StubDroid: do not apply identity on unhandled methods

Author: t1mlange

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java

@@ -527,9 +527,7 @@ public Set<Abstraction> getTaintsForMethod(Stmt stmt, Abstraction d1, Abstractio
 					return Collections.singleton(taintedAbs);
 				else {
 					reportMissingSummary(callee, stmt, taintedAbs);
-					if (fallbackWrapper != null) {
-						return fallbackWrapper.getTaintsForMethod(stmt, d1, taintedAbs);
-					}
+					return fallbackWrapper != null ? fallbackWrapper.getTaintsForMethod(stmt, d1, taintedAbs) : null;
 				}
 			}
 		}
@@ -1763,9 +1761,12 @@ public Set<Abstraction> getInverseTaintsForMethod(Stmt stmt, Abstraction d1, Abs
 		ClassSummaries flowsInCallees = getFlowSummariesForMethod(stmt, method, taintedAbs, null);
 
 		// If we have no data flows, we can abort early
-		if (flowsInCallees.isEmpty())
+		if (flowsInCallees.isEmpty()) {
 			if (fallbackWrapper != null && fallbackWrapper instanceof IReversibleTaintWrapper)
 				return ((IReversibleTaintWrapper) fallbackWrapper).getInverseTaintsForMethod(stmt, d1, taintedAbs);
+			else
+				return null;
+		}
 
 		// Create a level-0 propagator for the initially tainted access path
 		ByReferenceBoolean killIncomingTaint = new ByReferenceBoolean();

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/ApiClassClient.java

@@ -309,4 +309,15 @@ public void iterator() {
 		if (it.hasNext())
 			sink(it.next());
 	}
+
+	private static void overwrite(Data d) {
+		d.stringField = "";
+	}
+
+	public void noPropagationOverUnhandledCallee() {
+		Data d = new Data();
+		d.stringField = stringSource();
+		overwrite(d);
+		sink(d.stringField);
+	}
 }

soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java

@@ -232,6 +232,11 @@ public void iterator() {
 		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void iterator()>");
 	}
 
+	@Test(timeout = 30000)
+	public void noPropagationOverUnhandledCallee() {
+		testNoFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void noPropagationOverUnhandledCallee()>");
+	}
+
 	@Test
 	public void testAllSummaries() throws URISyntaxException, IOException {
 		EagerSummaryProvider provider = new EagerSummaryProvider(TaintWrapperFactory.DEFAULT_SUMMARY_DIR);