Output Integrity Check: Reflect structural variations.

nuthub · nuthub · commit f026c53ec1f5 · 2026-03-23T10:24:07.000+01:00
Models created by recent Papyrus Version have a Package element as
Package, while models created with older versions have a Model element
as Package.

Furthermore: report messages rephrased.
diff --git a/plugins/carisma.check.mltop10checks/src/carisma/check/mltop10checks/outputintegrity/OutputIntegrityCheck.java b/plugins/carisma.check.mltop10checks/src/carisma/check/mltop10checks/outputintegrity/OutputIntegrityCheck.java
@@ -7,7 +7,6 @@
 import org.eclipse.uml2.uml.CommunicationPath;
 import org.eclipse.uml2.uml.Dependency;
 import org.eclipse.uml2.uml.Deployment;
-import org.eclipse.uml2.uml.Model;
 import org.eclipse.uml2.uml.NamedElement;
 import org.eclipse.uml2.uml.Node;
 
@@ -16,7 +15,8 @@
 import carisma.profile.umlsec.mltop10.MLTop10Util;
 
 /**
- * analyzes an deployment diagram with respect to output integrity rules.
+ * This check analyzes a deployment diagram with respect to output integrity
+ * rules.
  * 
  * @author Alexander Peikert
  * @author Julian Flake
@@ -33,7 +33,8 @@ public boolean runCheck() {
 
 		// ---------------------------------------------------------
 		// populate collections
-		Set<Model> aiscenarios = MLTop10Util.getStereotypedElements(modelEl, Model.class, MLTop10.SecureAIScenario);
+		Set<NamedElement> aiscenarios = MLTop10Util.getStereotypedElements(modelEl, NamedElement.class,
+				MLTop10.SecureAIScenario);
 		Set<Artifact> mlmodels = MLTop10Util.getStereotypedElements(modelEl, Artifact.class, MLTop10.MLModel);
 		Set<Artifact> aiapplications = MLTop10Util.getStereotypedElements(modelEl, Artifact.class,
 				MLTop10.AIApplication);
@@ -70,7 +71,7 @@ public boolean runCheck() {
 		// 1. Using Cryptographic Methods
 		for (Artifact el : aiapplications) {
 			if (!MLTop10Util.isTaggedValueTrue(el, MLTop10.AIApplication, "CheckModelResultAuthenticity")) {
-				this.addError("1. AI Application '" + el.getName() + "' does not check for model result authenticity.");
+				this.addError("1: AI Application '" + el.getName() + "' does not check for model result authenticity.");
 			}
 		}
 
@@ -93,13 +94,15 @@ public boolean runCheck() {
 					if (MLTop10Util.getMemberNodes(path).containsAll(Arrays.asList(fromNode, toNode))) {
 						// integrity on relevant paths?
 						if (!MLTop10Util.hasStereotype(path, MLTop10.Integrity)) {
-							this.addError("2: There is a dependency between " + from.getName() + " and " + to.getName()
-									+ ", but the communication path between the nodes these artifacts are deployed to, does not fulfill 'integrity'.");
+							this.addError("2: There is a dependency between '" + from.getName() + "' and '"
+									+ to.getName()
+									+ "', but the communication path between the nodes these artifacts are deployed to, does not fulfill 'integrity'.");
 						}
 						// secrecy on relevant paths?
 						if (!MLTop10Util.hasStereotype(path, MLTop10.Secrecy)) {
-							this.addError("2. There is a dependency between " + from.getName() + " and " + to.getName()
-									+ ", but the communication path between the nodes these artifacts are deployed to, does not fulfill 'secrecy'.");
+							this.addError("2: There is a dependency between '" + from.getName() + "' and '"
+									+ to.getName()
+									+ "', but the communication path between the nodes these artifacts are deployed to, does not fulfill 'secrecy'.");
 						}
 					}
 				}
@@ -126,25 +129,25 @@ public boolean runCheck() {
 		// 5. Regular Software Updates
 		for (NamedElement el : aiscenarios) {
 			if (!MLTop10Util.isTaggedValueTrue(el, MLTop10.SecureAIScenario, "KeepPackagesVersionsUpToDate")) {
-				this.addError("5: " + el.getName() + " packages are not kept up to date.");
+				this.addError("5: Packages in Secure AI Scenario '" + el.getName() + "' are not kept up to date.");
 			}
 		}
 
 		// ---------------------------------------------------------
 		// 6. Monitoring and Auditing
 		for (Artifact el : mlmodels) {
 			if (!MLTop10Util.isTaggedValueTrue(el, MLTop10.MLModel, "RegularAuditAndMonitoring")) {
-				this.addError("6: ML Model '" + el.getName() + "' does not perform regular audit and monitoring.");
+				this.addError("6: ML Model '" + el.getName() + "' is not regularly audited and monitored.");
 			}
 		}
 
 		// ---------------------------------------------------------
 		// Overall result
 		if (this.errorDetected) {
-			this.addError("=> An Output Integrity Attack is potentially possible!");
+			this.addError("Result: An Output Integrity Attack is potentially possible!");
 			return false;
 		}
-		this.addInfo("=> No vulnerabilities for Output Integrity Attacks detected.");
+		this.addInfo("Result: No vulnerabilities for Output Integrity Attacks detected.");
 		return true;
 	}
 
