private void checkTaintSink( String calledMethod, TaintFrame fact, SourceLineAnnotation sourceLine, String currentMethod) throws DataflowAnalysisException { if (methodsWithSinks.containsKey(calledMethod)) { Set<TaintSink> sinks = methodsWithSinks.get(calledMethod); for (TaintSink sink : sinks) { Taint sinkTaint = sink.getTaint(); Set<Integer> taintParameters = sinkTaint.getTaintParameters(); Taint finalTaint = sinkTaint.getNonParametricTaint(); for (Integer offset : taintParameters) { Taint parameterTaint = fact.getStackValue(offset); finalTaint = Taint.merge(finalTaint, parameterTaint); } if (finalTaint == null) { continue; } if (finalTaint.isTainted()) { BugInstance bugInstance = sink.getBugInstance(); bugInstance.setPriority(Priorities.HIGH_PRIORITY); bugInstance.addSourceLine(sourceLine); } else if (finalTaint.hasTaintParameters()) { assert finalTaint.isUnknown(); BugInstance bugInstance = sink.getBugInstance(); bugInstance.addSourceLine(sourceLine); delayBugToReport(currentMethod, finalTaint, bugInstance); } } } }
private void reportBug(BugInstance bugInstance, Taint taint, String currentMethod) { if (taint.hasTaintedLocations()) { addSourceLines(taint.getTaintedLocations(), bugInstance); } else { addSourceLines(taint.getPossibleTaintedLocations(), bugInstance); } if (bugInstance.getPriority() == Priorities.NORMAL_PRIORITY && taint.hasTaintParameters()) { delayBugToReport(currentMethod, taint, bugInstance); } else { bugReporter.reportBug(bugInstance); } }