@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { if(isSourceMethod(v)) { StringConstant newSourceValue = StringConstant.v("loggingPoint"); SMTBinding binding = stmtVisitor.createNewBindingForValue(newSourceValue); stmtVisitor.addValueBindingToVariableDeclaration(newSourceValue, binding); //no smt-statement required, just return the binding this.result = binding; // Additionally check whether the source method need special treatment if(isExpressionThatNeedsToBeConvertedToSMT(v)) { convertSpecialExpressionsToSMT(v, currentStatement); } } else if(isExpressionThatNeedsToBeConvertedToSMT(v)){ convertSpecialExpressionsToSMT(v, currentStatement); }else{ //just propagate the taint value of previous statement Stmt prevStmt = stmtVisitor.getPreviousDataFlowPathElement(currentStatement); if(prevStmt == null) throw new RuntimeException("there is no previous statement"); else{ this.result = stmtVisitor.getBindingForTaintedValue(prevStmt); if(this.result == null) throw new RuntimeException("double check this here"); } } }
@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr iie) { BuilderMethodReference method = DexPrinter.toMethodReference (iie.getMethodRef(), dexFile); List<Register> arguments = getInstanceInvokeArgumentRegs(iie); stmtV.addInsn(buildInvokeInsn("INVOKE_INTERFACE", method, arguments), origStmt); }
/** * Returns the arguments associated with a method descriptor. * * @param signatureToMethodDescriptionMap A map from signatures to method descriptors. * @param invokeExpr An invoke expression. * @return An array of arguments if arguments are found for the method descriptor, null otherwise. */ private Argument[] getArgumentsFromMethodDescription( Map<String, MethodDescription> signatureToMethodDescriptionMap, InvokeExpr invokeExpr) { SootMethod method = invokeExpr.getMethod(); String signature = method.getSignature(); MethodDescription methodDescription = signatureToMethodDescriptionMap.get(signature); if (methodDescription != null) { return methodDescription.getArguments(); } signature = method.getSubSignature(); methodDescription = signatureToMethodDescriptionMap.get(signature); if (methodDescription == null) { return null; } String superclassName = methodDescription.getBaseClass(); if (superclassName == null || !Scene.v().containsClass(superclassName) || invokeExpr instanceof InterfaceInvokeExpr) { return null; } SootClass superclass = Scene.v().getSootClass(superclassName); String baseType; if (invokeExpr instanceof InstanceInvokeExpr) { Value baseValue = ((InstanceInvokeExpr) invokeExpr).getBase(); baseType = baseValue.getType().toString(); } else { baseType = invokeExpr.getMethod().getDeclaringClass().getName(); } if (Scene.v().containsClass(baseType) && Scene.v().getActiveHierarchy() .isClassSubclassOfIncluding(Scene.v().getSootClass(baseType), superclass)) { return methodDescription.getArguments(); } else { return null; } }
/** * Launch the call rules on a given invoke expression. * @param ad context of analysis * @param ie the instruction (expression) under study * @param st the statement that contains the invoke. * @throws Alert if anything goes wrong */ public void spy(MethodSpyAnalysis ad, InvokeExpr ie, Unit st) throws Alert { SootMethod m = ie.getMethod(); try { HashSet<SpyMethod> todolist = new HashSet<SpyMethod>(); if (ie instanceof InstanceInvokeExpr) { if (ie instanceof InterfaceInvokeExpr || m.getSignature().equals(NEW_INSTANCE_SIGNATURE)) { solveMethod(m,todolist); } for(Iterator <Edge> it = callgraph.edgesOutOf(st); it.hasNext();) { SootMethod tgt = it.next().tgt(); solveMethod(tgt,todolist); } } else { solveMethod(m,todolist); } if (todolist.size() > 0) { for(SpyMethod def : todolist) { def.spy(ad, ie, st); } } } catch (Exception e) { e.printStackTrace(Out.getLog()); throw Alert.raised(e, "Error in spy: " + e.getMessage() + " in unit " + ie + " in method " + ad.method); } }
@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { rightElement = RightElement.NOT; logger.fine("Invoke expression is of type InterfaceInvoke"); if (actualContext == StmtContext.ASSIGNRIGHT) { throw new NotSupportedStmtException("InterfaceInvokeExpression"); } }
public static void main(String[] args) { PackManager.v().getPack("wjtp").add(new Transform("wjtp.onflyicfg", new SceneTransformer() { @Override protected void internalTransform(String phaseName, Map<String, String> options) { if (Scene.v().hasCallGraph()) throw new RuntimeException("call graph present!"); loadAllClassesOnClassPathToSignatures(); SootMethod mainMethod = Scene.v().getMainMethod(); JitIcfg icfg = new JitIcfg(mainMethod); Set<SootMethod> worklist = new LinkedHashSet<SootMethod>(); Set<SootMethod> visited = new HashSet<SootMethod>(); worklist.add(mainMethod); int monomorphic = 0, polymorphic = 0; while (!worklist.isEmpty()) { Iterator<SootMethod> iter = worklist.iterator(); SootMethod currMethod = iter.next(); iter.remove(); visited.add(currMethod); System.err.println(currMethod); // MUST call this method to initialize ICFG for // every method Body body = currMethod.getActiveBody(); if (body == null) continue; for (Unit u : body.getUnits()) { Stmt s = (Stmt) u; if (s.containsInvokeExpr()) { Set<SootMethod> calleesOfCallAt = icfg.getCalleesOfCallAt(s); if (s.getInvokeExpr() instanceof VirtualInvokeExpr || s.getInvokeExpr() instanceof InterfaceInvokeExpr) { if (calleesOfCallAt.size() <= 1) monomorphic++; else polymorphic++; System.err.println("mono: " + monomorphic + " poly: " + polymorphic); } for (SootMethod callee : calleesOfCallAt) { if (!visited.contains(callee)) { System.err.println(callee); // worklist.add(callee); } } } } } } })); Options.v().set_on_the_fly(true); soot.Main.main(args); }
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr expr) { caseInstanceInvokeExpr(expr); }
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { printInvokeExpr(v); }
public static void main(String[] args) { PackManager.v().getPack("wjtp").add(new Transform("wjtp.onflyicfg", new SceneTransformer() { @Override protected void internalTransform(String phaseName, Map<String, String> options) { if(Scene.v().hasCallGraph()) throw new RuntimeException("call graph present!"); loadAllClassesOnClassPathToSignatures(); SootMethod mainMethod = Scene.v().getMainMethod(); OnTheFlyJimpleBasedICFG icfg = new OnTheFlyJimpleBasedICFG(mainMethod); Set<SootMethod> worklist = new LinkedHashSet<SootMethod>(); Set<SootMethod> visited = new HashSet<SootMethod>(); worklist.add(mainMethod); int monomorphic = 0, polymorphic = 0; while(!worklist.isEmpty()) { Iterator<SootMethod> iter = worklist.iterator(); SootMethod currMethod = iter.next(); iter.remove(); visited.add(currMethod); System.err.println(currMethod); //MUST call this method to initialize ICFG for every method Body body = currMethod.getActiveBody(); if(body==null) continue; for(Unit u: body.getUnits()) { Stmt s = (Stmt)u; if(s.containsInvokeExpr()) { Set<SootMethod> calleesOfCallAt = icfg.getCalleesOfCallAt(s); if(s.getInvokeExpr() instanceof VirtualInvokeExpr || s.getInvokeExpr() instanceof InterfaceInvokeExpr) { if(calleesOfCallAt.size()<=1) monomorphic++; else polymorphic++; System.err.println("mono: "+monomorphic+" poly: "+polymorphic); } for (SootMethod callee : calleesOfCallAt) { if(!visited.contains(callee)) { System.err.println(callee); //worklist.add(callee); } } } } } } })); Options.v().set_on_the_fly(true); soot.Main.main(args); }
@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr arg0) { throw new RuntimeException("This must be handeled by SootStmtSwitch!"); }
private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg, Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){ if(isMethodInterComponentSink(sinkExpr.getMethod())){ SootMethod method = cfg.getMethodOf(unit); Body body = null; if(method.hasActiveBody()) body = method.retrieveActiveBody(); else throw new RuntimeException("No body found!"); Set<String> sourceCategories = getDataIdList(sourceInfo); final String hashSetType = "java.util.HashSet"; List<Unit> generated = new ArrayList<Unit>(); //HashSet initialization Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType)); NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType)); AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr); generated.add(assignStmt); //constructor call SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef()); InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall); generated.add(constructorCallStmt); //add categories to HashSet for(String cat : sourceCategories){ InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat)); InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall); generated.add(addCallStmt); } //get Intent Value intent = sinkExpr.getArg(0); List<Object> args = new ArrayList<Object>(); args.add(RefType.v("android.content.Intent")); args.add(intent); args.add(RefType.v(hashSetType)); args.add(hashSetLocal); StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr( Settings.INSTRUMENTATION_HELPER_JAVA, "addTaintInformationToIntent", args); InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie); generated.add(invStmt); return generated; } return Collections.emptyList(); }
@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { throwInvalidWriteException(v); }
@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { handleBase(v.getBase()); handleInvoke(v); }
/** * Computes the targets of an invoke expression using a given points-to graph. * * <p>For static invocations, there is only target. For instance method * invocations, the targets depend on the type of receiver objects pointed-to * by the instance variable whose method is being invoked.</p> * * <p>If the instance variable points to a summary node, then the returned * value is <tt>null</tt> signifying a <em>default</em> call-site.</p> */ private Set<SootMethod> getTargets(SootMethod callerMethod, Stmt callStmt, InvokeExpr ie, PointsToGraph ptg) { Set<SootMethod> targets = new HashSet<SootMethod>(); SootMethod invokedMethod = ie.getMethod(); String subsignature = invokedMethod.getSubSignature(); // Static and special invocations refer to the target method directly if (ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr) { targets.add(invokedMethod); return targets; } else { assert (ie instanceof InterfaceInvokeExpr || ie instanceof VirtualInvokeExpr); // Get the receiver Local receiver = (Local) ((InstanceInvokeExpr) ie).getBase(); // Get what objects the receiver points-to Set<AnyNewExpr> heapNodes = ptg.getTargets(receiver); if (heapNodes != null) { // For each object, find the invoked method for the declared type for (AnyNewExpr heapNode : heapNodes) { if (heapNode == PointsToGraph.SUMMARY_NODE) { // If even one pointee is a summary node, then this is a default site return null; } else if (heapNode instanceof NewArrayExpr) { // Probably getClass() or something like that on an array return null; } // Find the top-most class that declares a method with the given // signature and add it to the resulting targets SootClass sootClass = ((RefType) heapNode.getType()).getSootClass(); do { if (sootClass.declaresMethod(subsignature)) { targets.add(sootClass.getMethod(subsignature)); break; } else if (sootClass.hasSuperclass()) { sootClass = sootClass.getSuperclass(); } else { sootClass = null; } } while (sootClass != null); } } if (targets.isEmpty()) { // System.err.println("Warning! Null call at: " + callStmt+ " in " + callerMethod); } return targets; } }
/** * Looks up the <em>security level</em> of the given invoke expression with * the type {@link InterfaceInvokeExpr} and stores the resulting level in * {@link SecurityLevelValueReadSwitch#level}. Also the parameter * <em>security level</em> and the <em>write effects</em> will be handled. * Additionally, the base of the invoke expression will be checked and if * the level of the base if stronger than the resulting * <em>security level</em> of the invoke expression, then this base * <em>security level</em> will be stored in * {@link SecurityLevelValueReadSwitch#level}. * * @param v * The invoke expression, for which the level should be looked * up. * @see soot.jimple.ExprSwitch#caseInterfaceInvokeExpr(soot.jimple.InterfaceInvokeExpr) * @see SecurityLevelValueReadSwitch#handleInvokeExpr(InvokeExpr) * @see SecurityLevelValueReadSwitch#handleBase(Value, Value) */ @Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { handleInvokeExpr(v); Value base = v.getBase(); handleBase(base, v); }
/** * The method should update the <em>security level</em> of an invoke * expression with type {@link InterfaceInvokeExpr}, but it is not possible * to update the level of an invoke expression. * * @param v * The invoke expression for which the <em>security level</em> * should be updated. * @see soot.jimple.ExprSwitch#caseInterfaceInvokeExpr(soot.jimple.InterfaceInvokeExpr) * @throws InvalidSwitchException * Always, because the update is not possible. */ @Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { throw new SwitchException(getMsg("exception.analysis.switch.update_error", this.getClass().getSimpleName(), v.getClass().getSimpleName(), v.toString(), getSourceLine())); }
/** * DOC * * @see soot.jimple.ExprSwitch#caseInterfaceInvokeExpr(soot.jimple.InterfaceInvokeExpr) */ @Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { this.extractor.addMethodEnvironmentForMethod(v.getMethod()); }
