soot.jimple.infoflow.solver.cfg.IInfoflowCFG Java Examples

@Override
public void onResultsAvailable(
		IInfoflowCFG cfg, InfoflowResults results) {
	// Dump the results
	if (results == null) {
		print("No results found.");
	}
	else {
		Test.cfg = cfg;
		Test.results = results;
		
		for (ResultSinkInfo sink : results.getResults().keySet()) {
			print("Found a flow to sink " + sink + ", from the following sources:");
			for (ResultSourceInfo source : results.getResults().get(sink)) {
				print("\t- " + source.getSource() + " (in "
						+ cfg.getMethodOf(source.getSource()).getSignature()  + ")");
				if (source.getPath() != null)
					print("\t\ton Path " + Arrays.toString(source.getPath()));
			}
		}
	}
}
 

private Collection<SootMethod> getMethodsForSeeds(IInfoflowCFG icfg) {
	List<SootMethod> seeds = new LinkedList<SootMethod>();
	// If we have a callgraph, we retrieve the reachable methods. Otherwise,
	// we have no choice but take all application methods as an approximation
	if (Scene.v().hasCallGraph()) {
		List<MethodOrMethodContext> eps = new ArrayList<MethodOrMethodContext>(Scene.v().getEntryPoints());
		ReachableMethods reachableMethods = new ReachableMethods(Scene.v().getCallGraph(), eps.iterator(), null);
		reachableMethods.update();
		for (Iterator<MethodOrMethodContext> iter = reachableMethods.listener(); iter.hasNext();)
			seeds.add(iter.next().method());
	}
	else {
		long beforeSeedMethods = System.nanoTime();
		Set<SootMethod> doneSet = new HashSet<SootMethod>();
		for (SootMethod sm : Scene.v().getEntryPoints())
			getMethodsForSeedsIncremental(sm, doneSet, seeds, icfg);
		logger.info("Collecting seed methods took {} seconds", (System.nanoTime() - beforeSeedMethods) / 1E9);
	}
	return seeds;
}
 

@Override
public void onResultsAvailable(
		IInfoflowCFG cfg, InfoflowResults results) {
	// Dump the results
	if (results == null) {
		print("No results found.");
	}
	else {
		for (ResultSinkInfo sink : results.getResults().keySet()) {
			print("Found a flow to sink " + sink + ", from the following sources:");
			for (ResultSourceInfo source : results.getResults().get(sink)) {
				print("\t- " + source.getSource() + " (in "
						+ cfg.getMethodOf(source.getSource()).getSignature()  + ")");
				if (source.getPath() != null && !source.getPath().isEmpty())
					print("\t\ton Path " + source.getPath());
			}
		}
	}
}
 

@Override
public IAbstractionPathBuilder createPathBuilder(int maxThreadNum,
		IInfoflowCFG icfg) {
	switch (pathBuilder) {
	case Recursive :
		return new RecursivePathBuilder(icfg, maxThreadNum,
				reconstructPaths);
	case ContextSensitive :
		return new ContextSensitivePathBuilder(icfg, maxThreadNum,
				reconstructPaths);
	case ContextInsensitive :
		return new ContextInsensitivePathBuilder(icfg, maxThreadNum,
				reconstructPaths);
	case ContextInsensitiveSourceFinder :
		return new ContextInsensitiveSourceFinder(icfg, maxThreadNum);
	case None:
		return new EmptyPathBuilder();
	}
	throw new RuntimeException("Unsupported path building algorithm");
}
 

@Override
public IInfoflowCFG buildBiDirICFG(CallgraphAlgorithm callgraphAlgorithm){
	if (callgraphAlgorithm == CallgraphAlgorithm.OnDemand) {
		// Load all classes on the classpath to signatures
		long beforeClassLoading = System.nanoTime();
		OnTheFlyJimpleBasedICFG.loadAllClassesOnClassPathToSignatures();
		logger.info("Class loading took {} seconds", (System.nanoTime() - beforeClassLoading) / 1E9);
		
		long beforeHierarchy = System.nanoTime();
		Scene.v().getOrMakeFastHierarchy();
		assert Scene.v().hasFastHierarchy();
		logger.info("Hierarchy building took {} seconds", (System.nanoTime() - beforeHierarchy) / 1E9);

		long beforeCFG = System.nanoTime();
		IInfoflowCFG cfg = new InfoflowCFG(new OnTheFlyJimpleBasedICFG(Scene.v().getEntryPoints()));
		logger.info("CFG generation took {} seconds", (System.nanoTime() - beforeCFG) / 1E9);

		return cfg;
	}
    return new InfoflowCFG();
}
 

public static Unit getPostDominatorOfUnit(IInfoflowCFG cfg, Unit dataFlowStatement) {		
	Map<Unit, Set<ControlFlowPath>> controlFlowPathsAtUnit = new HashMap<Unit, Set<ControlFlowPath>>();
	Set<ControlFlowPath> currentPaths = new HashSet<ControlFlowPath>();
	Stack<Unit> worklist = new Stack<Unit>();
	worklist.add(dataFlowStatement);	

	while(!worklist.isEmpty()) {
		Unit currentUnit = worklist.pop();
		
		if(currentUnit.hasTag(InstrumentedCodeTag.name)) {
			List<Unit> successors = cfg.getSuccsOf(currentUnit);
			
			for(Unit nextUnit : successors) {
				if(proceedWithNextUnit(currentUnit, nextUnit, currentPaths, controlFlowPathsAtUnit)) {
					worklist.push(nextUnit);				
				}
			}
			continue;
		}
		
		SootMethod currentMethod = cfg.getMethodOf(currentUnit);
		
		//this is a kind of hack: We excluded exception-edges here and also keep in mind that ALL dominator-algorithms are intra-procedural
		MHGPostDominatorsFinder<Unit> postdominatorFinder = new MHGPostDominatorsFinder<Unit>(new BriefUnitGraph(currentMethod.retrieveActiveBody()));
		Unit immediatePostDominator = postdominatorFinder.getImmediateDominator(currentUnit);
		while(immediatePostDominator.hasTag(InstrumentedCodeTag.name)) {
			immediatePostDominator = postdominatorFinder.getImmediateDominator(immediatePostDominator);
		}
		return immediatePostDominator;
	}	
	return null;
}
 

/**
 * Creates a new instance of the {@link InterproceduralConstantValuePropagator}
 * class
 * @param icfg The interprocedural control flow graph to use
 */
public InterproceduralConstantValuePropagator(IInfoflowCFG icfg) {
	this.icfg = icfg;
	this.excludedMethods = null;
	this.sourceSinkManager = null;
	this.taintWrapper = null;
}
 

private void getMethodsForSeedsIncremental(SootMethod sm,
		Set<SootMethod> doneSet, List<SootMethod> seeds, IInfoflowCFG icfg) {
	assert Scene.v().hasFastHierarchy();
	if (!sm.isConcrete() || !sm.getDeclaringClass().isApplicationClass() || !doneSet.add(sm))
		return;
	seeds.add(sm);
	for (Unit u : sm.retrieveActiveBody().getUnits()) {
		Stmt stmt = (Stmt) u;
		if (stmt.containsInvokeExpr())
			for (SootMethod callee : icfg.getCalleesOfCallAt(stmt))
				getMethodsForSeedsIncremental(callee, doneSet, seeds, icfg);
	}
}
 

/**
 * Creates a new instance of the {@link ContextInsensitiveSourceFinder} class
 * @param icfg The interprocedural control flow graph
 * @param maxThreadNum The maximum number of threads to use
 */
public ContextInsensitiveSourceFinder(IInfoflowCFG icfg, int maxThreadNum) {
	super(icfg, false);
       int numThreads = Runtime.getRuntime().availableProcessors();
	this.executor = createExecutor(maxThreadNum == -1 ? numThreads
			: Math.min(maxThreadNum, numThreads));
}
 

/**
 * Creates a new instance of the {@link ContextSensitivePathBuilder} class
 * @param maxThreadNum The maximum number of threads to use
 * @param reconstructPaths True if the exact propagation path between source
 * and sink shall be reconstructed.
 */
public ContextInsensitivePathBuilder(IInfoflowCFG icfg, int maxThreadNum,
		boolean reconstructPaths) {
	super(icfg, reconstructPaths);
       int numThreads = Runtime.getRuntime().availableProcessors();
	this.executor = createExecutor(maxThreadNum == -1 ? numThreads
			: Math.min(maxThreadNum, numThreads));
}
 

/**
   * Creates a new instance of the {@link RecursivePathBuilder} class
* @param maxThreadNum The maximum number of threads to use
* @param reconstructPaths True if the exact propagation path between source
* and sink shall be reconstructed.
   */
  public RecursivePathBuilder(IInfoflowCFG icfg, int maxThreadNum,
  		boolean reconstructPaths) {
  	super(icfg, reconstructPaths);
  	int numThreads = Runtime.getRuntime().availableProcessors();
this.executor = createExecutor(maxThreadNum == -1 ? numThreads
		: Math.min(maxThreadNum, numThreads));
  }
 

/**
 * Creates a new instance of the {@link ContextSensitivePathBuilder} class
 * @param icfg The interprocedural control flow graph
 * @param maxThreadNum The maximum number of threads to use
 * @param reconstructPaths True if the exact propagation path between source
 * and sink shall be reconstructed.
 */
public ContextSensitivePathBuilder(IInfoflowCFG icfg, int maxThreadNum,
		boolean reconstructPaths) {
	super(icfg, reconstructPaths);
       int numThreads = Runtime.getRuntime().availableProcessors();
	this.executor = createExecutor(maxThreadNum == -1 ? numThreads
			: Math.min(maxThreadNum, numThreads));
}
 

public InfoflowProblem(IInfoflowCFG icfg, ISourceSinkManager sourceSinkManager,
		IAliasingStrategy aliasingStrategy) {
	super(icfg, sourceSinkManager);
	this.aliasingStrategy = aliasingStrategy;
	this.implicitFlowAliasingStrategy = new ImplicitFlowAliasStrategy(icfg);
	this.aliasing = new Aliasing(aliasingStrategy, icfg);
}
 

public JimpleStmtVisitorImpl(Set<SourceSinkDefinition> sources,
		List<Stmt> jimpleDataFlowStatements, List<AccessPath> accessPathPath, 
		Set<Unit> targetUnits, IInfoflowCFG cfg, Table<List<Stmt>, Stmt, List<List<String>>> splitAPIElementInfos) {
	this.exprVisitor = new JimpleExprVisitorImpl(sources, this);
	this.jimpleDataFlowStatements = jimpleDataFlowStatements;
	this.accessPathPath = accessPathPath;
	this.targetUnits = targetUnits;
	this.cfg = cfg;
	this.splitAPIElementInfos = splitAPIElementInfos;
	this.smtPrograms = new HashSet<SMTProgram>();
	//initial adding of a single SMTProgram
	currentSMTProgram = new SMTProgram();
	smtPrograms.add(currentSMTProgram);
}
 

private static IfStmt findConditionalStatementForBooleanUnit(IInfoflowCFG cfg, Unit booleanUnit) {
	Stack<Unit> worklist = new Stack<Unit>();
	Set<Unit> processedUnits = new HashSet<Unit>();
	worklist.add(booleanUnit);	
		
	while(!worklist.isEmpty()) {
		Unit currentUnit = worklist.pop();
		//in case of a loop or recursion
		if(processedUnits.contains(currentUnit))
			continue;
		processedUnits.add(currentUnit);
		
		//skip our own instrumented code
		if(currentUnit.hasTag(InstrumentedCodeTag.name))
			continue;
		
		
		//we reached the condition
		if(currentUnit instanceof IfStmt) {
			return (IfStmt)currentUnit;		 	
		}
		
		SootMethod methodOfBooleanUnit = cfg.getMethodOf(booleanUnit);		
		DirectedGraph<Unit> graph = cfg.getOrCreateUnitGraph(methodOfBooleanUnit);
		//Comment: Steven said it should always be a UnitGraph + he will implement a more convenient way in the near future :-)
		UnitGraph unitGraph = (UnitGraph)graph;

		SimpleLocalDefs defs = new SimpleLocalDefs(unitGraph);
        SimpleLocalUses uses = new SimpleLocalUses(unitGraph, defs);	        
        List<UnitValueBoxPair> usesOfCurrentUnit = uses.getUsesOf(booleanUnit);
        for(UnitValueBoxPair valueBoxPair : usesOfCurrentUnit)
        	worklist.add(valueBoxPair.getUnit());
		
	}
	return null;
}
 

public Aliasing(IAliasingStrategy aliasingStrategy, IInfoflowCFG cfg) {
	this.aliasingStrategy = aliasingStrategy;
	this.cfg = cfg;
}
 

@Override
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
	log.info("FlowDroid has finished. Duration: " + (System.currentTimeMillis() - Main.startTime) +" ms.");
	Main.startTime = System.currentTimeMillis();
	Settings.instance.setDummyMainToLibraryClass();
	this.results = results;
	
	if (log.isDebugEnabled()) {
		log.debug("");
		log.debug("InfoFlow Results");
		MultiMap<ResultSinkInfo, ResultSourceInfo> r = results.getResults();
		for (ResultSinkInfo k : r.keySet()) {
			log.debug("ResultSinkInfo: "+ k);

			for (ResultSourceInfo rsi: r.get(k)) {
				log.debug("  source: "+ rsi);
			}
		}
		log.debug("");
	}


	log.info("Starting bytecode instrumentation.");
	
	log.info("Adding code to initialize PEPs.");
	Util.initializePePInAllPossibleClasses(Settings.instance.getApkPath());
	
	log.info("Build code for new 'WaitPDPActivity"); // building the code has to be done here (not in the Main class, otherwise Jimple validation will fail
	String mainActivityClass = UpdateManifestAndCodeForWaitPDP.getMainActivityName(Settings.instance.getApkPath());
	String packageName = UpdateManifestAndCodeForWaitPDP.getApplicationPackageName(Settings.instance.getApkPath());
	UpdateManifestAndCodeForWaitPDP.updateWaitPDPActivity(packageName, mainActivityClass);
	
	// update packagename in field of WaitPDP class
	SootClass sc = Scene.v().getSootClass(Settings.INSTRUMENTATION_HELPER_JAVA);
	SootField sf1 = sc.getFieldByName("applicationPackageName");
	Util.changeConstantStringInField(sf1, packageName);
	
	log.info("Adding Policy Enforcement Points (PEPs).");
	doAccessControlChecks(cfg);
	
	log.info("Instrumentation is done.");
	
	if (Settings.mustOutputJimple()) {
		log.info("-------- Dumping Jimple bodies.");
		Main.dumpJimple();
		log.info("--------");
	}
}
 

public SMTPreparationPhase(IInfoflowCFG cfg, InfoflowResults results) {
	this.cfg = cfg;
	this.results = results;
}
 

private void standardDataFlowToSMTConvertion(ResultSourceInfo dataFlow, IInfoflowCFG cfg, Set<ResultSourceInfo> preparedDataFlowsForSMT, Table<Stmt, Integer, Set<String>> splitInfos) {
	SMTConverter converter = new SMTConverter(sources);
	for(int i = 0; i < dataFlow.getPath().length; i++) {				
		System.out.println("\t" + dataFlow.getPath()[i]);
		System.out.println("\t\t" + dataFlow.getPathAccessPaths()[i]);
	}
	
	converter.convertJimpleToSMT(dataFlow.getPath(),
			dataFlow.getPathAccessPaths(), targetUnits, cfg, splitInfos);
	
	dataFlowsToSMTPrograms.put(new DataFlowObject(dataFlow.getPath()), converter.getSmtPrograms());

	//dynamic value information
	dynamicValueInfos.putAll(converter.getDynamicValueInfos());
	
	converter.printProgramToCmdLine();
	
	File z3str2Script = new File(FrameworkOptions.Z3SCRIPT_LOCATION);
	if(!z3str2Script.exists())
		throw new RuntimeException("There is no z3-script available");
	SMTExecutor smtExecutor = new SMTExecutor(converter.getSmtPrograms(), z3str2Script);
	Set<File> smtFiles = smtExecutor.createSMTFile();
	
	Set<Object> values = new HashSet<Object>();
	for(File smtFile : smtFiles) {
		String loggingPointValue = smtExecutor.executeZ3str2ScriptAndExtractLoggingPointValue(smtFile);
		if(loggingPointValue != null) {					
			loggingPointValue = fixSMTSolverIntegerOutput(loggingPointValue, dataFlow.getPath()[0]);					
			
			//SMT solver only returns hex-based UTF-8 values in some cases; we fixed this with our own hexToUnicode converter
			if(loggingPointValue != null && loggingPointValue.contains("\\x")) 
				addAdditionalUnicodeValue(loggingPointValue, values);
			if(loggingPointValue != null)
				values.add(loggingPointValue);
			System.out.println(String.format("Extracted loggingpoint-value: %s", loggingPointValue));
		}
	}
	
	System.out.println("####################################");
	
	//add values to fuzzy-seed
	Stmt stmt = dataFlow.getSource();
	CodePosition position = codePositionManager.getCodePositionForUnit(stmt);
	if(constantBasedValuesToFuzz.containsKey(position.getID()))
		constantBasedValuesToFuzz.get(position.getID()).addAll(values);
	else
		constantBasedValuesToFuzz.put(position.getID(), values);
}
 

public IInfoflowCFG prepareSimpleAnalysis()
{
	iCfg = icfgFactory.buildBiDirICFG(callgraphAlgorithm);
	return iCfg;
}
 

public IInfoflowCFG getiCfg() {
	return iCfg;
}
 

InfoflowManager(IInfoflowSolver forwardSolver, IInfoflowCFG icfg) {
	this.forwardSolver = forwardSolver;
	this.icfg = icfg;
}
 

private void splitAPI_DataFlowtoSMTConvertion(ResultSourceInfo dataFlow, IInfoflowCFG cfg, Set<ResultSourceInfo> preparedDataFlowsForSMT, Table<Stmt, Integer, Set<String>> splitInfos) {			
	SMTConverter converter = new SMTConverter(sources);
	for(int i = 0; i < dataFlow.getPath().length; i++) {				
		System.out.println("\t" + dataFlow.getPath()[i]);
		System.out.println("\t\t" + dataFlow.getPathAccessPaths()[i]);
	}
	
	//we remove the first statement (split-API method)
	int n = dataFlow.getPath().length-1;
	Stmt[] reducedDataFlow = new Stmt[n];
	System.arraycopy(dataFlow.getPath(), 1, reducedDataFlow, 0, n);
				
	//currently only possible if there is a constant index for the array
	if(hasConstantIndexAtArrayForSplitDataFlow(reducedDataFlow)) {
		String valueOfInterest = getValueOfInterestForSplitDataflow(reducedDataFlow);
		
		converter.convertJimpleToSMT(reducedDataFlow,
				dataFlow.getPathAccessPaths(), targetUnits, cfg, null);
					
		converter.printProgramToCmdLine();
		
		File z3str2Script = new File(FrameworkOptions.Z3SCRIPT_LOCATION);
		if(!z3str2Script.exists())
			throw new RuntimeException("There is no z3-script available");
		SMTExecutor smtExecutor = new SMTExecutor(converter.getSmtPrograms(), z3str2Script);
		Set<File> smtFiles = smtExecutor.createSMTFile();
		
		for(File smtFile : smtFiles) {
			String loggingPointValue = smtExecutor.executeZ3str2ScriptAndExtractValue(smtFile, valueOfInterest);
			if(loggingPointValue != null) {
				Stmt splitStmt = dataFlow.getPath()[0];
				int index = getConstantArrayIndexForSplitDataFlow(reducedDataFlow);
				
				if(splitInfos.contains(splitStmt, index))
					splitInfos.get(splitStmt, index).add(loggingPointValue);
				else {
					Set<String> values = new HashSet<String>();
					values.add(loggingPointValue);
					splitInfos.put(splitStmt, index, values);
				}
			}
			System.out.println(loggingPointValue);
		}
		
		System.out.println("####################################");
	}			
}
 

@Override
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
	for(ResultSinkInfo sinkInfo : results.getResults().keySet()) {
		Stmt sink = sinkInfo.getSink();
		InvokeExpr sinkExpr = sink.getInvokeExpr();
		SootMethod sinkMethod = sinkExpr.getMethod();
		
		Set<Object> values = new HashSet<Object>();			
		
		switch(sinkMethod.getSignature()) {
			case "<java.lang.Boolean: boolean parseBoolean(java.lang.String)>":
				values.add("true");
				values.add("false");
				break;
			
			//we add two random values
			case "<java.lang.Byte: byte parseByte(java.lang.String)>":
				values.add("0");
				values.add("42");
				break;
				
				//we add two random values
			case "<java.lang.Byte: byte parseByte(java.lang.String, int)>":
				values.add("0");
				values.add("42");
				break;
			
			//we add two random values
			case "<java.lang.Short: short parseShort(java.lang.String)>":
				values.add("0");
				values.add("42");
				break;
				
				//we add two random values
			case "<java.lang.Short: short parseShort(java.lang.String, int)>":
				values.add("0");
				values.add("42");
				break;
				
			//we add two random values
			case "<java.lang.Integer: int parseInteger(java.lang.String)>":
				values.add("0");
				values.add("42");
				break;
				
				//we add two random values
			case "<java.lang.Integer: int parseInteger(java.lang.String, int)>":
				values.add("0");
				values.add("42");
				break;
				
				//we add two random values
			case "<java.lang.Long: long parseLong(java.lang.String)>":
				values.add("0");
				values.add("42");
				break;
				
				//we add two random values
			case "<java.lang.Long: long parseLong(java.lang.String, int)>":
				values.add("0");
				values.add("42");
				break;
				
			//we add two random values
			case "<java.lang.Double: double parseDouble(java.lang.String)>":
				values.add("0");
				values.add("42.0");
				break;
				
			//we add two random values
			case "<java.lang.Float: float parseFloat(java.lang.String)>":
				values.add("0");
				values.add("20.75f");
				break;					
		}						
		
		//all sources
		Set<ResultSourceInfo> sourceInfos = results.getResults().get(sinkInfo);
		for(ResultSourceInfo sourceInfo : sourceInfos) {
			Stmt source = sourceInfo.getSource();
			int sourceID = codePositionManager.getCodePositionForUnit(source).getID();
			valuesToFuzz.put(sourceID, values);
		}
	}
	
}
 

public IInfoflowCFG getIcfg() {
	return icfg;
}
 

public IInfoflowCFG generateInfoflowCFG(){
	Infoflow info;
	if (cfgFactory == null)
		info = new Infoflow(androidJar, forceAndroidJar, null,
				new DefaultPathBuilderFactory(pathBuilder, computeResultPaths));
	else
		info = new Infoflow(androidJar, forceAndroidJar, cfgFactory,
				new DefaultPathBuilderFactory(pathBuilder, computeResultPaths));

	String path;
	if (forceAndroidJar)
		path = androidJar;
	else
		path = Scene.v().getAndroidJarPath(androidJar, apkFileLocation);

	//add thirdparty libs

	if(JadeCfg.isEnable_apklibs()){
		try {
			path = path + File.pathSeparator + extractPathFromAPK(apkFileLocation);
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

	info.setTaintWrapper(taintWrapper);
	info.setSootConfig(new SootConfigForAndroid());

	System.out.println("Starting infoflow computation...");
	info.setSootConfig(sootConfig);

	info.setStopAfterFirstFlow(stopAfterFirstFlow);
	info.setEnableImplicitFlows(enableImplicitFlows);
	info.setEnableStaticFieldTracking(enableStaticFields);
	info.setEnableExceptionTracking(enableExceptions);
	Infoflow.setAccessPathLength(accessPathLength);
	info.setFlowSensitiveAliasing(flowSensitiveAliasing);
	info.setIgnoreFlowsInSystemPackages(ignoreFlowsInSystemPackages);

	info.setInspectSources(false);
	info.setInspectSinks(false);

	info.setCallgraphAlgorithm(callgraphAlgorithm);

	if (null != ipcManager) {
		info.setIPCManager(ipcManager);
	}

	info.prepareSimpleFlow(apkFileLocation, path, entryPointCreator);
	return info.prepareSimpleAnalysis();
}
 

@Override
public IInfoflowCFG interproceduralCFG() {
	return (IInfoflowCFG) super.interproceduralCFG();
}
 

public PtsBasedAliasStrategy(IInfoflowCFG cfg) {
	super(cfg);
}
 

public IInfoflowCFG interproceduralCFG() {
	return this.cfg;
}
 

public AbstractAliasStrategy(IInfoflowCFG cfg) {
	this.cfg = cfg;
}