private void transferTaintToMutables(TaintMethodSummary methodSummary, Taint taint) throws RuntimeException { if (methodSummary == null || !methodSummary.hasMutableStackIndex()) { return; } int mutableStackIndex = methodSummary.getMutableStackIndex(); try { Taint stackValue = getFrame().getStackValue(mutableStackIndex); // needed especially for constructors stackValue.setState(taint.getState()); for (Location location : taint.getTaintedLocations()) { stackValue.addTaintLocation(location, true); } for (Location location : taint.getPossibleTaintedLocations()) { stackValue.addTaintLocation(location, false); } if (stackValue.hasValidLocalVariableIndex()) { int index = stackValue.getLocalVariableIndex(); getFrame().setValue(index, taint); } // else we are not able to transfer taint to a local variable } catch (DataflowAnalysisException ex) { throw new RuntimeException("Bad mutable stack index specification", ex); } }
private Taint getMethodTaint(TaintMethodSummary methodSummary) { if (methodSummary == null) { return getDefaultValue(); } if (methodSummary.hasConstantOutputTaint()) { Taint taint = new Taint(methodSummary.getOutputTaint()); if (taint.getState() == Taint.State.TAINTED) { taint.addTaintLocation(getLocation(), true); } return taint; } if (methodSummary.hasTransferParameters()) { return mergeTransferParameters(methodSummary.getTransferParameters()); } throw new IllegalStateException("invalid method summary"); }
private TaintMethodSummary getMethodSummary(InvokeInstruction obj) { String methodNameWithSig = obj.getMethodName(cpg) + obj.getSignature(cpg); String fullMethodName = getSlashedClassName(obj) + "." + methodNameWithSig; TaintMethodSummary methodSummary = methodSummaries.get(fullMethodName); if (methodSummary == null && TO_STRING_METHOD.equals(methodNameWithSig)) { methodSummary = TaintMethodSummary.getDefaultToStringSummary(); } return methodSummary; }