public static List<Value> getAllImmediateValue(Stmt stmt) {
List<Value> rtVal = new ArrayList<Value>();
List<ValueBox> vbs = stmt.getUseAndDefBoxes();
Set<String> frs = new HashSet<String>();
for (ValueBox vb : vbs) {
Value v = vb.getValue();
if (v instanceof FieldRef) {
int endPos = v.toString().indexOf('.');
String name = v.toString().substring(0, endPos);
frs.add(name);
Value existV = null;
for (ValueBox vBox : vbs) {
if (name.equals(vBox.getValue().toString())) {
existV = vBox.getValue();
break;
}
}
if (null != existV) {
rtVal.remove(existV);
}
rtVal.add(v);
}
if (v instanceof Immediate) {
if (!frs.contains(v.toString())) {
rtVal.add(v);
}
}
}
return rtVal;
}
private static String finegrainedFlowResults() {
int totalReachableIfs = 0;
int taintedReachableIfs = 0;
int totalCountOfTaintSets = 0;
int totalSizeOfTaintSets = 0;
long totalValues = 0;
Set<InfoValue> allSrcs = new HashSet<InfoValue>();
Set<Set<InfoValue>> allSrcSets = new HashSet<Set<InfoValue>>();
StringBuffer buf = new StringBuffer();
for (MethodOrMethodContext momc : PTABridge.v().getReachableMethodContexts()) {
// reset counted locals for each method
Set<Value> countedLocals = new HashSet<Value>();
SootMethod method = momc.method();
if (!method.isConcrete()) continue;
try {
Body body = method.retrieveActiveBody();
Iterator<Unit> unitIt = body.getUnits().snapshotIterator();
while (unitIt.hasNext()) {
Stmt stmt = (Stmt) unitIt.next();
for (ValueBox vb : stmt.getUseAndDefBoxes()) {
Value v = vb.getValue();
if (countedLocals.contains(v)) continue;
countedLocals.add(v);
Set<InfoValue> taints = getTaintSet(v, momc);
if (taints != null) totalValues++;
if (taints != null && !taints.isEmpty()) {
allSrcs.addAll(taints);
totalCountOfTaintSets++;
totalSizeOfTaintSets += taints.size();
if (!allSrcSets.contains(taints)) allSrcSets.add(taints);
countedLocals.add(v);
}
}
if (stmt instanceof IfStmt) {
totalReachableIfs++;
boolean hasTainted = false;
for (ValueBox vb : stmt.getUseBoxes()) {
Value v = vb.getValue();
Set<InfoValue> taints = getTaintSet(v, momc);
if (taints != null && !taints.isEmpty()) {
hasTainted = true;
break;
}
}
totalReachableIfs++;
if (hasTainted) {
taintedReachableIfs++;
}
}
}
} catch (Exception e) {
// ignore and continue
}
}
buf.append("Tainted Reachable if statements: " + taintedReachableIfs + "\n");
buf.append("Total Reachable if Statements: " + totalReachableIfs + "\n");
buf.append(
"Count of non-zero taint sets for primitives and strings: " + totalCountOfTaintSets + "\n");
buf.append(
"Total distinct reachable primitives or string values in code: " + totalValues + "\n");
buf.append(
"Total size of non-zero taint sets for primitives and strings: "
+ totalSizeOfTaintSets
+ "\n");
buf.append("Count of distinct sources: " + allSrcs.size() + "\n");
buf.append("Total distinct source sets: " + allSrcSets.size() + "\n");
return buf.toString();
}
