fixed summary access when no direct match is available

Author: StevenArzt

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java

@@ -111,10 +111,12 @@ public SummaryResponse load(SummaryQuery query) throws Exception {
 					if (declaredClass != null && !isClassSupported)
 						isClassSupported = getSummariesHierarchy(methodSig, classSummaries, declaredClass);
 
-					if (!classSummaries.isEmpty())
+					if (isClassSupported) {
+						if (classSummaries.isEmpty())
+							return SummaryResponse.EMPTY_BUT_SUPPORTED;
 						return new SummaryResponse(classSummaries, isClassSupported);
-					else
-						return isClassSupported ? SummaryResponse.EMPTY_BUT_SUPPORTED : SummaryResponse.NOT_SUPPORTED;
+					} else
+						return SummaryResponse.NOT_SUPPORTED;
 				}
 
 				/**
@@ -184,7 +186,7 @@ private boolean getSummaries(final String methodSig, final ClassSummaries summar
 				private boolean getSummariesHierarchy(final String methodSig, final ClassSummaries summaries,
 						SootClass clazz) {
 					// Don't try to look up the whole Java hierarchy
-					if (clazz == Scene.v().getSootClassUnsafe("java.lang.Object"))
+					if (clazz != null && clazz.getName().equals("java.lang.Object"))
 						return false;
 
 					// If the target is abstract and we haven't found any flows,
@@ -193,21 +195,23 @@ private boolean getSummariesHierarchy(final String methodSig, final ClassSummari
 					// flows for all possible classes.
 					SootMethod targetMethod = clazz.getMethodUnsafe(methodSig);
 					if (!clazz.isConcrete() || targetMethod == null || !targetMethod.isConcrete()) {
+						int found = 0;
 						Set<SootClass> childClasses = getAllChildClasses(clazz);
-						if (childClasses.size() > MAX_HIERARCHY_DEPTH)
-							return false;
-
-						boolean found = false;
 						for (SootClass childClass : childClasses) {
 							// Do we have support for the target class?
 							if (summaries.merge(flows.getMethodFlows(childClass, methodSig)))
-								found = true;
+								found++;
 
 							// Do we support any interface this class might have?
 							if (checkInterfaces(methodSig, summaries, childClass))
-								found = true;
+								found++;
+
+							// If we have too many summaries that could be applicable, we abort here to
+							// avoid false positives
+							if (found > MAX_HIERARCHY_DEPTH)
+								return false;
 						}
-						return found;
+						return found > 0;
 					}
 					return false;
 

soot-infoflow-summaries/summariesManual/java.util.Stack.xml

@@ -1,7 +1,12 @@
 <?xml version="1.0" ?>
 <summary fileFormatVersion="101">
-	<hierarchy>
+	<hierarchy superClass="java.util.Vector">
 		<interface name="java.util.List" />
+		<interface name="java.util.Collection" />
+		<interface name="java.util.RandomAccess" />
+		<interface name="java.lang.Iterable" />
+		<interface name="java.lang.Cloneable" />
+		<interface name="java.io.Serializable" />
 	</hierarchy>
     <methods>
 		<method id="void addElement(java.lang.Object)">

soot-infoflow-summaries/summariesManual/java.util.Vector.xml

@@ -1,5 +1,13 @@
 <?xml version="1.0" ?>
 <summary fileFormatVersion="101">
+	<hierarchy superClass="java.util.AbstractList">
+		<interface name="java.util.List" />
+		<interface name="java.util.Collection" />
+		<interface name="java.util.RandomAccess" />
+		<interface name="java.lang.Iterable" />
+		<interface name="java.lang.Cloneable" />
+		<interface name="java.io.Serializable" />
+	</hierarchy>
 	<methods>
 		<method id="void &lt;init&gt;(java.util.Collection)">
 			<flows>

soot-infoflow-summaries/testSummaries/java.util.ArrayList$Itr.xml

@@ -1 +1,33 @@
-<?xml version="1.0" ?><summary fileFormatVersion="101"><methods><method id="void remove()"><flows><flow isAlias="false"><from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int lastRet&gt;]" AccessPathTypes="[int]"></from><to sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int cursor&gt;]" AccessPathTypes="[int]" taintSubFields="true"></to></flow><flow isAlias="false"><from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: java.util.ArrayList this$0&gt;, &lt;java.util.AbstractList: int modCount&gt;]" AccessPathTypes="[java.util.ArrayList, int]"></from><to sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int expectedModCount&gt;]" AccessPathTypes="[int]" taintSubFields="true"></to></flow></flows></method><method id="java.lang.Object next()"><flows><flow isAlias="true"><from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: java.util.ArrayList this$0&gt;, &lt;java.util.ArrayList: java.lang.Object[] elementData&gt;]" AccessPathTypes="[java.util.ArrayList, java.lang.Object[]]"></from><to sourceSinkType="Return" BaseType="java.lang.Object" taintSubFields="true"></to></flow><flow isAlias="false"><from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int cursor&gt;]" AccessPathTypes="[int]"></from><to sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int lastRet&gt;]" AccessPathTypes="[int]" taintSubFields="true"></to></flow></flows></method></methods><gaps></gaps></summary>
+<?xml version="1.0"?>
+<summary fileFormatVersion="101">
+	<hierarchy superClass="java.lang.Object">
+		<interface name="java.util.Iterator" />
+	</hierarchy>
+    <methods>
+        <method id="void remove()">
+            <flows>
+                <flow isAlias="false">
+                    <from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int lastRet&gt;]" AccessPathTypes="[int]"></from>
+                    <to sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int cursor&gt;]" AccessPathTypes="[int]" taintSubFields="true"></to>
+                </flow>
+                <flow isAlias="false">
+                    <from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: java.util.ArrayList this$0&gt;, &lt;java.util.AbstractList: int modCount&gt;]" AccessPathTypes="[java.util.ArrayList, int]"></from>
+                    <to sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int expectedModCount&gt;]" AccessPathTypes="[int]" taintSubFields="true"></to>
+                </flow>
+            </flows>
+        </method>
+        <method id="java.lang.Object next()">
+            <flows>
+                <flow isAlias="true">
+                    <from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: java.util.ArrayList this$0&gt;, &lt;java.util.ArrayList: java.lang.Object[] elementData&gt;]" AccessPathTypes="[java.util.ArrayList, java.lang.Object[]]"></from>
+                    <to sourceSinkType="Return" BaseType="java.lang.Object" taintSubFields="true"></to>
+                </flow>
+                <flow isAlias="false">
+                    <from sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int cursor&gt;]" AccessPathTypes="[int]"></from>
+                    <to sourceSinkType="Field" BaseType="java.util.ArrayList$Itr" AccessPath="[&lt;java.util.ArrayList$Itr: int lastRet&gt;]" AccessPathTypes="[int]" taintSubFields="true"></to>
+                </flow>
+            </flows>
+        </method>
+    </methods>
+    <gaps></gaps>
+</summary>