soot.jimple.infoflow.sourcesSinks.manager

类 BaseSourceSinkManager

java.lang.Object

soot.jimple.infoflow.sourcesSinks.manager.BaseSourceSinkManager

所有已实现的接口:

IOneSourceAtATimeManager, ISourceSinkManager

public abstract class BaseSourceSinkManager
extends Object
implements ISourceSinkManager, IOneSourceAtATimeManager

嵌套类概要

嵌套类

限定符和类型	类和说明
static class	BaseSourceSinkManager.SourceType Types of sources supported by this SourceSinkManager

字段概要

字段

限定符和类型	字段和说明
protected Map<soot.SootMethod,CallbackDefinition>	callbackMethods
protected soot.SootMethod	currentSource
protected Set<soot.SootMethod>	excludedMethods
protected com.google.common.cache.LoadingCache<soot.SootClass,Collection<soot.SootClass>>	interfacesOf
protected boolean	oneSourceAtATime
protected Iterator<soot.SootMethod>	osaatIterator
protected BaseSourceSinkManager.SourceType	osaatType
protected soot.util.MultiMap<String,ISourceSinkDefinition>	sinkDefs
protected Map<soot.SootField,ISourceSinkDefinition>	sinkFields
protected Map<soot.SootMethod,ISourceSinkDefinition>	sinkMethods
protected Map<soot.SootMethod,ISourceSinkDefinition>	sinkReturnMethods
protected Map<soot.jimple.Stmt,ISourceSinkDefinition>	sinkStatements
protected soot.util.MultiMap<String,ISourceSinkDefinition>	sourceDefs
protected Map<soot.SootField,ISourceSinkDefinition>	sourceFields
protected Map<soot.SootMethod,ISourceSinkDefinition>	sourceMethods
protected InfoflowConfiguration.SourceSinkConfiguration	sourceSinkConfig
protected Map<soot.jimple.Stmt,ISourceSinkDefinition>	sourceStatements
protected IValueProvider	valueProvider

构造器概要

构造器

构造器和说明
BaseSourceSinkManager(Collection<? extends ISourceSinkDefinition> sources, Collection<? extends ISourceSinkDefinition> sinks, InfoflowConfiguration config) Creates a new instance of the BaseSourceSinkManager class with either strong or weak matching.
BaseSourceSinkManager(Collection<? extends ISourceSinkDefinition> sources, Collection<? extends ISourceSinkDefinition> sinks, Set<? extends CallbackDefinition> callbackMethods, InfoflowConfiguration config) Creates a new instance of the BaseSourceSinkManager class with strong matching, i.e. the methods in the code must exactly match those in the list.

方法概要

限定符和类型	方法和说明
protected ISourceSinkDefinition	checkCallbackParamSource(soot.jimple.Stmt sCallSite, IInfoflowCFG cfg) Checks whether the given statement obtains data from a callback source
protected SourceInfo	createSourceInfo(soot.jimple.Stmt sCallSite, InfoflowManager manager, ISourceSinkDefinition def)
void	excludeMethod(soot.SootMethod toExclude) Excludes the given method from the source/sink analysis.
protected CallbackDefinition	getCallbackDefinition(soot.SootMethod method) Checks whether the given method is registered as a callback method.
protected ISourceSinkDefinition	getSinkDefinition(soot.jimple.Stmt sCallSite, InfoflowManager manager, AccessPath ap) Gets the sink definition for the given call site and tainted access path
SinkInfo	getSinkInfo(soot.jimple.Stmt sCallSite, InfoflowManager manager, AccessPath ap) Checks if the given access path at this statement will leak.
protected ISourceSinkDefinition	getSource(soot.jimple.Stmt sCallSite, IInfoflowCFG cfg) Checks whether the given statement is a source, i.e. introduces new information into the application.
protected ISourceSinkDefinition	getSourceDefinition(soot.SootMethod method) Checks whether the given method is registered as a source method
SourceInfo	getSourceInfo(soot.jimple.Stmt sCallSite, InfoflowManager manager) Determines if a method called by the Stmt is a source method or not.
protected ISourceSinkDefinition	getSourceMethod(soot.SootMethod method) Checks whether the given method is registered as a source method.
protected ISourceSinkDefinition	getUISourceDefinition(soot.jimple.Stmt sCallSite, IInfoflowCFG cfg) Checks whether the given call site indicates a UI source, e.g. a password input.
boolean	hasNextSource() Checks whether there is another source with which to run the data flow analysis
void	initialize() Initialization method that is called after the Soot instance has been created and before the actual data flow tracking is started.
protected abstract boolean	isEntryPointMethod(soot.SootMethod method) Checks whether the given method is an entry point, i.e., a lifecycle method
boolean	isOneSourceAtATimeEnabled() Gets whether this source/sink manager shall run with one source at a time instead of all of them together
void	nextSource() Advances the iterator to the next source.
void	resetCurrentSource() Resets the iterator.
void	setOneSourceAtATimeEnabled(boolean enabled) Sets whether this source/sink manager shall run with one source at a time instead of all of them together

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

sourceDefs

protected soot.util.MultiMap<String,ISourceSinkDefinition> sourceDefs

sinkDefs

protected soot.util.MultiMap<String,ISourceSinkDefinition> sinkDefs

sourceMethods

protected Map<soot.SootMethod,ISourceSinkDefinition> sourceMethods

sourceStatements

protected Map<soot.jimple.Stmt,ISourceSinkDefinition> sourceStatements

sinkMethods

protected Map<soot.SootMethod,ISourceSinkDefinition> sinkMethods

sinkReturnMethods

protected Map<soot.SootMethod,ISourceSinkDefinition> sinkReturnMethods

callbackMethods

protected Map<soot.SootMethod,CallbackDefinition> callbackMethods

sourceFields

protected Map<soot.SootField,ISourceSinkDefinition> sourceFields

sinkFields

protected Map<soot.SootField,ISourceSinkDefinition> sinkFields

sinkStatements

protected Map<soot.jimple.Stmt,ISourceSinkDefinition> sinkStatements

sourceSinkConfig

protected final InfoflowConfiguration.SourceSinkConfiguration sourceSinkConfig

excludedMethods

protected final Set<soot.SootMethod> excludedMethods

oneSourceAtATime

protected boolean oneSourceAtATime

osaatType

protected BaseSourceSinkManager.SourceType osaatType

osaatIterator

protected Iterator<soot.SootMethod> osaatIterator

currentSource

protected soot.SootMethod currentSource

valueProvider

protected IValueProvider valueProvider

interfacesOf

protected final com.google.common.cache.LoadingCache<soot.SootClass,Collection<soot.SootClass>> interfacesOf

构造器详细资料

BaseSourceSinkManager

public BaseSourceSinkManager(Collection<? extends ISourceSinkDefinition> sources,
                             Collection<? extends ISourceSinkDefinition> sinks,
                             InfoflowConfiguration config)

Creates a new instance of the BaseSourceSinkManager class with either strong or weak matching.

参数:

sources - The list of source methods

sinks - The list of sink methods

config - The configuration of the data flow analyzer

BaseSourceSinkManager

public BaseSourceSinkManager(Collection<? extends ISourceSinkDefinition> sources,
                             Collection<? extends ISourceSinkDefinition> sinks,
                             Set<? extends CallbackDefinition> callbackMethods,
                             InfoflowConfiguration config)

Creates a new instance of the BaseSourceSinkManager class with strong matching, i.e. the methods in the code must exactly match those in the list.

参数:

sources - The list of source methods

sinks - The list of sink methods

callbackMethods - The list of callback methods whose parameters are sources through which the application receives data from the operating system

weakMatching - True for weak matching: If an entry in the list has no return type, it matches arbitrary return types if the rest of the method signature is compatible. False for strong matching: The method signature in the code exactly match the one in the list.

config - The configuration of the data flow analyzer

方法详细资料

getSinkDefinition

protected ISourceSinkDefinition getSinkDefinition(soot.jimple.Stmt sCallSite,
                                                  InfoflowManager manager,
                                                  AccessPath ap)

Gets the sink definition for the given call site and tainted access path

参数:

sCallSite - The call site

manager - The manager object providing access to the configuration and the interprocedural control flow graph

ap - The incoming tainted access path

返回:

The sink definition of the method that is called at the given call site if such a definition exists, otherwise null

getSinkInfo

public SinkInfo getSinkInfo(soot.jimple.Stmt sCallSite,
                            InfoflowManager manager,
                            AccessPath ap)

从接口复制的说明: ISourceSinkManager

Checks if the given access path at this statement will leak.

指定者:

getSinkInfo 在接口中 ISourceSinkManager

参数:

sCallSite - The call site to check

manager - The manager object for interacting with the solver

ap - The access path to check. Pass null to check whether the given statement can be a sink for any given access path.

返回:

A SinkInfo object containing additional information if this call is a sink, otherwise null

getSourceInfo

public SourceInfo getSourceInfo(soot.jimple.Stmt sCallSite,
                                InfoflowManager manager)

从接口复制的说明: ISourceSinkManager

Determines if a method called by the Stmt is a source method or not. If so, additional information is returned

指定者:

getSourceInfo 在接口中 ISourceSinkManager

参数:

sCallSite - a Stmt which should include an invokeExrp calling a method

manager - The manager object for interacting with the solver

返回:

A SourceInfo object containing additional information if this call is a source, otherwise null

createSourceInfo

protected SourceInfo createSourceInfo(soot.jimple.Stmt sCallSite,
                                      InfoflowManager manager,
                                      ISourceSinkDefinition def)

getSourceMethod

protected ISourceSinkDefinition getSourceMethod(soot.SootMethod method)

Checks whether the given method is registered as a source method. If so, returns the corresponding definition, otherwise null.

参数:

method - The method to check

返回:

The respective source definition if the given method is a source method, otherwise null

getSourceDefinition

protected ISourceSinkDefinition getSourceDefinition(soot.SootMethod method)

Checks whether the given method is registered as a source method

参数:

method - The method to check

返回:

True if the given method is a source method, otherwise false

getCallbackDefinition

protected CallbackDefinition getCallbackDefinition(soot.SootMethod method)

Checks whether the given method is registered as a callback method. If so, the corresponding source definition is returned, otherwise null is returned.

参数:

method - The method to check

返回:

The source definition object if the given method is a callback method, otherwise null

getSource

protected ISourceSinkDefinition getSource(soot.jimple.Stmt sCallSite,
                                          IInfoflowCFG cfg)

Checks whether the given statement is a source, i.e. introduces new information into the application. If so, the source definition is returned, otherwise null

参数:

sCallSite - The statement to check for a source

cfg - An interprocedural CFG containing the statement

返回:

The definition of the discovered source if the given statement is a source, null otherwise

checkCallbackParamSource

protected ISourceSinkDefinition checkCallbackParamSource(soot.jimple.Stmt sCallSite,
                                                         IInfoflowCFG cfg)

Checks whether the given statement obtains data from a callback source

参数:

sCallSite - The statement to check

cfg - The interprocedural control flow graph

返回:

The source and sink definition that corresponds to the detected callback source if the given statement is a source, otherwise null

isEntryPointMethod

protected abstract boolean isEntryPointMethod(soot.SootMethod method)

Checks whether the given method is an entry point, i.e., a lifecycle method

参数:

method - the method

返回:

true if the method is an entry point

getUISourceDefinition

protected ISourceSinkDefinition getUISourceDefinition(soot.jimple.Stmt sCallSite,
                                                      IInfoflowCFG cfg)

Checks whether the given call site indicates a UI source, e.g. a password input. If so, creates an ISourceSinkDefinition for it

参数:

sCallSite - The call site that may potentially read data from a sensitive UI control

cfg - The bidirectional control flow graph

返回:

The generated ISourceSinkDefinition if the given call site reads data from a UI source, null otherwise

initialize

public void initialize()

从接口复制的说明: ISourceSinkManager

Initialization method that is called after the Soot instance has been created and before the actual data flow tracking is started.

指定者:

initialize 在接口中 ISourceSinkManager

setOneSourceAtATimeEnabled

public void setOneSourceAtATimeEnabled(boolean enabled)

从接口复制的说明: IOneSourceAtATimeManager

Sets whether this source/sink manager shall run with one source at a time instead of all of them together

指定者:

setOneSourceAtATimeEnabled 在接口中 IOneSourceAtATimeManager

参数:

enabled - True to return only one source at a time and hide all other ones, otherwise false

isOneSourceAtATimeEnabled

public boolean isOneSourceAtATimeEnabled()

从接口复制的说明: IOneSourceAtATimeManager

Gets whether this source/sink manager shall run with one source at a time instead of all of them together

指定者:

isOneSourceAtATimeEnabled 在接口中 IOneSourceAtATimeManager

返回:

True to return only one source at a time and hide all other ones, otherwise false

resetCurrentSource

public void resetCurrentSource()

从接口复制的说明: IOneSourceAtATimeManager

Resets the iterator. This means that the source/sink manager starts again with the first source.

指定者:

resetCurrentSource 在接口中 IOneSourceAtATimeManager

nextSource

public void nextSource()

从接口复制的说明: IOneSourceAtATimeManager

Advances the iterator to the next source.

指定者:

nextSource 在接口中 IOneSourceAtATimeManager

hasNextSource

public boolean hasNextSource()

从接口复制的说明: IOneSourceAtATimeManager

Checks whether there is another source with which to run the data flow analysis

指定者:

hasNextSource 在接口中 IOneSourceAtATimeManager

返回:

True if there is another source with which to run the data flow analysis, otherwise false

excludeMethod

public void excludeMethod(soot.SootMethod toExclude)

Excludes the given method from the source/sink analysis. No sources or sinks will be detected in excluded methods.

参数:

toExclude - The method to exclude