ENHANCING SECURE CODING ASSISTANT WITH ERROR CORRECTION AND CONTRACT PROGRAMMING A Project Presented to the faculty of the Department of Computer Science California State University, Sacramento Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in Computer Science by Chen Li SPRING 2017 © 2017 Chen Li ALL RIGHTS RESERVED ii ENHANCING SECURE CODING ASSISTANT WITH ERROR CORRECTION AND CONTRACT PROGRAMMING A Project by Chen Li Approved by: __________________________________, Committee Chair Dr. Jun Dai __________________________________, Second Reader Dr. Cui Zhang ____________________________ Date iii Student: Chen Li I certify that this student has met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the project. __________________, Graduate Coordinator __________________ Dr. Jinsong Ouyang Date Department of Computer Science iv Abstract of ENHANCING SECURE CODING ASSISTANT WITH ERROR CORRECTION AND CONTRACT PROGRAMMING by Chen Li As cyber-attacks have become more prevalent in the recent decade, companies and governments have learnt the significant importance of enforcing robust programming practices to ensure software security and reliability during code generation. Various tools have been developed for the purpose of assisting programmers in secure coding, and the initial version of the tool called Secure Coding Assistant is one of such development efforts. Designed to support CERT rule violation detection, the tool is featured by providing a mechanism to detect rule violations early and by filling the void of open source tools. The tool is promising in secure programming education compared to other commercial products, however, the initial version does not provide assistance in error correction, nor does it takes into account the potentials of employing contract programming enforcement to assist users in improving program reliability. To achieve error correction and defect localization for both software security and reliability in Java programs, this project report presents our efforts for the implementations of assisting error corrections as well as enforcing contract v programming. The tool is maintained on GitHub at http://benw408701.github.io/Secure CodingAssistant/. _______________________, Committee Chair Dr. Jun Dai _______________________ Date vi ACKNOWLEDGMENTS I am indebted to many people. First and foremost, I would like to express my everlasting gratitude and appreciation to my advisor Dr. Jun Dai for his continuous help, patience and guidance in academic aspects. I would also like to thank my second reader Dr. Cui Zhang who brought up the idea and made this project possible. Dr. Dai and Dr. Zhang are great advisor and educator. Their inclusive thinking and scintillating ideas are critical to my graduate research. They are also great friends and are always ready to help me. The rest of my life will benefit from the experience and knowledge gained with them. I also thank Ben White, the former graduate student who developed the initial version of Secure Coding Assistant, for mentoring me, teaching me valuable techniques, sharing experience with me when I began my project and giving me great suggestions for my project. I would like to thank my whole family and my friends for their love and support. They are my inspiration and my motive to move forward. Without them, I would have never finish this. Finally, acknowledgements and attributions are also given to Carnegie Mellon University and its Software Engineering Institute, as this publication incorporates portions of the “SEI CERT Oracle Coding Standard for Java” (c) 2017 Carnegie Mellon University, with special permission from its Software Engineering Institute”. Any material of Carnegie Mellon University and/or its software engineering institute contained herein is furnished vii on an “as-is” basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied, as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity, or results obtained from use of the material, Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. This publication has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute. CERT and CERT Coordination Center are registered trademarks of Carnegie Mellon University. Java is a registered trademark of Oracle. Inc. viii TABLE OF CONTENTS Page Acknowlegments............................................................................................................... vii List of Tables ..................................................................................................................... xi List of Figures ................................................................................................................... xii Chapter 1. INTRODUCTION ....................................................................................................... 1 2. RELATED WORK ...................................................................................................... 4 2.1 Existing Tools Support Detection of Security Vulnerabilities ......................... 4 2.2 Existing Tools Support Contract Programming in Java ................................... 5 2.2.1 Jass ..................................................................................................... 6 2.2.2 iContract ............................................................................................. 7 2.2.3 jContractor ......................................................................................... 8 2.2.4 Contract4J ........................................................................................ 10 2.2.5 Cofoja ............................................................................................... 11 2.2.6 Comparion of Existing Tools ........................................................... 13 3. DESIGN..................................................................................................................... 15 3.1 Goals............................................................................................................... 15 3.2 Architecture .................................................................................................... 15 4. IMPLEMENTATION ............................................................................................... 18 4.1 Plugin Implementations.................................................................................. 18 4.2 AST and ASTWrite ........................................................................................ 20 ix 4.3 “Quick Fix” Feature and Source Code Analysis ............................................ 20 4.4 Integration of Design by Contract Methodology ........................................... 28 4.5 “Export Contract Annotation” Feature ........................................................... 30 4.6 “Disable/Enable Design by Contract Enforcement” Feature ......................... 31 5. LIMITATION, CONCLUSION AND FUTURE WORK ........................................ 33 Appendix ........................................................................................................................... 34 References ....................................................................................................................... 125 x LIST OF TABLES Tables Page 1. Review of static analysis tools for security vulnerabilities ......................................... 5 2. Existing tools for Design by Contract in Java .......................................................... 13 xi LIST OF FIGURES Figures Page 1. Jass example............................................................................................................... 6 2. iContract example ...................................................................................................... 7 3. Applications of "forall", "exists" and "implies" in iContract ..................................... 8 4. jContractor example ................................................................................................... 9 5. Contract4J example .................................................................................................. 10 6. Cofoja example ........................................................................................................ 12 7. Workflow of Secure Coding Assistant .................................................................... 16 8. Quick fixes provided in Secure Coding Assistant ................................................... 19 9. Quick fix to random number generation rule violation ........................................... 21 10. Secure random generator quick fix results: use SecureRandom (top) or skip rule 1 check (bottom) ......................................................................................................... 21 11. Source code with "Do not use the Object.equals() method to compare two arrays" 1 rule violation ............................................................................................................ 22 12. The violated() method used to evaluate "Do not use the Object.equals() method to 1 compare two arrays" ................................................................................................ 23 13. The