paramList.add(param.trim()); return new SootMethodAndClass(name, className, returnType, paramList);
/** * Checks whether the given call sites invokes a sink method * * @param manager The manager object providing access to the configuration and * the interprocedural control flow graph * @param sCallSite The call site to check * @return The method that was discovered as a sink, or null if no sink could be * found */ private SootMethodAndClass isSinkMethod(InfoflowManager manager, Stmt sCallSite) { // Is the method directly in the sink set? SootMethod callee = sCallSite.getInvokeExpr().getMethod(); if (this.sinks.contains(callee)) return new SootMethodAndClass(callee); // Check whether we have any of the interfaces on the list String subSig = callee.getSubSignature(); for (SootClass i : interfacesOf.getUnchecked(sCallSite.getInvokeExpr().getMethod().getDeclaringClass())) { SootMethod sm = i.getMethodUnsafe(subSig); if (sm != null && this.sinks.contains(sm)) return new SootMethodAndClass(sm); } // Ask the CFG in case we don't know any better for (SootMethod sm : manager.getICFG().getCalleesOfCallAt(sCallSite)) { if (this.sinks.contains(sm)) return new SootMethodAndClass(sm); } // nothing found return null; }
@Override public SinkInfo getSinkInfo(Stmt sCallSite, InfoflowManager manager, AccessPath ap) { if (sCallSite.containsInvokeExpr()) { SootMethod sm = sCallSite.getInvokeExpr().getMethod(); if (sm.getSignature().equals(sinkMethod)) return new SinkInfo(new MethodSourceSinkDefinition(new SootMethodAndClass(sm))); } return null; }
SootMethodAndClass am = new SootMethodAndClass(methodName, javaElement.getClassName(), "", parameterTypes); SourceSinkDefinition def = new MethodSourceSinkDefinition(am, null, null, returnValue, sourceSinkType == SourceSinkType.Source, sourceSinkType == SourceSinkType.Sink); SootMethodAndClass am = new SootMethodAndClass(methodName, javaElement.getClassName(), "", parameterTypes); SourceSinkDefinition def = new MethodSourceSinkDefinition(am, null, null, null, CallType.MethodCall);
@Override public SinkInfo getSinkInfo(Stmt sCallSite, InfoflowManager manager, AccessPath ap) { if (!sCallSite.containsInvokeExpr()) return null; SootMethod target = sCallSite.getInvokeExpr().getMethod(); SinkInfo targetInfo = new SinkInfo(new MethodSourceSinkDefinition(new SootMethodAndClass(target))); if ((target.getSignature().equals(sinkAP) || target.getSignature().equals(sinkAP2) || target.getSignature().equals(sink)) && sCallSite.getInvokeExpr().getArgCount() > 0) { if (ap == null) return targetInfo; else if (ap.getPlainValue() == sCallSite.getInvokeExpr().getArg(0)) if (ap.isLocal() || ap.getTaintSubFields()) return targetInfo; } return null; }
SootMethod sm = manager.getICFG().getMethodOf(sCallSite); if (this.returnTaintMethods != null && this.returnTaintMethods.contains(sm)) return new SinkInfo(new MethodSourceSinkDefinition(new SootMethodAndClass(sm)));
return new SourceInfo(callee == null ? null : new MethodSourceSinkDefinition(new SootMethodAndClass(callee)), targetAP);