/** Expensive! */
private void dumpCallGraphReachablesCSV() {
try {
FileWriter fw =
new FileWriter(Project.v().getOutputDir() + File.separator + "reachables-count.csv");
fw.write("Method,Reachables");
for (MethodOrMethodContext momc : getReachableMethodContexts()) {
if ("<clinit>".equals(momc.method().getName())) continue;
Set<MethodOrMethodContext> c = new HashSet<MethodOrMethodContext>();
c.add(momc);
Filter filter = new Filter(noStaticInits);
// filter on static initializers, hopefully they won't show in the stats,
// or any calls that they make...
ReachableMethods rm = new ReachableMethods(callGraph, c.iterator(), filter);
rm.update();
QueueReader<MethodOrMethodContext> edges = rm.listener();
int reachables = 0;
while (edges.hasNext()) {
MethodOrMethodContext reachable = edges.next();
if ("<clinit>".equals(reachable.method().getName())) continue;
reachables++;
}
fw.write(momc + "|" + reachables + "\n");
}
fw.close();
} catch (IOException e) {
}
}
private void processReachables() {
reachableMethods.update();
while (reachablesReader.hasNext()) {
MethodOrMethodContext m = (MethodOrMethodContext) reachablesReader.next();
MethodPAG mpag = MethodPAG.v(pag, m.method());
mpag.build();
mpag.addToPAG(m.context());
}
}
@Override
protected void internalTransform(String string, Map map) {
CallGraph call_graph = Scene.v().getCallGraph();
Iterator<MethodOrMethodContext> src_methods = call_graph.sourceMethods();
while (src_methods.hasNext()) {
MethodOrMethodContext momc = src_methods.next();
SootMethod soot_method = momc.method();
String signature = soot_method.getSignature();
System.out.println(signature);
}
}
/** Count taint on prims or strings */
private static Set<InfoValue> getTaintSet(Value v, MethodOrMethodContext momc) {
Set<InfoValue> taints = null;
if (v instanceof Local && v.getType() instanceof PrimType) {
taints = InformationFlowAnalysis.v().getTaints(momc, (Local) v);
} else if (PTABridge.v().isPointer(v) && SootUtils.isStringOrSimilarType(v.getType())) {
taints = new HashSet<InfoValue>();
for (IAllocNode node : PTABridge.v().getPTSet(v, momc.context())) {
taints.addAll(InformationFlowAnalysis.v().getTaints(node, momc));
}
}
return taints;
}
private static String finegrainedFlowResults() {
int totalReachableIfs = 0;
int taintedReachableIfs = 0;
int totalCountOfTaintSets = 0;
int totalSizeOfTaintSets = 0;
long totalValues = 0;
Set<InfoValue> allSrcs = new HashSet<InfoValue>();
Set<Set<InfoValue>> allSrcSets = new HashSet<Set<InfoValue>>();
StringBuffer buf = new StringBuffer();
for (MethodOrMethodContext momc : PTABridge.v().getReachableMethodContexts()) {
// reset counted locals for each method
Set<Value> countedLocals = new HashSet<Value>();
SootMethod method = momc.method();
if (!method.isConcrete()) continue;
try {
Body body = method.retrieveActiveBody();
Iterator<Unit> unitIt = body.getUnits().snapshotIterator();
while (unitIt.hasNext()) {
Stmt stmt = (Stmt) unitIt.next();
for (ValueBox vb : stmt.getUseAndDefBoxes()) {
Value v = vb.getValue();
if (countedLocals.contains(v)) continue;
countedLocals.add(v);
Set<InfoValue> taints = getTaintSet(v, momc);
if (taints != null) totalValues++;
if (taints != null && !taints.isEmpty()) {
allSrcs.addAll(taints);
totalCountOfTaintSets++;
totalSizeOfTaintSets += taints.size();
if (!allSrcSets.contains(taints)) allSrcSets.add(taints);
countedLocals.add(v);
}
}
if (stmt instanceof IfStmt) {
totalReachableIfs++;
boolean hasTainted = false;
for (ValueBox vb : stmt.getUseBoxes()) {
Value v = vb.getValue();
Set<InfoValue> taints = getTaintSet(v, momc);
if (taints != null && !taints.isEmpty()) {
hasTainted = true;
break;
}
}
totalReachableIfs++;
if (hasTainted) {
taintedReachableIfs++;
}
}
}
} catch (Exception e) {
// ignore and continue
}
}
buf.append("Tainted Reachable if statements: " + taintedReachableIfs + "\n");
buf.append("Total Reachable if Statements: " + totalReachableIfs + "\n");
buf.append(
"Count of non-zero taint sets for primitives and strings: " + totalCountOfTaintSets + "\n");
buf.append(
"Total distinct reachable primitives or string values in code: " + totalValues + "\n");
buf.append(
"Total size of non-zero taint sets for primitives and strings: "
+ totalSizeOfTaintSets
+ "\n");
buf.append("Count of distinct sources: " + allSrcs.size() + "\n");
buf.append("Total distinct source sets: " + allSrcSets.size() + "\n");
return buf.toString();
}