Пример #1
0
  /** Expensive! */
  private void dumpCallGraphReachablesCSV() {
    try {
      FileWriter fw =
          new FileWriter(Project.v().getOutputDir() + File.separator + "reachables-count.csv");

      fw.write("Method,Reachables");

      for (MethodOrMethodContext momc : getReachableMethodContexts()) {
        if ("<clinit>".equals(momc.method().getName())) continue;

        Set<MethodOrMethodContext> c = new HashSet<MethodOrMethodContext>();
        c.add(momc);
        Filter filter = new Filter(noStaticInits);
        // filter on static initializers, hopefully they won't show in the stats,
        // or any calls that they make...
        ReachableMethods rm = new ReachableMethods(callGraph, c.iterator(), filter);
        rm.update();

        QueueReader<MethodOrMethodContext> edges = rm.listener();
        int reachables = 0;
        while (edges.hasNext()) {
          MethodOrMethodContext reachable = edges.next();
          if ("<clinit>".equals(reachable.method().getName())) continue;
          reachables++;
        }

        fw.write(momc + "|" + reachables + "\n");
      }

      fw.close();

    } catch (IOException e) {

    }
  }
Пример #2
0
 private void processReachables() {
   reachableMethods.update();
   while (reachablesReader.hasNext()) {
     MethodOrMethodContext m = (MethodOrMethodContext) reachablesReader.next();
     MethodPAG mpag = MethodPAG.v(pag, m.method());
     mpag.build();
     mpag.addToPAG(m.context());
   }
 }
Пример #3
0
 @Override
 protected void internalTransform(String string, Map map) {
   CallGraph call_graph = Scene.v().getCallGraph();
   Iterator<MethodOrMethodContext> src_methods = call_graph.sourceMethods();
   while (src_methods.hasNext()) {
     MethodOrMethodContext momc = src_methods.next();
     SootMethod soot_method = momc.method();
     String signature = soot_method.getSignature();
     System.out.println(signature);
   }
 }
Пример #4
0
  /** Count taint on prims or strings */
  private static Set<InfoValue> getTaintSet(Value v, MethodOrMethodContext momc) {
    Set<InfoValue> taints = null;

    if (v instanceof Local && v.getType() instanceof PrimType) {
      taints = InformationFlowAnalysis.v().getTaints(momc, (Local) v);
    } else if (PTABridge.v().isPointer(v) && SootUtils.isStringOrSimilarType(v.getType())) {
      taints = new HashSet<InfoValue>();
      for (IAllocNode node : PTABridge.v().getPTSet(v, momc.context())) {
        taints.addAll(InformationFlowAnalysis.v().getTaints(node, momc));
      }
    }

    return taints;
  }
Пример #5
0
  private static String finegrainedFlowResults() {
    int totalReachableIfs = 0;
    int taintedReachableIfs = 0;

    int totalCountOfTaintSets = 0;
    int totalSizeOfTaintSets = 0;

    long totalValues = 0;

    Set<InfoValue> allSrcs = new HashSet<InfoValue>();
    Set<Set<InfoValue>> allSrcSets = new HashSet<Set<InfoValue>>();

    StringBuffer buf = new StringBuffer();

    for (MethodOrMethodContext momc : PTABridge.v().getReachableMethodContexts()) {
      // reset counted locals for each method
      Set<Value> countedLocals = new HashSet<Value>();

      SootMethod method = momc.method();

      if (!method.isConcrete()) continue;
      try {
        Body body = method.retrieveActiveBody();

        Iterator<Unit> unitIt = body.getUnits().snapshotIterator();

        while (unitIt.hasNext()) {
          Stmt stmt = (Stmt) unitIt.next();

          for (ValueBox vb : stmt.getUseAndDefBoxes()) {
            Value v = vb.getValue();

            if (countedLocals.contains(v)) continue;

            countedLocals.add(v);

            Set<InfoValue> taints = getTaintSet(v, momc);

            if (taints != null) totalValues++;

            if (taints != null && !taints.isEmpty()) {
              allSrcs.addAll(taints);

              totalCountOfTaintSets++;
              totalSizeOfTaintSets += taints.size();

              if (!allSrcSets.contains(taints)) allSrcSets.add(taints);

              countedLocals.add(v);
            }
          }

          if (stmt instanceof IfStmt) {
            totalReachableIfs++;
            boolean hasTainted = false;

            for (ValueBox vb : stmt.getUseBoxes()) {
              Value v = vb.getValue();

              Set<InfoValue> taints = getTaintSet(v, momc);

              if (taints != null && !taints.isEmpty()) {
                hasTainted = true;
                break;
              }
            }

            totalReachableIfs++;

            if (hasTainted) {
              taintedReachableIfs++;
            }
          }
        }

      } catch (Exception e) {
        // ignore and continue
      }
    }

    buf.append("Tainted Reachable if statements: " + taintedReachableIfs + "\n");
    buf.append("Total Reachable if Statements: " + totalReachableIfs + "\n");
    buf.append(
        "Count of non-zero taint sets for primitives and strings: " + totalCountOfTaintSets + "\n");
    buf.append(
        "Total distinct reachable primitives or string values in code: " + totalValues + "\n");
    buf.append(
        "Total size of non-zero taint sets for primitives and strings: "
            + totalSizeOfTaintSets
            + "\n");
    buf.append("Count of distinct sources: " + allSrcs.size() + "\n");
    buf.append("Total distinct source sets: " + allSrcSets.size() + "\n");

    return buf.toString();
  }