soot.jimple.infoflow.taintWrappers

类 EasyTaintWrapper

java.lang.Object

soot.jimple.infoflow.taintWrappers.AbstractTaintWrapper

soot.jimple.infoflow.taintWrappers.EasyTaintWrapper

所有已实现的接口:

Cloneable, ITaintPropagationWrapper

public class EasyTaintWrapper
extends AbstractTaintWrapper
implements Cloneable

A list of methods is passed which contains signatures of instance methods that taint their base objects if they are called with a tainted parameter. When a base object is tainted, all return values are tainted, too. For static methods, only the return value is assumed to be tainted when the method is called with a tainted parameter value.

作者:

Christian Fritz, Steven Arzt

字段概要

从类继承的字段 soot.jimple.infoflow.taintWrappers.AbstractTaintWrapper

manager

构造器概要

构造器

构造器和说明
EasyTaintWrapper(EasyTaintWrapper taintWrapper)
EasyTaintWrapper(File f)
EasyTaintWrapper(InputStream stream)
EasyTaintWrapper(Map<String,Set<String>> classList) Creates a new instanceof the EasyTaintWrapper class.
EasyTaintWrapper(Map<String,Set<String>> classList, Map<String,Set<String>> excludeList)
EasyTaintWrapper(Map<String,Set<String>> classList, Map<String,Set<String>> excludeList, Map<String,Set<String>> killList)
EasyTaintWrapper(Map<String,Set<String>> classList, Map<String,Set<String>> excludeList, Map<String,Set<String>> killList, Set<String> includeList)
EasyTaintWrapper(Reader reader)
EasyTaintWrapper(String f)

方法概要

限定符和类型	方法和说明
void	addIncludePrefix(String prefix) Registers a prefix of class names to be included when generating taints.
void	addMethodForWrapping(String className, String subSignature) Adds a method to which the taint wrapping rules shall apply
EasyTaintWrapper	clone()
boolean	getAggressiveMode() Gets whether the taint wrapper shall always consider return values as tainted if the base object of the respective invocation is tainted
Set<Abstraction>	getAliasesForMethod(soot.jimple.Stmt stmt, Abstraction d1, Abstraction taintedPath) Gets the aliases that a summarized method generates for the given abstraction.
boolean	getAlwaysModelEqualsHashCode() Gets whether the equals() and hashCode() methods shall always be modeled, regardless of the target type.
static EasyTaintWrapper	getDefault()
Set<AccessPath>	getTaintsForMethodInternal(soot.jimple.Stmt stmt, AccessPath taintedPath) Checks an invocation statement for black-box taint propagation.
boolean	isExclusiveInternal(soot.jimple.Stmt stmt, AccessPath taintedPath) Gets whether the taints produced by this taint wrapper are exclusive, i.e. there are no other taints than those produced by the wrapper.
static File	locateDefaultDefinitionFile() Attempts to locate the definition file for the easy taint wrapper in its default location
void	setAggressiveMode(boolean aggressiveMode) Sets whether the taint wrapper shall always assume the return value of a call "a = x.foo()" to be tainted if the base object is tainted, even if the respective method is not in the data file.
void	setAlwaysModelEqualsHashCode(boolean alwaysModelEqualsHashCode) Sets whether the equals() and hashCode() methods shall always be modeled, regardless of the target type.
boolean	supportsCallee(soot.SootMethod method) Checks whether this taint wrapper can in general produce artificial taints for the given callee.
boolean	supportsCallee(soot.jimple.Stmt callSite) Checks whether this taint wrapper can in general produce artificial taints for the given call site.

从类继承的方法 soot.jimple.infoflow.taintWrappers.AbstractTaintWrapper

getTaintsForMethod, getWrapperHits, getWrapperMisses, initialize, isExclusive

从类继承的方法 java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

EasyTaintWrapper

public EasyTaintWrapper(Map<String,Set<String>> classList)

Creates a new instanceof the EasyTaintWrapper class. This constructor assumes that all classes are included and get wrapped. However, only the methods in the given map create new taints

参数:

classList - The method for which to create new taints. This is a mapping from class names to sets of subsignatures.

EasyTaintWrapper

public EasyTaintWrapper(Map<String,Set<String>> classList,
                        Map<String,Set<String>> excludeList)

EasyTaintWrapper

public EasyTaintWrapper(Map<String,Set<String>> classList,
                        Map<String,Set<String>> excludeList,
                        Map<String,Set<String>> killList)

EasyTaintWrapper

public EasyTaintWrapper(Map<String,Set<String>> classList,
                        Map<String,Set<String>> excludeList,
                        Map<String,Set<String>> killList,
                        Set<String> includeList)

EasyTaintWrapper

public EasyTaintWrapper(String f)
                 throws IOException

抛出:

IOException

EasyTaintWrapper

public EasyTaintWrapper(InputStream stream)
                 throws IOException

抛出:

IOException

EasyTaintWrapper

public EasyTaintWrapper(Reader reader)
                 throws IOException

抛出:

IOException

EasyTaintWrapper

public EasyTaintWrapper(File f)
                 throws IOException

抛出:

IOException

EasyTaintWrapper

public EasyTaintWrapper(EasyTaintWrapper taintWrapper)

方法详细资料

getDefault

public static EasyTaintWrapper getDefault()
                                   throws IOException

抛出:

IOException

getTaintsForMethodInternal

public Set<AccessPath> getTaintsForMethodInternal(soot.jimple.Stmt stmt,
                                                  AccessPath taintedPath)

从类复制的说明: AbstractTaintWrapper

Checks an invocation statement for black-box taint propagation. This allows the wrapper to artificially propagate taints over method invocations without requiring the analysis to look inside the method.

指定者:

getTaintsForMethodInternal 在类中 AbstractTaintWrapper

参数:

stmt - The invocation statement which to check for black-box taint propagation

taintedPath - The tainted field or value to propagate

返回:

The list of tainted values after the invocation statement referenced in Stmt has been executed

isExclusiveInternal

public boolean isExclusiveInternal(soot.jimple.Stmt stmt,
                                   AccessPath taintedPath)

从类复制的说明: AbstractTaintWrapper

Gets whether the taints produced by this taint wrapper are exclusive, i.e. there are no other taints than those produced by the wrapper. In effect, this tells the analysis not to propagate inside the callee.

指定者:

isExclusiveInternal 在类中 AbstractTaintWrapper

参数:

stmt - The call statement to check

taintedPath - The tainted field or value to propagate

返回:

True if this taint wrapper is exclusive, otherwise false.

setAggressiveMode

public void setAggressiveMode(boolean aggressiveMode)

Sets whether the taint wrapper shall always assume the return value of a call "a = x.foo()" to be tainted if the base object is tainted, even if the respective method is not in the data file.

参数:

aggressiveMode - True if return values shall always be tainted if the base object on which the method is invoked is tainted, otherwise false

getAggressiveMode

public boolean getAggressiveMode()

Gets whether the taint wrapper shall always consider return values as tainted if the base object of the respective invocation is tainted

返回:

True if return values shall always be tainted if the base object on which the method is invoked is tainted, otherwise false

setAlwaysModelEqualsHashCode

public void setAlwaysModelEqualsHashCode(boolean alwaysModelEqualsHashCode)

Sets whether the equals() and hashCode() methods shall always be modeled, regardless of the target type.

参数:

alwaysModelEqualsHashCode - True if the equals() and hashCode() methods shall always be modeled, regardless of the target type, otherwise false

getAlwaysModelEqualsHashCode

public boolean getAlwaysModelEqualsHashCode()

Gets whether the equals() and hashCode() methods shall always be modeled, regardless of the target type.

返回:

True if the equals() and hashCode() methods shall always be modeled, regardless of the target type, otherwise false

addIncludePrefix

public void addIncludePrefix(String prefix)

Registers a prefix of class names to be included when generating taints. All classes whose names don't start with a registered prefix will be skipped.

参数:

prefix - The prefix to register

addMethodForWrapping

public void addMethodForWrapping(String className,
                                 String subSignature)

Adds a method to which the taint wrapping rules shall apply

参数:

className - The class containing the method to be wrapped

subSignature - The subsignature of the method to be wrapped

clone

public EasyTaintWrapper clone()

覆盖:

clone 在类中 Object

supportsCallee

public boolean supportsCallee(soot.SootMethod method)

从接口复制的说明: ITaintPropagationWrapper

Checks whether this taint wrapper can in general produce artificial taints for the given callee. If an implementation returns "false" for a callee, all call sites for this callee might be removed if not needed elsewhere.

指定者:

supportsCallee 在接口中 ITaintPropagationWrapper

参数:

method - The method to check

返回:

True if this taint wrapper can in general produce taints for the given method.

supportsCallee

public boolean supportsCallee(soot.jimple.Stmt callSite)

从接口复制的说明: ITaintPropagationWrapper

Checks whether this taint wrapper can in general produce artificial taints for the given call site. If an implementation returns "false" for a call site, this call sites might be removed if not needed elsewhere.

指定者:

supportsCallee 在接口中 ITaintPropagationWrapper

参数:

callSite - The call site to check

返回:

True if this taint wrapper can in general produce taints for the given call site.

getAliasesForMethod

public Set<Abstraction> getAliasesForMethod(soot.jimple.Stmt stmt,
                                            Abstraction d1,
                                            Abstraction taintedPath)

从接口复制的说明: ITaintPropagationWrapper

Gets the aliases that a summarized method generates for the given abstraction. Note that this is a may-alias problem.

指定者:

getAliasesForMethod 在接口中 ITaintPropagationWrapper

参数:

stmt - The statement that calls the summarized method

d1 - The abstraction at the entry point of the method that calls the wrapped method

taintedPath - The abstraction for which the aliases shall be computed

返回:

The set of aliases for the given abstraction or null if no such aliases exist

locateDefaultDefinitionFile

public static File locateDefaultDefinitionFile()

Attempts to locate the definition file for the easy taint wrapper in its default location

返回:

The default definition file for the easy taint wrapper if it could be found, otherwise null