allow for directory-based classpaths as input to StubDroid, fixed various smaller bugs, and corrected access path cut-offs to be optional

Author: StevenArzt

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/Main.java

@@ -124,7 +124,7 @@ public void run(final String[] args) throws FileNotFoundException, XMLStreamExce
 			generator.getConfig().setExcludes(excludes);
 
 			// Set optional settings
-			conifgureOptionalSettings(cmd, generator);
+			configureOptionalSettings(cmd, generator);
 
 			// Configure the output directory
 			if (!toAnalyze.exists()) {
@@ -149,6 +149,13 @@ public boolean accept(File dir, String name) {
 					System.out.println(String.format("Jar %d of %d: %s", c + 1, files.length, f));
 					createSummaries(generator, classesToAnalyze, forceOverwrite, f, outputFolder);
 				}
+
+				// If we don't have any JAR files, the target may be a normal classpath with
+				// Java class files
+				if (files.length == 0) {
+					System.out.println(String.format("Analyzing directory %s...", toAnalyze.getAbsolutePath()));
+					createSummaries(generator, classesToAnalyze, forceOverwrite, toAnalyze, outputFolder);
+				}
 			} else {
 				createSummaries(generator, classesToAnalyze, forceOverwrite, toAnalyze, outputFolder);
 			}
@@ -167,7 +174,7 @@ public boolean accept(File dir, String name) {
 	 * @param cmd       The command-line options
 	 * @param generator The summary generator
 	 */
-	protected void conifgureOptionalSettings(CommandLine cmd, SummaryGenerator generator) {
+	protected void configureOptionalSettings(CommandLine cmd, SummaryGenerator generator) {
 		{
 			int repeatCount = Integer.parseInt(cmd.getOptionValue(OPTION_REPEAT, "-1"));
 			if (repeatCount > 0)

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/data/summary/MethodFlow.java

@@ -20,7 +20,7 @@ public class MethodFlow extends AbstractMethodSummary {
 	private final FlowSource from;
 	private final FlowSink to;
 	private final boolean isAlias;
-	private final boolean typeChecking;
+	private final Boolean typeChecking;
 	private final Boolean cutSubFields;
 
 	/**
@@ -38,7 +38,7 @@ public class MethodFlow extends AbstractMethodSummary {
 	 *                     field "b" will not appended to the sink if this option is
 	 *                     enabled.
 	 */
-	public MethodFlow(String methodSig, FlowSource from, FlowSink to, boolean isAlias, boolean typeChecking,
+	public MethodFlow(String methodSig, FlowSource from, FlowSink to, boolean isAlias, Boolean typeChecking,
 			Boolean cutSubFields) {
 		super(methodSig);
 		this.from = from;
@@ -124,7 +124,7 @@ public boolean isAlias() {
 	 * @return True if type checking shall be performed before applying this method
 	 *         flow, otherwise false
 	 */
-	public boolean getTypeChecking() {
+	public Boolean getTypeChecking() {
 		return this.typeChecking;
 	}
 
@@ -212,7 +212,10 @@ public boolean equals(Object obj) {
 				return false;
 		} else if (!to.equals(other.to))
 			return false;
-		if (typeChecking != other.typeChecking)
+		if (typeChecking == null) {
+			if (other.typeChecking != null)
+				return false;
+		} else if (!typeChecking.equals(other.typeChecking))
 			return false;
 		return true;
 	}
@@ -225,7 +228,7 @@ public int hashCode() {
 		result = prime * result + ((from == null) ? 0 : from.hashCode());
 		result = prime * result + (isAlias ? 1231 : 1237);
 		result = prime * result + ((to == null) ? 0 : to.hashCode());
-		result = prime * result + (typeChecking ? 1231 : 1237);
+		result = prime * result + ((typeChecking == null) ? 0 : typeChecking.hashCode());
 		return result;
 	}
 

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/AccessPathFragment.java

@@ -150,7 +150,7 @@ public boolean isEmpty() {
 	public AccessPathFragment append(AccessPathFragment toAppend) {
 		// If only one of the two operands contains actual data, we simply take that
 		// object and don't need to append anything
-		if (toAppend == null) {
+		if (toAppend == null || toAppend.isEmpty()) {
 			if (this.isEmpty())
 				return null;
 			return this;

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java

@@ -742,6 +742,10 @@ private AccessPath createAccessPathInMethod(Taint t, SootMethod sm) {
 
 	@Override
 	public Set<Abstraction> getTaintsForMethod(Stmt stmt, Abstraction d1, Abstraction taintedAbs) {
+
+		if (stmt.toString().contains("toByteArray"))
+			System.out.println("x");
+
 		// We only care about method invocations
 		if (!stmt.containsInvokeExpr())
 			return Collections.singleton(taintedAbs);
@@ -751,8 +755,8 @@ public Set<Abstraction> getTaintsForMethod(Stmt stmt, Abstraction d1, Abstractio
 		ByReferenceBoolean classSupported = new ByReferenceBoolean(false);
 
 		// Compute the wrapper taints for the current method
-		Set<AccessPath> res = computeTaintsForMethod(stmt, d1, taintedAbs, stmt.getInvokeExpr().getMethod(),
-				killIncomingTaint, classSupported);
+		final SootMethod callee = stmt.getInvokeExpr().getMethod();
+		Set<AccessPath> res = computeTaintsForMethod(stmt, d1, taintedAbs, callee, killIncomingTaint, classSupported);
 
 		// Create abstractions from the access paths
 		if (res != null && !res.isEmpty()) {
@@ -765,10 +769,9 @@ public Set<Abstraction> getTaintsForMethod(Stmt stmt, Abstraction d1, Abstractio
 		// If we have no data flows, we can abort early
 		if (!killIncomingTaint.value && (resAbs == null || resAbs.isEmpty())) {
 			wrapperMisses.incrementAndGet();
-			SootMethod method = stmt.getInvokeExpr().getMethod();
 
 			if (!classSupported.value)
-				reportMissingMethod(method);
+				reportMissingMethod(callee);
 
 			if (classSupported.value)
 				return Collections.singleton(taintedAbs);
@@ -897,19 +900,21 @@ private Set<AccessPath> applyFlowsIterative(MethodSummaries flowsInCallee, List<
 			// implementations in the application code
 			if ((flowsInTarget == null || flowsInTarget.isEmpty()) && curGap != null) {
 				SootMethod callee = Scene.v().grabMethod(curGap.getSignature());
-				if (callee != null)
-					for (SootMethod implementor : getAllImplementors(callee))
+				if (callee != null) {
+					for (SootMethod implementor : getAllImplementors(callee)) {
 						if (implementor.getDeclaringClass().isConcrete() && !implementor.getDeclaringClass().isPhantom()
 								&& implementor.isConcrete()) {
 							Set<AccessPathPropagator> implementorPropagators = spawnAnalysisIntoClientCode(implementor,
 									curPropagator);
 							if (implementorPropagators != null)
 								workList.addAll(implementorPropagators);
 						}
+					}
+				}
 			}
 
 			// Apply the flow summaries for other libraries
-			if (flowsInTarget != null && !flowsInTarget.isEmpty())
+			if (flowsInTarget != null && !flowsInTarget.isEmpty()) {
 				for (MethodFlow flow : flowsInTarget) {
 					// Apply the flow summary
 					AccessPathPropagator newPropagator = applyFlow(flow, curPropagator);
@@ -947,6 +952,7 @@ private Set<AccessPath> applyFlowsIterative(MethodSummaries flowsInCallee, List<
 							workList.add(backwardsPropagator);
 					}
 				}
+			}
 		}
 		return res;
 	}
@@ -1610,7 +1616,7 @@ private Taint addSinkTaint(MethodFlow flow, Taint taint, GapDefinition gap) {
 		final AbstractFlowSinkSource flowSource = flow.source();
 		final AbstractFlowSinkSource flowSink = flow.sink();
 		final boolean taintSubFields = flow.sink().taintSubFields();
-		final boolean checkTypes = flow.getTypeChecking();
+		final Boolean checkTypes = flow.getTypeChecking();
 
 		AccessPathFragment remainingFields = cutSubFields(flow, getRemainingFields(flowSource, taint));
 		AccessPathFragment appendedFields = AccessPathFragment.append(flowSink.getAccessPath(), remainingFields);
@@ -1620,16 +1626,13 @@ private Taint addSinkTaint(MethodFlow flow, Taint taint, GapDefinition gap) {
 		Type sinkType = TypeUtils.getTypeFromString(getAssignmentType(flowSink));
 		Type taintType = TypeUtils.getTypeFromString(getAssignmentType(taint, lastCommonAPIdx - 1));
 
-		if (checkTypes) {
-			// For type checking, we need types
-			if (sinkType == null || taintType == null)
-				return null;
-
+		// For type checking, we need types
+		if ((checkTypes == null || checkTypes.booleanValue()) && sinkType != null && taintType != null) {
 			// If we taint something in the base object, its type must match. We
 			// might have a taint for "a" in o.add(a) and need to check whether
 			// "o" matches the expected type in our summary.
 			if (!(sinkType instanceof PrimType) && !isCastCompatible(taintType, sinkType)
-					&& flowSink.getType() == SourceSinkType.Field && !checkTypes) {
+					&& flowSink.getType() == SourceSinkType.Field) {
 				// If the target is an array, the value might also flow into an
 				// element
 				boolean found = false;
@@ -1703,8 +1706,12 @@ protected AccessPathFragment cutSubFields(MethodFlow flow, AccessPathFragment ac
 	 */
 	protected boolean isCutSubFields(MethodFlow flow) {
 		Boolean cut = flow.getCutSubFields();
-		if (cut == null)
-			return !flow.getTypeChecking();
+		Boolean typeChecking = flow.getTypeChecking();
+		if (cut == null) {
+			if (typeChecking != null)
+				return !typeChecking.booleanValue();
+			return false;
+		}
 		return cut.booleanValue();
 	}
 

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/xml/SummaryReader.java

@@ -68,7 +68,7 @@ public void read(Reader reader, ClassMethodSummaries summaries)
 			String currentMethod = "";
 			int currentID = -1;
 			boolean isAlias = false;
-			boolean typeChecking = true;
+			Boolean typeChecking = null;
 			Boolean cutSubfields = null;
 
 			State state = State.summary;
@@ -105,12 +105,14 @@ public void read(Reader reader, ClassMethodSummaries summaries)
 						state = State.flow;
 						String sAlias = getAttributeByName(xmlreader, XMLConstants.ATTRIBUTE_IS_ALIAS);
 						isAlias = sAlias != null && sAlias.equals(XMLConstants.VALUE_TRUE);
+
 						String sTypeChecking = getAttributeByName(xmlreader, XMLConstants.ATTRIBUTE_TYPE_CHECKING);
-						if (sTypeChecking != null)
+						if (sTypeChecking != null && !sTypeChecking.isEmpty())
 							typeChecking = sTypeChecking.equals(XMLConstants.VALUE_TRUE);
+
 						String sCutSubfields = getAttributeByName(xmlreader, XMLConstants.ATTRIBUTE_CUT_SUBFIELDS);
 						if (sCutSubfields != null && !sCutSubfields.isEmpty())
-							cutSubfields = sTypeChecking.equals(XMLConstants.VALUE_TRUE);
+							cutSubfields = sCutSubfields.equals(XMLConstants.VALUE_TRUE);
 					} else
 						throw new SummaryXMLException();
 				} else if (localName.equals(TREE_CLEAR) && xmlreader.isStartElement()) {

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java

@@ -125,7 +125,7 @@ public void apl3Flow() {
 		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void apl3Flow()>");
 	}
 
-	@Test // (timeout = 30000)
+	@Test(timeout = 30000)
 	public void gapFlow1() {
 		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void gapFlow1()>");
 	}