Package com.h3xstream.findsecbugs.taintanalysis

Class Taint

  • public class Taint
extends Object
    Representation of taint dataflow facts (dataflow values) for each slot in TaintFrame
    Author:
    David Formanek (Y Soft Corporation, a.s.)

    • Constructor Detail

      • Taint

        public Taint​(Taint taint)
        Creates a hard copy of the specified Taint instance
        Parameters:
        taint - instance to copy
        Throws:
        NullPointerException - if argument is null

    • Method Detail

      • isInformative

        public boolean isInformative()
        Checks if there is any valuable information derived by the taint analysis.
        Returns:
        true if the Taint contains any useful information, false otherwise

      • getState

        public Taint.State getState()
        Returns the taint state of this fact
        Returns:
        taint state

      • getVariableIndex

        public int getVariableIndex()
        If known (check first), returns the index of the local variable, where the value matching this fact is stored
        Returns:
        the index in the frame
        Throws:
        IllegalStateException - if index is uknown

      • hasValidVariableIndex

        public boolean hasValidVariableIndex()
        Checks if the index of the local variable matching this fact is known
        Returns:
        true if index is known, false otherwise

      • addLocation

        public void addLocation​(TaintLocation location,
                        boolean isKnownTaintSource)
        Adds location for a taint source or path to remember for reporting
        Parameters:
        location - location to remember
        isKnownTaintSource - true for tainted value, false if just not safe
        Throws:
        NullPointerException - if location is null

      • getTaintedLocations

        public Set<TaintLocation> getTaintedLocations()
        Returns locations with taint sources or nodes on path from those sources, if there are some locations confirmed to be tainted, only those are returned
        Returns:
        unmodifiable set of locations

      • getUnknownLocations

        public Collection<TaintLocation> getUnknownLocations()
        Returns:
        All the location of tainted and unknown locations.

      • getAllLocations

        public Collection<TaintLocation> getAllLocations()
        Returns:
        All the location of tainted and unknown locations.

      • isSafe

        public boolean isSafe()
        Checks whether values matching this fact are always trusted
        Returns:
        true if the taint state is safe (or null), false otherwise

      • isTainted

        public boolean isTainted()
        Checks whether values matching this fact are probably untrusted
        Returns:
        true for the state TAINTED, false otherwise

      • isUnknown

        public boolean isUnknown()
        Checks whether values matching this fact can be untrusted but also safe
        Returns:
        true for the state UNKNOWN, false otherwise

      • hasParameters

        public boolean hasParameters()
        Checks if the taint state of this fact depends on the method arguments
        Returns:
        true if there is an influence, false otherwise

      • getParameters

        public Set<Integer> getParameters()
        Returns the method arguments influencing the taint state of this fact
        Returns:
        unmodifiable set of parameter indices

      • clearParameters

        public void clearParameters()
        Clear method the parameters that could influence the taint state

      • getNonParametricState

        public Taint.State getNonParametricState()
        Gets the state influencing the state of this fact if dependant on method arguments, final state is given by merge of that state and arguments
        Returns:

      • getRealInstanceClass

        public org.apache.bcel.generic.ObjectType getRealInstanceClass()
        Finds out the real type of instance matching this fact if possible
        Returns:
        type of the instance or null if uknown

      • getRealInstanceClassName

        public String getRealInstanceClassName()
        Finds out the real class name of instance matching this fact if possible
        Returns:
        class name of the instance or null if uknown

      • addTag

        public boolean addTag​(Taint.Tag tag)
        Adds the specified taint tag to this fact or marks this tag to add if this fact acts like a derivation of taint transfer behaviour
        Parameters:
        tag - tag to add
        Returns:
        true if this tag was not present before, false otherwise

      • hasTag

        public boolean hasTag​(Taint.Tag tag)
        Checks whether the specified taint tag is present for this fact
        Parameters:
        tag - tag to check
        Returns:
        true if it is present, false otherwise

      • hasOneTag

        public boolean hasOneTag​(Taint.Tag... tags)
        Checks whether one of the specified taint tag is present for this fact
        Parameters:
        tags - Tags to test
        Returns:
        true if at least one is present, false otherwise

      • hasTags

        public boolean hasTags()
        Checks if there are any taint tags for this fact
        Returns:
        true if number of tags is > 0, false otherwise

      • getTags

        public Set<Taint.Tag> getTags()
        Returns all present taint tags for this fact
        Returns:
        unmodifiable set of all present taint tags

      • removeTag

        public boolean removeTag​(Taint.Tag tag)
        Removes the specified tag (if present) or marks this tag to remove if this fact acts like a derivation of taint transfer behaviour
        Parameters:
        tag - tag to remove
        Returns:
        true if the tag was present, false otherwise

      • isRemovingTags

        public boolean isRemovingTags()
        Checks if there are some tags to remove (if this fact acts like a taint derivation spec.)
        Returns:
        true if there are some, false otherwise

      • getTagsToRemove

        public Set<Taint.Tag> getTagsToRemove()
        Returns tags to remove (if this fact acts like a taint derivation spec.)
        Returns:
        unmodifiable set of tags

      • getConstantValue

        public String getConstantValue()
        Returns the constant value of the string or char if known
        Returns:
        constant value or null if unknown

      • setConstantValue

        public void setConstantValue​(String value)

      • getPotentialValue

        public String getPotentialValue()
        Returns the constant value that will be set under a specific condition
        Returns:
        constant value or null if unknown

      • setPotentialValue

        public void setPotentialValue​(String value)

      • getConstantOrPotentialValue

        public String getConstantOrPotentialValue()

      • valueOf

        public static Taint valueOf​(String stateName)
        Constructs a new instance of taint from the specified state name
        Parameters:
        stateName - name of the state
        Returns:
        the constructed instance
        Throws:
        IllegalArgumentException - if the name does not match any state

      • valueOf

        public static Taint valueOf​(Taint.State state)
        Constructs a new instance of taint from the specified state
        Parameters:
        state - the specified state
        Returns:
        the constructed instance
        Throws:
        NullPointerException - if state is null

      • merge

        public static Taint merge​(Taint a,
                          Taint b)
        Returns the merge of the facts such that it can represent any of them
        Parameters:
        a - first state to merge
        b - second state to merge
        Returns:
        constructed merge of the specified facts

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • getDebugInfo

        public String getDebugInfo()
        Gets the info for debugging merged from all used facts
        Returns:
        previousle set info

      • setDebugInfo

        public Taint setDebugInfo​(String debugInfo)
        Sets info for debugging purposes (consumes much memory)
        Parameters:
        debugInfo - info to store
        Returns:
        the modified instance itself