private void checkTaintSink(
String calledMethod, TaintFrame fact, SourceLineAnnotation sourceLine, String currentMethod)
throws DataflowAnalysisException {
if (methodsWithSinks.containsKey(calledMethod)) {
Set<TaintSink> sinks = methodsWithSinks.get(calledMethod);
for (TaintSink sink : sinks) {
Taint sinkTaint = sink.getTaint();
Set<Integer> taintParameters = sinkTaint.getTaintParameters();
Taint finalTaint = sinkTaint.getNonParametricTaint();
for (Integer offset : taintParameters) {
Taint parameterTaint = fact.getStackValue(offset);
finalTaint = Taint.merge(finalTaint, parameterTaint);
}
if (finalTaint == null) {
continue;
}
if (finalTaint.isTainted()) {
BugInstance bugInstance = sink.getBugInstance();
bugInstance.setPriority(Priorities.HIGH_PRIORITY);
bugInstance.addSourceLine(sourceLine);
} else if (finalTaint.hasTaintParameters()) {
assert finalTaint.isUnknown();
BugInstance bugInstance = sink.getBugInstance();
bugInstance.addSourceLine(sourceLine);
delayBugToReport(currentMethod, finalTaint, bugInstance);
}
}
}
}
private Taint mergeTransferParameters(Collection<Integer> transferParameters) {
Taint taint = null;
assert !transferParameters.isEmpty();
for (Integer transferParameter : transferParameters) {
try {
Taint value = getFrame().getStackValue(transferParameter);
taint = (taint == null) ? value : Taint.merge(taint, value);
} catch (DataflowAnalysisException ex) {
throw new RuntimeException("Bad transfer parameter specification", ex);
}
}
assert taint != null;
return taint;
}
