private void transferTaintToMutables(TaintMethodSummary methodSummary, Taint taint) throws RuntimeException { if (methodSummary == null || !methodSummary.hasMutableStackIndex()) { return; } int mutableStackIndex = methodSummary.getMutableStackIndex(); try { Taint stackValue = getFrame().getStackValue(mutableStackIndex); // needed especially for constructors stackValue.setState(taint.getState()); for (Location location : taint.getTaintedLocations()) { stackValue.addTaintLocation(location, true); } for (Location location : taint.getPossibleTaintedLocations()) { stackValue.addTaintLocation(location, false); } if (stackValue.hasValidLocalVariableIndex()) { int index = stackValue.getLocalVariableIndex(); getFrame().setValue(index, taint); } // else we are not able to transfer taint to a local variable } catch (DataflowAnalysisException ex) { throw new RuntimeException("Bad mutable stack index specification", ex); } }
private void visitInvoke(InvokeInstruction obj) { TaintMethodSummary methodSummary = getMethodSummary(obj); Taint taint = getMethodTaint(methodSummary); if (taint.getState() == Taint.State.UNKNOWN) { taint.addTaintLocation(getLocation(), false); } transferTaintToMutables(methodSummary, taint); modelInstruction(obj, getNumWordsConsumed(obj), getNumWordsProduced(obj), taint); }
private Taint getMethodTaint(TaintMethodSummary methodSummary) { if (methodSummary == null) { return getDefaultValue(); } if (methodSummary.hasConstantOutputTaint()) { Taint taint = new Taint(methodSummary.getOutputTaint()); if (taint.getState() == Taint.State.TAINTED) { taint.addTaintLocation(getLocation(), true); } return taint; } if (methodSummary.hasTransferParameters()) { return mergeTransferParameters(methodSummary.getTransferParameters()); } throw new IllegalStateException("invalid method summary"); }