コード例 #1
0
 /*
  * Print the elements of the main Map scope.
  */
 public void print(Scope scp) {
   Symbol aux1;
   Scope s;
   if (!scp.getMembers().isEmpty()) {
     System.out.println("\nScope: " + scp.getScopeName() + "\tsize=" + scp.getMembers().size());
     Iterator<Symbol> it = scp.getMembers().iterator();
     for (; it.hasNext(); ) {
       aux1 = it.next();
       if (aux1.getRootScope() != null) { // is a root of a new scope?
         s = aux1.getRootScope();
         s.print(s);
       }
     }
   } else {
     aux1 = scp.getScopeSymbol();
     System.out.println(
         "Name: "
             + aux1.getName()
             + "\t\tline: "
             + aux1.getCodeLine()
             + "\t\ttainted: "
             + aux1.getTainted()
             + "\t\tScope: "
             + aux1.getScope().getScopeName()
             + "\n");
   }
 }
コード例 #2
0
  /*
   * Give if the symbol is taint or not.
   * This method occur after all symbols of one assign/call function instruction
   * are inserted in scope. After that, one by one symbol is analyse (taint/untaint)
   */
  public Boolean resolve(Symbol symb, TaintedTable mts, UntaintedTable mus) {
    Symbol aux;
    String s, nam;
    RelatedTaintedSymbol rtt;
    RootTaintedSymbol Rrt;
    Scope scp;

    // Caso o symbol ja seja tainted. Coloca o parent scope a taint
    Symbol sym = symb;
    nam = sym.getName();
    if (sym.getTainted() == 1 && sym.getAlfanumeric() == false) {
      scp = sym.getScope();
      scp.getScopeSymbol().setTainted(1);

      // No caso de nome da funcao ser tainted
      if (mts.getTaintedMembers().containsKey(nam) == true) {
        // Inserir o socpe parent como dependente da funcao tainted
        Rrt = (RootTaintedSymbol) mts.getTaintedMembers().get(nam);
        rtt =
            (RelatedTaintedSymbol)
                Rrt.getListTaintedMembers().get(Rrt.getListTaintedMembers().size() - 1);

        // Caso o parent nao pertenca 'a lista da funcao tainted
        if (rtt.getTaintedMembers().containsKey(scp.getScopeName()) == false) {
          VariableTaintedSymbol var =
              new VariableTaintedSymbol(
                  scp.getScopeName(),
                  scp.getScopeSymbol().getCodeLine(),
                  scp.getScopeSymbol().getTainted(),
                  scp.getScopeSymbol().getFileSymbol());
          rtt.define(var);
        } else { // Caso o parent pertenca 'a lista da funcao tainted
          VariableTaintedSymbol var =
              (VariableTaintedSymbol) rtt.getTaintedMembers().get(scp.getScopeName());
          var.InsertLine(scp.getScopeSymbol().getCodeLine());
          var.InsertFile(scp.getScopeSymbol().getFileSymbol());
        }
        return true;
      }

      // Se uma userfunction ver se os seus parametros sao tainted e inserir a function como
      // dependente deles
      if (sym.getIsUserFunction() == true) {
        Scope scp_aux = (Scope) sym;
        String sy_name;
        Symbol sy_aux;
        Iterator<Symbol> it;
        for (it = scp_aux.getMembers().iterator(); it.hasNext(); ) {
          sy_aux = it.next();
          sy_name = sy_aux.getName();
          if (sy_aux.getTainted() == 1) {
            if (mts.getTaintedMembers().containsKey(sy_name) == true) {
              // Inserir o nome da user function como dependente do seu parametro
              Rrt = (RootTaintedSymbol) mts.getTaintedMembers().get(sy_name);
              rtt =
                  (RelatedTaintedSymbol)
                      Rrt.getListTaintedMembers().get(Rrt.getListTaintedMembers().size() - 1);

              // Caso a user function nao pertenca 'a lista do parametro tainted
              if (rtt.getTaintedMembers().containsKey(sym.getName()) == false) {
                VariableTaintedSymbol var =
                    new VariableTaintedSymbol(
                        sym.getName(), sym.getCodeLine(), sym.getTainted(), sym.getFileSymbol());
                rtt.define(var);
              } else { // Caso a user function pertenca 'a lista do parametro tainted
                VariableTaintedSymbol var =
                    (VariableTaintedSymbol) rtt.getTaintedMembers().get(sym.getName());
                var.InsertLine(sym.getCodeLine());
                var.InsertFile(sym.getFileSymbol());
              }
            }
          }
        }

        // if (mts.getTaintedMembers().containsKey(nam) == false){ // verify if the tainted symbol
        // exist in mts TaintedTable
        Rrt =
            new RootTaintedSymbol(
                sym.getName(),
                sym.getCodeLine(),
                sym.getTainted(),
                sym.getAlfanumeric(),
                sym.getFileSymbol());
        mts.define(Rrt); // insert in mts TaintedTable
      }

      return true;
    }

    // Caso o symbol seja uma var ja tainted e pertenca a tabela das vars tainteds
    if (mts.getTaintedMembers().containsKey(nam) == true
        && mus.existSymbol(sym.getName()) == false) {
      // colocar scope parent tainted
      scp = sym.getScope();
      scp.getScopeSymbol().setTainted(1);

      // Inserir o socpe parent como dependente do symbol tainted
      Rrt = (RootTaintedSymbol) mts.getTaintedMembers().get(nam);
      rtt =
          (RelatedTaintedSymbol)
              Rrt.getListTaintedMembers().get(Rrt.getListTaintedMembers().size() - 1);

      // Caso o parent nao pertenca 'a lista do symbol tainted
      if (rtt.getTaintedMembers().containsKey(scp.getScopeName()) == false) {
        VariableTaintedSymbol var =
            new VariableTaintedSymbol(
                scp.getScopeName(),
                scp.getScopeSymbol().getCodeLine(),
                scp.getScopeSymbol().getTainted(),
                scp.getScopeSymbol().getFileSymbol());
        rtt.define(var);
      } else { // Caso o parent pertenca 'a lista do symbol tainted
        VariableTaintedSymbol var =
            (VariableTaintedSymbol) rtt.getTaintedMembers().get(scp.getScopeName());
        var.InsertLine(scp.getScopeSymbol().getCodeLine());
        var.InsertFile(scp.getScopeSymbol().getFileSymbol());
      }
      return true;
    }

    // Caso o symbol seja um alfanumeric e contenha uma var tainted da tabela das vars tainteds
    if (sym.getAlfanumeric() == true) {
      Boolean existe = false;
      Iterator<Symbol> it = mts.getTaintedMembers().values().iterator();
      for (; it.hasNext(); ) {
        s = it.next().getName();

        if (nam.contains("$" + s) == true && mus.existSymbol(s) == false) {
          // colocar scope parent tainted
          scp = sym.getScope();
          scp.getScopeSymbol().setTainted(1);

          // Inserir o socpe parent como dependente do symbol tainted
          Rrt = (RootTaintedSymbol) mts.getTaintedMembers().get(s);
          rtt =
              (RelatedTaintedSymbol)
                  Rrt.getListTaintedMembers().get(Rrt.getListTaintedMembers().size() - 1);

          // Caso o parent nao pertenca 'a lista do symbol tainted
          if (rtt.getTaintedMembers().containsKey(scp.getScopeName()) == false) {
            VariableTaintedSymbol var =
                new VariableTaintedSymbol(
                    scp.getScopeName(),
                    scp.getScopeSymbol().getCodeLine(),
                    scp.getScopeSymbol().getTainted(),
                    scp.getScopeSymbol().getFileSymbol());
            rtt.define(var);
          } else { // Caso o parent pertenca 'a lista do symbol tainted
            VariableTaintedSymbol var =
                (VariableTaintedSymbol) rtt.getTaintedMembers().get(scp.getScopeName());
            var.InsertLine(scp.getScopeSymbol().getCodeLine());
            var.InsertFile(scp.getScopeSymbol().getFileSymbol());
          }

          existe = true;
        }
      }

      if (sym.getTainted() == 1) {
        scp = sym.getScope();
        scp.getScopeSymbol().setTainted(1);

        // No caso de nome da funcao ser tainted
        if (mts.getTaintedMembers().containsKey(nam) == true) {
          // Inserir o socpe parent como dependente da funcao tainted
          Rrt = (RootTaintedSymbol) mts.getTaintedMembers().get(nam);
          rtt =
              (RelatedTaintedSymbol)
                  Rrt.getListTaintedMembers().get(Rrt.getListTaintedMembers().size() - 1);

          // Caso o parent nao pertenca 'a lista da funcao tainted
          if (rtt.getTaintedMembers().containsKey(scp.getScopeName()) == false) {
            VariableTaintedSymbol var =
                new VariableTaintedSymbol(
                    scp.getScopeName(),
                    scp.getScopeSymbol().getCodeLine(),
                    scp.getScopeSymbol().getTainted(),
                    scp.getScopeSymbol().getFileSymbol());
            rtt.define(var);
          } else { // Caso o parent pertenca 'a lista da funcao tainted
            VariableTaintedSymbol var =
                (VariableTaintedSymbol) rtt.getTaintedMembers().get(scp.getScopeName());
            var.InsertLine(scp.getScopeSymbol().getCodeLine());
            var.InsertFile(scp.getScopeSymbol().getFileSymbol());
          }
        }
        existe = true;
      }
      return existe;
    }

    return false; // nao e' tainted a var
  }