Packages

  • package root
    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package opalj

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode.

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode. OPAL is designed with performance, scalability and adaptability in mind.

    Its main components are:

    • a library (Common) which provides generally useful data-structures and algorithms for static analyses.
    • a framework for implementing lattice based static analyses (Static Analysis Infrastructure)
    • a framework for parsing Java bytecode (Bytecode Infrastructure - org.opalj.bi) that can be used to create arbitrary representations.
    • a library to create a one-to-one in-memory representation of Java bytecode (Bytecode Disassembler - org.opalj.da).
    • a library to convert this representation to Java class files (Bytecode Creator - org.opalj.bc).
    • a library to create a representation of Java bytecode that facilitates writing simple static analyses (Bytecode Representation - org.opalj.br).
    • a library to create a stackless, three-address code representation of Java bytecode that facilitates writing complex static analyses (Three Address Code - org.opalj.tac).
    • a scalable, easily customizable framework for the abstract interpretation of Java bytecode (Abstract Interpretation Framework - org.opalj.ai).
    • a library to extract dependencies between code elements (Dependencies Extraction - org.opalj.de) and to facilitate checking architecture definitions (Architecture Validation - org.opalj.av).
    • a library for the lightweight manipulation and creation of Java bytecode (Bytecode Assembler - org.opalj.ba).
    • a library for parsing Android packages (APK - org.opalj.apk).
    • libraries for writing static analyses using the interprocedural finite distributive subset (IFDS - org.opalj.ifds) and interprocedural distributive environment (IDE - org.opal.ide) algorithms.

    General Design Decisions

    Thread Safety

    Unless explicitly noted, OPAL is thread safe. I.e., the classes defined by OPAL can be considered to be thread safe unless otherwise stated. (For example, it is possible to read and process class files concurrently without explicit synchronization on the client side.)

    No null Values

    Unless explicitly noted, OPAL does not null values I.e., fields that are accessible will never contain null values and methods will never return null. If a method accepts null as a value for a parameter or returns a null value it is always explicitly documented. In general, the behavior of methods that are passed null values is undefined unless explicitly documented.

    No Typecasts for Collections

    For efficiency reasons, OPAL sometimes uses mutable data-structures internally. After construction time, these data-structures are generally represented using their generic interfaces (e.g., scala.collection.{Set,Map}). However, a downcast (e.g., to add/remove elements) is always forbidden as it would effectively prevent thread-safety.

    Assertions

    OPAL makes heavy use of Scala's Assertion Facility to facilitate writing correct code. Hence, for production builds (after thorough testing(!)) it is highly recommend to build OPAL again using -Xdisable-assertions.

    Definition Classes
    org
  • package tac

    Common definitions related to the definition and processing of three address code.

    Common definitions related to the definition and processing of three address code.

    Definition Classes
    opalj
  • package fpcf
    Definition Classes
    tac
  • package analyses
    Definition Classes
    fpcf
  • package ifds
    Definition Classes
    analyses
  • package taint
    Definition Classes
    ifds
  • AbstractJavaForwardTaintProblem
  • ArrayElement
  • FlowFact
  • InstanceField
  • JavaBackwardTaintProblem
  • StaticField
  • TaintFact
  • TaintNullFact
  • TaintProblem
  • Variable
c

org.opalj.tac.fpcf.analyses.ifds.taint

AbstractJavaForwardTaintProblem

abstract class AbstractJavaForwardTaintProblem extends JavaForwardIFDSProblem[TaintFact] with TaintProblem[Method, JavaStatement, TaintFact]

IFDS Problem that performs a forward Taint Analysis on Java

Source
AbstractJavaForwardTaintProblem.scala
Linear Supertypes
TaintProblem[Method, JavaStatement, TaintFact], JavaForwardIFDSProblem[TaintFact], JavaIFDSProblem[TaintFact], IFDSProblem[TaintFact, Method, JavaStatement, JavaICFG], AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. AbstractJavaForwardTaintProblem
  2. TaintProblem
  3. JavaForwardIFDSProblem
  4. JavaIFDSProblem
  5. IFDSProblem
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new AbstractJavaForwardTaintProblem(project: SomeProject)

    project

    the analyzed project

Type Members

  1. type OutsideAnalysisContextCallHandler = (JavaStatement, Option[JavaStatement], TaintFact, Seq[Method], Getter) => Set[TaintFact] { def apply(call: org.opalj.tac.fpcf.analyses.ide.solver.JavaStatement, successor: Option[org.opalj.tac.fpcf.analyses.ide.solver.JavaStatement], in: org.opalj.tac.fpcf.analyses.ifds.taint.TaintFact, unbCallChain: Seq[org.opalj.br.Method], dependeesGetter: org.opalj.ifds.Dependees.Getter): Set[org.opalj.tac.fpcf.analyses.ifds.taint.TaintFact] }
    Definition Classes
    IFDSProblem
  2. type OutsideAnalysisContextUnbReturnHandler = (Method, TaintFact, Seq[Method], Getter) => Unit { def apply(callee: org.opalj.br.Method, in: org.opalj.tac.fpcf.analyses.ifds.taint.TaintFact, callChain: Seq[org.opalj.br.Method], dependeesGetter: org.opalj.ifds.Dependees.Getter): Unit }
    Definition Classes
    IFDSProblem

Abstract Value Members

  1. abstract def createFlowFact(callee: Method, call: JavaStatement, in: TaintFact): Option[FlowFact]

    Called, when the call to return facts are computed for some callee.

    Called, when the call to return facts are computed for some callee. Creates a FlowFact, if necessary.

    callee

    The method, which was called.

    call

    The call.

    returns

    Some FlowFact, if necessary. Otherwise None.

    Attributes
    protected
  2. abstract def createFlowFactAtExit(callee: Method, in: TaintFact, unbalancedCallChain: Seq[Method]): Option[TaintFact]

    Called, when new FlowFacts are found at the analysis exit of a method.

    Called, when new FlowFacts are found at the analysis exit of a method. Creates a FlowFact in the callee context if necessary.

    callee

    The callee.

    in

    The newly found facts.

    unbalancedCallChain

    the current call chain.

    returns

    Some FlowFact, if necessary. Otherwise None.

    Definition Classes
    IFDSProblem
  3. abstract def createTaints(callee: Method, call: JavaStatement): Set[TaintFact]

    Called, when the exit to return facts are computed for some callee with the null fact and the callee's return value is assigned to a variable.

    Called, when the exit to return facts are computed for some callee with the null fact and the callee's return value is assigned to a variable. Creates a taint, if necessary.

    callee

    The called method.

    call

    The call.

    returns

    Some variable fact, if necessary. Otherwise none.

    Attributes
    protected
  4. abstract def entryPoints: Seq[(Method, IFDSFact[TaintFact, Method, JavaStatement])]

    The entry points of this analysis.

    The entry points of this analysis.

    Definition Classes
    IFDSProblem
  5. abstract def sanitizesParameter(call: JavaStatement, in: TaintFact): Boolean

    Called in callToReturnFlow.

    Called in callToReturnFlow. This method can return whether the input fact will be removed after callee was called. I.e. the method could sanitize parameters.

    call

    The call statement.

    in

    The fact which holds before the call.

    returns

    Whether in will be removed after the call.

    Attributes
    protected
    Definition Classes
    TaintProblem
  6. abstract def sanitizesReturnValue(callee: Method): Boolean

    Checks, if some callee is a sanitizer, which sanitizes its return value.

    Checks, if some callee is a sanitizer, which sanitizes its return value. In this case, no return flow facts will be created.

    callee

    The method, which was called.

    returns

    True, if the method is a sanitizer.

    Attributes
    protected
    Definition Classes
    TaintProblem

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def automaticallyPropagateNullFactInFlowFunctions: Boolean

    returns

    Whether the null Fact is automatically added to the result of every flow function where it is passed into

    Definition Classes
    IFDSProblem
  6. def callFlow(start: JavaStatement, in: TaintFact, call: JavaStatement, callee: Method): Set[TaintFact]

    Propagates tainted parameters to the callee.

    Propagates tainted parameters to the callee. If a call to the sink method with a tainted parameter is detected, no call-to-start edges will be created.

    start

    The statement, which starts the analysis of the 'callee'.

    in

    The fact which holds before the execution of the call.

    call

    The statement, which called the callee.

    callee

    The called method, for which the data flow shall be computed.

    returns

    The facts, which hold after the execution of call under the assumption that the fact in held before call and call calls callee.

    Definition Classes
    AbstractJavaForwardTaintProblemIFDSProblem
  7. def callToReturnFlow(call: JavaStatement, in: TaintFact, successor: Option[JavaStatement], unbCallChain: Seq[Method]): Set[TaintFact]

    Removes taints according to sanitizesParameter.

    Removes taints according to sanitizesParameter.

    call

    The statement, which invoked the call.

    in

    The facts, which hold before the call.

    unbCallChain

    The current call chain of unbalanced returns.

    returns

    The facts, which hold after the call independently of what happens in the callee under the assumption that in held before call.

    Definition Classes
    AbstractJavaForwardTaintProblemIFDSProblem
  8. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
  9. val declaredMethods: DeclaredMethods
  10. def enableUnbalancedReturns: Boolean

    returns

    Whether the analysis should follow unbalanced return flows (return of a method for which no matching previous call was processed).

    Definition Classes
    IFDSProblem
  11. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  13. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  14. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  15. val icfg: JavaICFG
    Definition Classes
    IFDSProblem
  16. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  17. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  18. def needsPredecessor(statement: JavaStatement): Boolean
    Definition Classes
    JavaIFDSProblemIFDSProblem
  19. def normalFlow(statement: JavaStatement, in: TaintFact, predecessor: Option[JavaStatement]): Set[TaintFact]

    If a variable gets assigned a tainted value, the variable will be tainted.

    If a variable gets assigned a tainted value, the variable will be tainted.

    statement

    The analyzed statement.

    in

    The fact which holds before the execution of the statement.

    predecessor

    The predecessor of the analyzed statement, for which the data flow shall be computed. Used for phi statements to distinguish the flow.

    returns

    The facts, which hold after the execution of statement under the assumption that the facts in in held before statement and successor will be executed next.

    Definition Classes
    AbstractJavaForwardTaintProblemIFDSProblem
  20. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  21. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  22. def nullFact: TaintFact

    The null fact of this analysis.

    The null fact of this analysis.

    Definition Classes
    AbstractJavaForwardTaintProblemIFDSProblem
  23. def outsideAnalysisContextCall(callee: Method): Option[OutsideAnalysisContextCallHandler]

    If a parameter is tainted, the result will also be tainted.

    If a parameter is tainted, the result will also be tainted. We assume that the callee does not call the source method.

    callee

    The method called by call.

    returns

    The handler function. It receives the statement which invoked the call, the successor statement, which will be executed after the call and the set of input facts which hold before the call. It returns facts, which hold after the call, excluding the call to return flow.

    Definition Classes
    AbstractJavaForwardTaintProblemJavaIFDSProblemIFDSProblem
  24. def outsideAnalysisContextUnbReturn(callee: Method): Option[OutsideAnalysisContextUnbReturnHandler]

    Checks if there are unbalanced returns outside this analysis' context.

    Checks if there are unbalanced returns outside this analysis' context. For unbalanced returns outside this analysis' context the returned handler is called to compute the return edge and trigger the callers' analyses.

    callee

    the method from which an unbalanced return is performed.

    returns

    the handler function. It receives the callee, the input fact, the existing call chain before this unbalanced return.

    Definition Classes
    JavaIFDSProblemIFDSProblem
  25. def returnFlow(exit: JavaStatement, in: TaintFact, call: JavaStatement, successor: Option[JavaStatement], unbCallChain: Seq[Method]): Set[TaintFact]

    Taints an actual parameter, if the corresponding formal parameter was tainted in the callee.

    Taints an actual parameter, if the corresponding formal parameter was tainted in the callee. If the callee's return value was tainted and it is assigned to a variable in the callee, the variable will be tainted. If a FlowFact held in the callee, this method will be appended to a new FlowFact, which holds at this method. Creates new taints and FlowFacts, if necessary. If the sanitize method was called, nothing will be tainted.

    exit

    The statement, which terminated the analysis of the callee.

    in

    The fact which holds before the execution of the exit.

    call

    The statement, which called the callee.

    successor

    The successor statement of the call, might be None if unbalanced return.

    unbCallChain

    The current call chain of unbalanced returns.

    returns

    The facts, which hold after the execution of exit in the caller's context under the assumption that in held before the execution of exit and that successor will be executed next.

    Definition Classes
    AbstractJavaForwardTaintProblemIFDSProblem
  26. def shouldPerformUnbalancedReturn(source: (Method, IFDSFact[TaintFact, Method, JavaStatement])): Boolean

    Whether at this exit of a function, an unbalanced return should be performed.

    Whether at this exit of a function, an unbalanced return should be performed. Only if enableUnbalancedReturns == true.

    source

    the source fact of the analysis of the current function.

    returns

    true if an unbalanced return should be performed.

    Definition Classes
    IFDSProblem
  27. def subsumeFacts: Boolean

    returns

    Whether to try to subsume new facts under existing facts and save graph edges

    Definition Classes
    IFDSProblem
  28. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  29. def toString(): String
    Definition Classes
    AnyRef → Any
  30. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  31. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  32. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from TaintProblem[Method, JavaStatement, TaintFact]

Inherited from JavaForwardIFDSProblem[TaintFact]

Inherited from JavaIFDSProblem[TaintFact]

Inherited from IFDSProblem[TaintFact, Method, JavaStatement, JavaICFG]

Inherited from AnyRef

Inherited from Any

Ungrouped