Packages

  • package root
    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package opalj

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode.

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode. OPAL is designed with performance, scalability and adaptability in mind.

    Its main components are:

    • a library (Common) which provides generally useful data-structures and algorithms for static analyses.
    • a framework for implementing lattice based static analyses (Static Analysis Infrastructure)
    • a framework for parsing Java bytecode (Bytecode Infrastructure - org.opalj.bi) that can be used to create arbitrary representations.
    • a library to create a one-to-one in-memory representation of Java bytecode (Bytecode Disassembler - org.opalj.da).
    • a library to convert this representation to Java class files (Bytecode Creator - org.opalj.bc).
    • a library to create a representation of Java bytecode that facilitates writing simple static analyses (Bytecode Representation - org.opalj.br).
    • a library to create a stackless, three-address code representation of Java bytecode that facilitates writing complex static analyses (Three Address Code - org.opalj.tac).
    • a scalable, easily customizable framework for the abstract interpretation of Java bytecode (Abstract Interpretation Framework - org.opalj.ai).
    • a library to extract dependencies between code elements (Dependencies Extraction - org.opalj.de) and to facilitate checking architecture definitions (Architecture Validation - org.opalj.av).
    • a library for the lightweight manipulation and creation of Java bytecode (Bytecode Assembler - org.opalj.ba).
    • a library for parsing Android packages (APK - org.opalj.apk).
    • libraries for writing static analyses using the interprocedural finite distributive subset (IFDS - org.opalj.ifds) and interprocedural distributive environment (IDE - org.opal.ide) algorithms.

    General Design Decisions

    Thread Safety

    Unless explicitly noted, OPAL is thread safe. I.e., the classes defined by OPAL can be considered to be thread safe unless otherwise stated. (For example, it is possible to read and process class files concurrently without explicit synchronization on the client side.)

    No null Values

    Unless explicitly noted, OPAL does not null values I.e., fields that are accessible will never contain null values and methods will never return null. If a method accepts null as a value for a parameter or returns a null value it is always explicitly documented. In general, the behavior of methods that are passed null values is undefined unless explicitly documented.

    No Typecasts for Collections

    For efficiency reasons, OPAL sometimes uses mutable data-structures internally. After construction time, these data-structures are generally represented using their generic interfaces (e.g., scala.collection.{Set,Map}). However, a downcast (e.g., to add/remove elements) is always forbidden as it would effectively prevent thread-safety.

    Assertions

    OPAL makes heavy use of Scala's Assertion Facility to facilitate writing correct code. Hence, for production builds (after thorough testing(!)) it is highly recommend to build OPAL again using -Xdisable-assertions.

    Definition Classes
    org
  • package tac

    Common definitions related to the definition and processing of three address code.

    Common definitions related to the definition and processing of three address code.

    Definition Classes
    opalj
  • package fpcf
    Definition Classes
    tac
  • package analyses
    Definition Classes
    fpcf
  • package ifds
    Definition Classes
    analyses
  • package taint
    Definition Classes
    ifds
  • AbstractJavaForwardTaintProblem
  • ArrayElement
  • FlowFact
  • InstanceField
  • JavaBackwardTaintProblem
  • StaticField
  • TaintFact
  • TaintNullFact
  • TaintProblem
  • Variable
c

org.opalj.tac.fpcf.analyses.ifds.taint

JavaBackwardTaintProblem

abstract class JavaBackwardTaintProblem extends JavaBackwardIFDSProblem[TaintFact] with TaintProblem[Method, JavaStatement, TaintFact]

Implementation of a backward taint analysis for Java code.

Source
JavaBackwardTaintProblem.scala
Linear Supertypes
TaintProblem[Method, JavaStatement, TaintFact], JavaBackwardIFDSProblem[TaintFact], JavaIFDSProblem[TaintFact], IFDSProblem[TaintFact, Method, JavaStatement, JavaICFG], AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. JavaBackwardTaintProblem
  2. TaintProblem
  3. JavaBackwardIFDSProblem
  4. JavaIFDSProblem
  5. IFDSProblem
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new JavaBackwardTaintProblem(project: SomeProject)

Type Members

  1. type OutsideAnalysisContextCallHandler = (JavaStatement, Option[JavaStatement], TaintFact, Seq[Method], Getter) => Set[TaintFact] { def apply(call: org.opalj.tac.fpcf.analyses.ide.solver.JavaStatement, successor: Option[org.opalj.tac.fpcf.analyses.ide.solver.JavaStatement], in: org.opalj.tac.fpcf.analyses.ifds.taint.TaintFact, unbCallChain: Seq[org.opalj.br.Method], dependeesGetter: org.opalj.ifds.Dependees.Getter): Set[org.opalj.tac.fpcf.analyses.ifds.taint.TaintFact] }
    Definition Classes
    IFDSProblem
  2. type OutsideAnalysisContextUnbReturnHandler = (Method, TaintFact, Seq[Method], Getter) => Unit { def apply(callee: org.opalj.br.Method, in: org.opalj.tac.fpcf.analyses.ifds.taint.TaintFact, callChain: Seq[org.opalj.br.Method], dependeesGetter: org.opalj.ifds.Dependees.Getter): Unit }
    Definition Classes
    IFDSProblem

Abstract Value Members

  1. abstract def applyFlowFactFromCallee(calleeFact: FlowFact, caller: Method, in: TaintFact, callChain: Seq[Method]): Option[FlowFact]

    Called, when a FlowFact holds at the index 0 node of a callee.

    Called, when a FlowFact holds at the index 0 node of a callee. Creates a FlowFact in the caller context if necessary.

    calleeFact

    The FlowFact, which holds at the start node of the callee.

    caller

    The caller.

    in

    the fact

    callChain

    the current call chain

    returns

    Some FlowFact, if necessary. Otherwise None.

    Attributes
    protected
  2. abstract def createFlowFactAtExit(callee: Method, in: TaintFact, unbalancedCallChain: Seq[Method]): Option[TaintFact]

    Called, when new FlowFacts are found at the analysis exit of a method.

    Called, when new FlowFacts are found at the analysis exit of a method. Creates a FlowFact in the callee context if necessary.

    callee

    The callee.

    in

    The newly found facts.

    unbalancedCallChain

    the current call chain.

    returns

    Some FlowFact, if necessary. Otherwise None.

    Definition Classes
    IFDSProblem
  3. abstract def entryPoints: Seq[(Method, IFDSFact[TaintFact, Method, JavaStatement])]

    The entry points of this analysis.

    The entry points of this analysis.

    Definition Classes
    IFDSProblem
  4. abstract def sanitizesParameter(call: JavaStatement, in: TaintFact): Boolean

    Called in callToReturnFlow.

    Called in callToReturnFlow. This method can return whether the input fact will be removed after callee was called. I.e. the method could sanitize parameters.

    call

    The call statement.

    in

    The fact which holds before the call.

    returns

    Whether in will be removed after the call.

    Attributes
    protected
    Definition Classes
    TaintProblem
  5. abstract def sanitizesReturnValue(callee: Method): Boolean

    Checks, if some callee is a sanitizer, which sanitizes its return value.

    Checks, if some callee is a sanitizer, which sanitizes its return value. In this case, no return flow facts will be created.

    callee

    The method, which was called.

    returns

    True, if the method is a sanitizer.

    Attributes
    protected
    Definition Classes
    TaintProblem

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def automaticallyPropagateNullFactInFlowFunctions: Boolean

    returns

    Whether the null Fact is automatically added to the result of every flow function where it is passed into

    Definition Classes
    IFDSProblem
  6. def callFlow(start: JavaStatement, in: TaintFact, call: JavaStatement, callee: Method): Set[TaintFact]

    If the returned value in the caller context is tainted, the returned values in the callee context will be tainted.

    If the returned value in the caller context is tainted, the returned values in the callee context will be tainted. If an actual pass-by-reference-parameter in the caller context is tainted, the formal parameter in the callee context will be tainted.

    start

    The statement, which starts the analysis of the 'callee'.

    in

    The fact which holds before the execution of the call.

    call

    The statement, which called the callee.

    callee

    The called method, for which the data flow shall be computed.

    returns

    The facts, which hold after the execution of call under the assumption that the fact in held before call and call calls callee.

    Definition Classes
    JavaBackwardTaintProblemIFDSProblem
  7. def callToReturnFlow(call: JavaStatement, in: TaintFact, successor: Option[JavaStatement], unbCallChain: Seq[Method]): Set[TaintFact]

    Adds a FlowFact, if createFlowFactAtCall creates one.

    Adds a FlowFact, if createFlowFactAtCall creates one. Removes taints according to sanitizeParamters.

    call

    The statement, which invoked the call.

    in

    The facts, which hold before the call.

    unbCallChain

    The current call chain of unbalanced returns.

    returns

    The facts, which hold after the call independently of what happens in the callee under the assumption that in held before call.

    Definition Classes
    JavaBackwardTaintProblemIFDSProblem
  8. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
  9. def createFlowFactAtCall(call: JavaStatement, in: TaintFact, callChain: Seq[Method]): Option[TaintFact]

    Called in callToReturnFlow.

    Called in callToReturnFlow. Creates a fact if necessary.

    call

    The call.

    in

    The fact, which holds before the call.

    returns

    Some fact, if necessary. Otherwise None.

    Attributes
    protected
  10. def enableUnbalancedReturns: Boolean

    returns

    Whether the analysis should follow unbalanced return flows (return of a method for which no matching previous call was processed).

    Definition Classes
    JavaBackwardTaintProblemIFDSProblem
  11. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  13. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  14. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  15. val icfg: JavaICFG
    Definition Classes
    IFDSProblem
  16. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  17. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  18. def needsPredecessor(statement: JavaStatement): Boolean
    Definition Classes
    JavaIFDSProblemIFDSProblem
  19. def normalFlow(jstmt: JavaStatement, in: TaintFact, predecessor: Option[JavaStatement]): Set[TaintFact]

    If a tainted variable gets assigned a value, this value will be tainted.

    If a tainted variable gets assigned a value, this value will be tainted.

    in

    The fact which holds before the execution of the statement.

    predecessor

    The predecessor of the analyzed statement, for which the data flow shall be computed. Used for phi statements to distinguish the flow.

    returns

    The facts, which hold after the execution of statement under the assumption that the facts in in held before statement and successor will be executed next.

    Definition Classes
    JavaBackwardTaintProblemIFDSProblem
  20. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  21. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  22. def nullFact: TaintFact

    The null fact of this analysis.

    The null fact of this analysis.

    Definition Classes
    JavaBackwardTaintProblemIFDSProblem
  23. def outsideAnalysisContextCall(callee: Method): Option[OutsideAnalysisContextCallHandler]

    If the returned value is tainted, all actual parameters will be tainted.

    If the returned value is tainted, all actual parameters will be tainted.

    callee

    The method called by call.

    returns

    The handler function. It receives the statement which invoked the call, the successor statement, which will be executed after the call and the set of input facts which hold before the call. It returns facts, which hold after the call, excluding the call to return flow.

    Definition Classes
    JavaBackwardTaintProblemJavaIFDSProblemIFDSProblem
  24. def outsideAnalysisContextUnbReturn(callee: Method): Option[OutsideAnalysisContextUnbReturnHandler]

    Checks if there are unbalanced returns outside this analysis' context.

    Checks if there are unbalanced returns outside this analysis' context. For unbalanced returns outside this analysis' context the returned handler is called to compute the return edge and trigger the callers' analyses.

    callee

    the method from which an unbalanced return is performed.

    returns

    the handler function. It receives the callee, the input fact, the existing call chain before this unbalanced return.

    Definition Classes
    JavaIFDSProblemIFDSProblem
  25. def returnFlow(exit: JavaStatement, in: TaintFact, call: JavaStatement, successor: Option[JavaStatement], unbCallChain: Seq[Method]): Set[TaintFact]

    Taints the actual parameters in the caller context if the formal parameters in the callee context were tainted.

    Taints the actual parameters in the caller context if the formal parameters in the callee context were tainted. Does not taint anything, if the sanitize method was called.

    exit

    The statement, which terminated the analysis of the callee.

    in

    The fact which holds before the execution of the exit.

    call

    The statement, which called the callee.

    successor

    The successor statement of the call, might be None if unbalanced return.

    unbCallChain

    The current call chain of unbalanced returns.

    returns

    The facts, which hold after the execution of exit in the caller's context under the assumption that in held before the execution of exit and that successor will be executed next.

    Definition Classes
    JavaBackwardTaintProblemIFDSProblem
  26. def shouldPerformUnbalancedReturn(source: (Method, IFDSFact[TaintFact, Method, JavaStatement])): Boolean

    Whether at this exit of a function, an unbalanced return should be performed.

    Whether at this exit of a function, an unbalanced return should be performed. Only if enableUnbalancedReturns == true.

    source

    the source fact of the analysis of the current function.

    returns

    true if an unbalanced return should be performed.

    Definition Classes
    IFDSProblem
  27. def subsumeFacts: Boolean

    returns

    Whether to try to subsume new facts under existing facts and save graph edges

    Definition Classes
    IFDSProblem
  28. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  29. def toString(): String
    Definition Classes
    AnyRef → Any
  30. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  31. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  32. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from TaintProblem[Method, JavaStatement, TaintFact]

Inherited from JavaBackwardIFDSProblem[TaintFact]

Inherited from JavaIFDSProblem[TaintFact]

Inherited from IFDSProblem[TaintFact, Method, JavaStatement, JavaICFG]

Inherited from AnyRef

Inherited from Any

Ungrouped