From 991e934d10cb22edf104e5fc554d18bc7a704ee2 Mon Sep 17 00:00:00 2001 From: esohel30 Date: Wed, 10 Jul 2024 16:34:11 -0400 Subject: [PATCH 1/4] adding py file --- .../taint/test/integration/node_patterns.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 source/interprocedural_analyses/taint/test/integration/node_patterns.py diff --git a/source/interprocedural_analyses/taint/test/integration/node_patterns.py b/source/interprocedural_analyses/taint/test/integration/node_patterns.py new file mode 100644 index 00000000000..d0a00d45eb9 --- /dev/null +++ b/source/interprocedural_analyses/taint/test/integration/node_patterns.py @@ -0,0 +1,17 @@ +from builtins import _test_sink, _test_source + +class Node: + def __init__(self, val=None): + self.val = val + self.next = None + +def linked_list_pattern(x): + b = Node(x) + c = Node() + d = Node() + + d.next = c + c.next = b + e = d.next.next.val + + _test_sink(e) # false negative \ No newline at end of file From b951d0e2ccb21cabc5c6cd173313a8e1d89460cc Mon Sep 17 00:00:00 2001 From: esohel30 Date: Wed, 10 Jul 2024 16:35:56 -0400 Subject: [PATCH 2/4] added pysa file for pattern --- .../taint/test/integration/node_patterns.py.pysa | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 source/interprocedural_analyses/taint/test/integration/node_patterns.py.pysa diff --git a/source/interprocedural_analyses/taint/test/integration/node_patterns.py.pysa b/source/interprocedural_analyses/taint/test/integration/node_patterns.py.pysa new file mode 100644 index 00000000000..af7c95aa854 --- /dev/null +++ b/source/interprocedural_analyses/taint/test/integration/node_patterns.py.pysa @@ -0,0 +1,3 @@ +def _test_sink(arg: TaintSink[Test, Via[special_sink]]): ... + +def _test_source() -> TaintSource[Test, Via[special_source]]: ... From 0d25f082d2425dac22d5e896f0037f2c45a10962 Mon Sep 17 00:00:00 2001 From: esohel30 Date: Sun, 14 Jul 2024 23:48:17 -0400 Subject: [PATCH 3/4] added description --- .../taint/test/integration/node_patterns.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source/interprocedural_analyses/taint/test/integration/node_patterns.py b/source/interprocedural_analyses/taint/test/integration/node_patterns.py index d0a00d45eb9..e60b7fb3f8f 100644 --- a/source/interprocedural_analyses/taint/test/integration/node_patterns.py +++ b/source/interprocedural_analyses/taint/test/integration/node_patterns.py @@ -14,4 +14,8 @@ def linked_list_pattern(x): c.next = b e = d.next.next.val - _test_sink(e) # false negative \ No newline at end of file + _test_sink(e) # false negative + + # Pysa treats memory as flat and doesn't understand aliases. + # It fails to recognize that `d.next` -> `c` and `c.next` -> `b`, + # so it misses that `e` (i.e., `d.next.next.val`) is derived from `x`. From abce5da219829f6222120e8c8124ea721e8a012d Mon Sep 17 00:00:00 2001 From: esohel30 Date: Sun, 14 Jul 2024 23:50:24 -0400 Subject: [PATCH 4/4] fixed naming --- .../taint/test/integration/{node_patterns.py => heap_alias.py} | 0 .../integration/{node_patterns.py.pysa => heap_alias.py.pysa} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename source/interprocedural_analyses/taint/test/integration/{node_patterns.py => heap_alias.py} (100%) rename source/interprocedural_analyses/taint/test/integration/{node_patterns.py.pysa => heap_alias.py.pysa} (100%) diff --git a/source/interprocedural_analyses/taint/test/integration/node_patterns.py b/source/interprocedural_analyses/taint/test/integration/heap_alias.py similarity index 100% rename from source/interprocedural_analyses/taint/test/integration/node_patterns.py rename to source/interprocedural_analyses/taint/test/integration/heap_alias.py diff --git a/source/interprocedural_analyses/taint/test/integration/node_patterns.py.pysa b/source/interprocedural_analyses/taint/test/integration/heap_alias.py.pysa similarity index 100% rename from source/interprocedural_analyses/taint/test/integration/node_patterns.py.pysa rename to source/interprocedural_analyses/taint/test/integration/heap_alias.py.pysa