Exemplo n.º 1
0
    @Override
    public String toString() {
      StringBuilder sb = new StringBuilder(context.toString());

      if (context.hasTag("LineNumberTag"))
        sb.append(" on line ")
            .append(((LineNumberTag) context.getTag("LineNumberTag")).getLineNumber());

      return sb.toString();
    }
Exemplo n.º 2
0
  private void dumpTextGraph(SootMethod caller, PrintStream printStream, int level) {

    String indent = indentString(level);
    caller.getTags();
    printStream.printf("%s %s\n", indent, caller.toString());
    Iterator<Edge> iterator = callGraph.edgesOutOf(caller);
    callgraphSet.add(caller);

    // boolean appClass = caller.getDeclaringClass().isApplicationClass();
    boolean systemApi = API.v().isSystemMethod(caller);

    /*
      printStream.printf("%s Declaring method %s: app %s\n", indent,
      caller.toString(), systemApi? "False": "True");
    */

    String subindent = indentString(level + 1);
    Set<Object> calleeSet = new HashSet<Object>();

    while (iterator != null && iterator.hasNext()) {
      Edge edge = iterator.next();
      if (!systemApi) {
        List<Stmt> invokeStmtList = SootUtils.getInvokeStatements(caller, edge.tgt());
        for (Stmt stmt : invokeStmtList) {
          if (calleeSet.contains(stmt)) continue;
          printStream.printf("%s #[%s] ", subindent, stmt);
          SourceLocationTag tag = SootUtils.getSourceLocation(stmt);
          if (tag != null) {
            printStream.printf(": %s", tag.toString());
          }
          printStream.printf("\n");
          calleeSet.add(stmt.toString());
        }
      }

      if (!callgraphSet.contains(edge.tgt())) {
        dumpTextGraph(edge.tgt(), printStream, level + 1);
      } else {
        // already in the call graph, just print it out
        if (calleeSet.contains(edge.tgt())) continue;
        printStream.printf("%s %s\n", subindent, edge.tgt().toString());
        calleeSet.add(edge.tgt());
      }
    }
  }
 /**
  * Given the merge of the <code>out</code> sets, compute the <code>in</code> set for <code>d
  * </code>.
  *
  * <p>Processes the analysis for the given {@link Unit}, i.e. checks the end of an implicit flow
  * for the given unit and after that tries to apply a {@link SecurityLevelStmtSwitch} switch to
  * the statement, i.e. calculates or updates the <em>security levels</em> of the statement
  * components to check for security violations.
  *
  * @param in Current incoming map of the local variables for the given unit.
  * @param d The current unit which should be checked for security violations.
  * @param out Current outgoing map of the local variables for the given unit.
  * @see soot.toolkits.scalar.FlowAnalysis#flowThrough(java.lang.Object, java.lang.Object,
  *     java.lang.Object)
  * @see SecurityLevelStmtSwitch
  */
 @Override
 protected void flowThrough(LocalsMap in, Unit d, LocalsMap out) {
   copy(in, out);
   Stmt stmt = (Stmt) d;
   getAnalyzedEnvironment().setStmt(stmt);
   checkEndOfImplicitFlow(stmt, in, out);
   try {
     SecurityLevelStmtSwitch stmtSwitch =
         new SecurityLevelStmtSwitch(getAnalyzedEnvironment(), getStore(), in, out);
     stmt.apply(stmtSwitch);
   } catch (ProgramCounterException
       | EnvironmentNotFoundException
       | SwitchException
       | MethodParameterNotFoundException
       | LevelNotFoundException e) {
     throw new AnalysisException(
         getMsg(
             "exception.analysis.other.error_switch",
             stmt.toString(),
             getSignatureOfMethod(getAnalyzedEnvironment().getSootMethod()),
             getAnalyzedEnvironment().getSrcLn()),
         e);
   }
 }