 | - Threat description: A POST request with personal data is sent from client to server without transport encryption. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected 6 | 3. The transport protocol is recognized as unencrypted -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python-validation/client1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def post_data(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | post_data() -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python-validation/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: db 7 | directory: server 8 | name: postgres 9 | storages: 10 | - userdata 11 | - otherdata 12 | - type: db 13 | directory: server 14 | name: mongo 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D2 Detectable Communication -- Go 2 | - Threat description: An identifier is sent from client to server. This can be observed by other network participants, which then know that the person is using the service provided by the server. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/getdata' 7 | #@PseudoIdentifier 8 | personal_data = {'name': 'firstnamelastname'} 9 | response = requests.post(url, data = personal_data) 10 | #requests.get("http://test.com/getdata?name=firstnamelastname") 11 | 12 | if __name__ == '__main__': 13 | query() 14 | -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: Disclosure -- Unencrypted Transmission -- Python 2 | - Threat description: A POST request with personal data is sent from client to server without transport encryption. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected 6 | 3. The transport protocol is recognized as unencrypted -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def transfer_data(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | 16 | if __name__ == '__main__': 17 | transfer_data() -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/data", methods=['POST']) 8 | def collect_data(): 9 | # content has tainted data 10 | content = request.json 11 | return "OK", 200 12 | 13 | if __name__ == '__main__': 14 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Python Logging 2 | - Threat description: A message including personal data is sent from client to server where it is logged. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server is detected 6 | 3. The server's log operation of the tainted datum is detected -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = "name" 9 | personal_data = { 10 | "Name": name, 11 | "Message": "hello world" 12 | } 13 | requests.post(url, json = personal_data) 14 | 15 | if __name__ == '__main__': 16 | query() 17 | 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import json 4 | import requests 5 | 6 | def query(): 7 | # Disclosure threat results from sending personal data to an http address 8 | url = 'http://test.com/data' 9 | # @PseudoIdentifier 10 | personal_data = {'name': 'firstname lastname'} 11 | requests.post(url, json = personal_data) 12 | 13 | if __name__ == '__main__': 14 | query() 15 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L6 Linkability of Stored Data -- Go 2 | - Threat description: A client sends a pseudo-identifier to a server where it is stored and can be linked to other pseudo-identifiable data (which may be submitted via the same request). 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server's database is detected -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = 'firstname lastname' 9 | data = 'helloworld' 10 | message = { 11 | 'name': name, 12 | 'data': data 13 | } 14 | requests.post(url, json = message) 15 | 16 | if __name__ == '__main__': 17 | query() 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/data", methods=['POST']) 8 | def collect_data(): 9 | # content has tainted data 10 | content = request.json 11 | return "OK", 200 12 | 13 | if __name__ == '__main__': 14 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-DigitalSignature/config.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - type: server 3 | directory: server 4 | name: server 5 | host: test.com 6 | - type: client 7 | directory: client 8 | name: client 9 | - type: client 10 | directory: client2 11 | name: client2 12 | - type: db 13 | directory: server 14 | name: postgres 15 | storages: 16 | - userdata 17 | - otherdata -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U3 No Access Or Portability -- Go 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored in a database and cannot be accessed by the client again. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server's database is detected 6 | 3. No GET access by the client is detected -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import json 4 | import requests 5 | 6 | def query(): 7 | # Disclosure threat results from sending personal data to an http address 8 | url = 'https://test.com/data' 9 | # @Pseudoidentifier 10 | personal_data = {'name': 'firstname lastname'} 11 | requests.post(url, json = personal_data) 12 | 13 | if __name__ == '__main__': 14 | query() 15 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I5 Identifying Shared Data -- Go 2 | - Threat description: A POST request with personal data is sent from client to server which shares it with a third party. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected 6 | 3. The flow of the tainted datum from the server to the third party is detected -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L6 Linkability of Stored Data -- Python 2 | - Threat description: A client sends a pseudo-identifier to a server where it is stored and can be linked to other pseudo-identifiable data (which may be submitted via the same request). 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server's database is detected -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Collection -- Go 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is not further processed in a meaningful way. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server is detected 6 | 3. No processing step of the tainted datum is detected at the server -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Pseudoidentifier 8 | name = 'firstname lastname' 9 | data = 'helloworld' 10 | message = { 11 | 'name': name, 12 | 'data': data 13 | } 14 | requests.post(url, json = message) 15 | 16 | if __name__ == '__main__': 17 | query() 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Collection -- Python 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is not further processed in a meaningful way. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server is detected 6 | 3. No processing step of the tainted datum is detected at the server -------------------------------------------------------------------------------- /owl2java/src/main/kotlin/io/clouditor/graph/GoStruct.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph 2 | 3 | class GoStruct(val name: String, val parentClass: String) { 4 | var objectProperties: List = listOf() 5 | var dataProperties: List = listOf() 6 | var resourceTypes: List = listOf() // e.g., BlockStorageType = []string {"BlockStorage", "Storage", "Resource"} 7 | 8 | var packageName: String? = null 9 | var structDescription: String? = null 10 | } -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | name = 'firstname lastname' 9 | data = 'helloworld' 10 | message = { 11 | 'name': name, 12 | 'data': data 13 | } 14 | requests.post(url, json = message) 15 | 16 | if __name__ == '__main__': 17 | query() 18 | -------------------------------------------------------------------------------- /cloudpg/src/main/resources/log4j2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import logging 5 | 6 | app = Flask(__name__) 7 | logging.basicConfig(level=logging.INFO) 8 | 9 | @app.route("/data", methods=['POST']) 10 | def collect_data(): 11 | content = request.json 12 | return "OK", 200 13 | 14 | if __name__ == '__main__': 15 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | // working query: MATCH p=(:Identifier)--()-[:DFG*]-(:HttpEndpoint) RETURN p 10 | func main() { 11 | //@Identifier 12 | identifier := url.Values{ 13 | "name": {"firstnamelastname"}, 14 | } 15 | http.PostForm("http://test.com/data", identifier) 16 | http.Get("http://test.com/data?name=firstnamelastname") 17 | } 18 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U3 No Access Or Portability -- Python 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored in a database and cannot be accessed by the client again. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server's database is detected 6 | 3. No GET access by the client is detected 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/data", methods=['POST']) 8 | def collect_data(): 9 | # Threat results from personal data being collected, but not processed 10 | content = request.json 11 | return "OK", 200 12 | 13 | if __name__ == '__main__': 14 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | 5 | app = Flask(__name__) 6 | 7 | @app.route("/data", methods=['POST']) 8 | def collect_data(): 9 | req = request.json 10 | data = { 11 | "Name": req['name'], 12 | "Message": req['message'] 13 | } 14 | return "OK", 200 15 | 16 | if __name__ == '__main__': 17 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Go (field-sensitive) 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored but not retrieved afterwards. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server's database is detected 6 | 3. No retrieval is detected from the respective database storage -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Python (field-sensitive) 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored but not retrieved afterwards. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server's database is detected 6 | 3. No retrieval is detected from the respective database storage -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-missing-PUT/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U4 No Erasure Or Rectification -- Go -- Missing PUT 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored in a database and cannot be rectified again by the client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server's database is detected 6 | 3. No PUT access by the client is detected -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "name": {"firstname lastname"}, 15 | } 16 | 17 | // Disclosure threat results from sending personal data to an http address 18 | resp, err := http.PostForm("http://test.com/data", identifier) 19 | if err != nil { 20 | log.Fatal(err) 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-PUT/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U4 No Erasure Or Rectification -- Python -- Missing PUT 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored in a database and cannot be modified again by the client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server's database is detected 6 | 3. No PUT access by the client is detected -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-missing-DELETE/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U4 No Erasure Or Rectification -- Go -- Missing DELETE 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored in a database and cannot be deleted again by the client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server's database is detected 6 | 3. No DELETE access by the client is detected -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-DELETE/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: U4 No Erasure Or Rectification -- Python -- Missing DELETE 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored in a database and cannot be deleted again by the client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum from the client to the server's database is detected 6 | 3. No DELETE access by the client is detected -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | func main() { 10 | var err error 11 | 12 | //@Identifier 13 | identifier := url.Values{ 14 | "name": {"firstname lastname"}, 15 | } 16 | 17 | // Disclosure threat results from sending personal data to an http address 18 | resp, err := http.PostForm("https://test.com/data", identifier) 19 | if err != nil { 20 | log.Fatal(err) 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: ID5 - Identifying Shared Data 2 | - Threat description: Identifier such as first name, last name, username are sent to a service which then sends it to another party 3 | - Expected test outcome: 4 | 1. The identifiable data which is sent to the server is detected at the client side in line 10 5 | 2. The data flow from the server to the party in line 20 is detected 6 | 3. The incoming data flow from the server to the party in line 18 is detected -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Go-missing-DELETE/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/url" 7 | ) 8 | 9 | // working query: MATCH p=(:Identifier)--()-[:DFG*]-(:HttpEndpoint) RETURN p 10 | func main() { 11 | //@Identifier 12 | identifier := url.Values{ 13 | "name": {"firstnamelastname"}, 14 | } 15 | http.PostForm("http://test.com/data", identifier) 16 | http.PutForm("http://test.com/data", identifier) 17 | http.Get("http://test.com/data?name=firstnamelastname") 18 | } 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Linkability of Retrieved Data -- Go 2 | - Threat description: A POST request with personal data is sent from client to server which stores it in a database. Another client can access the datum via a GET request. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the server's database is detected 6 | 3. The second client's GET request to access the database storage which holds the tainted datum is detected 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Go 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored and retrieved, but not processed afterwards. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server's database is detected 6 | 3. The retrieval is detected from the respective database storage 7 | 4. No processing step is detected after the retrieval -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Go Digital Signature 2 | - Threat description: A cryptographically signed, i.e. non-reputable, message including personal data is sent from client to server. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server is detected 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/data", parse_data) 21 | 22 | return r 23 | } 24 | 25 | func parse_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | } -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NC1 Disproportionate Storage -- Python 2 | - Threat description: A (pseudo-)identifier is sent from client to server where it is stored and retrieved, but not processed afterwards. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The data flow of the tainted datum to the server's database is detected 6 | 3. The retrieval is detected from the respective database storage 7 | 4. No processing step is detected after the retrieval -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def query(): 6 | url = 'test.com/data' 7 | #@Identifier 8 | personal_data = 'firstname lastname' 9 | non_personal_data = 'My grandpa always used to say “as one door closes, another one opens." A lovely man. A terrible cabinet maker.' 10 | requests.post(url, json = {'name': personal_data, 'joke': non_personal_data}) 11 | 12 | if __name__ == '__main__': 13 | query() 14 | 15 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Identifying Retrieved Data -- Go 2 | - Threat description: A POST request with personal data is sent from client to server which stores it in a database. Another client accesses the datum from the same database. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the server's database is detected 6 | 3. The second client's GET request to access the database storage which holds the tainted datum is detected 7 | 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: I7 Identifying Retrieved Data -- Python 2 | - Threat description: A POST request with personal data is sent from client to server which stores it in a database. Another client accesses the datum from the same database. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the server's database is detected 6 | 3. The second client's GET request to access the database storage which holds the tainted datum is detected 7 | 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR2 Non-Repudiation of Sending -- Python Digital Signature 2 | - Threat description: A cryptographically signed, i.e. non-reputable, message including personal data is sent from client to server. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server is detected 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D4 Detectable at Storage -- Go 2 | - Threat description: The server offers an API to a database which leaks information about personal data it holds: When the client tries to store data, the server may respond by indicating a conflict. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the taint from the client to the server's database is detected 6 | 3. A server response is detected that indicates a conflict because the datum already exists in the database -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D4 Detectable at Storage -- Python 2 | - Threat description: The server offers an API to a database which leaks information about personal data it holds: When the client tries to store data, the server may respond by indicating a conflict. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the taint from the client to the server's database is detected 6 | 3. A server response is detected that indicates a conflict because the datum already exists in the database -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.nar 17 | *.ear 18 | *.zip 19 | *.tar.gz 20 | *.rar 21 | 22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 23 | hs_err_pid* 24 | 25 | # Ignore Gradle project-specific cache directory 26 | .gradle 27 | 28 | # Ignore Gradle build output directory 29 | build 30 | 31 | .idea 32 | generated 33 | 34 | .DS_Store 35 | 36 | jffi* 37 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Go-DigitalSignature/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR4 Non-Reputable Storage -- Go Digital Signature 2 | - Threat description: A cryptographically signed, i.e. non-reputable, message including personal data is sent from client to server where it is stored in a database. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server's database is detected 7 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/labels/GenericLabel.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes.labels 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | 5 | /** Generic property Label used to store labels defined by arbitrary annotations */ 6 | class GenericLabel(labeledNode: Node) : DataLabel(labeledNode) { 7 | 8 | val properties: MutableMap = mutableMapOf() 9 | 10 | override fun areMergeable(l: Label): Boolean { 11 | return l::class == GenericLabel::class && 12 | properties.entries.equals((l as GenericLabel).properties) 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR4 Non-Reputable Storage -- Go Digital Signature 2 | - Threat description: A cryptographically signed, i.e. non-reputable, message including personal data is sent from client to server where it is stored in a database. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server's database is detected 7 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import logging 5 | 6 | app = Flask(__name__) 7 | 8 | @app.route("/data", methods=['POST']) 9 | def collect_data(): 10 | # Threat results from personal data being collected, but not processed 11 | content = request.json 12 | process(content['name']) 13 | return "OK", 200 14 | 15 | def process(name): 16 | print(name) 17 | 18 | if __name__ == '__main__': 19 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | ) 9 | 10 | func main() { 11 | http.ListenAndServe(":8080", NewRouter()) 12 | } 13 | 14 | func NewRouter() *gin.Engine { 15 | r := gin.New() 16 | r.Use(gin.Recovery()) 17 | r.Use(logger.SetLogger()) 18 | 19 | r.POST("/data", forward_data) 20 | 21 | return r 22 | } 23 | 24 | func forward_data(c *gin.Context) { 25 | c.Request.ParseForm() 26 | http.PostForm("http://third-party.com/externaldata", c.Request.Form) 27 | } 28 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/data", parse_data) 21 | 22 | return r 23 | } 24 | 25 | func parse_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | http.PostForm("http://third-party.com/externaldata", nil) 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/data", parse_data) 21 | 22 | return r 23 | } 24 | 25 | func parse_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | http.PostForm("http://third-party.com/externaldata", c.Request.Form) 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go/third-party.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/externaldata", post_data) 21 | 22 | return r 23 | } 24 | 25 | func post_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | name := c.Request.Form.Get("name") 28 | fmt.Println(name) 29 | } -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L5 Linkability of Shared Data -- Go 2 | - Threat description: A pseudo-identifier is sent to a server where it can be linked to other pseudo-identifiable data (which may be submitted via the same request). The server furthermore shares the data with a third party (where it also may be linked to other pseudo-identifiable data). 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected 6 | 3. The flow of the tainted datum from the server to the third party is detected -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go/third-party.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/externaldata", post_data) 21 | 22 | return r 23 | } 24 | 25 | func post_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | name := c.Request.Form.Get("name") 28 | fmt.Println(name) 29 | } -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Go/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D5 Detectable at Retrieval -- Go 2 | - Threat description: The server offers an API to a database which leaks information about personal data it holds: When the client tries to access data, the server may respond by a _not found_ message. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the taint from the client to the server's database is detected 6 | 3. A client request targeted at the same storage that the taint was stored in is detected 7 | 4. A server response is detected that indicates that a datum was not found 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: L5 Linkability of Shared Data -- Python 2 | - Threat description: A pseudo-identifier is sent to a server where it can be linked to other pseudo-identifiable data (which may be submitted via the same request). The server furthermore shares the data with a third party (where it also may be linked to other pseudo-identifiable data). 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the tainted datum to the HTTP endpoint of the server is detected 6 | 3. The flow of the tainted datum from the server to the third party is detected -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Go-DigitalSignature-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/ed25519" 5 | "crypto/rand" 6 | "log" 7 | "net/http" 8 | "net/url" 9 | ) 10 | 11 | func main() { 12 | var err error 13 | 14 | //@Identifier 15 | name := []byte("firstname lastname") 16 | 17 | // generate signature 18 | _, priv, err := ed25519.GenerateKey(rand.Reader) 19 | if err != nil { 20 | log.Fatal(err) 21 | } 22 | ed25519.Sign(priv, name) 23 | data := url.Values{ 24 | "Name": {name}, 25 | "Signature": {""}, 26 | } 27 | http.PostForm("http://test.com/data", data) 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | type Message struct { 8 | Name string 9 | Joke string 10 | } 11 | 12 | func query() { 13 | //@Identifier 14 | name := "firstname lastname" 15 | joke := "My grandpa always used to say 'as one door closes, another one opens.' A lovely man. A terrible cabinet maker." 16 | 17 | message := url.Values{ 18 | "Name": {name}, 19 | "Joke": {joke}, 20 | } 21 | http.PostForm("http://test.com/data", message) 22 | } 23 | 24 | func main() { 25 | query() 26 | } 27 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: D5 Detectable at Retrieval -- Python 2 | - Threat description: The server offers an API to a database which leaks information about personal data it holds: When the client tries to access data, the server may respond by a _not found_ message. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The flow of the taint from the client to the server's database is detected 6 | 3. A client request targeted at the same storage that the taint was stored in is detected 7 | 4. A server response is detected that indicates that a datum was not found 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | // non-repudiation threat results from receiving the tainted personal data 21 | r.POST("/data", post_data) 22 | 23 | return r 24 | } 25 | 26 | func post_data(c *gin.Context) { 27 | // nothing to do 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Go-validation/third-party.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/externaldata", post_data) 21 | 22 | return r 23 | } 24 | 25 | func post_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | name := c.Request.Form.Get("name") 28 | fmt.Println(name) 29 | } -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go-validation/third-party.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | r.POST("/externaldata", post_data) 21 | 22 | return r 23 | } 24 | 25 | func post_data(c *gin.Context) { 26 | c.Request.ParseForm() 27 | name := c.Request.Form.Get("name") 28 | fmt.Println(name) 29 | } -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | // non-repudiation threat results from receiving the tainted personal data 21 | r.POST("/data", post_data) 22 | 23 | return r 24 | } 25 | 26 | func post_data(c *gin.Context) { 27 | // nothing to do 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-Logging/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import logging 5 | 6 | app = Flask(__name__) 7 | logging.basicConfig(level=logging.INFO) 8 | 9 | @app.route("/data", methods=['POST']) 10 | def collect_data(): 11 | content = request.json 12 | # the logging library represents a non-repudiation threat, since the sending action and the personal datum is persisted 13 | logging.info("Received datum %s", content) 14 | return "OK", 200 15 | 16 | if __name__ == '__main__': 17 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Go-DigitalSignature/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/ed25519" 5 | "crypto/rand" 6 | "log" 7 | "net/http" 8 | "net/url" 9 | ) 10 | 11 | func main() { 12 | var err error 13 | 14 | //@Identifier 15 | name := []byte("firstname lastname") 16 | 17 | // generate signature 18 | _, priv, err := ed25519.GenerateKey(rand.Reader) 19 | if err != nil { 20 | log.Fatal(err) 21 | } 22 | signature := ed25519.Sign(priv, name) 23 | data := url.Values{ 24 | "Name": {name}, 25 | "Signature": {signature}, 26 | } 27 | http.PostForm("http://test.com/data", data) 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | type Message struct { 8 | Name string 9 | Joke string 10 | } 11 | 12 | func query() { 13 | //@Identifier 14 | name := "firstname lastname" 15 | joke := "My grandpa always used to say 'as one door closes, another one opens.' A lovely man. A terrible cabinet maker." 16 | 17 | message := url.Values{ 18 | "Name": {name}, 19 | "Joke": {joke}, 20 | } 21 | http.PostForm("http://test.com/data", message) 22 | } 23 | 24 | func main() { 25 | query() 26 | } 27 | -------------------------------------------------------------------------------- /ppg-testing-library/Disclosure/unencrypted-transmission/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | // non-repudiation threat results from receiving the tainted personal data 21 | r.POST("/data", post_data) 22 | 23 | return r 24 | } 25 | 26 | func post_data(c *gin.Context) { 27 | // nothing to do 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/ed25519" 5 | "crypto/rand" 6 | "log" 7 | "net/http" 8 | "net/url" 9 | ) 10 | 11 | func main() { 12 | var err error 13 | 14 | //@Identifier 15 | name := []byte("firstname lastname") 16 | 17 | // generate signature 18 | _, priv, err := ed25519.GenerateKey(rand.Reader) 19 | if err != nil { 20 | log.Fatal(err) 21 | } 22 | signature := ed25519.Sign(priv, name) 23 | data := url.Values{ 24 | "Name": {name}, 25 | "Signature": {signature}, 26 | } 27 | http.PostForm("http://test.com/data", data) 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | type Message struct { 8 | Name string 9 | Joke string 10 | } 11 | 12 | func query() { 13 | //@Identifier 14 | name := "firstname lastname" 15 | joke := "My grandpa always used to say 'as one door closes, another one opens.' A lovely man. A terrible cabinet maker." 16 | 17 | message := url.Values{ 18 | "Name": {name}, 19 | "Joke": {joke}, 20 | } 21 | http.PostForm("http://test.com/data", message) 22 | } 23 | 24 | func main() { 25 | query() 26 | } 27 | -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D2-detectable-communication/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | // non-repudiation threat results from receiving the tainted personal data 21 | r.POST("/data", post_data) 22 | 23 | return r 24 | } 25 | 26 | func post_data(c *gin.Context) { 27 | // nothing to do 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | // non-repudiation threat results from receiving the tainted personal data 21 | r.POST("/data", post_data) 22 | 23 | return r 24 | } 25 | 26 | func post_data(c *gin.Context) { 27 | // nothing to do 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/ed25519" 5 | "crypto/rand" 6 | "log" 7 | "net/http" 8 | "net/url" 9 | ) 10 | 11 | func main() { 12 | var err error 13 | 14 | //@Identifier 15 | name := []byte("firstname lastname") 16 | 17 | // generate signature 18 | _, priv, err := ed25519.GenerateKey(rand.Reader) 19 | if err != nil { 20 | log.Fatal(err) 21 | } 22 | signature := ed25519.Sign(priv, name) 23 | data := url.Values{ 24 | "Name": {name}, 25 | "Signature": {""}, 26 | } 27 | http.PostForm("http://test.com/data", data) 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | func main() { 12 | http.ListenAndServe(":8080", NewRouter()) 13 | } 14 | 15 | func NewRouter() *gin.Engine { 16 | r := gin.New() 17 | r.Use(gin.Recovery()) 18 | r.Use(logger.SetLogger()) 19 | 20 | // non-repudiation threat results from receiving the tainted personal data 21 | r.POST("/data", post_data) 22 | 23 | return r 24 | } 25 | 26 | func post_data(c *gin.Context) { 27 | // nothing to do 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | type Message struct { 9 | Name string 10 | Joke string 11 | } 12 | 13 | func query() { 14 | //@Identifier 15 | name := "firstname lastname" 16 | joke := "My grandpa always used to say 'as one door closes, another one opens.' A lovely man. A terrible cabinet maker." 17 | 18 | message := url.Values{ 19 | "Name": {name}, 20 | "Joke": {joke}, 21 | } 22 | http.PostForm("http://test.com/data", message) 23 | } 24 | 25 | 26 | func main() { 27 | query() 28 | } 29 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/url" 6 | ) 7 | 8 | type Message struct { 9 | Name string 10 | Joke string 11 | } 12 | 13 | func query() { 14 | //@Identifier 15 | name := "firstname lastname" 16 | joke := "My grandpa always used to say 'as one door closes, another one opens.' A lovely man. A terrible cabinet maker." 17 | 18 | message := url.Values{ 19 | "Name": {name}, 20 | "Joke": {joke}, 21 | } 22 | http.PostForm("http://test.com/data", message) 23 | } 24 | 25 | 26 | func main() { 27 | query() 28 | } 29 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | workflow_dispatch: 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - uses: actions/checkout@v2 16 | - name: Setup Java JDK 17 | uses: actions/setup-java@v2.1.0 18 | with: 19 | java-version: 11 20 | distribution: zulu 21 | - name: Setup neo4j 22 | run: | 23 | docker run -d --env NEO4J_AUTH=neo4j/password -p7474:7474 -p7687:7687 neo4j 24 | - name: Build 25 | run: | 26 | ./build-ontology.sh 27 | ./gradlew build 28 | -------------------------------------------------------------------------------- /owl2java/build.gradle.kts: -------------------------------------------------------------------------------- 1 | plugins { 2 | id("org.jetbrains.kotlin.jvm") version "1.5.10" 3 | application 4 | } 5 | 6 | repositories { 7 | mavenCentral() 8 | } 9 | 10 | dependencies { 11 | // owl-api 12 | implementation("net.sourceforge.owlapi:owlapi-distribution:4.5.4") 13 | implementation("net.sourceforge.owlapi:org.semanticweb.hermit:1.3.8.413") 14 | 15 | // roaster 16 | implementation("org.jboss.forge.roaster:roaster-api:2.22.2.Final") 17 | implementation("org.jboss.forge.roaster:roaster-jdt:2.22.2.Final") 18 | implementation("org.apache.jena:jena-arq:3.4.0") 19 | } 20 | 21 | application { 22 | mainClassName = "io.clouditor.graph.SemanticNodeGenerator" 23 | } -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR5 Non-Repudiation of Retrieved Data -- Go 2 | - Threat description: A signed, i.e. non-reputable, message including personal data is sent from client to server where it is stored in a database and is retrieved by another client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server's database is detected 7 | 4. The second client's GET request to access the database storage which holds the tainted datum is detected 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python/third-party.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/externaldata", methods=['POST']) 17 | def get_data_of_server(): 18 | user_data_from_server = request.json 19 | return "OK", 200 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8081, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python/third-party.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/externaldata", methods=['POST']) 17 | def get_data_of_server(): 18 | user_data_from_server = request.json 19 | return "OK", 200 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8081, debug=True, threaded=True) -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/labels/PrivacyLabel.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes.labels 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | import org.neo4j.ogm.annotation.Relationship 5 | 6 | /** 7 | * Stores an integer to denote a hierarchy of privacy labels, with higher numbers meaning more 8 | * private labels. 9 | */ 10 | class PrivacyLabel(labeledNode: Node) : DataLabel(labeledNode) { 11 | 12 | @Relationship(value = "PROTECTION_LEVEL", direction = "OUTGOING") var protectionlevel: Int = 0 13 | 14 | override fun areMergeable(l: Label): Boolean { 15 | return l::class == PrivacyLabel::class && 16 | protectionlevel == (l as PrivacyLabel).protectionlevel 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python-validation/third-party.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/externaldata", methods=['POST']) 17 | def get_data_of_server(): 18 | user_data_from_server = request.json 19 | return "OK", 200 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8081, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | type Data struct { 12 | Name string 13 | } 14 | 15 | func main() { 16 | http.ListenAndServe(":8080", NewRouter()) 17 | } 18 | 19 | func NewRouter() *gin.Engine { 20 | r := gin.New() 21 | r.Use(gin.Recovery()) 22 | r.Use(logger.SetLogger()) 23 | 24 | r.POST("/data", parse_data) 25 | 26 | return r 27 | } 28 | 29 | func parse_data(c *gin.Context) { 30 | c.Request.ParseForm() 31 | name := c.Request.Form.Get("name") 32 | &Data{Name: name} 33 | } 34 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python-validation/third-party.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/externaldata", methods=['POST']) 17 | def get_data_of_server(): 18 | user_data_from_server = request.json 19 | return "OK", 200 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8081, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | # Threat results from data being collected and stored, but not retrieved 17 | phr_db_collection.insert_one(content) 18 | return "OK", 200 19 | 20 | if __name__ == '__main__': 21 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | "github.com/rs/zerolog/log" 10 | ) 11 | 12 | func main() { 13 | http.ListenAndServe(":8080", NewRouter()) 14 | } 15 | 16 | func NewRouter() *gin.Engine { 17 | r := gin.New() 18 | r.Use(gin.Recovery()) 19 | r.Use(logger.SetLogger()) 20 | 21 | r.POST("/data", parse_data) 22 | 23 | return r 24 | } 25 | 26 | func parse_data(c *gin.Context) { 27 | c.Request.ParseForm() 28 | name := c.Request.Form.Get("Personal_datum") 29 | signature := c.Request.Form.Get("Signature") 30 | log.Info().Msg(data) 31 | } -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-DigitalSignature/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR5 Non-Repudiation of Retrieved Data -- Go 2 | - Threat description: A cryptographically signed, i.e. non-reputable, message including personal data is sent from client to server where it is stored in a database and is retrieved by another client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server's database is detected 7 | 4. The second client's GET request to access the database storage which holds the tainted datum is detected 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | message = {'data': content['data'], 'signature': content['signature']} 17 | phr_db_collection.insert_one(message) 18 | return "OK", 200 19 | 20 | if __name__ == '__main__': 21 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-DigitalSignature/README.md: -------------------------------------------------------------------------------- 1 | # Test Case Description: NR5 Non-Repudiation of Retrieved Data -- Python 2 | - Threat description: A cryptographically signed, i.e. non-reputable, message including personal data is sent from client to server where it is stored in a database and is retrieved by another client. 3 | - Expected test outcome: 4 | 1. The taint is detected 5 | 2. The usage of the cryptography library's signature method on the tainted datum is detected 6 | 3. The data flow of the tainted datum together with the signature to the server's database is detected 7 | 4. The second client's GET request to access the database storage which holds the tainted datum is detected 8 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-DigitalSignature-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | "github.com/rs/zerolog/log" 10 | ) 11 | 12 | func main() { 13 | http.ListenAndServe(":8080", NewRouter()) 14 | } 15 | 16 | func NewRouter() *gin.Engine { 17 | r := gin.New() 18 | r.Use(gin.Recovery()) 19 | r.Use(logger.SetLogger()) 20 | 21 | r.POST("/data", parse_data) 22 | 23 | return r 24 | } 25 | 26 | func parse_data(c *gin.Context) { 27 | c.Request.ParseForm() 28 | name := c.Request.Form.Get("Personal_datum") 29 | signature := c.Request.Form.Get("Signature") 30 | log.Info().Msg(data) 31 | } -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | mongo_host = "mongo" 9 | user_db_client = MongoClient("mongodb://mongo:27017/") 10 | user_db = user_db_client.userdata 11 | user_db_collection = user_db.records 12 | 13 | app = Flask(__name__) 14 | 15 | @app.route("/data", methods=['POST']) 16 | def parse_data(): 17 | req = request.json 18 | data = { 19 | "Name": req['name'], 20 | "Message": req['message'] 21 | } 22 | return "OK", 200 23 | 24 | if __name__ == '__main__': 25 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | mongo_host = "mongo" 9 | user_db_client = MongoClient("mongodb://mongo:27017/") 10 | user_db = user_db_client.userdata 11 | user_db_collection = user_db.records 12 | 13 | app = Flask(__name__) 14 | 15 | @app.route("/data", methods=['POST']) 16 | def parse_data(): 17 | req = request.json 18 | data = { 19 | "Name": req['name'], 20 | "Message": req['message'] 21 | } 22 | return "OK", 200 23 | 24 | if __name__ == '__main__': 25 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | message = {'data': content['data'], 'signature': content['signature']} 17 | phr_db_collection.insert_one(message) 18 | return "OK", 200 19 | 20 | if __name__ == '__main__': 21 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | ) 9 | 10 | func main() { 11 | http.ListenAndServe(":8080", NewRouter()) 12 | } 13 | 14 | func NewRouter() *gin.Engine { 15 | r := gin.New() 16 | r.Use(gin.Recovery()) 17 | r.Use(logger.SetLogger()) 18 | 19 | r.POST("/data", forward_data) 20 | 21 | return r 22 | } 23 | 24 | func forward_data(c *gin.Context) { 25 | c.Request.ParseForm() 26 | name := c.Request.Form.Get("Name") 27 | message := c.Request.Form.Get("Message") 28 | data := url.Values{ 29 | "Name": {name}, 30 | "Message": {message}, 31 | } 32 | http.PostForm("http://third-party.com/externaldata", nil) 33 | } -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I6-identifying-stored-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | mongo_host = "mongo" 9 | user_db_client = MongoClient("mongodb://mongo:27017/") 10 | user_db = user_db_client.userdata 11 | user_db_collection = user_db.records 12 | 13 | app = Flask(__name__) 14 | 15 | @app.route("/data", methods=['POST']) 16 | def parse_data(): 17 | req = request.json 18 | data = { 19 | "Name": req['name'], 20 | "Message": req['message'] 21 | } 22 | user_db_collection.insert_one(data) 23 | return "OK", 200 24 | 25 | if __name__ == '__main__': 26 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L6-linkability-of-stored-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | mongo_host = "mongo" 9 | user_db_client = MongoClient("mongodb://mongo:27017/") 10 | user_db = user_db_client.userdata 11 | user_db_collection = user_db.records 12 | 13 | app = Flask(__name__) 14 | 15 | @app.route("/data", methods=['POST']) 16 | def parse_data(): 17 | req = request.json 18 | data = { 19 | "Name": req['name'], 20 | "Message": req['message'] 21 | } 22 | user_db_collection.insert_one(data) 23 | return "OK", 200 24 | 25 | if __name__ == '__main__': 26 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | user_db_client = MongoClient("mongodb://mongo:27017/") 7 | user_db = user_db_client.userdata 8 | user_db_collection = user_db.records 9 | 10 | app = Flask(__name__) 11 | 12 | @app.route("/account", methods=['POST']) 13 | def account(): 14 | content = request.json 15 | if user_db_collection.find( { "name": content['name'] } ).count() > 0: 16 | return "Bad Request", 400 17 | else: 18 | user_db_collection.insert_one({"name": content['name']}) 19 | return "Created", 201 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def receive_data_and_send_to_other_party(): 18 | req = request.json 19 | third_party = "http://third-party.com/externaldata" 20 | requests.post(third_party, req) 21 | return "OK", 200 22 | 23 | if __name__ == '__main__': 24 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | user_db_client = MongoClient("mongodb://mongo:27017/") 7 | user_db = user_db_client.userdata 8 | user_db_collection = user_db.records 9 | 10 | app = Flask(__name__) 11 | 12 | @app.route("/data", methods=['GET']) 13 | def collect_data(): 14 | content = request.json 15 | if user_db_collection.find( { "name": content['name'] } ).count() > 0: 16 | return "Bad Request", 400 17 | else: 18 | records = user_db_collection.find({"name": content['name']}) 19 | return records, 200 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-DELETE/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | 5 | def post_query(): 6 | url = 'test.com/data' 7 | #@PseudoIdentifier 8 | personal_data = {'name': 'firstname lastname'} 9 | requests.post(url, json = personal_data) 10 | 11 | def get_query(): 12 | url = 'test.com/data' 13 | #@PseudoIdentifier 14 | personal_data = {'name': 'firstname lastname'} 15 | requests.get(url, json = personal_data) 16 | 17 | def put_query(): 18 | url = 'test.com/data' 19 | #@PseudoIdentifier 20 | personal_data = {'name': 'firstname lastname'} 21 | requests.put(url, json = personal_data) 22 | 23 | 24 | if __name__ == '__main__': 25 | post_query() 26 | get_query() 27 | put_query() 28 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def receive_data_and_send_to_other_party(): 18 | user_data = request.json 19 | third_party = "http://test.com/externaldata" 20 | requests.post(third_party, {}) 21 | return "OK", 200 22 | 23 | if __name__ == '__main__': 24 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I5-identifying-shared-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def receive_data_and_send_to_other_party(): 18 | user_data = request.json 19 | third_party = "http://third-party.com/externaldata" 20 | requests.post(third_party, user_data) 21 | return "OK", 200 22 | 23 | if __name__ == '__main__': 24 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | message = {'name': content['name'], 'joke': content['joke']} 17 | # Threat results from data being collected and stored, but not retrieved 18 | phr_db_collection.insert_one(message) 19 | return "OK", 200 20 | 21 | if __name__ == '__main__': 22 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Go-Logging/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | type Data struct { 12 | Name string 13 | } 14 | 15 | func main() { 16 | http.ListenAndServe(":8080", NewRouter()) 17 | } 18 | 19 | func NewRouter() *gin.Engine { 20 | r := gin.New() 21 | r.Use(gin.Recovery()) 22 | r.Use(logger.SetLogger()) 23 | 24 | r.POST("/data", parse_data) 25 | 26 | return r 27 | } 28 | 29 | func parse_data(c *gin.Context) { 30 | c.Request.ParseForm() 31 | name := c.Request.Form.Get("name") 32 | data := &Data{Name: name} 33 | // non-repudiation threat results from logging the tainted personal data 34 | log.Info().Msg(data) 35 | } 36 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I3-identifying-inbound-data/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-contrib/logger" 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | type Data struct { 12 | Name string 13 | Message string 14 | } 15 | 16 | func main() { 17 | http.ListenAndServe(":8080", NewRouter()) 18 | } 19 | 20 | func NewRouter() *gin.Engine { 21 | r := gin.New() 22 | r.Use(gin.Recovery()) 23 | r.Use(logger.SetLogger()) 24 | 25 | r.POST("/data", parse_data) 26 | 27 | return r 28 | } 29 | 30 | func parse_data(c *gin.Context) { 31 | c.Request.ParseForm() 32 | name := c.Request.Form.Get("Name") 33 | message := c.Request.Form.Get("Message") 34 | data := &Data{ 35 | Name: name, 36 | Message: message, 37 | } 38 | log.Info().Msg(data.Name) 39 | } 40 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/passes/HttpStatusCodesPass.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.passes 2 | 3 | import de.fraunhofer.aisec.cpg.TranslationResult 4 | import de.fraunhofer.aisec.cpg.graph.statements.CompoundStatement 5 | import de.fraunhofer.aisec.cpg.graph.statements.ReturnStatement 6 | import de.fraunhofer.aisec.cpg.passes.Pass 7 | import io.clouditor.graph.HttpEndpoint 8 | import io.clouditor.graph.additionalNodes 9 | 10 | class HttpStatusCodesPass : Pass() { 11 | 12 | override fun cleanup() {} 13 | 14 | override fun accept(result: TranslationResult?) { 15 | 16 | result?.additionalNodes?.filterIsInstance(HttpEndpoint::class.java)?.forEach { 17 | (it.handler?.body as CompoundStatement).statements.forEach { 18 | if (it is ReturnStatement) {} 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L3-linkability-of-inbound-data/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | "github.com/rs/zerolog/log" 10 | ) 11 | 12 | type Data struct { 13 | Name string 14 | Message string 15 | } 16 | 17 | func main() { 18 | http.ListenAndServe(":8080", NewRouter()) 19 | } 20 | 21 | func NewRouter() *gin.Engine { 22 | r := gin.New() 23 | r.Use(gin.Recovery()) 24 | r.Use(logger.SetLogger()) 25 | 26 | r.POST("/data", parse_data) 27 | 28 | return r 29 | } 30 | 31 | func parse_data(c *gin.Context) { 32 | c.Request.ParseForm() 33 | name := c.Request.Form.Get("Name") 34 | message := c.Request.Form.Get("Message") 35 | data := &Data{ 36 | Name: name, 37 | Message: message, 38 | } 39 | log.Info().Msg(data.Name) 40 | } 41 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-retrieval/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | phr_db_collection.insert_one(content) 17 | return "OK", 200 18 | 19 | @app.route("/data", methods=['GET']) 20 | def get_data(): 21 | content = request.json 22 | phr_db_collection.find_one(content["user_id"]) 23 | return "OK", 200 24 | 25 | if __name__ == '__main__': 26 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/labels/Label.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes.labels 2 | 3 | import de.fraunhofer.aisec.cpg.graph.Node 4 | import org.neo4j.ogm.annotation.Relationship 5 | 6 | /** Generic label attached to one ore multiple nodes. */ 7 | open class Label constructor(labeledNode: Node) : Node() { 8 | 9 | /** 10 | * In the future on label will be used to label multiple nodes, with the purpose of havein one 11 | * unique label of the same type and properties. 12 | */ 13 | @field:Relationship(value = "LABELEDNODE", direction = "OUTGOING") 14 | var labeledNodes: MutableList = mutableListOf(labeledNode) 15 | 16 | open fun areMergeable(l: Label): Boolean { 17 | return true 18 | } 19 | 20 | open fun mergeWith(l: Label) { 21 | labeledNodes.addAll(l.labeledNodes) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | phr_db_collection.insert_one(content) 17 | return "OK", 200 18 | 19 | @app.route("/data", methods=['GET']) 20 | def collect_data(): 21 | content = request.json 22 | data = content["data"] 23 | phr_db_collection.find_one({"data":data}) 24 | return "OK", 200 25 | 26 | if __name__ == '__main__': 27 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D4-detectable-at-storage/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | user_db_client = MongoClient("mongodb://mongo:27017/") 7 | user_db = user_db_client.userdata 8 | user_db_collection = user_db.records 9 | 10 | app = Flask(__name__) 11 | 12 | @app.route("/data", methods=['POST']) 13 | def parse_data(): 14 | req = request.json 15 | data = { 16 | "name": req['name'], 17 | "message": req['message'] 18 | } 19 | if user_db_collection.find( { "name": data['name'] } ).count() > 0: 20 | return "Conflict", 409 21 | else: 22 | user_db_collection.insert_one({"name": data['name']}) 23 | return "Created", 201 24 | 25 | if __name__ == '__main__': 26 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-DigitalSignature/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | phr_db_collection.insert_one(content) 17 | return "OK", 200 18 | 19 | @app.route("/data", methods=['GET']) 20 | def collect_data(): 21 | content = request.json 22 | data = content["data"] 23 | phr_db_collection.find_one({"data":data}) 24 | return "OK", 200 25 | 26 | if __name__ == '__main__': 27 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-gonic/gin" 8 | "github.com/rs/zerolog/log" 9 | ) 10 | 11 | type Message struct { 12 | Name string 13 | Joke string 14 | } 15 | 16 | func main() { 17 | http.ListenAndServe(":8080", NewRouter()) 18 | } 19 | 20 | func NewRouter() *gin.Engine { 21 | r := gin.New() 22 | r.Use(gin.Recovery()) 23 | r.Use(logger.SetLogger()) 24 | 25 | r.POST("/data", parse_data) 26 | 27 | return r 28 | } 29 | 30 | func parse_data(c *gin.Context) { 31 | var message Message 32 | 33 | if err := c.BindJSON(&message); err != nil { 34 | fmt.Println("error") 35 | c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) 36 | return 37 | } 38 | process(message) 39 | } 40 | 41 | func process(Message message){ 42 | 43 | } -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/Signature.java: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes; 2 | 3 | import de.fraunhofer.aisec.cpg.graph.declarations.VariableDeclaration; 4 | import io.clouditor.graph.Integrity; 5 | 6 | public class Signature extends Integrity { 7 | 8 | protected VariableDeclaration signature; 9 | protected VariableDeclaration message; 10 | 11 | public Signature(VariableDeclaration message, VariableDeclaration signature) { 12 | setMessage(message); 13 | setSignature(signature); 14 | } 15 | 16 | public VariableDeclaration getMessage() { 17 | return message; 18 | } 19 | 20 | public void setMessage(VariableDeclaration message) { 21 | this.message = message; 22 | } 23 | 24 | public VariableDeclaration getSignature() { 25 | return signature; 26 | } 27 | 28 | public void setSignature(VariableDeclaration signature) { 29 | this.signature = signature; 30 | } 31 | } -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-DigitalSignature/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "crypto/ed25519" 6 | "crypto/rand" 7 | "encoding/json" 8 | "log" 9 | "net/http" 10 | ) 11 | 12 | type SignedMessage struct { 13 | Personal_datum string 14 | Signature string 15 | } 16 | 17 | func main() { 18 | var err error 19 | //@Identifier 20 | pd := "firstname lastname" 21 | 22 | //@Identifier 23 | personal_datum := []byte("firstname lastname") 24 | 25 | // generate signature 26 | _, priv, err := ed25519.GenerateKey(rand.Reader) 27 | if err != nil { 28 | log.Fatal(err) 29 | } 30 | signature := ed25519.Sign(priv, personal_datum) 31 | data := url.Values{ 32 | Personal_datum: personal_datum, 33 | Signature: signature, // string(signature[:]) 34 | } 35 | 36 | http.PostForm("http://test.com/data", data) 37 | } 38 | -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L5-linkability-of-shared-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def receive_data_and_send_to_other_party(): 18 | req = request.json 19 | data = { 20 | "Name": req['name'], 21 | "Message": req['message'] 22 | } 23 | third_party = "http://third-party.com/externaldata" 24 | requests.post(third_party, {}) 25 | return "OK", 200 26 | 27 | if __name__ == '__main__': 28 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | # Both POST and GET is available so no U3 Unawareness threat should be detected here 14 | @app.route("/data", methods=['POST']) 15 | def collect_data(): 16 | content = request.json 17 | phr_db_collection.insert_one(content) 18 | return "OK", 200 19 | 20 | @app.route("/data", methods=['GET']) 21 | def collect_data(): 22 | content = request.json 23 | res = phr_db_collection.find_one(content) 24 | return res, 200 25 | 26 | if __name__ == '__main__': 27 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC1-disproportionate-collection/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "crypto/ed25519" 6 | "crypto/rand" 7 | "encoding/json" 8 | "log" 9 | "net/http" 10 | ) 11 | 12 | type Message struct { 13 | Name string 14 | Joke string 15 | } 16 | 17 | func query() { 18 | var err error 19 | 20 | url := "http://test.com/data" 21 | //@Identifier 22 | name := "firstname lastname" 23 | joke = "My grandpa always used to say 'as one door closes, another one opens.' A lovely man. A terrible cabinet maker." 24 | 25 | message := &Message{ 26 | Name: name, 27 | Joke: joke, 28 | } 29 | 30 | reqBody, _ := json.Marshal(message) 31 | reqBodyBytes := bytes.NewBuffer(reqBody) 32 | req, _ := http.NewRequest("POST", url, reqBodyBytes) 33 | client := new(http.Client) 34 | client.Do(req) 35 | } 36 | 37 | func main() { 38 | query() 39 | } 40 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | phr_db_collection.insert_one(content) 17 | return "OK", 200 18 | 19 | @app.route("/data", methods=['GET']) 20 | def get_data(): 21 | content = request.json 22 | data = phr_db_collection.find_one(content["user_id"]) 23 | # processing step 24 | if data: 25 | print(data) 26 | return "OK", 200 27 | 28 | if __name__ == '__main__': 29 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/Database.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes 2 | 3 | import io.clouditor.graph.DatabaseService 4 | import io.clouditor.graph.DatabaseStorage 5 | 6 | fun DatabaseService.getStorageOrCreate(name: String, parentName: String? = null): DatabaseStorage { 7 | var storage = this.storage.filterIsInstance().firstOrNull { it.name == name } 8 | 9 | if (storage == null) { 10 | storage = DatabaseStorage(mutableListOf(), null, listOf(), this.geoLocation, mutableMapOf()) 11 | storage.name = name 12 | 13 | // if the parent name was specified, try to look it up and set the parent(s) 14 | // TODO: why exactly is parents a list? FIX in the ontology? 15 | if (parentName != null) { 16 | storage.parent = this.storage.filter { it.name == parentName } 17 | } 18 | 19 | this.storage.add(storage) 20 | } 21 | 22 | return storage 23 | } 24 | -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | mongo_host = "mongo" 9 | user_db_client = MongoClient("mongodb://mongo:27017/") 10 | user_db = user_db_client.userdata 11 | user_db_collection = user_db.records 12 | 13 | app = Flask(__name__) 14 | 15 | @app.route("/data", methods=['POST']) 16 | def post_data(): 17 | req = request.json 18 | data = { 19 | "Name": req['name'], 20 | "Message": req['message'] 21 | } 22 | user_db_collection.insert_one(data) 23 | return "OK", 200 24 | 25 | @app.route("/data", methods=['GET']) 26 | def collect_data(): 27 | content = request.json 28 | user_db_collection.find_one(content["name"]) 29 | return "OK", 200 30 | 31 | if __name__ == '__main__': 32 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/github/Workflow.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.github 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty 4 | 5 | data class Workflow(var name: String, var jobs: Map, var on: On) 6 | 7 | data class Job( 8 | var steps: List, 9 | @JsonProperty("runs-on") var runsOn: String?, 10 | var needs: Any?, 11 | var `if`: String?, 12 | var name: String? 13 | ) 14 | 15 | data class Step( 16 | var name: String?, 17 | var run: String?, 18 | var uses: String?, 19 | var with: Map?, 20 | var `if`: String?, 21 | var id: String?, 22 | var env: Map?, 23 | @JsonProperty("working-directory") var workingDirectory: String? 24 | ) 25 | 26 | data class On( 27 | var push: Map>?, 28 | @JsonProperty("pull_request") var pullRequest: Map>?, 29 | @JsonProperty("workflow_dispatch") var workflowDispatch: Any? 30 | ) 31 | -------------------------------------------------------------------------------- /ppg-testing-library/Policy-Non-Compliance/NC5-disproportionate-storage-wo-processing/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | user_db_client = MongoClient("mongodb://mongo:27017/") 8 | user_db = user_db_client.phr 9 | user_db_collection = user_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def collect_data(): 15 | content = request.json 16 | message = {'name': content['name'], 'joke': content['joke']} 17 | # Threat results from data being collected and stored, but not retrieved 18 | user_db_collection.insert_one(message) 19 | return "OK", 200 20 | 21 | @app.route("/data", methods=['GET']) 22 | def collect_data(): 23 | content = request.json 24 | user_db_collection.find_one(content["name"]) 25 | return "OK", 200 26 | 27 | if __name__ == '__main__': 28 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def performRegistration(): 18 | req = request.json 19 | data = { 20 | "Name": req['name'], 21 | "Message": req['message'] 22 | } 23 | user_db_collection.insert_one(data) 24 | return "OK", 200 25 | 26 | @app.route("/data", methods=['GET']) 27 | def collect_data(): 28 | content = request.json 29 | user_db_collection.find_one(content["name"]) 30 | return "OK", 200 31 | 32 | if __name__ == '__main__': 33 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Linkability/L7-linkability-of-retrieved-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def performRegistration(): 18 | req = request.json 19 | data = { 20 | "Name": req['name'], 21 | "Message": req['message'] 22 | } 23 | user_db_collection.insert_one(data) 24 | return "OK", 200 25 | 26 | @app.route("/data", methods=['GET']) 27 | def collect_data(): 28 | content = request.json 29 | user_db_collection.find_one(content["name"]) 30 | return "OK", 200 31 | 32 | if __name__ == '__main__': 33 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Identifiability/I7-identifying-retrieved-data/Python-validation/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | import json 5 | import requests 6 | from pymongo import MongoClient, database 7 | 8 | # phr_db client (MongoDB) 9 | mongo_host = "mongo" 10 | user_db_client = MongoClient("mongodb://mongo:27017/") 11 | user_db = user_db_client.userdata 12 | user_db_collection = user_db.records 13 | 14 | app = Flask(__name__) 15 | 16 | @app.route("/data", methods=['POST']) 17 | def performRegistration(): 18 | req = request.json 19 | data = { 20 | "Name": req['name'], 21 | "Message": req['message'] 22 | } 23 | user_db_collection.insert_one(data) 24 | return "OK", 200 25 | 26 | @app.route("/data", methods=['GET']) 27 | def collect_data(): 28 | content = request.json 29 | user_db_collection.find_one(content["name"]) 30 | return "OK", 200 31 | 32 | if __name__ == '__main__': 33 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Go-validation/client.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "crypto/ed25519" 6 | "crypto/rand" 7 | "encoding/json" 8 | "log" 9 | "net/http" 10 | ) 11 | 12 | type SignedMessage struct { 13 | Personal_datum string 14 | Signature string 15 | } 16 | 17 | func main() { 18 | var err error 19 | //@Identifier 20 | pd := "firstname lastname" 21 | 22 | //@Identifier 23 | personal_datum := []byte("firstname lastname") 24 | 25 | // generate signature 26 | _, priv, err := ed25519.GenerateKey(rand.Reader) 27 | if err != nil { 28 | log.Fatal(err) 29 | } 30 | signature := ed25519.Sign(priv, personal_datum) 31 | data := url.Values{ 32 | Personal_datum: personal_datum, 33 | Signature: signature, // string(signature[:]) 34 | } 35 | 36 | http.PostForm("http://test.com/data", data) 37 | // The data is also retrieved by the same client so no NR5 threat should be detected here 38 | http.Get("http://test.com/data?name=firstnamelastname") 39 | } 40 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go-validation/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | ) 10 | 11 | type Data struct { 12 | Name string 13 | } 14 | 15 | func main() { 16 | http.ListenAndServe(":8080", NewRouter()) 17 | } 18 | 19 | func NewRouter() *gin.Engine { 20 | r := gin.New() 21 | r.Use(gin.Recovery()) 22 | r.Use(logger.SetLogger()) 23 | 24 | // GET method is available to retrieve the personal data so no U3 Unawareness threat should be detected here 25 | r.POST("/data", post_data) 26 | r.GET("/data", get_data) 27 | 28 | return r 29 | } 30 | 31 | func post_data(c *gin.Context) { 32 | c.Request.ParseForm() 33 | name := c.Request.Form.Get("name") 34 | data := &Data{Name: name} 35 | db.Create(data) 36 | } 37 | 38 | func get_data(c *gin.Context) { 39 | var message Message 40 | c.Request.ParseForm() 41 | name := c.Request.Form.Get("name") 42 | db.Get().Where("name = ?", name).First(&message).Error 43 | } 44 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-PUT/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | user_db_client = MongoClient("mongodb://mongo:27017/") 8 | user_db = user_db_client.data 9 | user_db_collection = user_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | # Personal data can be submitted (POST) and read (GET), but it cannot be updated (PUT) 14 | @app.route("/data", methods=['POST']) 15 | def collect_data(): 16 | content = request.json 17 | user_db_collection.insert_one(content) 18 | return "OK", 200 19 | 20 | @app.route("/data", methods=['GET']) 21 | def collect_data(): 22 | content = request.json 23 | user_db_collection.find_one(content["name"]) 24 | return "OK", 200 25 | 26 | @app.route("/data", methods=['DELETE']) 27 | def collect_data(): 28 | content = request.json 29 | user_db_collection.delete_one(content["user_id"]) 30 | return "OK", 200 31 | 32 | if __name__ == '__main__': 33 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/passes/python/PythonLogPass.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.passes.python 2 | 3 | import de.fraunhofer.aisec.cpg.TranslationResult 4 | import de.fraunhofer.aisec.cpg.graph.Node 5 | import de.fraunhofer.aisec.cpg.graph.statements.expressions.MemberCallExpression 6 | import de.fraunhofer.aisec.cpg.processing.IVisitor 7 | import de.fraunhofer.aisec.cpg.processing.strategy.Strategy 8 | import io.clouditor.graph.* 9 | import io.clouditor.graph.passes.LogPass 10 | 11 | class PythonLogPass : LogPass() { 12 | override fun accept(t: TranslationResult) { 13 | // if (this.lang is PythonLanguageFrontend) { 14 | for (tu in t.translationUnits) { 15 | tu.accept( 16 | Strategy::AST_FORWARD, 17 | object : IVisitor() { 18 | fun visit(m: MemberCallExpression) { 19 | if (m.name == "info" && m.base?.name == "logging") { 20 | handleLog(t, m, m.name, tu) 21 | } 22 | } 23 | } 24 | ) 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U4-no-erasure-or-rectification/Python-missing-DELETE/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | phr_db_client = MongoClient("mongodb://mongo:27017/") 8 | phr_db = phr_db_client.phr 9 | phr_db_collection = phr_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | # Personal data can be submitted (POST), read (GET) and updated (PUT), but it cannot be deleted (DELETE) 14 | @app.route("/data", methods=['POST']) 15 | def collect_data(): 16 | content = request.json 17 | phr_db_collection.insert_one(content) 18 | return "OK", 200 19 | 20 | @app.route("/data", methods=['GET']) 21 | def collect_data(): 22 | content = request.json 23 | phr_db_collection.find_one(content["user_id"]) 24 | return "OK", 200 25 | 26 | @app.route("/data", methods=['PUT']) 27 | def collect_data(): 28 | content = request.json 29 | phr_db_collection.update_one(content["user_id"]) 30 | return "OK", 200 31 | 32 | if __name__ == '__main__': 33 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/frontends/ruby/DeclarationHandler.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.frontends.ruby 2 | 3 | import de.fraunhofer.aisec.cpg.frontends.Handler 4 | import de.fraunhofer.aisec.cpg.graph.NodeBuilder 5 | import de.fraunhofer.aisec.cpg.graph.declarations.Declaration 6 | import de.fraunhofer.aisec.cpg.graph.declarations.ProblemDeclaration 7 | import de.fraunhofer.aisec.cpg.graph.types.UnknownType 8 | import org.jruby.ast.* 9 | 10 | class DeclarationHandler(lang: RubyLanguageFrontend) : 11 | Handler({ ProblemDeclaration() }, lang) { 12 | 13 | init { 14 | map.put(ArgumentNode::class.java, ::handleArgumentNode) 15 | } 16 | 17 | private fun handleArgumentNode(node: Node?): Declaration? { 18 | if (node !is ArgumentNode) { 19 | return null 20 | } 21 | 22 | val param = 23 | NodeBuilder.newMethodParameterIn( 24 | node.name.idString(), 25 | UnknownType.getUnknownType(), 26 | false, 27 | lang.getCodeFromRawNode(node) 28 | ) 29 | 30 | return param 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /cloudpg/src/main/java/io/clouditor/graph/nodes/Holder.kt: -------------------------------------------------------------------------------- 1 | package io.clouditor.graph.nodes 2 | 3 | import de.fraunhofer.aisec.cpg.TranslationResult 4 | import de.fraunhofer.aisec.cpg.graph.declarations.TranslationUnitDeclaration 5 | import io.clouditor.graph.* 6 | 7 | /** 8 | * This (temporary) object holds all information coming from the code (such as Translation Units) as 9 | * well as the program itself and the Cloud resources. 10 | * 11 | * We need to rename this later. 12 | */ 13 | class Holder( 14 | var translationUnits: MutableList = mutableListOf(), 15 | var services: MutableList = mutableListOf(), 16 | var images: MutableList = mutableListOf(), 17 | var builders: MutableList = mutableListOf() 18 | ) 19 | 20 | fun TranslationResult.location(locationName: String): GeoLocation { 21 | var location = 22 | this.additionalNodes.firstOrNull { it is GeoLocation && it.name == locationName } as? 23 | GeoLocation 24 | if (location == null) { 25 | location = GeoLocation(locationName) 26 | location.name = location.region 27 | 28 | this += location 29 | } 30 | 31 | return location 32 | } 33 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | from cryptography.hazmat.backends import default_backend 5 | from cryptography.hazmat.primitives import hashes 6 | from cryptography.hazmat.primitives.asymmetric import padding 7 | from cryptography.hazmat.primitives.asymmetric import rsa 8 | 9 | # Non-Repudiation threat results from signing a personal datum with the private key, and sending it to the server 10 | def query(): 11 | url = 'http://test.com/data' 12 | #@Identifier 13 | plain_text = 'personal data'.encode('utf-8') 14 | 15 | private_key = rsa.generate_private_key( 16 | public_exponent=65537, 17 | key_size=4096, 18 | backend=default_backend() 19 | ) 20 | 21 | signature = private_key.sign( 22 | data=plain_text, 23 | padding=padding.PSS( 24 | mgf=padding.MGF1(hashes.SHA256()), 25 | salt_length=padding.PSS.MAX_LENGTH 26 | ), 27 | algorithm=hashes.SHA256() 28 | ) 29 | 30 | message = {'data': plain_text, 'signature': signature} 31 | requests.post(url, json = message) 32 | 33 | if __name__ == '__main__': 34 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Unawareness/U3-no-access-or-portability/Go/server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | "github.com/gin-contrib/logger" 8 | "github.com/gin-gonic/gin" 9 | "gorm.io/driver/postgres" 10 | "gorm.io/gorm" 11 | ) 12 | 13 | var db *gorm.DB 14 | 15 | type Data struct { 16 | Name string 17 | } 18 | 19 | func main() { 20 | Init() 21 | http.ListenAndServe(":8080", NewRouter()) 22 | } 23 | 24 | func Init() (err error) { 25 | dsn := fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=5432 sslmode=disable", 26 | "postgres", 27 | "postgres", 28 | "postgres", 29 | "postgres", 30 | ) 31 | 32 | db = gorm.Open(postgres.Open(dsn), &gorm.Config{}) 33 | db.AutoMigrate(&Message{}) 34 | return 35 | } 36 | 37 | func NewRouter() *gin.Engine { 38 | r := gin.New() 39 | r.Use(gin.Recovery()) 40 | r.Use(logger.SetLogger()) 41 | 42 | r.POST("/data", post_data) 43 | // No GET is foreseen for the personal data which is an Unawareness threat 44 | 45 | return r 46 | } 47 | 48 | func post_data(c *gin.Context) { 49 | c.Request.ParseForm() 50 | name := c.Request.Form.Get("name") 51 | data := &Data{Name: name} 52 | db.Create(data) 53 | } 54 | -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | from cryptography.hazmat.backends import default_backend 5 | from cryptography.hazmat.primitives import hashes 6 | from cryptography.hazmat.primitives.asymmetric import padding 7 | from cryptography.hazmat.primitives.asymmetric import rsa 8 | 9 | # Non-Repudiation threat results from signing a personal datum with the private key, and sending it to the server 10 | def query(): 11 | url = 'http://test.com/data' 12 | #@Identifier 13 | plain_text = 'personal data'.encode('utf-8') 14 | 15 | private_key = rsa.generate_private_key( 16 | public_exponent=65537, 17 | key_size=4096, 18 | backend=default_backend() 19 | ) 20 | 21 | signature = private_key.sign( 22 | data=plain_text, 23 | padding=padding.PSS( 24 | mgf=padding.MGF1(hashes.SHA256()), 25 | salt_length=padding.PSS.MAX_LENGTH 26 | ), 27 | algorithm=hashes.SHA256() 28 | ) 29 | 30 | message = {'data': plain_text, 'signature': signature} 31 | requests.post(url, json = message) 32 | 33 | if __name__ == '__main__': 34 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR4-non-reputable-storage/Python-DigitalSignature-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | from cryptography.hazmat.backends import default_backend 5 | from cryptography.hazmat.primitives import hashes 6 | from cryptography.hazmat.primitives.asymmetric import padding 7 | from cryptography.hazmat.primitives.asymmetric import rsa 8 | 9 | # Non-Repudiation threat results from signing a personal datum with the private key, and sending it to the server 10 | def query(): 11 | url = 'http://test.com/data' 12 | #@Identifier 13 | plain_text = 'personal data'.encode('utf-8') 14 | 15 | private_key = rsa.generate_private_key( 16 | public_exponent=65537, 17 | key_size=4096, 18 | backend=default_backend() 19 | ) 20 | 21 | signature = private_key.sign( 22 | data=plain_text, 23 | padding=padding.PSS( 24 | mgf=padding.MGF1(hashes.SHA256()), 25 | salt_length=padding.PSS.MAX_LENGTH 26 | ), 27 | algorithm=hashes.SHA256() 28 | ) 29 | 30 | message = {'data': plain_text, 'signature': ""} 31 | requests.post(url, json = message) 32 | 33 | if __name__ == '__main__': 34 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR2-non-repudiation-of-sending/Python-DigitalSignature-validation/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | from cryptography.hazmat.backends import default_backend 5 | from cryptography.hazmat.primitives import hashes 6 | from cryptography.hazmat.primitives.asymmetric import padding 7 | from cryptography.hazmat.primitives.asymmetric import rsa 8 | 9 | # Non-Repudiation threat results from signing a personal datum with the private key, and sending it to the server 10 | def query(): 11 | url = 'http://test.com/data' 12 | #@Identifier 13 | plain_text = 'personal data'.encode('utf-8') 14 | 15 | private_key = rsa.generate_private_key( 16 | public_exponent=65537, 17 | key_size=4096, 18 | backend=default_backend() 19 | ) 20 | 21 | signature = private_key.sign( 22 | data=plain_text, 23 | padding=padding.PSS( 24 | mgf=padding.MGF1(hashes.SHA256()), 25 | salt_length=padding.PSS.MAX_LENGTH 26 | ), 27 | algorithm=hashes.SHA256() 28 | ) 29 | 30 | message = {'data': plain_text, 'signature': ""} 31 | requests.post(url, json = message) 32 | 33 | if __name__ == '__main__': 34 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Non-Repudiation/NR5-non-repudiation-of-retrieved-data/Python-DigitalSignature/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | from cryptography.hazmat.backends import default_backend 5 | from cryptography.hazmat.primitives import hashes 6 | from cryptography.hazmat.primitives.asymmetric import padding 7 | from cryptography.hazmat.primitives.asymmetric import rsa 8 | 9 | # Non-Repudiation threat results from signing a personal datum with the private key, and sending it to the server 10 | def query(): 11 | url = 'http://test.com/data' 12 | #@Identifier 13 | plain_text = 'personal data'.encode('utf-8') 14 | 15 | private_key = rsa.generate_private_key( 16 | public_exponent=65537, 17 | key_size=4096, 18 | backend=default_backend() 19 | ) 20 | 21 | signature = private_key.sign( 22 | data=plain_text, 23 | padding=padding.PSS( 24 | mgf=padding.MGF1(hashes.SHA256()), 25 | salt_length=padding.PSS.MAX_LENGTH 26 | ), 27 | algorithm=hashes.SHA256() 28 | ) 29 | 30 | message = {'data': plain_text, 'signature': signature} 31 | requests.post(url, json = message) 32 | 33 | if __name__ == '__main__': 34 | query() -------------------------------------------------------------------------------- /ppg-testing-library/Detectability/D5-detectable-at-retrieval/Python/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from flask import Flask, request 4 | from pymongo import MongoClient, database 5 | 6 | mongo_host = "mongo" 7 | user_db_client = MongoClient("mongodb://mongo:27017/") 8 | user_db = user_db_client.userdata 9 | user_db_collection = user_db.records 10 | 11 | app = Flask(__name__) 12 | 13 | @app.route("/data", methods=['POST']) 14 | def parse_data(): 15 | req = request.json 16 | data = { 17 | "Name": req['name'], 18 | "Message": req['message'] 19 | } 20 | if user_db_collection.find( { "name": data['name'] } ).count() > 0: 21 | return "Conflict", 409 22 | else: 23 | user_db_collection.insert_one({"name": data['name']}) 24 | return "Created", 201 25 | 26 | @app.route("/getdata", methods=['GET']) 27 | def collect_data(): 28 | content = request.json 29 | if user_db_collection.find( { "name": content['name'] } ).count() > 0: 30 | return "Not Found", 404 31 | else: 32 | records = user_db_collection.find({"name": content['name']}) 33 | return records, 200 34 | 35 | if __name__ == '__main__': 36 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /owl2java/README.md: -------------------------------------------------------------------------------- 1 | # owl2java 2 | 3 | ## Intoduction 4 | owl2java generates Java and Go files based on an Ontology file in OWL/XML or RDF/XML file format. Currently, it is not possible to generate only java or go files. 5 | 6 | 7 | ## Usage 8 | During development the parameters are optional. The default values are definded in `src/main/java/io/clouditor/graph/SemanticNodeGenerator.kt`. 9 | 10 | NOTE: The current ontology has the IRI name 'CloudResource', but the label 'Resource'. Currently, the class name is hardcoded in SemanticNodeGenerator.kt (resourceNameFromOwlFile). The label name must be used. 11 | 12 | 13 | The parameters are as follows: 14 | - 1st parameter: Ontology Input File (Only OWL/XML and RDF/XML are supported) 15 | - 2st parameter: Java package name 16 | - 3nd parameter: Output path for generated Java files 17 | - 4th parameter: Go package name 18 | - 5th parameter: Output path for generated Go Files 19 | 20 | ```./gradlew run --args ""``` 21 | 22 | Full example: 23 | ``` 24 | ./gradlew run --args "resources/urn_webprotege_ontology_e4316a28-d966-4499-bd93-6be721055117.owx io.clouditor.graph output/java/ voc output/go" 25 | ``` 26 | 27 | ## TODO 28 | - separate generation of Java and Go files 29 | - add a Java cli (e.g., https://picocli.info/) --------------------------------------------------------------------------------