From f4b433fabcc291fea8cffaa415e9185a997e461f Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 22 Apr 2024 10:05:38 -0600 Subject: [PATCH 1/2] Run Facebook Infer on PRs with GitHub Actions --- .github/workflows/infer.yml | 90 +++++++++++++++++++ .github/workflows/main.yml | 174 ++++++++++++++++++++---------------- scripts/infer.sh | 31 ++++++- 3 files changed, 214 insertions(+), 81 deletions(-) create mode 100644 .github/workflows/infer.yml diff --git a/.github/workflows/infer.yml b/.github/workflows/infer.yml new file mode 100644 index 00000000..a0247172 --- /dev/null +++ b/.github/workflows/infer.yml @@ -0,0 +1,90 @@ +name: Facebook Infer static analysis + +on: + workflow_call: + inputs: + os: + required: true + type: string + jdk_distro: + required: true + type: string + jdk_version: + required: true + type: string + wolfssl_configure: + required: true + type: string + +jobs: + build_wolfssljni: + runs-on: ${{ inputs.os }} + steps: + - uses: actions/checkout@v4 + + # Download Facebook Infer + - name: Download Infer + run: wget https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz + - name: Extract Infer + run: tar -xvf infer-linux64-v1.1.0.tar.xz + - name: Symlink Infer + run: ln -s "$GITHUB_WORKSPACE/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer + - name: Test Infer get version + run: infer --version + + # Download Junit JARs + - name: Download junit-4.13.2.jar + run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar + - name: Download hamcrest-all-1.3.jar + run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar + + # Build native wolfSSL + - name: Build native wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: wolfSSL/wolfssl + ref: master + path: wolfssl + configure: ${{ inputs.wolfssl_configure }} + check: false + install: true + + # Setup Java + - name: Setup java + uses: actions/setup-java@v4 + with: + distribution: ${{ inputs.jdk_distro }} + java-version: ${{ inputs.jdk_version }} + + - name: Set JUNIT_HOME + run: | + echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV" + - name: Set LD_LIBRARY_PATH + run: | + echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV" + + # Build wolfssljni JNI library (libwolfssljni.so) + - name: Build JNI library + run: ./java.sh $GITHUB_WORKSPACE/build-dir + + # Build wolfssljni JAR (wolfssljni.jar) + - name: Build JAR (ant) + run: ant + + # Run ant tests + - name: Run Java tests (ant test) + run: ant test + + - name: Show logs on failure + if: failure() || cancelled() + run: | + cat build/reports/*.txt + + # Run Facebook Infer + - name: Run Facebook Infer + run: ./scripts/infer.sh + + - name: Shows Infer report on failure + if: failure() + run: cat infer-out/report.txt + diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 53fb8dd8..6a2d665c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,99 +2,117 @@ name: CI on: push: - branches: [ 'master', 'main', 'release/**' ] + branches: [ 'master', 'main', 'release/**', 'inferAction' ] pull_request: branches: [ 'master' ] jobs: - # Oracle JDK (Linux, Mac) - linux-oracle: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "oracle" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} + # # Oracle JDK (Linux, Mac) + # linux-oracle: + # strategy: + # matrix: + # os: [ 'ubuntu-latest', 'macos-latest' ] + # jdk_version: [ '17', '21' ] + # wolfssl_configure: [ '--enable-jni' ] + # name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + # uses: ./.github/workflows/linux-common.yml + # with: + # os: ${{ matrix.os }} + # jdk_distro: "oracle" + # jdk_version: ${{ matrix.jdk_version }} + # wolfssl_configure: ${{ matrix.wolfssl_configure }} - # Zulu JDK (Linux, Mac) - linux-zulu: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '8', '11', '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} + # # Zulu JDK (Linux, Mac) + # linux-zulu: + # strategy: + # matrix: + # os: [ 'ubuntu-latest', 'macos-latest' ] + # jdk_version: [ '8', '11', '17', '21' ] + # wolfssl_configure: [ '--enable-jni' ] + # name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + # uses: ./.github/workflows/linux-common.yml + # with: + # os: ${{ matrix.os }} + # jdk_distro: "zulu" + # jdk_version: ${{ matrix.jdk_version }} + # wolfssl_configure: ${{ matrix.wolfssl_configure }} - # Corretto JDK (Linux, Mac) - linux-corretto: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '8', '11', '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "corretto" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} + # # Corretto JDK (Linux, Mac) + # linux-corretto: + # strategy: + # matrix: + # os: [ 'ubuntu-latest', 'macos-latest' ] + # jdk_version: [ '8', '11', '17', '21' ] + # wolfssl_configure: [ '--enable-jni' ] + # name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + # uses: ./.github/workflows/linux-common.yml + # with: + # os: ${{ matrix.os }} + # jdk_distro: "corretto" + # jdk_version: ${{ matrix.jdk_version }} + # wolfssl_configure: ${{ matrix.wolfssl_configure }} - # Temurin JDK (Linux, Mac) - linux-temurin: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '8', '11', '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "temurin" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} + # # Temurin JDK (Linux, Mac) + # linux-temurin: + # strategy: + # matrix: + # os: [ 'ubuntu-latest', 'macos-latest' ] + # jdk_version: [ '8', '11', '17', '21' ] + # wolfssl_configure: [ '--enable-jni' ] + # name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + # uses: ./.github/workflows/linux-common.yml + # with: + # os: ${{ matrix.os }} + # jdk_distro: "temurin" + # jdk_version: ${{ matrix.jdk_version }} + # wolfssl_configure: ${{ matrix.wolfssl_configure }} - # Microsoft JDK (Linux, Mac) - linux-microsoft: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "microsoft" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} + # # Microsoft JDK (Linux, Mac) + # linux-microsoft: + # strategy: + # matrix: + # os: [ 'ubuntu-latest', 'macos-latest' ] + # jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ] + # wolfssl_configure: [ '--enable-jni' ] + # name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + # uses: ./.github/workflows/linux-common.yml + # with: + # os: ${{ matrix.os }} + # jdk_distro: "microsoft" + # jdk_version: ${{ matrix.jdk_version }} + # wolfssl_configure: ${{ matrix.wolfssl_configure }} - # -------------------- enable-all sanity checks ----------------------- - # Only check one Linux and Mac JDK version with --enable-jni --enable-all - # as sanity. Using Zulu, but this can be expanded if needed. - linux-zulu-all: + # # -------------------- enable-all sanity checks ----------------------- + # # Only check one Linux and Mac JDK version with --enable-jni --enable-all + # # as sanity. Using Zulu, but this can be expanded if needed. + # linux-zulu-all: + # strategy: + # matrix: + # os: [ 'ubuntu-latest', 'macos-latest' ] + # jdk_version: [ '11' ] + # wolfssl_configure: [ '--enable-jni --enable-all' ] + # name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + # uses: ./.github/workflows/linux-common.yml + # with: + # os: ${{ matrix.os }} + # jdk_distro: "zulu" + # jdk_version: ${{ matrix.jdk_version }} + # wolfssl_configure: ${{ matrix.wolfssl_configure }} + + # ------------------ Facebook Infer static analysis ------------------- + # Run Facebook infer over PR code, only running on Linux with one + # JDK/version for now. + fb-infer: strategy: matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] + os: [ 'ubuntu-latest' ] jdk_version: [ '11' ] wolfssl_configure: [ '--enable-jni --enable-all' ] - name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml + name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }}) + uses: ./.github/workflows/infer.yml with: os: ${{ matrix.os }} jdk_distro: "zulu" jdk_version: ${{ matrix.jdk_version }} wolfssl_configure: ${{ matrix.wolfssl_configure }} + diff --git a/scripts/infer.sh b/scripts/infer.sh index 46b3975f..c11057fd 100755 --- a/scripts/infer.sh +++ b/scripts/infer.sh @@ -13,10 +13,26 @@ # $ cd wolfssljni # $ ./scripts/infer.sh # -# wolfSSL Inc, May 2023 +# By default the generated output and logs from Infer will be deleted. To keep +# them, pass 'keep' to the script: # +# $ ./scripts/infer.sh keep +# +# wolfSSL Inc, April 2024 +# +# + +# These variables may be overridden on the command line. +KEEP="${KEEP:-no}" -infer run -- javac \ +while [ "$1" ]; do + if [ "$1" = 'keep' ]; then + KEEP='yes'; + fi + shift +done + +infer --fail-on-issue run -- javac \ src/java/com/wolfssl/WolfSSL.java \ src/java/com/wolfssl/WolfSSLALPNSelectCallback.java \ src/java/com/wolfssl/WolfSSLCertManager.java \ @@ -78,9 +94,18 @@ infer run -- javac \ src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java \ src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java +RETVAL=$? + # remove compiled class files rm -r ./com # remove infer out directory (comment this out to inspect logs if needed) -rm -r ./infer-out +if [ "$RETVAL" == '0' ] && [ "$KEEP" == 'no' ]; then + rm -r ./infer-out +fi + +if [ "$RETVAL" == '2' ]; then + # GitHub Actions expects return of 1 to mark step as failure + exit 1 +fi From b5090598a5e79a542c0d7267f8f8104d5372d2ce Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 22 Apr 2024 15:58:31 -0600 Subject: [PATCH 2/2] JSSE: fix for Infer warning about javaVersion being null in WolfSSLEngineHelper --- .github/workflows/main.yml | 174 +++++++++--------- .../provider/jsse/WolfSSLEngineHelper.java | 5 + 2 files changed, 92 insertions(+), 87 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6a2d665c..983837d0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,102 +2,102 @@ name: CI on: push: - branches: [ 'master', 'main', 'release/**', 'inferAction' ] + branches: [ 'master', 'main', 'release/**' ] pull_request: branches: [ 'master' ] jobs: - # # Oracle JDK (Linux, Mac) - # linux-oracle: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '17', '21' ] - # wolfssl_configure: [ '--enable-jni' ] - # name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "oracle" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} + # Oracle JDK (Linux, Mac) + linux-oracle: + strategy: + matrix: + os: [ 'ubuntu-latest', 'macos-latest' ] + jdk_version: [ '17', '21' ] + wolfssl_configure: [ '--enable-jni' ] + name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + uses: ./.github/workflows/linux-common.yml + with: + os: ${{ matrix.os }} + jdk_distro: "oracle" + jdk_version: ${{ matrix.jdk_version }} + wolfssl_configure: ${{ matrix.wolfssl_configure }} - # # Zulu JDK (Linux, Mac) - # linux-zulu: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '8', '11', '17', '21' ] - # wolfssl_configure: [ '--enable-jni' ] - # name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "zulu" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} + # Zulu JDK (Linux, Mac) + linux-zulu: + strategy: + matrix: + os: [ 'ubuntu-latest', 'macos-latest' ] + jdk_version: [ '8', '11', '17', '21' ] + wolfssl_configure: [ '--enable-jni' ] + name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + uses: ./.github/workflows/linux-common.yml + with: + os: ${{ matrix.os }} + jdk_distro: "zulu" + jdk_version: ${{ matrix.jdk_version }} + wolfssl_configure: ${{ matrix.wolfssl_configure }} - # # Corretto JDK (Linux, Mac) - # linux-corretto: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '8', '11', '17', '21' ] - # wolfssl_configure: [ '--enable-jni' ] - # name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "corretto" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} + # Corretto JDK (Linux, Mac) + linux-corretto: + strategy: + matrix: + os: [ 'ubuntu-latest', 'macos-latest' ] + jdk_version: [ '8', '11', '17', '21' ] + wolfssl_configure: [ '--enable-jni' ] + name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + uses: ./.github/workflows/linux-common.yml + with: + os: ${{ matrix.os }} + jdk_distro: "corretto" + jdk_version: ${{ matrix.jdk_version }} + wolfssl_configure: ${{ matrix.wolfssl_configure }} - # # Temurin JDK (Linux, Mac) - # linux-temurin: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '8', '11', '17', '21' ] - # wolfssl_configure: [ '--enable-jni' ] - # name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "temurin" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} + # Temurin JDK (Linux, Mac) + linux-temurin: + strategy: + matrix: + os: [ 'ubuntu-latest', 'macos-latest' ] + jdk_version: [ '8', '11', '17', '21' ] + wolfssl_configure: [ '--enable-jni' ] + name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + uses: ./.github/workflows/linux-common.yml + with: + os: ${{ matrix.os }} + jdk_distro: "temurin" + jdk_version: ${{ matrix.jdk_version }} + wolfssl_configure: ${{ matrix.wolfssl_configure }} - # # Microsoft JDK (Linux, Mac) - # linux-microsoft: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ] - # wolfssl_configure: [ '--enable-jni' ] - # name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "microsoft" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} + # Microsoft JDK (Linux, Mac) + linux-microsoft: + strategy: + matrix: + os: [ 'ubuntu-latest', 'macos-latest' ] + jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ] + wolfssl_configure: [ '--enable-jni' ] + name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + uses: ./.github/workflows/linux-common.yml + with: + os: ${{ matrix.os }} + jdk_distro: "microsoft" + jdk_version: ${{ matrix.jdk_version }} + wolfssl_configure: ${{ matrix.wolfssl_configure }} - # # -------------------- enable-all sanity checks ----------------------- - # # Only check one Linux and Mac JDK version with --enable-jni --enable-all - # # as sanity. Using Zulu, but this can be expanded if needed. - # linux-zulu-all: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '11' ] - # wolfssl_configure: [ '--enable-jni --enable-all' ] - # name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "zulu" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} + # -------------------- enable-all sanity checks ----------------------- + # Only check one Linux and Mac JDK version with --enable-jni --enable-all + # as sanity. Using Zulu, but this can be expanded if needed. + linux-zulu-all: + strategy: + matrix: + os: [ 'ubuntu-latest', 'macos-latest' ] + jdk_version: [ '11' ] + wolfssl_configure: [ '--enable-jni --enable-all' ] + name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) + uses: ./.github/workflows/linux-common.yml + with: + os: ${{ matrix.os }} + jdk_distro: "zulu" + jdk_version: ${{ matrix.jdk_version }} + wolfssl_configure: ${{ matrix.wolfssl_configure }} # ------------------ Facebook Infer static analysis ------------------- # Run Facebook infer over PR code, only running on Linux with one diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java index 257eec22..497cac08 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java @@ -204,6 +204,11 @@ private String GetKeyAndCertChainAlias(X509KeyManager km, Socket sock, return null; } + /* If javaVersion is null, set to empty string */ + if (javaVersion == null) { + javaVersion = ""; + } + /* We only load keys from algorithms enabled in native wolfSSL, * and in the priority order of ECC first, then RSA. JDK 1.7.0_201 * and 1.7.0_171 have a bug that causes PrivateKey.getEncoded() to