Java 类soot.jimple.infoflow.results.ResultSourceInfo 实例源码
项目:FuzzDroid
文件:SMTPreparationPhase.java
private ResultSourceInfo findDataFlowPathForSink(Stmt sinkStmt, Local sinkLokal, List<ResultSourceInfo> allDataFlows) {
for(ResultSourceInfo singleFlow : allDataFlows){
Stmt[] statements = singleFlow.getPath();
AccessPath[] accessPath = singleFlow.getPathAccessPaths();
for(int i = 0; i < statements.length; i++) {
Stmt currentStmt = statements[i];
if(currentStmt == sinkStmt) {
if(accessPath[i].getPlainValue() == sinkLokal)
return singleFlow;
}
else if(currentStmt instanceof AssignStmt) {
AssignStmt assignStmt = (AssignStmt)currentStmt;
Value lhs = assignStmt.getLeftOp();
if(lhs == sinkLokal)
return singleFlow;
}
}
}
return null;
}
项目:JAADAS
文件:Test.java
@Override
public void onResultsAvailable(
IInfoflowCFG cfg, InfoflowResults results) {
// Dump the results
if (results == null) {
print("No results found.");
}
else {
for (ResultSinkInfo sink : results.getResults().keySet()) {
print("Found a flow to sink " + sink + ", from the following sources:");
for (ResultSourceInfo source : results.getResults().get(sink)) {
print("\t- " + source.getSource() + " (in "
+ cfg.getMethodOf(source.getSource()).getSignature() + ")");
if (source.getPath() != null && !source.getPath().isEmpty())
print("\t\ton Path " + source.getPath());
}
}
}
}
项目:soot-infoflow-android-iccta
文件:FlowDroidLauncher.java
@Override
public void onResultsAvailable(
IInfoflowCFG cfg, InfoflowResults results) {
// Dump the results
if (results == null) {
print("No results found.");
}
else {
Test.cfg = cfg;
Test.results = results;
for (ResultSinkInfo sink : results.getResults().keySet()) {
print("Found a flow to sink " + sink + ", from the following sources:");
for (ResultSourceInfo source : results.getResults().get(sink)) {
print("\t- " + source.getSource() + " (in "
+ cfg.getMethodOf(source.getSource()).getSignature() + ")");
if (source.getPath() != null)
print("\t\ton Path " + Arrays.toString(source.getPath()));
}
}
}
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
/**
* This method iterates over all sources from the FlowDroid-results and extracts the
* category of the specific source. If there is no category found, it will return an empty set,
* otherwise the correct categories will be added.
* @param sourcesInfo: all possible sources from which we try to identify the category
* @return: set of categories for specific sink
*/
private Set<String> getDataIdList(Set<ResultSourceInfo> sourcesInfo){
Set<String> dataIdList = new HashSet<String>();
for(ResultSourceInfo sInfo : sourcesInfo){
if(sInfo.getSource().containsInvokeExpr()){
InvokeExpr invExpr = sInfo.getSource().getInvokeExpr();
for(SourceSinkDefinition meth : sources) {
AndroidMethod am = (AndroidMethod) meth.getMethod();
if(am.getSignature().equals(invExpr.getMethod().getSignature())) {
dataIdList.add(am.getCategory().toString());
}
}
}
else if (isSourceInfoParameter(sInfo)){
dataIdList.add(unknownCategory);
}
else
throw new RuntimeException("Currently not supported");
}
return dataIdList;
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
private String getSourceCategory(ResultSourceInfo sourceInfo){
if(sourceInfo.getSource().containsInvokeExpr()){
InvokeExpr invExpr = sourceInfo.getSource().getInvokeExpr();
for(SourceSinkDefinition meth : sources) {
AndroidMethod am = (AndroidMethod) meth.getMethod();
if(am.getSignature().equals(invExpr.getMethod().getSignature())){
return am.getCategory().toString();
}
}
}
else if(isSourceInfoParameter(sourceInfo)){
return unknownCategory;
}
else
throw new RuntimeException("Currently not supported");
return null;
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
/**
* Return true if the method corresponding to the source 'si' is an
* Inter Component Communication source method such as "Intent.getExtras()".
* @param si
* @param cfg
* @return
*/
private boolean isInterComponentSourceNoCallback(ResultSourceInfo si, BiDiInterproceduralCFG<Unit, SootMethod> cfg){
if(!si.getSource().containsInvokeExpr())
return false;
InvokeExpr invExpr = si.getSource().getInvokeExpr();
SootMethod sm = invExpr.getMethod();
for(SourceSinkDefinition meth : sources){
AndroidMethod am = (AndroidMethod) meth.getMethod();
if(am.getCategory() == CATEGORY.INTER_APP_COMMUNICATION){
if(am.getSubSignature().equals(sm.getSubSignature())) {
log.info("source is: "+ am);
return true;
}
}
}
return false;
}
项目:FuzzDroid
文件:UtilSMT.java
public static Set<ResultSourceInfo> removeDuplicatedFlows(Set<ResultSourceInfo> allDataFlows) {
Set<ResultSourceInfo> copy = new HashSet<ResultSourceInfo>(allDataFlows);
for(ResultSourceInfo dataFlow1 : allDataFlows) {
Stmt[] dataFlowPath1 = dataFlow1.getPath();
for(ResultSourceInfo dataFlow2 : allDataFlows) {
Stmt[] dataFlowPath2 = dataFlow2.getPath();
if(dataFlowPath1 != dataFlowPath2 &&
Arrays.asList(dataFlowPath2).containsAll(Arrays.asList(dataFlowPath1)))
copy.remove(dataFlow1);
}
}
return copy;
}
项目:FuzzDroid
文件:SMTPreparationPhase.java
public Set<ResultSourceInfo> prepareDataFlowPathsForSMTConverter() {
//This step is necessary for storing the ResultSourceInfo elements into a set
//The result ResultSourceInfo object does only represent a source and not the dataflow.
//But with the PathAgnosticResults flag, one can force the ResultSourceInfo object
//to consider the path (see equals method)
InfoflowConfiguration.setPathAgnosticResults(false);
//control flow involved
return prepareDataFlowsDependingOnControlFlow(results, FrameworkOptions.mergeDataFlows);
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
private boolean isInterComponentSourceCallback(ResultSourceInfo si,
BiDiInterproceduralCFG<Unit, SootMethod> cfg){
if(isSourceInfoParameter(si)){
SootMethod sm = cfg.getMethodOf(si.getSource());
if(entryPointCreator.getCallbackFunctions().containsKey(sm.getDeclaringClass())){
if(entryPointCreator.getCallbackFunctions().get(sm.getDeclaringClass()).contains(sm.getSignature()))
return true;
}
}
return false;
}
项目:FuzzDroid
文件:SMTPreparationPhase.java
private static ResultSourceInfo mergeDataFlowsIntoSingleDataFlow(Stmt statementToEnrich, ResultSourceInfo originalPath, ResultSourceInfo pathToMerge) {
List<Stmt> pathStmts = new ArrayList<Stmt>(Arrays.asList(originalPath.getPath()));
List<AccessPath> accessPaths = new ArrayList<AccessPath>(Arrays.asList(originalPath.getPathAccessPaths()));
List<Stmt> pathToMergeStmts = new ArrayList<Stmt>(Arrays.asList(pathToMerge.getPath()));
List<AccessPath> pathToMergeAccessPaths = new ArrayList<AccessPath>(Arrays.asList(pathToMerge.getPathAccessPaths()));
int index = pathStmts.indexOf(statementToEnrich);
// if(index < 0)
// throw new RuntimeException("Woops, there is something wonkey here");
//
// for(int i = 0; i < pathToMergeStmts.size(); i++) {
// pathStmts.add(index, pathToMergeStmts.get(i));
// accessPaths.add(index, pathToMergeAccessPaths.get(i));
// index +=1;
// }
List<Pair<Stmt,AccessPath>> dataToMerge = new ArrayList<Pair<Stmt,AccessPath>>();
int position;
for(position = 0; position < pathToMergeStmts.size(); position++) {
if(pathStmts.contains(pathToMergeStmts.get(position)) && !dataToMerge.isEmpty()) {
int indexToInsertBefore = pathStmts.indexOf(pathToMergeStmts.get(position));
indexToInsertBefore -= 1;
// for(Pair<Stmt,AccessPath> pair : dataToMerge) {
// pathStmts.add(indexToInsertBefore, pair.getFirst());
// accessPaths.add(indexToInsertBefore, pair.getSecond());
// ++indexToInsertBefore;
// }
}
else if(!pathStmts.contains(pathToMergeStmts.get(position))) {
dataToMerge.add(new Pair<Stmt,AccessPath>(pathToMergeStmts.get(position), pathToMergeAccessPaths.get(position)));
}
}
if(!dataToMerge.isEmpty()) {
for(Pair<Stmt,AccessPath> pair : dataToMerge) {
pathStmts.add(index, pair.getFirst());
accessPaths.add(index, pair.getSecond());
++index;
}
}
return new ResultSourceInfo(accessPaths.get(0), pathStmts.get(0), null, pathStmts, accessPaths);
}
项目:FuzzDroid
文件:SmartConstantDataExtractorFuzzyAnalysis.java
private void standardDataFlowToSMTConvertion(ResultSourceInfo dataFlow, IInfoflowCFG cfg, Set<ResultSourceInfo> preparedDataFlowsForSMT, Table<Stmt, Integer, Set<String>> splitInfos) {
SMTConverter converter = new SMTConverter(sources);
for(int i = 0; i < dataFlow.getPath().length; i++) {
System.out.println("\t" + dataFlow.getPath()[i]);
System.out.println("\t\t" + dataFlow.getPathAccessPaths()[i]);
}
converter.convertJimpleToSMT(dataFlow.getPath(),
dataFlow.getPathAccessPaths(), targetUnits, cfg, splitInfos);
dataFlowsToSMTPrograms.put(new DataFlowObject(dataFlow.getPath()), converter.getSmtPrograms());
//dynamic value information
dynamicValueInfos.putAll(converter.getDynamicValueInfos());
converter.printProgramToCmdLine();
File z3str2Script = new File(FrameworkOptions.Z3SCRIPT_LOCATION);
if(!z3str2Script.exists())
throw new RuntimeException("There is no z3-script available");
SMTExecutor smtExecutor = new SMTExecutor(converter.getSmtPrograms(), z3str2Script);
Set<File> smtFiles = smtExecutor.createSMTFile();
Set<Object> values = new HashSet<Object>();
for(File smtFile : smtFiles) {
String loggingPointValue = smtExecutor.executeZ3str2ScriptAndExtractLoggingPointValue(smtFile);
if(loggingPointValue != null) {
loggingPointValue = fixSMTSolverIntegerOutput(loggingPointValue, dataFlow.getPath()[0]);
//SMT solver only returns hex-based UTF-8 values in some cases; we fixed this with our own hexToUnicode converter
if(loggingPointValue != null && loggingPointValue.contains("\\x"))
addAdditionalUnicodeValue(loggingPointValue, values);
if(loggingPointValue != null)
values.add(loggingPointValue);
System.out.println(String.format("Extracted loggingpoint-value: %s", loggingPointValue));
}
}
System.out.println("####################################");
//add values to fuzzy-seed
Stmt stmt = dataFlow.getSource();
CodePosition position = codePositionManager.getCodePositionForUnit(stmt);
if(constantBasedValuesToFuzz.containsKey(position.getID()))
constantBasedValuesToFuzz.get(position.getID()).addAll(values);
else
constantBasedValuesToFuzz.put(position.getID(), values);
}
项目:FuzzDroid
文件:SmartConstantDataExtractorFuzzyAnalysis.java
private void splitAPI_DataFlowtoSMTConvertion(ResultSourceInfo dataFlow, IInfoflowCFG cfg, Set<ResultSourceInfo> preparedDataFlowsForSMT, Table<Stmt, Integer, Set<String>> splitInfos) {
SMTConverter converter = new SMTConverter(sources);
for(int i = 0; i < dataFlow.getPath().length; i++) {
System.out.println("\t" + dataFlow.getPath()[i]);
System.out.println("\t\t" + dataFlow.getPathAccessPaths()[i]);
}
//we remove the first statement (split-API method)
int n = dataFlow.getPath().length-1;
Stmt[] reducedDataFlow = new Stmt[n];
System.arraycopy(dataFlow.getPath(), 1, reducedDataFlow, 0, n);
//currently only possible if there is a constant index for the array
if(hasConstantIndexAtArrayForSplitDataFlow(reducedDataFlow)) {
String valueOfInterest = getValueOfInterestForSplitDataflow(reducedDataFlow);
converter.convertJimpleToSMT(reducedDataFlow,
dataFlow.getPathAccessPaths(), targetUnits, cfg, null);
converter.printProgramToCmdLine();
File z3str2Script = new File(FrameworkOptions.Z3SCRIPT_LOCATION);
if(!z3str2Script.exists())
throw new RuntimeException("There is no z3-script available");
SMTExecutor smtExecutor = new SMTExecutor(converter.getSmtPrograms(), z3str2Script);
Set<File> smtFiles = smtExecutor.createSMTFile();
for(File smtFile : smtFiles) {
String loggingPointValue = smtExecutor.executeZ3str2ScriptAndExtractValue(smtFile, valueOfInterest);
if(loggingPointValue != null) {
Stmt splitStmt = dataFlow.getPath()[0];
int index = getConstantArrayIndexForSplitDataFlow(reducedDataFlow);
if(splitInfos.contains(splitStmt, index))
splitInfos.get(splitStmt, index).add(loggingPointValue);
else {
Set<String> values = new HashSet<String>();
values.add(loggingPointValue);
splitInfos.put(splitStmt, index, values);
}
}
System.out.println(loggingPointValue);
}
System.out.println("####################################");
}
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
@Override
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
log.info("FlowDroid has finished. Duration: " + (System.currentTimeMillis() - Main.startTime) +" ms.");
Main.startTime = System.currentTimeMillis();
Settings.instance.setDummyMainToLibraryClass();
this.results = results;
if (log.isDebugEnabled()) {
log.debug("");
log.debug("InfoFlow Results");
MultiMap<ResultSinkInfo, ResultSourceInfo> r = results.getResults();
for (ResultSinkInfo k : r.keySet()) {
log.debug("ResultSinkInfo: "+ k);
for (ResultSourceInfo rsi: r.get(k)) {
log.debug(" source: "+ rsi);
}
}
log.debug("");
}
log.info("Starting bytecode instrumentation.");
log.info("Adding code to initialize PEPs.");
Util.initializePePInAllPossibleClasses(Settings.instance.getApkPath());
log.info("Build code for new 'WaitPDPActivity"); // building the code has to be done here (not in the Main class, otherwise Jimple validation will fail
String mainActivityClass = UpdateManifestAndCodeForWaitPDP.getMainActivityName(Settings.instance.getApkPath());
String packageName = UpdateManifestAndCodeForWaitPDP.getApplicationPackageName(Settings.instance.getApkPath());
UpdateManifestAndCodeForWaitPDP.updateWaitPDPActivity(packageName, mainActivityClass);
// update packagename in field of WaitPDP class
SootClass sc = Scene.v().getSootClass(Settings.INSTRUMENTATION_HELPER_JAVA);
SootField sf1 = sc.getFieldByName("applicationPackageName");
Util.changeConstantStringInField(sf1, packageName);
log.info("Adding Policy Enforcement Points (PEPs).");
doAccessControlChecks(cfg);
log.info("Instrumentation is done.");
if (Settings.mustOutputJimple()) {
log.info("-------- Dumping Jimple bodies.");
Main.dumpJimple();
log.info("--------");
}
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
if(isMethodInterComponentSink(sinkExpr.getMethod())){
SootMethod method = cfg.getMethodOf(unit);
Body body = null;
if(method.hasActiveBody())
body = method.retrieveActiveBody();
else
throw new RuntimeException("No body found!");
Set<String> sourceCategories = getDataIdList(sourceInfo);
final String hashSetType = "java.util.HashSet";
List<Unit> generated = new ArrayList<Unit>();
//HashSet initialization
Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
generated.add(assignStmt);
//constructor call
SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
generated.add(constructorCallStmt);
//add categories to HashSet
for(String cat : sourceCategories){
InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
generated.add(addCallStmt);
}
//get Intent
Value intent = sinkExpr.getArg(0);
List<Object> args = new ArrayList<Object>();
args.add(RefType.v("android.content.Intent"));
args.add(intent);
args.add(RefType.v(hashSetType));
args.add(hashSetLocal);
StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
Settings.INSTRUMENTATION_HELPER_JAVA,
"addTaintInformationToIntent",
args);
InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
generated.add(invStmt);
return generated;
}
return Collections.emptyList();
}
项目:DroidForce
文件:PolicyEnforcementPoint.java
private boolean isSourceInfoParameter(ResultSourceInfo sInfo) {
return sInfo.getSource() instanceof IdentityStmt
&& ((IdentityStmt) sInfo.getSource()).getRightOp() instanceof ParameterRef;
}