Java 类soot.jimple.infoflow.results.ResultSourceInfo 实例源码

项目:FuzzDroid    文件:SMTPreparationPhase.java   
private ResultSourceInfo findDataFlowPathForSink(Stmt sinkStmt, Local sinkLokal, List<ResultSourceInfo> allDataFlows) {
    for(ResultSourceInfo singleFlow : allDataFlows){
        Stmt[] statements = singleFlow.getPath();
        AccessPath[] accessPath = singleFlow.getPathAccessPaths();

        for(int i = 0; i < statements.length; i++) {    
            Stmt currentStmt = statements[i];
            if(currentStmt == sinkStmt) {
                if(accessPath[i].getPlainValue() == sinkLokal)
                    return singleFlow;
            }

            else if(currentStmt instanceof AssignStmt) {
                AssignStmt assignStmt = (AssignStmt)currentStmt;
                Value lhs = assignStmt.getLeftOp();

                if(lhs == sinkLokal)                        
                    return singleFlow;      
            }
        }
    }
    return null;
}
项目:JAADAS    文件:Test.java   
@Override
public void onResultsAvailable(
        IInfoflowCFG cfg, InfoflowResults results) {
    // Dump the results
    if (results == null) {
        print("No results found.");
    }
    else {
        for (ResultSinkInfo sink : results.getResults().keySet()) {
            print("Found a flow to sink " + sink + ", from the following sources:");
            for (ResultSourceInfo source : results.getResults().get(sink)) {
                print("\t- " + source.getSource() + " (in "
                        + cfg.getMethodOf(source.getSource()).getSignature()  + ")");
                if (source.getPath() != null && !source.getPath().isEmpty())
                    print("\t\ton Path " + source.getPath());
            }
        }
    }
}
项目:soot-infoflow-android-iccta    文件:FlowDroidLauncher.java   
@Override
public void onResultsAvailable(
        IInfoflowCFG cfg, InfoflowResults results) {
    // Dump the results
    if (results == null) {
        print("No results found.");
    }
    else {
        Test.cfg = cfg;
        Test.results = results;

        for (ResultSinkInfo sink : results.getResults().keySet()) {
            print("Found a flow to sink " + sink + ", from the following sources:");
            for (ResultSourceInfo source : results.getResults().get(sink)) {
                print("\t- " + source.getSource() + " (in "
                        + cfg.getMethodOf(source.getSource()).getSignature()  + ")");
                if (source.getPath() != null)
                    print("\t\ton Path " + Arrays.toString(source.getPath()));
            }
        }
    }
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
/**
 * This method iterates over all sources from the FlowDroid-results and extracts the 
 * category of the specific source. If there is no category found, it will return an empty set,
 * otherwise the correct categories will be added. 
 * @param sourcesInfo: all possible sources from which we try to identify the category
 * @return: set of categories for specific sink
 */
private Set<String> getDataIdList(Set<ResultSourceInfo> sourcesInfo){
    Set<String> dataIdList = new HashSet<String>();
    for(ResultSourceInfo sInfo : sourcesInfo){
        if(sInfo.getSource().containsInvokeExpr()){
            InvokeExpr invExpr = sInfo.getSource().getInvokeExpr();

            for(SourceSinkDefinition meth : sources) {
                AndroidMethod am = (AndroidMethod) meth.getMethod();
                if(am.getSignature().equals(invExpr.getMethod().getSignature())) {
                    dataIdList.add(am.getCategory().toString());
                }
            }
        }
        else if (isSourceInfoParameter(sInfo)){
            dataIdList.add(unknownCategory);
        }
        else
            throw new RuntimeException("Currently not supported");
    }

    return dataIdList;
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
private String getSourceCategory(ResultSourceInfo sourceInfo){
    if(sourceInfo.getSource().containsInvokeExpr()){
        InvokeExpr invExpr = sourceInfo.getSource().getInvokeExpr();

        for(SourceSinkDefinition meth : sources) {
            AndroidMethod am = (AndroidMethod) meth.getMethod();
            if(am.getSignature().equals(invExpr.getMethod().getSignature())){
                    return am.getCategory().toString();
            }
        }
    }
    else if(isSourceInfoParameter(sourceInfo)){
        return unknownCategory;
    }
    else
        throw new RuntimeException("Currently not supported");

    return null;
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
/**
 * Return true if the method corresponding to the source 'si' is an
 * Inter Component Communication source method such as "Intent.getExtras()".
 * @param si
 * @param cfg
 * @return
 */
private boolean isInterComponentSourceNoCallback(ResultSourceInfo si, BiDiInterproceduralCFG<Unit, SootMethod> cfg){
    if(!si.getSource().containsInvokeExpr())
        return false;

    InvokeExpr invExpr = si.getSource().getInvokeExpr();
    SootMethod sm = invExpr.getMethod();

    for(SourceSinkDefinition meth : sources){
        AndroidMethod am = (AndroidMethod) meth.getMethod();
        if(am.getCategory() == CATEGORY.INTER_APP_COMMUNICATION){
            if(am.getSubSignature().equals(sm.getSubSignature())) {
                log.info("source is: "+ am);
                return true;
            }
        }
    }

    return false;
}
项目:FuzzDroid    文件:UtilSMT.java   
public static Set<ResultSourceInfo> removeDuplicatedFlows(Set<ResultSourceInfo> allDataFlows) {
    Set<ResultSourceInfo> copy = new HashSet<ResultSourceInfo>(allDataFlows);

    for(ResultSourceInfo dataFlow1 : allDataFlows) {
        Stmt[] dataFlowPath1 = dataFlow1.getPath();
        for(ResultSourceInfo dataFlow2 : allDataFlows) {
            Stmt[] dataFlowPath2 = dataFlow2.getPath();
            if(dataFlowPath1 != dataFlowPath2 &&
                    Arrays.asList(dataFlowPath2).containsAll(Arrays.asList(dataFlowPath1)))
                copy.remove(dataFlow1);
        }
    }

    return copy;
}
项目:FuzzDroid    文件:SMTPreparationPhase.java   
public Set<ResultSourceInfo> prepareDataFlowPathsForSMTConverter() {    
    //This step is necessary for storing the ResultSourceInfo elements into a set
    //The result ResultSourceInfo object does only represent a source and not the dataflow.
    //But with the PathAgnosticResults flag, one can force the ResultSourceInfo object 
    //to consider the path (see equals method)
    InfoflowConfiguration.setPathAgnosticResults(false);

    //control flow involved
    return prepareDataFlowsDependingOnControlFlow(results, FrameworkOptions.mergeDataFlows);
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
private boolean isInterComponentSourceCallback(ResultSourceInfo si,
        BiDiInterproceduralCFG<Unit, SootMethod> cfg){
    if(isSourceInfoParameter(si)){
        SootMethod sm = cfg.getMethodOf(si.getSource());

        if(entryPointCreator.getCallbackFunctions().containsKey(sm.getDeclaringClass())){
            if(entryPointCreator.getCallbackFunctions().get(sm.getDeclaringClass()).contains(sm.getSignature()))
                return true;
        }
    }

    return false;
}
项目:FuzzDroid    文件:SMTPreparationPhase.java   
private static ResultSourceInfo mergeDataFlowsIntoSingleDataFlow(Stmt statementToEnrich, ResultSourceInfo originalPath, ResultSourceInfo pathToMerge) {     
        List<Stmt> pathStmts = new ArrayList<Stmt>(Arrays.asList(originalPath.getPath()));
        List<AccessPath> accessPaths = new ArrayList<AccessPath>(Arrays.asList(originalPath.getPathAccessPaths()));

        List<Stmt> pathToMergeStmts = new ArrayList<Stmt>(Arrays.asList(pathToMerge.getPath()));
        List<AccessPath> pathToMergeAccessPaths = new ArrayList<AccessPath>(Arrays.asList(pathToMerge.getPathAccessPaths()));



        int index = pathStmts.indexOf(statementToEnrich);
//      if(index < 0)
//          throw new RuntimeException("Woops, there is something wonkey here");
//      
//      for(int i = 0; i < pathToMergeStmts.size(); i++) {
//          pathStmts.add(index, pathToMergeStmts.get(i));
//          accessPaths.add(index, pathToMergeAccessPaths.get(i));
//          index +=1;
//      }



        List<Pair<Stmt,AccessPath>> dataToMerge = new ArrayList<Pair<Stmt,AccessPath>>();

        int position;
        for(position = 0; position < pathToMergeStmts.size(); position++) {         
            if(pathStmts.contains(pathToMergeStmts.get(position)) && !dataToMerge.isEmpty()) {
                int indexToInsertBefore = pathStmts.indexOf(pathToMergeStmts.get(position));
                indexToInsertBefore -= 1;

//              for(Pair<Stmt,AccessPath> pair : dataToMerge) {
//                  pathStmts.add(indexToInsertBefore, pair.getFirst());
//                  accessPaths.add(indexToInsertBefore, pair.getSecond());
//                  ++indexToInsertBefore;
//              }
            }                       
            else if(!pathStmts.contains(pathToMergeStmts.get(position))) {
                dataToMerge.add(new Pair<Stmt,AccessPath>(pathToMergeStmts.get(position), pathToMergeAccessPaths.get(position)));
            }
        }

        if(!dataToMerge.isEmpty()) {
            for(Pair<Stmt,AccessPath> pair : dataToMerge) {
                pathStmts.add(index, pair.getFirst());
                accessPaths.add(index, pair.getSecond());
                ++index;
            }
        }

        return new ResultSourceInfo(accessPaths.get(0), pathStmts.get(0), null, pathStmts, accessPaths);
    }
项目:FuzzDroid    文件:SmartConstantDataExtractorFuzzyAnalysis.java   
private void standardDataFlowToSMTConvertion(ResultSourceInfo dataFlow, IInfoflowCFG cfg, Set<ResultSourceInfo> preparedDataFlowsForSMT, Table<Stmt, Integer, Set<String>> splitInfos) {
    SMTConverter converter = new SMTConverter(sources);
    for(int i = 0; i < dataFlow.getPath().length; i++) {                
        System.out.println("\t" + dataFlow.getPath()[i]);
        System.out.println("\t\t" + dataFlow.getPathAccessPaths()[i]);
    }

    converter.convertJimpleToSMT(dataFlow.getPath(),
            dataFlow.getPathAccessPaths(), targetUnits, cfg, splitInfos);

    dataFlowsToSMTPrograms.put(new DataFlowObject(dataFlow.getPath()), converter.getSmtPrograms());

    //dynamic value information
    dynamicValueInfos.putAll(converter.getDynamicValueInfos());

    converter.printProgramToCmdLine();

    File z3str2Script = new File(FrameworkOptions.Z3SCRIPT_LOCATION);
    if(!z3str2Script.exists())
        throw new RuntimeException("There is no z3-script available");
    SMTExecutor smtExecutor = new SMTExecutor(converter.getSmtPrograms(), z3str2Script);
    Set<File> smtFiles = smtExecutor.createSMTFile();

    Set<Object> values = new HashSet<Object>();
    for(File smtFile : smtFiles) {
        String loggingPointValue = smtExecutor.executeZ3str2ScriptAndExtractLoggingPointValue(smtFile);
        if(loggingPointValue != null) {                 
            loggingPointValue = fixSMTSolverIntegerOutput(loggingPointValue, dataFlow.getPath()[0]);                    

            //SMT solver only returns hex-based UTF-8 values in some cases; we fixed this with our own hexToUnicode converter
            if(loggingPointValue != null && loggingPointValue.contains("\\x")) 
                addAdditionalUnicodeValue(loggingPointValue, values);
            if(loggingPointValue != null)
                values.add(loggingPointValue);
            System.out.println(String.format("Extracted loggingpoint-value: %s", loggingPointValue));
        }
    }

    System.out.println("####################################");

    //add values to fuzzy-seed
    Stmt stmt = dataFlow.getSource();
    CodePosition position = codePositionManager.getCodePositionForUnit(stmt);
    if(constantBasedValuesToFuzz.containsKey(position.getID()))
        constantBasedValuesToFuzz.get(position.getID()).addAll(values);
    else
        constantBasedValuesToFuzz.put(position.getID(), values);
}
项目:FuzzDroid    文件:SmartConstantDataExtractorFuzzyAnalysis.java   
private void splitAPI_DataFlowtoSMTConvertion(ResultSourceInfo dataFlow, IInfoflowCFG cfg, Set<ResultSourceInfo> preparedDataFlowsForSMT, Table<Stmt, Integer, Set<String>> splitInfos) {           
    SMTConverter converter = new SMTConverter(sources);
    for(int i = 0; i < dataFlow.getPath().length; i++) {                
        System.out.println("\t" + dataFlow.getPath()[i]);
        System.out.println("\t\t" + dataFlow.getPathAccessPaths()[i]);
    }

    //we remove the first statement (split-API method)
    int n = dataFlow.getPath().length-1;
    Stmt[] reducedDataFlow = new Stmt[n];
    System.arraycopy(dataFlow.getPath(), 1, reducedDataFlow, 0, n);

    //currently only possible if there is a constant index for the array
    if(hasConstantIndexAtArrayForSplitDataFlow(reducedDataFlow)) {
        String valueOfInterest = getValueOfInterestForSplitDataflow(reducedDataFlow);

        converter.convertJimpleToSMT(reducedDataFlow,
                dataFlow.getPathAccessPaths(), targetUnits, cfg, null);

        converter.printProgramToCmdLine();

        File z3str2Script = new File(FrameworkOptions.Z3SCRIPT_LOCATION);
        if(!z3str2Script.exists())
            throw new RuntimeException("There is no z3-script available");
        SMTExecutor smtExecutor = new SMTExecutor(converter.getSmtPrograms(), z3str2Script);
        Set<File> smtFiles = smtExecutor.createSMTFile();

        for(File smtFile : smtFiles) {
            String loggingPointValue = smtExecutor.executeZ3str2ScriptAndExtractValue(smtFile, valueOfInterest);
            if(loggingPointValue != null) {
                Stmt splitStmt = dataFlow.getPath()[0];
                int index = getConstantArrayIndexForSplitDataFlow(reducedDataFlow);

                if(splitInfos.contains(splitStmt, index))
                    splitInfos.get(splitStmt, index).add(loggingPointValue);
                else {
                    Set<String> values = new HashSet<String>();
                    values.add(loggingPointValue);
                    splitInfos.put(splitStmt, index, values);
                }
            }
            System.out.println(loggingPointValue);
        }

        System.out.println("####################################");
    }           
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
@Override
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
    log.info("FlowDroid has finished. Duration: " + (System.currentTimeMillis() - Main.startTime) +" ms.");
    Main.startTime = System.currentTimeMillis();
    Settings.instance.setDummyMainToLibraryClass();
    this.results = results;

    if (log.isDebugEnabled()) {
        log.debug("");
        log.debug("InfoFlow Results");
        MultiMap<ResultSinkInfo, ResultSourceInfo> r = results.getResults();
        for (ResultSinkInfo k : r.keySet()) {
            log.debug("ResultSinkInfo: "+ k);

            for (ResultSourceInfo rsi: r.get(k)) {
                log.debug("  source: "+ rsi);
            }
        }
        log.debug("");
    }


    log.info("Starting bytecode instrumentation.");

    log.info("Adding code to initialize PEPs.");
    Util.initializePePInAllPossibleClasses(Settings.instance.getApkPath());

    log.info("Build code for new 'WaitPDPActivity"); // building the code has to be done here (not in the Main class, otherwise Jimple validation will fail
    String mainActivityClass = UpdateManifestAndCodeForWaitPDP.getMainActivityName(Settings.instance.getApkPath());
    String packageName = UpdateManifestAndCodeForWaitPDP.getApplicationPackageName(Settings.instance.getApkPath());
    UpdateManifestAndCodeForWaitPDP.updateWaitPDPActivity(packageName, mainActivityClass);

    // update packagename in field of WaitPDP class
    SootClass sc = Scene.v().getSootClass(Settings.INSTRUMENTATION_HELPER_JAVA);
    SootField sf1 = sc.getFieldByName("applicationPackageName");
    Util.changeConstantStringInField(sf1, packageName);

    log.info("Adding Policy Enforcement Points (PEPs).");
    doAccessControlChecks(cfg);

    log.info("Instrumentation is done.");

    if (Settings.mustOutputJimple()) {
        log.info("-------- Dumping Jimple bodies.");
        Main.dumpJimple();
        log.info("--------");
    }
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
        Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
    if(isMethodInterComponentSink(sinkExpr.getMethod())){
        SootMethod method = cfg.getMethodOf(unit);
        Body body = null;
        if(method.hasActiveBody())
            body = method.retrieveActiveBody();
        else
            throw new RuntimeException("No body found!");

        Set<String> sourceCategories = getDataIdList(sourceInfo);

        final String hashSetType = "java.util.HashSet";
        List<Unit> generated = new ArrayList<Unit>();

        //HashSet initialization
        Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
        NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
        AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
        generated.add(assignStmt);

        //constructor call
        SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
        InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
        generated.add(constructorCallStmt);

        //add categories to HashSet
        for(String cat : sourceCategories){
            InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
            InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
            generated.add(addCallStmt);
        }

        //get Intent
        Value intent = sinkExpr.getArg(0);
        List<Object> args = new ArrayList<Object>();
        args.add(RefType.v("android.content.Intent"));
        args.add(intent);
        args.add(RefType.v(hashSetType));
        args.add(hashSetLocal);
        StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
                Settings.INSTRUMENTATION_HELPER_JAVA,
                "addTaintInformationToIntent",
                args);
        InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
        generated.add(invStmt);

        return generated;
    }
    return Collections.emptyList();
}
项目:DroidForce    文件:PolicyEnforcementPoint.java   
private boolean isSourceInfoParameter(ResultSourceInfo sInfo) {
    return sInfo.getSource() instanceof IdentityStmt
            && ((IdentityStmt) sInfo.getSource()).getRightOp() instanceof ParameterRef;
}