Merge branch 'develop' of github.com:secure-software-engineering/FlowDroid into develop

Author: StevenArzt

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/postProcessor/InfoflowResultPostProcessor.java

@@ -7,11 +7,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import soot.ArrayType;
-import soot.Local;
-import soot.Scene;
-import soot.SootMethod;
-import soot.Value;
+import soot.*;
 import soot.jimple.InstanceInvokeExpr;
 import soot.jimple.ReturnStmt;
 import soot.jimple.Stmt;
@@ -32,6 +28,7 @@
 import soot.jimple.infoflow.methodSummary.postProcessor.SummaryPathBuilder.SummarySourceInfo;
 import soot.jimple.infoflow.methodSummary.taintWrappers.AccessPathFragment;
 import soot.jimple.infoflow.methodSummary.util.AliasUtils;
+import soot.jimple.infoflow.typing.TypeUtils;
 import soot.jimple.infoflow.util.SootMethodRepresentationParser;
 import soot.util.MultiMap;
 
@@ -331,15 +328,21 @@ protected void processAbstractionAtReturn(MethodSummaries flows, AccessPath apAt
 
 		// The sink may be a parameter
 		if (!isInCallee) {
-			if (!apAtReturn.isLocal() || apAtReturn.getTaintSubFields()
-					|| apAtReturn.getBaseType() instanceof ArrayType)
-				for (int i = 0; i < m.getParameterCount(); i++) {
-					Local p = m.getActiveBody().getParameterLocal(i);
-					if (apAtReturn.getPlainValue() == p) {
-						FlowSink sink = sourceSinkFactory.createParameterSink(i, apAtReturn);
-						addFlow(source, sink, isAlias, flows);
+			if (apAtReturn.getPlainValue() != null
+					&& (apAtReturn.getTaintSubFields() || apAtReturn.getFragmentCount() > 0)) {
+				boolean isString = TypeUtils.isStringType(apAtReturn.getBaseType())
+						&& !apAtReturn.getCanHaveImmutableAliases();
+				if (apAtReturn.getBaseType() instanceof ArrayType
+						|| (apAtReturn.getBaseType() instanceof RefType && !isString)) {
+					for (int i = 0; i < m.getParameterCount(); i++) {
+						Local p = m.getActiveBody().getParameterLocal(i);
+						if (apAtReturn.getPlainValue() == p) {
+							FlowSink sink = sourceSinkFactory.createParameterSink(i, apAtReturn);
+							addFlow(source, sink, isAlias, flows);
+						}
 					}
 				}
+			}
 		}
 
 		// The sink may be a local field

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/postProcessor/SummaryPathBuilder.java

@@ -221,6 +221,8 @@ public void clear() {
 		resultInfos.clear();
 		visitedAbstractions.clear();
 		pathCache.clear();
+		deferredPaths.clear();
+		sourceReachingScaps.clear();
 	}
 
 	/**

soot-infoflow/src/soot/jimple/infoflow/nativeCallHandler/BackwardNativeCallHandler.java

@@ -40,15 +40,6 @@ public Set<Abstraction> getTaintedValues(Stmt call, Abstraction source, Value[]
 						return Collections.singleton(abs);
 					}
 				}
-				if (params[0].equals(taintedValue)) {
-					if (manager.getTypeUtils().checkCast(source.getAccessPath(), params[2].getType())) {
-						AccessPath ap = manager.getAccessPathFactory().copyWithNewValue(source.getAccessPath(),
-								params[2], source.getAccessPath().getBaseType(), false);
-						Abstraction abs = source.deriveNewAbstraction(ap, call);
-						abs.setCorrespondingCallSite(call);
-						return Collections.singleton(abs);
-					}
-				}
 				break;
 			case SIG_COMPARE_AND_SWAP_OBJECT:
 				if (params[0].equals(taintedValue)) {