Merge branch 'develop' of https://github.com/secure-software-engineering/FlowDroid into dev-marc

Author: MarcMil

soot-infoflow-integration/test/soot/jimple/infoflow/integration/test/junit/river/BaseJUnitTests.java

@@ -16,6 +16,7 @@
 import soot.jimple.infoflow.sourcesSinks.definitions.ISourceSinkDefinition;
 import soot.jimple.infoflow.sourcesSinks.manager.BaseSourceSinkManager;
 import soot.jimple.infoflow.taintWrappers.ITaintPropagationWrapper;
+import soot.jimple.infoflow.test.base.AbstractJUnitTests;
 import soot.jimple.infoflow.test.junit.JUnitTests;
 
 /**
@@ -111,13 +112,8 @@ protected SetupApplication initApplication(File apkFile) {
 	 * 
 	 * @return The directory in which the FlowDroid main project is located
 	 */
-	public static File getIntegrationRoot() {
-		File testRoot = new File(".");
-		if (!new File(testRoot, "testAPKs").exists())
-			testRoot = new File(testRoot, "soot-infoflow-integration");
-		if (!new File(testRoot, "testAPKs").exists())
-			throw new RuntimeException(String.format("Test root not found in %s", testRoot.getAbsolutePath()));
-		return testRoot;
+	public static File getIntegrationRoot() throws IOException {
+		return AbstractJUnitTests.getInfoflowRoot(BaseJUnitTests.class, "soot-infoflow-integration");
 	}
 
 }

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java

@@ -1720,7 +1720,7 @@ protected Taint addSinkTaint(MethodFlow flow, Taint taint, GapDefinition gap, St
 		String sBaseType = sinkType == null ? null : "" + sinkType;
 		if (!flow.getIgnoreTypes()) {
 			// Compute the new base type
-			Type newBaseType = manager.getTypeUtils().getMorePreciseType(taintType, sinkType);
+			Type newBaseType = manager.getTypeUtils().getMorePreciseType(sinkType, taintType);
 			if (newBaseType == null)
 				newBaseType = sinkType;
 

soot-infoflow-summaries/summariesManual/java.util.Collection.xml

@@ -10,7 +10,7 @@
 					   ImplicitLocation="Next" />
 			</constraints>
 			<flows>
-				<flow isAlias="true" typeChecking="false" final="true">
+				<flow isAlias="withContext" typeChecking="false" final="true">
 					<from sourceSinkType="Parameter" ParameterIndex="0" />
 					<to sourceSinkType="Field"
 						AccessPath="[java.util.Collection: java.lang.Object[] innerArray]"

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/ApiClassClient.java

@@ -585,16 +585,23 @@ public void stringConcatTest() {
 	}
 
 	public void listIrrelevantItemTest() {
-		String secret = TelephonyManager.getDeviceId();
+		String secret = stringSource();
 
 		List<Object> lvar = new ArrayList<>();
 		Boolean bvar = true;
 
 		lvar.add(secret); // Adds tainted data to the list
 		lvar.add(bvar);
 
-		ConnectionManager cm = new ConnectionManager();
-		cm.publish(bvar);
+		sink(bvar);
 	}
 
+	public void testTypeNarrowing() {
+		String secret = stringSource();
+		// split: String -> String[]
+		// Tests that getMorePreciseType correctly
+		// keeps the array in the type
+		Object[] splitted = secret.split(";");
+		sink(splitted);
+	}
 }

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/BaseSummaryTaintWrapperTests.java

@@ -51,7 +51,7 @@ protected void testFlowForMethod(String m) {
 	}
 
 	protected void testFlowForMethod(String m, int count) {
-
+		testFlowForMethod(m, count, null);
 	}
 
 	protected void testFlowForMethod(String m, int count, Consumer<InfoflowConfiguration> configCallback) {

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/JUnitTests.java

@@ -28,6 +28,7 @@
 import soot.jimple.infoflow.config.ConfigForTest;
 import soot.jimple.infoflow.results.InfoflowResults;
 import soot.jimple.infoflow.taintWrappers.EasyTaintWrapper;
+import soot.jimple.infoflow.test.base.AbstractJUnitTests;
 
 /**
  * abstract super class of all test cases which handles initialization, keeps
@@ -58,7 +59,7 @@ public abstract class JUnitTests {
 
 	@BeforeClass
 	public static void setUp() throws IOException {
-		File f = new File(".");
+		File f = AbstractJUnitTests.getInfoflowRoot(JUnitTests.class, "soot-infoflow-summaries");
 		File testSrc1 = new File(f, "bin");
 		File testSrc4 = new File(f, "testBin");
 		File testSrc2 = new File(f, "build" + File.separator + "classes");

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java

@@ -338,7 +338,12 @@ public void stringConcatTest() {
 
 	@Test(timeout = 30000)
 	public void listIrrelevantItemTest() {
-		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void listIrrelevantItemTest()>", 1);
+		testNoFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void listIrrelevantItemTest()>");
+	}
+
+	@Test(timeout = 30000)
+	public void testTypeNarrowing() {
+		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void testTypeNarrowing()>", 1);
 	}
 
 	@Test

soot-infoflow/src/soot/jimple/infoflow/typing/TypeUtils.java

@@ -191,66 +191,67 @@ public boolean hasCompatibleTypesForCall(AccessPath apBase, SootClass dest) {
 	/**
 	 * Gets the more precise one of the two given types. If there is no ordering
 	 * (i.e., the two types are not cast-compatible) null is returned.
-	 * 
-	 * @param tp1 The first type
-	 * @param tp2 The second type
+	 * IMPORTANT: this method is not commutative on array types. The second type must
+	 * always be the declared type, which is used to infer the array depth.
+	 * Consider, for example, the case
+	 *   objArr[i] = str;
+	 * where we can narrow the type of objArr to String[]. Vice versa,
+	 *   obj = strArr[i];
+	 * allows us to narrow the type of obj to String. Therefore,
+	 * getMorePreciseType(String, Object[]) should return String[] and
+	 * getMorePreciseType(Object[], String) should return String.
+	 *
+	 * @param possibleRefinement The first type
+	 * @param declType The second type
 	 * @return The more precise one of the two given types
 	 */
-	public Type getMorePreciseType(Type tp1, Type tp2) {
+	public Type getMorePreciseType(Type possibleRefinement, Type declType) {
 		final FastHierarchy fastHierarchy = scene.getOrMakeFastHierarchy();
 
-		if (tp1 == null)
-			return tp2;
-		else if (tp2 == null)
-			return tp1;
-		else if (tp1 == tp2)
-			return tp1;
-		else if (TypeUtils.isObjectLikeType(tp1))
-			return tp2;
-		else if (TypeUtils.isObjectLikeType(tp2))
-			return tp1;
-		else if (tp1 instanceof PrimType && tp2 instanceof PrimType)
+		if (declType == null)
+			return possibleRefinement;
+		else if (possibleRefinement == null)
+			return declType;
+		else if (declType == possibleRefinement)
+			return declType;
+		else if (TypeUtils.isObjectLikeType(declType))
+			return possibleRefinement;
+		else if (TypeUtils.isObjectLikeType(possibleRefinement))
+			return declType;
+		else if (declType instanceof PrimType && possibleRefinement instanceof PrimType)
 			return null;
-		else if (fastHierarchy.canStoreType(tp2, tp1))
-			return tp2;
-		else if (fastHierarchy.canStoreType(tp1, tp2))
-			return tp1;
+		else if (fastHierarchy.canStoreType(possibleRefinement, declType))
+			return possibleRefinement;
+		else if (fastHierarchy.canStoreType(declType, possibleRefinement))
+			return declType;
 		else {
 			// If one type is an array type and the other one is the base type,
 			// we still accept the cast
-			if (tp1 instanceof ArrayType && tp2 instanceof ArrayType) {
-				ArrayType at1 = (ArrayType) tp1;
-				ArrayType at2 = (ArrayType) tp2;
+			if (declType instanceof ArrayType && possibleRefinement instanceof ArrayType) {
+				ArrayType at1 = (ArrayType) possibleRefinement;
+				ArrayType at2 = (ArrayType) declType;
 				if (at1.numDimensions != at2.numDimensions)
 					return null;
 				Type preciseType = getMorePreciseType(at1.getElementType(), at2.getElementType());
 				if (preciseType == null)
 					return null;
 
-				return ArrayType.v(preciseType, at1.numDimensions);
-			} else if (tp1 instanceof ArrayType) {
-				ArrayType at = (ArrayType) tp1;
-				return getMorePreciseType(at.getElementType(), tp2);
-			} else if (tp2 instanceof ArrayType) {
-				ArrayType at = (ArrayType) tp2;
-				return getMorePreciseType(tp1, at.getElementType());
+				return ArrayType.v(preciseType, at2.numDimensions);
+			} else if (declType instanceof ArrayType) {
+				ArrayType at = (ArrayType) declType;
+				Type preciseType = getMorePreciseType(possibleRefinement, at.getElementType());
+				if (preciseType == null)
+					return null;
+
+				return ArrayType.v(preciseType, at.numDimensions);
+			} else if (possibleRefinement instanceof ArrayType) {
+				ArrayType at = (ArrayType) possibleRefinement;
+				return getMorePreciseType(at.getElementType(), declType);
 			}
 		}
 		return null;
 	}
 
-	/**
-	 * Gets the more precise one of the two given types
-	 * 
-	 * @param tp1 The first type
-	 * @param tp2 The second type
-	 * @return The more precise one of the two given types
-	 */
-	public String getMorePreciseType(String tp1, String tp2) {
-		Type newType = getMorePreciseType(getTypeFromString(tp1), getTypeFromString(tp2));
-		return newType == null ? null : "" + newType;
-	}
-
 	/**
 	 * Creates a Soot Type from the given string
 	 * 

soot-infoflow/test/soot/jimple/infoflow/test/base/AbstractJUnitTests.java

@@ -16,6 +16,8 @@
 import java.io.File;
 import java.io.IOException;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
 
 import jakarta.servlet.http.HttpServlet;
@@ -28,6 +30,8 @@
  */
 public abstract class AbstractJUnitTests {
 
+	protected static final Logger logger = LoggerFactory.getLogger(AbstractJUnitTests.class);
+
 	/**
 	 * Appends the given path to the given {@link StringBuilder} if it exists
 	 * 
@@ -89,4 +93,57 @@ protected static void addRtJarPath(StringBuilder libPathBuilder) throws IOExcept
 		appendWithSeparator(libPathBuilder, new File(springJAR));
 	}
 
+	/**
+	 * Gets the root of the current project from a reference class located in that
+	 * project
+	 * 
+	 * @param referenceClass The reference class
+	 * @param moduleName     The name of the FlowDroid module for which to get the
+	 *                       root folder
+	 * @return The root folder of the project
+	 * @throws IOException
+	 */
+	public static File getInfoflowRoot(Class<?> referenceClass, String moduleName) throws IOException {
+		File classFile = new File(referenceClass.getProtectionDomain().getCodeSource().getLocation().getPath());
+		File f = classFile;
+		if (f.exists()) {
+			while (!f.getName().equals(moduleName) && f.getParentFile() != null)
+				f = f.getParentFile();
+
+			// The project root must exist and must not be the file system root
+			if (f.exists() && f.getParentFile() != null)
+				return f;
+
+			logger.warn("Finding project root from class file {} failed", classFile);
+		} else
+			logger.warn("Class file {} does not exist", classFile);
+		return getInfoflowRoot(moduleName);
+	}
+
+	/**
+	 * Gets the root in which the FlowDroid main project is located
+	 * 
+	 * @param moduleName The name of the FlowDroid module for which to get the root
+	 *                   folder
+	 * @return The directory in which the FlowDroid main project is located
+	 */
+	public static File getInfoflowRoot(String moduleName) throws IOException {
+		File testRoot = new File(".").getCanonicalFile();
+
+		if (!new File(testRoot, "src").exists()) {
+			// Try a subfolder
+			File subFolder = new File(testRoot, moduleName);
+			if (subFolder.exists())
+				testRoot = subFolder;
+			else {
+				// Try a sibling folder
+				testRoot = new File(testRoot.getParentFile(), moduleName);
+			}
+		}
+
+		if (!new File(testRoot, "src").exists())
+			throw new RuntimeException(String.format("Test root not found in %s", testRoot.getAbsolutePath()));
+		return testRoot;
+	}
+
 }

soot-infoflow/test/soot/jimple/infoflow/test/junit/JUnitTests.java

@@ -74,18 +74,10 @@ public static void setUp() throws IOException {
 		if (!fi.getCanonicalFile().equals(f.getCanonicalFile())) {
 			addTestPathes(fi, appPathBuilder);
 		}
-		fi = new File(f, "../soot-infoflow-summaries");
-		if (!fi.getCanonicalFile().equals(f.getCanonicalFile())) {
-			addTestPathes(fi, appPathBuilder);
-		}
 		fi = new File("soot-infoflow");
 		if (fi.exists()) {
 			addTestPathes(fi, appPathBuilder);
 		}
-		fi = new File("soot-infoflow-summaries");
-		if (fi.exists()) {
-			addTestPathes(fi, appPathBuilder);
-		}
 		appPath = appPathBuilder.toString();
 
 		StringBuilder libPathBuilder = new StringBuilder();
@@ -210,20 +202,7 @@ protected void onlyForwards(IInfoflow infoflow, String message) {
 	 * @throws IOException
 	 */
 	public static File getInfoflowRoot(Class<?> referenceClass) throws IOException {
-		File classFile = new File(referenceClass.getProtectionDomain().getCodeSource().getLocation().getPath());
-		File f = classFile;
-		if (f.exists()) {
-			while (!f.getName().equals("soot-infoflow") && f.getParentFile() != null)
-				f = f.getParentFile();
-
-			// The project root must exist and must not be the file system root
-			if (f.exists() && f.getParentFile() != null)
-				return f;
-
-			logger.warn("Finding project root from class file {} failed", classFile);
-		} else
-			logger.warn("Class file {} does not exist", classFile);
-		return getInfoflowRoot();
+		return getInfoflowRoot(referenceClass, "soot-infoflow");
 	}
 
 	/**
@@ -232,22 +211,7 @@ public static File getInfoflowRoot(Class<?> referenceClass) throws IOException {
 	 * @return The directory in which the FlowDroid main project is located
 	 */
 	public static File getInfoflowRoot() throws IOException {
-		File testRoot = new File(".").getCanonicalFile();
-
-		if (!new File(testRoot, "src").exists()) {
-			// Try a subfolder
-			File subFolder = new File(testRoot, "soot-infoflow");
-			if (subFolder.exists())
-				testRoot = subFolder;
-			else {
-				// Try a sibling folder
-				testRoot = new File(testRoot.getParentFile(), "soot-infoflow");
-			}
-		}
-
-		if (!new File(testRoot, "src").exists())
-			throw new RuntimeException(String.format("Test root not found in %s", testRoot.getAbsolutePath()));
-		return testRoot;
+		return getInfoflowRoot("soot-infoflow");
 	}
 
 }