Merge pull request #791 from t1mlange/sink-ret-parse

Add support for CallType.Return in the XML Parser and add subclass check

Author: StevenArzt

soot-infoflow-android/schema/SourcesAndSinks.xsd

@@ -50,6 +50,7 @@
 	<xs:restriction base="xs:string">
 		<xs:enumeration value="methodCall" />
 		<xs:enumeration value="callback" />
+		<xs:enumeration value="return" />
 	</xs:restriction>
 </xs:simpleType>
 

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/AbstractXMLSourceSinkParser.java

@@ -223,6 +223,8 @@ protected void handleStarttagMeethod(Attributes attributes) {
 						callType = CallType.MethodCall;
 					else if (strCallType.equalsIgnoreCase("Callback"))
 						callType = CallType.Callback;
+					else if (strCallType.equalsIgnoreCase("Return"))
+						callType = CallType.Return;
 				}
 			}
 		}

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/XMLSourceSinkParser.java

@@ -123,12 +123,18 @@ protected void buildSourceSinkLists() {
 			if (sourceDef != null && !sourceDef.isEmpty()) {
 				if (sourceDef instanceof MethodSourceSinkDefinition) {
 					MethodSourceSinkDefinition methodSrc = (MethodSourceSinkDefinition) sourceDef;
-					if (methodSrc.getMethod() instanceof AndroidMethod) {
+					if (methodSrc.getCallType() == CallType.Return) {
+						String mname = methodSrc.getMethod().getMethodName();
+						logger.error(String.format("Error while building sources for %s: CallType Return is not " +
+								"supported for Source Definitions. The invalid definition is ignored.", mname));
+						sourceDef = null;
+					} else if (methodSrc.getMethod() instanceof AndroidMethod) {
 						AndroidMethod am = (AndroidMethod) methodSrc.getMethod();
 						am.setSourceSinkType(am.getSourceSinkType().addType(SourceSinkType.Source));
 					}
 				}
-				sources.add(sourceDef);
+				if (sourceDef != null)
+					sources.add(sourceDef);
 			}
 
 			ISourceSinkDefinition sinkDef = def.getSinkOnlyDefinition();

soot-infoflow-android/test/soot/jimple/infoflow/android/test/xmlParser/XmlParserTest.java

@@ -282,4 +282,31 @@ public void additionalFlowsXMLTest() throws IOException {
 		}
 		Assert.assertTrue(foundStrSig && foundStrOffsetSig && foundIntSig && foundByteSig);
 	}
+
+	@Test
+	public void returnCallTypeTest() throws IOException {
+		File xmlFile = new File(getInfoflowAndroidRoot(), "testXmlParser/returnCallType.xml");
+		XMLSourceSinkParser parser = XMLSourceSinkParser.fromFile(xmlFile);
+		Set<ISourceSinkDefinition> sinkSet = parser.getSinks();
+
+		final String expectedSig = "<android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>";
+
+		Assert.assertEquals(0, parser.getSources().size());
+		Assert.assertEquals(1, sinkSet.size());
+		ISourceSinkDefinition sink = sinkSet.iterator().next();
+		Assert.assertTrue(sink instanceof MethodSourceSinkDefinition);
+		MethodSourceSinkDefinition methodSink = (MethodSourceSinkDefinition) sink;
+		String methodSig = methodSink.getMethod().getSignature();
+		Assert.assertEquals(expectedSig, methodSig);
+		Assert.assertEquals(methodSink.getCallType(), MethodSourceSinkDefinition.CallType.Return);
+		Assert.assertEquals(1, methodSink.getReturnValues().size());
+	}
+
+	@Test
+	public void invalidReturnCallTypeTest() throws IOException {
+		File xmlFile = new File(getInfoflowAndroidRoot(), "testXmlParser/invalidReturnCallType.xml");
+		XMLSourceSinkParser parser = XMLSourceSinkParser.fromFile(xmlFile);
+		Assert.assertEquals(0, parser.getSinks().size());
+		Assert.assertEquals(0, parser.getSources().size());
+	}
 }

soot-infoflow-android/testXmlParser/invalidReturnCallType.xml

@@ -0,0 +1,9 @@
+<sinkSources>
+    <category id="NO_CATEGORY">
+        <method callType="return" signature="android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)">
+            <return>
+                <accessPath isSource="true" isSink="false" />
+            </return>
+        </method>
+    </category>
+</sinkSources>

soot-infoflow-android/testXmlParser/returnCallType.xml

@@ -0,0 +1,9 @@
+<sinkSources>
+    <category id="NO_CATEGORY">
+        <method callType="return" signature="android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)">
+            <return>
+                <accessPath isSource="false" isSink="true" />
+            </return>
+        </method>
+    </category>
+</sinkSources>

soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/manager/BaseSourceSinkManager.java

@@ -320,7 +320,24 @@ protected Collection<ISourceSinkDefinition> getSinkDefinitions(Stmt sCallSite, I
 					return def;
 			}
 		} else if (sCallSite instanceof ReturnStmt) {
-			return sinkReturnMethods.get(manager.getICFG().getMethodOf(sCallSite));
+			SootMethod sm = manager.getICFG().getMethodOf(sCallSite);
+			// Do we have a direct hit?
+			{
+				Collection<ISourceSinkDefinition> def = this.sinkReturnMethods.get(sm);
+				if (!def.isEmpty())
+					return def;
+			}
+
+			final String subSig = sm.getSubSignature();
+
+			// Check whether we have any of the interfaces on the list
+			for (SootClass i : parentClassesAndInterfaces.getUnchecked(sm.getDeclaringClass())) {
+				if (i.declaresMethod(subSig)) {
+					Collection<ISourceSinkDefinition> def = this.sinkReturnMethods.get(i.getMethod(subSig));
+					if (!def.isEmpty())
+						return def;
+				}
+			}
 		}
 
 		// nothing found