/** * Returns methods which call directly or indirectly methods from inputs * passing the parameter unchanged * * @param inputs * input methods with parameter * @return Map where keys are methods and values are parameter indexes which can be passed to requested methods unchanged */ public Map<MethodDescriptor, int[]> findLinkedMethods(Set<MethodParameter> inputs) { Map<MethodDescriptor, int[]> result = new HashMap<>(); for (MethodParameter found : findLinked(inputs)) { int[] params = result.get(found.getMethodDescriptor()); if(params == null) { params = new int[] {found.getParameterNumber()}; result.put(found.getMethodDescriptor(), params); } else { int[] newParams = new int[params.length+1]; System.arraycopy(params, 0, newParams, 0, params.length); newParams[params.length] = found.getParameterNumber(); result.put(found.getMethodDescriptor(), newParams); } } return result; }
public FindSqlInjection(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); Set<MethodParameter> baseExecuteMethods = new HashSet<>(); for(MethodDescriptor executeMethod : EXECUTE_METHODS) { baseExecuteMethods.add(new MethodParameter(executeMethod, 0)); } executeMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(baseExecuteMethods); Set<MethodParameter> basePrepareMethods = new HashSet<>(); for(String signature : PREPARE_STATEMENT_SIGNATURES) { basePrepareMethods.add(new MethodParameter(new MethodDescriptor("java/sql/Connection", "prepareStatement", signature), 0)); } preparedStatementMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(basePrepareMethods); allMethods.addAll(executeMethods.keySet()); allMethods.addAll(preparedStatementMethods.keySet()); }
public DumbMethodInvocations(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); StringPassthruDatabase database = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class); allFileNameStringMethods = database.getFileNameStringMethods(); allDatabasePasswordMethods = database.findLinkedMethods(Collections.singleton(new MethodParameter(new MethodDescriptor( "java/sql/DriverManager", "getConnection", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/sql/Connection;", true), 2))); }
/** * Returns methods which call directly or indirectly methods from inputs * passing the parameter unchanged * * @param inputs * input methods with parameter * @return Map where keys are methods and values are parameter indexes which can be passed to requested methods unchanged */ public Map<MethodDescriptor, int[]> findLinkedMethods(Set<MethodParameter> inputs) { Map<MethodDescriptor, int[]> result = new HashMap<>(); for (MethodParameter found : findLinked(inputs)) { int[] params = result.get(found.getMethodDescriptor()); if(params == null) { params = new int[] {found.getParameterNumber()}; result.put(found.getMethodDescriptor(), params); } else { int[] newParams = new int[params.length+1]; System.arraycopy(params, 0, newParams, 0, params.length); newParams[params.length] = found.getParameterNumber(); result.put(found.getMethodDescriptor(), newParams); } } return result; }
public FindSqlInjection(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); testingEnabled = SystemProperties.getBoolean("report_TESTING_pattern_in_standard_detectors"); Set<MethodParameter> baseExecuteMethods = new HashSet<>(); for(MethodDescriptor executeMethod : EXECUTE_METHODS) { baseExecuteMethods.add(new MethodParameter(executeMethod, 0)); } executeMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(baseExecuteMethods); Set<MethodParameter> basePrepareMethods = new HashSet<>(); for(String signature : PREPARE_STATEMENT_SIGNATURES) { basePrepareMethods.add(new MethodParameter(new MethodDescriptor("java/sql/Connection", "prepareStatement", signature), 0)); } preparedStatementMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(basePrepareMethods); allMethods.addAll(executeMethods.keySet()); allMethods.addAll(preparedStatementMethods.keySet()); }
@Override public void visitAfter(Code obj) { super.visitAfter(obj); for (int i = 0; i < nArgs; i++) { List<MethodParameter> list = passedParameters[i]; if (list != null) { MethodParameter cur = new MethodParameter(getMethodDescriptor(), i); for (MethodParameter mp : list) { cache.addEdge(mp, cur); } } } }
public DumbMethodInvocations(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); StringPassthruDatabase database = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class); allFileNameStringMethods = database.getFileNameStringMethods(); allDatabasePasswordMethods = database.findLinkedMethods(Collections.singleton(new MethodParameter(new MethodDescriptor( "java/sql/DriverManager", "getConnection", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/sql/Connection;", true), 2))); }
public CrossSiteScripting(BugReporter bugReporter) { this.bugReporter = bugReporter; this.accumulator = new BugAccumulator(bugReporter); StringPassthruDatabase database = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class); allFileNameStringMethods = database.getFileNameStringMethods(); }
/** * Returns methods which parameter is the file name * @return Map where keys are methods and values are parameter indexes which are used as file names */ public Map<MethodDescriptor, int[]> getFileNameStringMethods() { Set<MethodParameter> fileNameStringMethods = new HashSet<>(); for(MethodDescriptor md : FILENAME_STRING_METHODS) { fileNameStringMethods.add(new MethodParameter(md, 0)); } return findLinkedMethods(fileNameStringMethods); } }
@Override public void visitAfter(Code obj) { super.visitAfter(obj); for (int i = 0; i < nArgs; i++) { List<MethodParameter> list = passedParameters[i]; if (list != null) { MethodParameter cur = new MethodParameter(getMethodDescriptor(), i); for (MethodParameter mp : list) { cache.addEdge(mp, cur); } } } }
public CrossSiteScripting(BugReporter bugReporter) { this.bugReporter = bugReporter; this.accumulator = new BugAccumulator(bugReporter); StringPassthruDatabase database = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class); allFileNameStringMethods = database.getFileNameStringMethods(); }
/** * Returns methods which parameter is the file name * @return Map where keys are methods and values are parameter indexes which are used as file names */ public Map<MethodDescriptor, int[]> getFileNameStringMethods() { Set<MethodParameter> fileNameStringMethods = new HashSet<>(); for(MethodDescriptor md : FILENAME_STRING_METHODS) { fileNameStringMethods.add(new MethodParameter(md, 0)); } return findLinkedMethods(fileNameStringMethods); } }