Merge pull request #501 from lostsnow/fix/ignore-propagator-collect-when-taint-not-change

ignore the collection of propagators when the taint has not change

Author: lostsnow

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java

@@ -45,11 +45,13 @@ private static void addPropagator(PropagatorNode propagatorNode, MethodEvent eve
         Set<TaintPosition> sources = propagatorNode.getSources();
         Set<TaintPosition> targets = propagatorNode.getTargets();
 
+        TaintCommandRunner r = TaintCommandRunner.getCommandRunner(event.signature);
         // O => O || O => R, source equals target and no change in taint range
         if (event.getSourceHashes().equals(event.getTargetHashes())
                 && sources.size() == 1 && targets.size() == 1
                 && TaintPosition.hasObject(sources)
-                && TaintCommandRunner.getCommandRunner(event.signature) == null
+                && (r == null || TaintCommand.KEEP.equals(r.getCommand()) || TaintCommand.TRIM.equals(r.getCommand())
+                || TaintCommand.TRIM_LEFT.equals(r.getCommand()) || TaintCommand.TRIM_RIGHT.equals(r.getCommand()))
         ) {
             if (TaintPosition.hasObject(targets) || TaintPosition.hasReturn(targets)) {
                 return;

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintCommandRunner.java

@@ -42,6 +42,10 @@ public int getParam(Object[] params) {
         }
     }
 
+    public TaintCommand getCommand() {
+        return command;
+    }
+
     public static TaintCommandRunner create(String signature, TaintCommand command) {
         return create(signature, command, null);
     }