@Override public void caseSpecialInvokeExpr(SpecialInvokeExpr v) { //is the invokeExpr a source method? if(isSourceMethod(v)) { StringConstant newSourceValue = StringConstant.v("loggingPoint"); SMTBinding binding = stmtVisitor.createNewBindingForValue(newSourceValue); stmtVisitor.addValueBindingToVariableDeclaration(newSourceValue, binding); //no smt-statement required, just return the binding this.result = binding; // Additionally check whether the source method need special treatment if(isExpressionThatNeedsToBeConvertedToSMT(v)) { convertSpecialExpressionsToSMT(v, currentStatement); } } else { if(isStringOperationSupportedBySMT(v)) convertStringOperationToSMT(v, v.getBase()); else if(isExpressionThatNeedsToBeConvertedToSMT(v)) convertSpecialExpressionsToSMT(v, currentStatement); else convertAPIMethodToSMT(v); } }
@Override public void caseVirtualInvokeExpr(VirtualInvokeExpr virtualInvokeExpr) { //is the invokeExpr a source method? if(isSourceMethod(virtualInvokeExpr)) { StringConstant newSourceValue = StringConstant.v("loggingPoint"); SMTBinding binding = stmtVisitor.createNewBindingForValue(newSourceValue); stmtVisitor.addValueBindingToVariableDeclaration(newSourceValue, binding); //no smt-statement required, just return the binding this.result = binding; // Additionally check whether the source method need special treatment if(isExpressionThatNeedsToBeConvertedToSMT(virtualInvokeExpr)) { convertSpecialExpressionsToSMT(virtualInvokeExpr, currentStatement); } } else { if(isStringOperationSupportedBySMT(virtualInvokeExpr)) convertStringOperationToSMT(virtualInvokeExpr, virtualInvokeExpr.getBase()); else if(isExpressionThatNeedsToBeConvertedToSMT(virtualInvokeExpr)) convertSpecialExpressionsToSMT(virtualInvokeExpr, currentStatement); else convertAPIMethodToSMT(virtualInvokeExpr); } }
private String getNameFromGetInstance(SootMethod sm) { Body b = sm.retrieveActiveBody(); for (Unit u: b.getUnits()){ Stmt s = (Stmt)u; if (s.containsInvokeExpr()) { InvokeExpr ie = (InvokeExpr)s.getInvokeExpr(); String name = ie.getMethodRef().name(); if (name.equals("getService")|| name.equals("getSystemService")) { List<Value> args = ie.getArgs(); int size = args.size(); Value v = args.get(size-1); if (v instanceof StringConstant) { StringConstant c = (StringConstant)v; return c.value; } else { throw new RuntimeException("error: expected constant string: "+ b); } } } } throw new RuntimeException("error: nothing found, expected constant string: "+ b); }
private Map<Unit, Body> getStmtsWithConstants() { Map<Unit, Body> retMap = new LinkedHashMap<Unit, Body>(); for (SootClass sc : Scene.v().getClasses()) { for (SootMethod sm : sc.getMethods()) { if (!sm.hasActiveBody()) continue; Body methodBody = sm.retrieveActiveBody(); for (Unit u : methodBody.getUnits()) { if (u instanceof ReturnStmt) { if (((ReturnStmt) u).getOp() instanceof Constant) { retMap.put(u, methodBody); } } else if (((Stmt) u).containsInvokeExpr()) { InvokeExpr ie = ((Stmt) u).getInvokeExpr(); for (Value arg : ie.getArgs()) { if (arg instanceof StringConstant || arg instanceof NumericConstant) { retMap.put(u, methodBody); break; } } } } } } return retMap; }
/** * Finds the last assignment to the given String local by searching upwards * from the given statement * * @param stmt * The statement from which to look backwards * @param local * The variable for which to look for assignments * @return The last value assigned to the given variable */ private String findLastStringAssignment(Stmt stmt, Local local, BiDiInterproceduralCFG<Unit, SootMethod> cfg) { if (stmt instanceof AssignStmt) { AssignStmt assign = (AssignStmt) stmt; if (assign.getLeftOp() == local) { // ok, now find the new value from the right side if (assign.getRightOp() instanceof StringConstant) return ((StringConstant) assign.getRightOp()).value; } } // Continue the search upwards for (Unit pred : cfg.getPredsOf(stmt)) { if (!(pred instanceof Stmt)) continue; String lastAssignment = findLastStringAssignment((Stmt) pred, local, cfg); if (lastAssignment != null) return lastAssignment; } return null; }
protected Value getSimpleDefaultValue(String t) { if (t.equals("java.lang.String")) return StringConstant.v(""); if (t.equals("char")) return DIntConstant.v(0, CharType.v()); if (t.equals("byte")) return DIntConstant.v(0, ByteType.v()); if (t.equals("short")) return DIntConstant.v(0, ShortType.v()); if (t.equals("int")) return IntConstant.v(0); if (t.equals("float")) return FloatConstant.v(0); if (t.equals("long")) return LongConstant.v(0); if (t.equals("double")) return DoubleConstant.v(0); if (t.equals("boolean")) return DIntConstant.v(0, BooleanType.v()); //also for arrays etc. return G.v().soot_jimple_NullConstant(); }
/** * Creates a new statement that throws a NullPointerException * @param body The body in which to create the statement * @param oldStmt The old faulty statement that shall be replaced with the * exception * @param lc The object for creating new locals */ private void createThrowStmt(Body body, Unit oldStmt, LocalCreation lc) { RefType tp = RefType.v("java.lang.NullPointerException"); Local lcEx = lc.newLocal(tp); SootMethodRef constructorRef = Scene.v().makeConstructorRef(tp.getSootClass(), Collections.singletonList((Type) RefType.v("java.lang.String"))); // Create the exception instance Stmt newExStmt = Jimple.v().newAssignStmt(lcEx, Jimple.v().newNewExpr(tp)); body.getUnits().insertBefore(newExStmt, oldStmt); Stmt invConsStmt = Jimple.v().newInvokeStmt(Jimple.v().newVirtualInvokeExpr(lcEx, constructorRef, Collections.singletonList(StringConstant.v( "Invalid array reference replaced by Soot")))); body.getUnits().insertBefore(invConsStmt, oldStmt); // Throw the exception body.getUnits().swapWith(oldStmt, Jimple.v().newThrowStmt(lcEx)); }
/** * Insert a runtime exception before unit u of body b. Useful to analyze broken code (which make reference to inexisting class for instance) * exceptionType: e.g., "java.lang.RuntimeException" */ public static void addExceptionAfterUnit(Body b, String exceptionType, Unit u, String m) { LocalCreation lc = new LocalCreation(b.getLocals()); Local l = lc.newLocal(RefType.v(exceptionType)); List<Unit> newUnits = new ArrayList<Unit>(); Unit u1 = Jimple.v().newAssignStmt(l, Jimple.v().newNewExpr(RefType.v(exceptionType))); Unit u2 = Jimple.v().newInvokeStmt( Jimple.v().newSpecialInvokeExpr( l, Scene.v().makeMethodRef(Scene.v().getSootClass(exceptionType), "<init>", Collections.singletonList((Type) RefType.v("java.lang.String")), VoidType.v(), false), StringConstant.v(m))); Unit u3 = Jimple.v().newThrowStmt(l); newUnits.add(u1); newUnits.add(u2); newUnits.add(u3); b.getUnits().insertBefore(newUnits, u); }
/** * Creates a new statement that throws a NullPointerException * @param body The body in which to create the statement * @param oldStmt The old faulty statement that shall be replaced with the * exception * @param lc The object for creating new locals */ private void createThrowStmt(Body body, Unit oldStmt, LocalCreation lc) { RefType tp = RefType.v("java.lang.NullPointerException"); Local lcEx = lc.newLocal(tp); SootMethodRef constructorRef = Scene.v().makeConstructorRef(tp.getSootClass(), Collections.singletonList((Type) RefType.v("java.lang.String"))); // Create the exception instance Stmt newExStmt = Jimple.v().newAssignStmt(lcEx, Jimple.v().newNewExpr(tp)); body.getUnits().insertBefore(newExStmt, oldStmt); Stmt invConsStmt = Jimple.v().newInvokeStmt(Jimple.v().newVirtualInvokeExpr(lcEx, constructorRef, Collections.singletonList(StringConstant.v( "Null throw statement replaced by Soot")))); body.getUnits().insertBefore(invConsStmt, oldStmt); // Throw the exception body.getUnits().swapWith(oldStmt, Jimple.v().newThrowStmt(lcEx)); }
private Value toSootValue(Object val) throws AssertionError { Value v; if (val instanceof Integer) v = IntConstant.v((Integer) val); else if (val instanceof Float) v = FloatConstant.v((Float) val); else if (val instanceof Long) v = LongConstant.v((Long) val); else if (val instanceof Double) v = DoubleConstant.v((Double) val); else if (val instanceof String) v = StringConstant.v(val.toString()); else if (val instanceof org.objectweb.asm.Type) v = ClassConstant.v(((org.objectweb.asm.Type) val).getInternalName()); else if (val instanceof Handle) v = MethodHandle.v(toSootMethodRef((Handle) val), ((Handle)val).getTag()); else throw new AssertionError("Unknown constant type: " + val.getClass()); return v; }
@Test public void testJEnterMonitorStmt() { Stmt s = Jimple.v().newEnterMonitorStmt(StringConstant.v("test")); Set expectedRep = new ExceptionHashSet(utility.VM_ERRORS); Set expectedCatch = new ExceptionHashSet(utility.VM_ERRORS_PLUS_SUPERTYPES); expectedRep.add(utility.NULL_POINTER_EXCEPTION); assertTrue(ExceptionTestUtility.sameMembers(expectedRep, Collections.EMPTY_SET, unitAnalysis.mightThrow(s))); expectedCatch.add(utility.NULL_POINTER_EXCEPTION); expectedCatch.add(utility.RUNTIME_EXCEPTION); expectedCatch.add(utility.EXCEPTION); assertEquals(expectedCatch, utility.catchableSubset(unitAnalysis.mightThrow(s))); }
@Test public void testGEnterMonitorStmt() { Stmt s = Grimp.v().newEnterMonitorStmt(StringConstant.v("test")); Set expectedRep = new ExceptionHashSet(utility.VM_ERRORS); Set expectedCatch = new ExceptionHashSet(utility.VM_ERRORS_PLUS_SUPERTYPES); expectedRep.add(utility.NULL_POINTER_EXCEPTION); assertTrue(ExceptionTestUtility.sameMembers(expectedRep, Collections.EMPTY_SET, unitAnalysis.mightThrow(s))); expectedCatch.add(utility.NULL_POINTER_EXCEPTION); expectedCatch.add(utility.RUNTIME_EXCEPTION); expectedCatch.add(utility.EXCEPTION); assertEquals(expectedCatch, utility.catchableSubset(unitAnalysis.mightThrow(s))); }
@Test public void testJExitMonitorStmt() { Stmt s = Jimple.v().newExitMonitorStmt(StringConstant.v("test")); Set expectedRep = new ExceptionHashSet(utility.VM_ERRORS); expectedRep.add(utility.ILLEGAL_MONITOR_STATE_EXCEPTION); expectedRep.add(utility.NULL_POINTER_EXCEPTION); assertTrue(ExceptionTestUtility.sameMembers(expectedRep, Collections.EMPTY_SET, unitAnalysis.mightThrow(s))); Set expectedCatch = new ExceptionHashSet(utility.VM_ERRORS_PLUS_SUPERTYPES); expectedCatch.add(utility.ILLEGAL_MONITOR_STATE_EXCEPTION); expectedCatch.add(utility.NULL_POINTER_EXCEPTION); expectedCatch.add(utility.RUNTIME_EXCEPTION); expectedCatch.add(utility.EXCEPTION); assertEquals(expectedCatch, utility.catchableSubset(unitAnalysis.mightThrow(s))); }
@Test public void testGExitMonitorStmt() { Stmt s = Grimp.v().newExitMonitorStmt(StringConstant.v("test")); Set expectedRep = new ExceptionHashSet(utility.VM_ERRORS); expectedRep.add(utility.ILLEGAL_MONITOR_STATE_EXCEPTION); expectedRep.add(utility.NULL_POINTER_EXCEPTION); assertTrue(ExceptionTestUtility.sameMembers(expectedRep, Collections.EMPTY_SET, unitAnalysis.mightThrow(s))); Set expectedCatch = new ExceptionHashSet(utility.VM_ERRORS_PLUS_SUPERTYPES); expectedCatch.add(utility.ILLEGAL_MONITOR_STATE_EXCEPTION); expectedCatch.add(utility.NULL_POINTER_EXCEPTION); expectedCatch.add(utility.RUNTIME_EXCEPTION); expectedCatch.add(utility.EXCEPTION); assertEquals(expectedCatch, utility.catchableSubset(unitAnalysis.mightThrow(s))); }
public static void changeConstantStringInField(SootField sf, String newConstantString) { SootClass sc = sf.getDeclaringClass(); SootMethod sm = sc.getMethodByName("<clinit>"); boolean hasBeenUpdated = false; for (Unit u: sm.retrieveActiveBody().getUnits()) { if (u instanceof AssignStmt) { AssignStmt ass = (AssignStmt)u; Value lop = ass.getLeftOp(); if (lop.toString().equals(sf.toString())) { System.out.println("previous string: "+ ass); ass.setRightOp(StringConstant.v(newConstantString)); hasBeenUpdated = true; System.out.println("updated string : "+ ass); } } } if (!hasBeenUpdated) throw new RuntimeException("error: no StringConstant found for field "+ sf); }
/** * * @param mainActivityClass * @param mainActivityClass */ public static void updateWaitPDPActivity(String packageName, String mainActivityClass) { if (mainActivityClass.startsWith(".")) { mainActivityClass = packageName + mainActivityClass; } SootClass sc = Scene.v().getSootClass("de.ecspride.javaclasses.WaitPDPActivity"); SootMethod sm = sc.getMethodByName("<init>"); Body b = sm.retrieveActiveBody(); for (Unit u: b.getUnits()) { if (u instanceof AssignStmt) { AssignStmt asg = (AssignStmt)u; if (asg.getRightOp() instanceof StringConstant) { StringConstant cst = (StringConstant)asg.getRightOp(); System.out.println("cst: "+ cst); if (cst.value.equals("")) { asg.setRightOp(StringConstant.v(mainActivityClass)); System.out.println("asg: "+ asg); } } } } }
/** * Add a new local. * @param local The Local */ public static void addLocal(Local local) { logger.log(Level.INFO, "Add Local {0} in method {1}",new Object[] { getSignatureForLocal(local), b.getMethod().getName()}); ArrayList<Type> paramTypes = new ArrayList<Type>(); paramTypes.add(RefType.v("java.lang.String")); String signature = getSignatureForLocal(local); Stmt sig = Jimple.v().newAssignStmt(local_for_Strings, StringConstant.v(signature)); Expr invokeAddLocal = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef(Scene.v().getSootClass(HANDLE_CLASS), "addLocal", paramTypes, VoidType.v(), false), local_for_Strings); Unit ass = Jimple.v().newInvokeStmt(invokeAddLocal); unitStore_After.insertElement(unitStore_After.new Element(sig, lastPos)); unitStore_After.insertElement(unitStore_After.new Element(ass, sig)); lastPos = ass; }
/** * Set the security-level of a local to HIGH. * @param local Local * @param pos Unit where this local occurs */ public static void makeLocalHigh(Local local, Unit pos) { logger.log(Level.INFO, "Make Local {0} high in method {1}", new Object[] {getSignatureForLocal(local), b.getMethod().getName()}); ArrayList<Type> paramTypes = new ArrayList<Type>(); paramTypes.add(RefType.v("java.lang.String")); String signature = getSignatureForLocal(local); Stmt sig = Jimple.v().newAssignStmt(local_for_Strings, StringConstant.v(signature)); Expr invokeAddLocal = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef(Scene.v().getSootClass(HANDLE_CLASS), "makeLocalHigh", paramTypes, VoidType.v(),false), local_for_Strings); Unit ass = Jimple.v().newInvokeStmt(invokeAddLocal); unitStore_After.insertElement(unitStore_After.new Element(sig, pos)); unitStore_After.insertElement(unitStore_After.new Element(ass, sig)); lastPos = ass; }
/** * Set the security-level of a local to LOW. * @param local Local * @param pos Unit where this local occurs */ public static void makeLocalLow(Local local, Unit pos) { logger.log(Level.INFO, "Make Local {0} low in method {1}", new Object[] {getSignatureForLocal(local), b.getMethod().getName()}); ArrayList<Type> paramTypes = new ArrayList<Type>(); paramTypes.add(RefType.v("java.lang.String")); String signature = getSignatureForLocal(local); Stmt sig = Jimple.v().newAssignStmt(local_for_Strings, StringConstant.v(signature)); Expr invokeAddLocal = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef(Scene.v().getSootClass(HANDLE_CLASS), "makeLocalLow", paramTypes, VoidType.v(),false), local_for_Strings); Unit ass = Jimple.v().newInvokeStmt(invokeAddLocal); unitStore_After.insertElement(unitStore_After.new Element(sig, pos)); unitStore_After.insertElement(unitStore_After.new Element(ass, sig)); lastPos = ass; }
/** * Add the level of a local on the right side of an assign statement. * @param local Local * @param pos Unit where the local occurs */ public static void addLevelInAssignStmt(Local local, Unit pos) { logger.info("Adding level in assign statement"); ArrayList<Type> paramTypes = new ArrayList<Type>(); paramTypes.add(RefType.v("java.lang.String")); String signature = getSignatureForLocal(local); Stmt assignSignature = Jimple.v().newAssignStmt( local_for_Strings, StringConstant.v(signature)); Expr invokeAddLevel = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef(Scene.v().getSootClass(HANDLE_CLASS), "joinLevelOfLocalAndAssignmentLevel", paramTypes, Scene.v().getObjectType(), false), local_for_Strings); Unit invoke = Jimple.v().newInvokeStmt(invokeAddLevel); unitStore_Before.insertElement(unitStore_Before.new Element(assignSignature, pos)); unitStore_Before.insertElement(unitStore_Before.new Element(invoke, pos)); lastPos = pos; }
/** * Add the level of a read array field to the security-level-list. * @param a -ArrayRef- The referenced array field * @param pos -Unit- The position where this reference occurs */ public static void addLevelInAssignStmt(ArrayRef a, Unit pos) { logger.info( "Add Level of Array " + a.toString() + " in assign stmt"); ArrayList<Type> parameterTypes = new ArrayList<Type>(); parameterTypes.add(RefType.v("java.lang.Object")); parameterTypes.add(RefType.v("java.lang.String")); String signature = getSignatureForArrayField(a); Unit assignSignature = Jimple.v().newAssignStmt( local_for_Strings, StringConstant.v(signature)); unitStore_Before.insertElement(unitStore_Before.new Element(assignSignature, pos)); lastPos = assignSignature; Expr addObj = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef(Scene.v().getSootClass(HANDLE_CLASS), "joinLevelOfArrayFieldAndAssignmentLevel", parameterTypes, Scene.v().getObjectType(), false), a.getBase(), local_for_Strings); Unit assignExpr = Jimple.v().newInvokeStmt(addObj); unitStore_Before.insertElement(unitStore_Before.new Element(assignExpr, pos)); lastPos = pos; }
/** * @param l * @param pos */ public static void assignReturnLevelToLocal(Local l, Unit pos) { logger.log(Level.INFO, "Assign return level of invoked method to local {0}", getSignatureForLocal(l)); ArrayList<Type> parameterTypes = new ArrayList<Type>(); parameterTypes.add(RefType.v("java.lang.String")); Expr assignRet = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef( Scene.v().getSootClass(HANDLE_CLASS), "assignReturnLevelToLocal", parameterTypes , VoidType.v(), false), StringConstant.v(getSignatureForLocal(l))); Unit assignExpr = Jimple.v().newInvokeStmt(assignRet); unitStore_After.insertElement(unitStore_After.new Element(assignExpr, pos)); lastPos = assignExpr; }
/** * @param posInArgList * @param local * @param actualPos */ public static void assignArgumentToLocal(int posInArgList, Local local, Unit actualPos) { logger.log(Level.INFO, "Assign argument level to local " + local.toString()); ArrayList<Type> parameterTypes = new ArrayList<Type>(); parameterTypes.add(IntType.v()); parameterTypes.add(RefType.v("java.lang.String")); Expr assignArg = Jimple.v().newVirtualInvokeExpr( hs, Scene.v().makeMethodRef( Scene.v().getSootClass(HANDLE_CLASS), "assignArgumentToLocal", parameterTypes, Scene.v().getObjectType(), false), IntConstant.v(posInArgList), StringConstant.v(getSignatureForLocal(local)) ); Unit assignExpr = Jimple.v().newInvokeStmt(assignArg); unitStore_After.insertElement(unitStore_After.new Element(assignExpr, lastPos)); lastPos = assignExpr; }
private void instrumentInfoAboutNonAPICall(Body body){ String methodSignature = body.getMethod().getSignature(); Unit generatedJimpleCode = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutNonApiMethodAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature)); generatedJimpleCode.addTag(new InstrumentedCodeTag()); //super-method call has to be the first statement if(methodSignature.contains("<init>(") || methodSignature.contains("<clinit>")) body.getUnits().insertAfter(generatedJimpleCode, getUnitAfterIdentities(body)); else body.getUnits().insertBefore(generatedJimpleCode, getUnitAfterIdentities(body)); }
private void instrumentEachBranchAccess(Body body, IfStmt ifStmt){ String methodSignature = body.getMethod().getSignature(); String condition = ifStmt.getCondition().toString(); Unit generatedJimpleCodeForBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature), RefType.v("java.lang.String"), StringConstant.v(condition), RefType.v("java.lang.String"), NullConstant.v() ); generatedJimpleCodeForBranch.addTag(new InstrumentedCodeTag()); Unit generatedJimpleCodeThenBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature), RefType.v("java.lang.String"), NullConstant.v(), RefType.v("java.lang.String"), StringConstant.v("then branch") ); generatedJimpleCodeThenBranch.addTag(new InstrumentedCodeTag()); Unit generatedJimpleCodeElseBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature), RefType.v("java.lang.String"), NullConstant.v(), RefType.v("java.lang.String"), StringConstant.v("else branch") ); generatedJimpleCodeElseBranch.addTag(new InstrumentedCodeTag()); body.getUnits().insertBefore(generatedJimpleCodeForBranch, ifStmt); //treatment of target statement ("true"-branch) Stmt targetStmt = ifStmt.getTarget(); if(!branchTargetStmt.contains(targetStmt.toString())) { branchTargetStmt.add(generatedJimpleCodeThenBranch.toString()); body.getUnits().insertBefore(generatedJimpleCodeThenBranch, targetStmt); } //treatment of "else"-branch body.getUnits().insertAfter(generatedJimpleCodeElseBranch, ifStmt); }
public SMTBinding createNewBindingForValue(Value value) { SMTBinding binding = null; if(hasBindingForValue(value)) { SMTBinding oldBinding = getLatestBindingForValue(value); int ssaVersionOldBinding = oldBinding.getVersion(); //increment version ssaVersionOldBinding += 1; binding = new SMTBinding(oldBinding.getVariableName(), oldBinding.getType(), ssaVersionOldBinding); return binding; } else{ if(value instanceof Local) { Local local = (Local) value; SMTBinding.TYPE bindingType = createBindingType(local.getType()); String localName = local.getName(); //check if such a local name is already taken int countOccurance = 0; for(Map.Entry<Value, SMTBinding> entry : globalScopeSSAFormHelper.entrySet()) { if(entry.getKey().toString().equals(localName)) countOccurance += 1; } if(countOccurance > 0) { String tmp = new String(localName); for(int i = 0; i < countOccurance; i++) localName += tmp; } binding = new SMTBinding(localName, bindingType, 0); } else if(value instanceof StringConstant) { StringConstant constantString = (StringConstant) value; String constantStringValue = constantString.value; binding = new SMTBinding(constantStringValue, SMTBinding.TYPE.String, 0); } return binding; } }
public SMTBinding createTemporalBinding(SMTBinding.TYPE type) { String tmpName = null; switch(type) { case String : tmpName = "StringTMP"; break; case Int : tmpName = "IntTMP"; break; case Bool : tmpName = "BoolTMP"; break; case Real: break; default: break; } StringConstant tmpValue = StringConstant.v(tmpName); SMTBinding binding = null; if(hasBindingForValue(tmpValue)) { SMTBinding oldBinding = getLatestBindingForValue(tmpValue); int ssaVersionOldBinding = oldBinding.getVersion(); //increment version ssaVersionOldBinding += 1; binding = new SMTBinding(oldBinding.getVariableName(), oldBinding.getType(), ssaVersionOldBinding); } else { binding = new SMTBinding(tmpName, type, 0); } addValueBindingToVariableDeclaration(tmpValue, binding); return binding; }
@Override public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) { if(isSourceMethod(v)) { StringConstant newSourceValue = StringConstant.v("loggingPoint"); SMTBinding binding = stmtVisitor.createNewBindingForValue(newSourceValue); stmtVisitor.addValueBindingToVariableDeclaration(newSourceValue, binding); //no smt-statement required, just return the binding this.result = binding; // Additionally check whether the source method need special treatment if(isExpressionThatNeedsToBeConvertedToSMT(v)) { convertSpecialExpressionsToSMT(v, currentStatement); } } else if(isExpressionThatNeedsToBeConvertedToSMT(v)){ convertSpecialExpressionsToSMT(v, currentStatement); }else{ //just propagate the taint value of previous statement Stmt prevStmt = stmtVisitor.getPreviousDataFlowPathElement(currentStatement); if(prevStmt == null) throw new RuntimeException("there is no previous statement"); else{ this.result = stmtVisitor.getBindingForTaintedValue(prevStmt); if(this.result == null) throw new RuntimeException("double check this here"); } } }
private String hasPermissionString(InvokeExpr ie) { for (Value val: (List<Value>)ie.getArgs()) { if (val instanceof StringConstant) { StringConstant c = (StringConstant)val; String v = c.value; if (v.startsWith("android.permission.")) { return v; } } } return null; }
public void outAStringConstant(AStringConstant node) { String s = (String) mProductions.removeLast(); mProductions.addLast(StringConstant.v(s)); /* try { String t = StringTools.getUnEscapedStringOf(s); mProductions.push(StringConstant.v(t)); } catch(RuntimeException e) { G.v().out.println(s); throw e; } */ }
private void handleRefTypeAssignment(DefinitionStmt assignStmt, AnalysisInfo out) { Value left = assignStmt.getLeftOp(); Value right = assignStmt.getRightOp(); //unbox casted value if(right instanceof JCastExpr) { JCastExpr castExpr = (JCastExpr) right; right = castExpr.getOp(); } //if we have a definition (assignment) statement to a ref-like type, handle it, if ( isAlwaysNonNull(right) || right instanceof NewExpr || right instanceof NewArrayExpr || right instanceof NewMultiArrayExpr || right instanceof ThisRef || right instanceof StringConstant || right instanceof ClassConstant || right instanceof CaughtExceptionRef) { //if we assign new... or @this, the result is non-null out.put(left,NON_NULL); } else if(right==NullConstant.v()) { //if we assign null, well, it's null out.put(left, NULL); } else if(left instanceof Local && right instanceof Local) { out.put(left, out.get(right)); } else { out.put(left, TOP); } }
private ConstantValueTag createConstantTagFromValue(Constant rightOp) { if (rightOp instanceof DoubleConstant) return new DoubleConstantValueTag(((DoubleConstant) rightOp).value); else if (rightOp instanceof FloatConstant) return new FloatConstantValueTag(((FloatConstant) rightOp).value); else if (rightOp instanceof IntConstant) return new IntegerConstantValueTag(((IntConstant) rightOp).value); else if (rightOp instanceof LongConstant) return new LongConstantValueTag(((LongConstant) rightOp).value); else if (rightOp instanceof StringConstant) return new StringConstantValueTag(((StringConstant) rightOp).value); else return null; }
private boolean checkConstantValue(ConstantValueTag t, Constant rightOp) { if (t == null || rightOp == null) return true; if (t instanceof DoubleConstantValueTag) { if (!(rightOp instanceof DoubleConstant)) return false; return ((DoubleConstantValueTag) t).getDoubleValue() == ((DoubleConstant) rightOp).value; } else if (t instanceof FloatConstantValueTag) { if (!(rightOp instanceof FloatConstant)) return false; return ((FloatConstantValueTag) t).getFloatValue() == ((FloatConstant) rightOp).value; } else if (t instanceof IntegerConstantValueTag) { if (!(rightOp instanceof IntConstant)) return false; return ((IntegerConstantValueTag) t).getIntValue() == ((IntConstant) rightOp).value; } else if (t instanceof LongConstantValueTag) { if (!(rightOp instanceof LongConstant)) return false; return ((LongConstantValueTag) t).getLongValue() == ((LongConstant) rightOp).value; } else if (t instanceof StringConstantValueTag) { if (!(rightOp instanceof StringConstant)) return false; return ((StringConstantValueTag) t).getStringValue().equals(((StringConstant) rightOp).value); } else // We don't know the type, so we assume it's alright return true; }
@Test public void testStringConstant() { Value v = StringConstant.v("test"); assertTrue(ExceptionTestUtility.sameMembers(utility.VM_ERRORS, Collections.EMPTY_SET, unitAnalysis.mightThrow(v))); assertEquals(utility.VM_ERRORS_PLUS_SUPERTYPES, utility.catchableSubset(unitAnalysis.mightThrow(v))); }
private boolean isStringLike(Value value) { return (value.getType() instanceof RefType && !(value instanceof StringConstant) && isStringLike((RefType)value.getType())) || (value.getType() instanceof ArrayType && isStringArrayLike((ArrayType)value.getType())); }
public IdentifierExpression lookupInternString(StringConstant s) { if (!stringInternMap.containsKey(s.value)) { String name = "$StringConst" + stringInternMap.size(); stringInternMap.put(s.value, this.pf.mkIdentifierExpression(this.getBoogieType(s.getType()), name, true, true, true)); } return stringInternMap.get(s.value); }
public IdentifierExpression lookupInternString(StringConstant s) { if (!stringInternMap.containsKey(s.value)) { String name = "$StringConst"+stringInternMap.size(); stringInternMap.put(s.value, this.pf.mkIdentifierExpression(this.getBoogieType(s.getType()), name, true, true, true)); } return stringInternMap.get(s.value); }
void getStringConstantsFromLocal(SimpleLocalDefs sld, Local l, Unit u, HashMap<String,String> perms) throws IOException { Iterator<Unit> iter = sld.getDefsOfAt(l, u).iterator(); while (iter.hasNext()) { Unit def = iter.next(); if (! (def instanceof DefinitionStmt)) continue; DefinitionStmt assign = (DefinitionStmt) def; Value rightOp = assign.getRightOp(); if (rightOp instanceof StringConstant) { int i=0; boolean found = false; while(i<numPerm && !found) { if (rightOp.toString().equals("\""+permissions[i]+"\"")) { found = true; if (u instanceof DefinitionStmt && !isKnownCheck(u.toString())) { perms.put(permissions[i], "NOTDIRECTUSE"); } else { perms.put(permissions[i], ""); } } i++; } } else if (rightOp instanceof Local) { getStringConstantsFromLocal(sld, (Local)rightOp, def, perms); } else { //irrelevant types } } }
/** * Analyze a Soot value. * @param arg the value to analyze * @param typ the type of the value * @param stmt the instruction analyzed * @param seen Set of instructions already treated. * @return The abstract value approximating the contents of the value */ AbsValue treatValue(Value arg, Type typ, Unit stmt, Set<Unit> seen) { if (arg instanceof Local) return analyzeLocal((Local) arg, stmt,seen); else if (arg instanceof StringConstant) return new StringValue(((StringConstant) arg).value); else if (arg instanceof Constant) return new ConstantValue((Constant) arg,typ); else { Out.getLog().println("Weird value to treat" + arg); return new UnknownValue (arg.toString()); } }