str.append("Oups "+e.getMessage());
@Override public void visitCHECKCAST(CHECKCAST obj) { try { Type t = getFrame().popValue(); if (t instanceof NullType) { pushValue(t); } else { pushValue(obj.getType(getCPG())); } } catch (DataflowAnalysisException e) { throw new InvalidBytecodeException("Stack underflow for " + obj + ": " + e.getMessage()); } }
@Override public void visitAALOAD(AALOAD obj) { // To determine the type pushed on the stack, // we look at the type of the array reference which was // popped off of the stack. TypeFrame frame = getFrame(); try { frame.popValue(); // index Type arrayType = frame.popValue(); // arrayref if (arrayType instanceof ArrayType) { ArrayType arr = (ArrayType) arrayType; pushValue(arr.getElementType()); } else { pushValue(TypeFrame.getBottomType()); } } catch (DataflowAnalysisException e) { throw new InvalidBytecodeException("Stack underflow: " + e.getMessage()); } }
/** * Consume stack. This is a convenience method for instructions where the * types of popped operands can be ignored. */ protected void consumeStack(Instruction ins) { ConstantPoolGen cpg = getCPG(); TypeFrame frame = getFrame(); int numWordsConsumed = ins.consumeStack(cpg); if (numWordsConsumed == Const.UNPREDICTABLE) { throw new InvalidBytecodeException("Unpredictable stack consumption for " + ins); } if (numWordsConsumed > frame.getStackDepth()) { throw new InvalidBytecodeException("Stack underflow for " + ins + ", " + numWordsConsumed + " needed, " + frame.getStackDepth() + " avail, frame is " + frame); } try { while (numWordsConsumed-- > 0) { frame.popValue(); } } catch (DataflowAnalysisException e) { throw new InvalidBytecodeException("Stack underflow for " + ins + ": " + e.getMessage()); } }
assert false : e.getMessage();
assert false : e.getMessage();
str.append("Oups "+e.getMessage());
return configCopy; } catch (DataflowAnalysisException ex) { throw new InvalidBytecodeException(ex.getMessage(), ex);
return configCopy; } catch (DataflowAnalysisException ex) { throw new InvalidBytecodeException(ex.getMessage(), ex);
@Override public void visitCHECKCAST(CHECKCAST obj) { try { Type t = getFrame().popValue(); if (t instanceof NullType) { pushValue(t); } else { pushValue(obj.getType(getCPG())); } } catch (DataflowAnalysisException e) { throw new InvalidBytecodeException("Stack underflow for " + obj + ": " + e.getMessage()); } }
private static String getInstanceClassName(ConstantPoolGen cpg, InvokeInstruction invoke, TaintFrame frame) { try { int instanceIndex = frame.getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < frame.getStackDepth(); Taint instanceTaint = frame.getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
private static String getInstanceClassName(ConstantPoolGen cpg, InvokeInstruction invoke, TaintFrame frame) { try { int instanceIndex = frame.getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < frame.getStackDepth(); Taint instanceTaint = frame.getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
@Override public void visitAALOAD(AALOAD obj) { // To determine the type pushed on the stack, // we look at the type of the array reference which was // popped off of the stack. TypeFrame frame = getFrame(); try { frame.popValue(); // index Type arrayType = frame.popValue(); // arrayref if (arrayType instanceof ArrayType) { ArrayType arr = (ArrayType) arrayType; pushValue(arr.getElementType()); } else { pushValue(TypeFrame.getBottomType()); } } catch (DataflowAnalysisException e) { throw new InvalidBytecodeException("Stack underflow: " + e.getMessage()); } }
/** * Consume stack. This is a convenience method for instructions where the * types of popped operands can be ignored. */ protected void consumeStack(Instruction ins) { ConstantPoolGen cpg = getCPG(); TypeFrame frame = getFrame(); int numWordsConsumed = ins.consumeStack(cpg); if (numWordsConsumed == Constants.UNPREDICTABLE) { throw new InvalidBytecodeException("Unpredictable stack consumption for " + ins); } if (numWordsConsumed > frame.getStackDepth()) { throw new InvalidBytecodeException("Stack underflow for " + ins + ", " + numWordsConsumed + " needed, " + frame.getStackDepth() + " avail, frame is " + frame); } try { while (numWordsConsumed-- > 0) { frame.popValue(); } } catch (DataflowAnalysisException e) { throw new InvalidBytecodeException("Stack underflow for " + ins + ": " + e.getMessage()); } }
private String getInstanceClassName(InvokeInstruction invoke) { try { int instanceIndex = getFrame().getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < getFrame().getStackDepth(); Taint instanceTaint = getFrame().getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
private String getInstanceClassName(InvokeInstruction invoke) { try { int instanceIndex = getFrame().getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < getFrame().getStackDepth(); Taint instanceTaint = getFrame().getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
private void transferTaintToMutables(TaintMethodConfig methodConfig, Taint taint) { assert taint != null; if (methodConfig == null || !methodConfig.hasMutableStackIndices()) { return; } try { int stackDepth = getFrame().getStackDepth(); for (Integer mutableStackIndex : methodConfig.getMutableStackIndices()) { assert mutableStackIndex >= 0; if (mutableStackIndex >= stackDepth) { if (!Constants.CONSTRUCTOR_NAME.equals(methodDescriptor.getName()) && !Constants.STATIC_INITIALIZER_NAME.equals(methodDescriptor.getName())) { assert false : "Out of bounds mutables in " + methodDescriptor; } continue; // ignore if assertions disabled or if in constructor } Taint stackValue = getFrame().getStackValue(mutableStackIndex); setLocalVariableTaint(taint, stackValue); Taint taintCopy = new Taint(taint); // do not set instance to return values, can be different type taintCopy.setRealInstanceClass(stackValue.getRealInstanceClass()); getFrame().setValue(getFrame().getStackLocation(mutableStackIndex), taintCopy); } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); // stack depth is checked } }
private void transferTaintToMutables(TaintMethodConfig methodConfig, Taint taint) { assert taint != null; if (methodConfig == null || !methodConfig.hasMutableStackIndices()) { return; } try { int stackDepth = getFrame().getStackDepth(); for (Integer mutableStackIndex : methodConfig.getMutableStackIndices()) { assert mutableStackIndex >= 0; if (mutableStackIndex >= stackDepth) { if (!Constants.CONSTRUCTOR_NAME.equals(methodDescriptor.getName()) && !Constants.STATIC_INITIALIZER_NAME.equals(methodDescriptor.getName())) { assert false : "Out of bounds mutables in " + methodDescriptor + " Method Config: " + methodConfig.toString(); } continue; // ignore if assertions disabled or if in constructor } Taint stackValue = getFrame().getStackValue(mutableStackIndex); setLocalVariableTaint(taint, stackValue); Taint taintCopy = new Taint(taint); // do not set instance to return values, can be different type taintCopy.setRealInstanceClass(stackValue.getRealInstanceClass()); getFrame().setValue(getFrame().getStackLocation(mutableStackIndex), taintCopy); } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); // stack depth is checked } }
private TaintMethodConfig getMethodConfig(InvokeInstruction obj) { String signature = obj.getSignature(cpg); String returnType = getReturnType(signature); String className = getInstanceClassName(obj); String methodName = obj.getMethodName(cpg); String methodId = "." + methodName + signature; TaintMethodConfig config = taintConfig.getMethodConfig(getFrame(), methodDescriptor, className, methodId); if (config != null) { config = getConfigWithReplaceTags(config, className, methodName); } if (config != null && config.isConfigured()) { return config; } if (taintConfig.isClassTaintSafe(returnType)) { return TaintMethodConfig.SAFE_CONFIG; } if (config != null) { return config; } if (Constants.CONSTRUCTOR_NAME.equals(methodName) && !taintConfig.isClassTaintSafe("L" + className + ";")) { try { int stackSize = getFrame().getNumArgumentsIncludingObjectInstance(obj, cpg); return TaintMethodConfig.getDefaultConstructorConfig(stackSize); } catch (DataflowAnalysisException ex) { throw new InvalidBytecodeException(ex.getMessage(), ex); } } return null; }
private TaintMethodConfig getMethodConfig(InvokeInstruction obj) { String signature = obj.getSignature(cpg); String returnType = getReturnType(signature); String className = getInstanceClassName(obj); String methodName = obj.getMethodName(cpg); String methodId = "." + methodName + signature; TaintMethodConfig config = taintConfig.getMethodConfig(getFrame(), methodDescriptor, className, methodId); if (config != null) { config = getConfigWithReplaceTags(config, className, methodName); } if (config != null && config.isConfigured()) { return config; } if (taintConfig.isClassTaintSafe(returnType)) { return TaintMethodConfig.SAFE_CONFIG; } if (config != null) { return config; } if (Constants.CONSTRUCTOR_NAME.equals(methodName) && !taintConfig.isClassTaintSafe("L" + className + ";")) { try { int stackSize = getFrame().getNumArgumentsIncludingObjectInstance(obj, cpg); return TaintMethodConfig.getDefaultConstructorConfig(stackSize); } catch (DataflowAnalysisException ex) { throw new InvalidBytecodeException(ex.getMessage(), ex); } } return null; }