StubDroid: set classSupported field to true if we have an identity summary

t1mlange · t1mlange · commit c2b2a414401e · 2023-06-12T13:33:50.000+02:00
diff --git a/soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/resolvers/SummaryResolver.java b/soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/resolvers/SummaryResolver.java
@@ -16,6 +16,7 @@
 import soot.jimple.infoflow.methodSummary.data.provider.IMethodSummaryProvider;
 import soot.jimple.infoflow.methodSummary.data.summary.ClassMethodSummaries;
 import soot.jimple.infoflow.methodSummary.data.summary.ClassSummaries;
+import soot.jimple.infoflow.util.ByReferenceBoolean;
 
 /**
  * A resolver for finding all applicable summaries for a given method call
@@ -35,32 +36,44 @@ public SummaryResponse load(SummaryQuery query) throws Exception {
 					final SootClass declaredClass = query.declaredClass;
 					final String methodSig = query.subsignature;
 					final ClassSummaries classSummaries = new ClassSummaries();
-					boolean isClassSupported = false;
+					boolean directHit = false;
+					ByReferenceBoolean isClassSupported = new ByReferenceBoolean(false);
 
 					// Get the flows in the target method
 					if (calleeClass != null)
-						isClassSupported = getSummaries(methodSig, classSummaries, calleeClass);
+						directHit = getSummaries(methodSig, classSummaries, calleeClass, isClassSupported);
 
 					// If we haven't found any summaries, we look at the class from the declared
 					// type at the call site
-					if (declaredClass != null && !isClassSupported)
-						isClassSupported = getSummaries(methodSig, classSummaries, declaredClass);
+					if (declaredClass != null && !directHit)
+						directHit = getSummaries(methodSig, classSummaries, declaredClass, isClassSupported);
 
 					// If we still don't have anything, we must try the hierarchy. Since this
 					// best-effort approach can be fairly imprecise, it is our last resort.
-					if (!isClassSupported && calleeClass != null)
-						isClassSupported = getSummariesHierarchy(methodSig, classSummaries, calleeClass);
-					if (declaredClass != null && !isClassSupported)
-						isClassSupported = getSummariesHierarchy(methodSig, classSummaries, declaredClass);
-
-					if (isClassSupported) {
-						if (classSummaries.isEmpty())
-							return SummaryResponse.EMPTY_BUT_SUPPORTED;
-						return new SummaryResponse(classSummaries, isClassSupported);
-					} else
+					if (!directHit && calleeClass != null)
+						directHit = getSummariesHierarchy(methodSig, classSummaries, calleeClass, isClassSupported);
+					if (declaredClass != null && !directHit)
+						directHit = getSummariesHierarchy(methodSig, classSummaries, declaredClass, isClassSupported);
+
+					if (directHit && !classSummaries.isEmpty())
+						return new SummaryResponse(classSummaries, true);
+					else if (directHit || isClassSupported.value)
+						return SummaryResponse.EMPTY_BUT_SUPPORTED;
+					else
 						return SummaryResponse.NOT_SUPPORTED;
 				}
 
+				private void updateClassExclusive(ByReferenceBoolean classSupported, SootClass sc, String subsig) {
+					if (classSupported.value)
+						return;
+
+					if (sc.getMethodUnsafe(subsig) == null)
+						return;
+
+					ClassMethodSummaries cms = flows.getClassFlows(sc.getName());
+					classSupported.value |= cms != null && cms.isExclusiveForClass();
+				}
+
 				/**
 				 * Checks whether we have summaries for the given method signature in the given
 				 * class
@@ -70,27 +83,32 @@ public SummaryResponse load(SummaryQuery query) throws Exception {
 				 * @param clazz     The class for which to look for summaries
 				 * @return True if summaries were found, false otherwise
 				 */
-				private boolean getSummaries(final String methodSig, final ClassSummaries summaries, SootClass clazz) {
+				private boolean getSummaries(final String methodSig, final ClassSummaries summaries, SootClass clazz,
+											 ByReferenceBoolean classSupported) {
 					// Do we have direct support for the target class?
 					if (summaries.merge(flows.getMethodFlows(clazz, methodSig)))
 						return true;
 
 					// Do we support any interface this class might have?
-					if (checkInterfaces(methodSig, summaries, clazz))
+					if (checkInterfaces(methodSig, summaries, clazz, classSupported))
 						return true;
 
+					updateClassExclusive(classSupported, clazz, methodSig);
+
+					SootMethod targetMethod = clazz.getMethodUnsafe(methodSig);
 					// If the target is abstract and we haven't found any flows,
 					// we check for child classes
-					SootMethod targetMethod = clazz.getMethodUnsafe(methodSig);
 					if (!clazz.isConcrete() || targetMethod == null || !targetMethod.isConcrete()) {
 						for (SootClass parentClass : getAllParentClasses(clazz)) {
 							// Do we have support for the target class?
 							if (summaries.merge(flows.getMethodFlows(parentClass, methodSig)))
 								return true;
 
 							// Do we support any interface this class might have?
-							if (checkInterfaces(methodSig, summaries, parentClass))
+							if (checkInterfaces(methodSig, summaries, parentClass, classSupported))
 								return true;
+
+							updateClassExclusive(classSupported, parentClass, methodSig);
 						}
 					}
 
@@ -107,7 +125,7 @@ private boolean getSummaries(final String methodSig, final ClassSummaries summar
 				 * @return True if summaries were found, false otherwise
 				 */
 				private boolean getSummariesHierarchy(final String methodSig, final ClassSummaries summaries,
-						SootClass clazz) {
+						SootClass clazz, ByReferenceBoolean classSupported) {
 					// Don't try to look up the whole Java hierarchy
 					if (clazz.getName().equals("java.lang.Object"))
 						return false;
@@ -126,9 +144,11 @@ private boolean getSummariesHierarchy(final String methodSig, final ClassSummari
 								found++;
 
 							// Do we support any interface this class might have?
-							if (checkInterfaces(methodSig, summaries, childClass))
+							if (checkInterfaces(methodSig, summaries, childClass, classSupported))
 								found++;
 
+							updateClassExclusive(classSupported, childClass, methodSig);
+
 							// If we have too many summaries that could be applicable, we abort here to
 							// avoid false positives
 							if (found > MAX_HIERARCHY_DEPTH)
@@ -148,7 +168,8 @@ private boolean getSummariesHierarchy(final String methodSig, final ClassSummari
 				 * @param clazz     The interface for which to look for summaries
 				 * @return True if summaries were found, false otherwise
 				 */
-				private boolean checkInterfaces(String methodSig, ClassSummaries summaries, SootClass clazz) {
+				private boolean checkInterfaces(String methodSig, ClassSummaries summaries, SootClass clazz,
+												ByReferenceBoolean classSupported) {
 					for (SootClass intf : clazz.getInterfaces()) {
 						// Directly check the interface
 						if (summaries.merge(flows.getMethodFlows(intf, methodSig)))
@@ -158,6 +179,8 @@ private boolean checkInterfaces(String methodSig, ClassSummaries summaries, Soot
 							// Do we have support for the interface?
 							if (summaries.merge(flows.getMethodFlows(parent, methodSig)))
 								return true;
+
+							updateClassExclusive(classSupported, parent, methodSig);
 						}
 					}
 
diff --git a/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/ApiClassClient.java b/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/ApiClassClient.java
@@ -320,4 +320,11 @@ public void noPropagationOverUnhandledCallee() {
 		overwrite(d);
 		sink(d.stringField);
 	}
+
+	public void identityIsStillAppliedOnUnhandledMethodButExclusiveClass() {
+		Data d = new Data();
+		d.stringField = stringSource();
+		d.identity();
+		sink(d.stringField);
+	}
 }
diff --git a/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/Data.java b/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/Data.java
@@ -52,5 +52,8 @@ public void setI(String i) {
 		this.stringField = i;
 	}
 	
-	
+	public void identity() {
+		// NO-OP but do something to make sure that this won't get removed by optimizations
+		System.out.println("Hello World");
+	}
 }
diff --git a/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java b/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java
@@ -237,6 +237,11 @@ public void noPropagationOverUnhandledCallee() {
 		testNoFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void noPropagationOverUnhandledCallee()>");
 	}
 
+	@Test(timeout = 30000)
+	public void identityIsStillAppliedOnUnhandledMethodButExclusiveClass() {
+		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void identityIsStillAppliedOnUnhandledMethodButExclusiveClass()>");
+	}
+
 	@Test
 	public void testAllSummaries() throws URISyntaxException, IOException {
 		EagerSummaryProvider provider = new EagerSummaryProvider(TaintWrapperFactory.DEFAULT_SUMMARY_DIR);

Original file line number	Diff line number	Diff line change
`@@ -320,4 +320,11 @@ public void noPropagationOverUnhandledCallee() {`
`320`	`320`	`overwrite(d);`
`321`	`321`	`sink(d.stringField);`
`322`	`322`	`}`
	`323`	`+`
	`324`	`+ public void identityIsStillAppliedOnUnhandledMethodButExclusiveClass() {`
	`325`	`+ Data d = new Data();`
	`326`	`+ d.stringField = stringSource();`
	`327`	`+ d.identity();`
	`328`	`+ sink(d.stringField);`
	`329`	`+ }`
`323`	`330`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,5 +52,8 @@ public void setI(String i) {`
`52`	`52`	`this.stringField = i;`
`53`	`53`	`}`
`54`	`54`
`55`		`-`
	`55`	`+ public void identity() {`
	`56`	`+ // NO-OP but do something to make sure that this won't get removed by optimizations`
	`57`	`+ System.out.println("Hello World");`
	`58`	`+ }`
`56`	`59`	`}`