def get_method_invokes(self, caller, callee=None):
caller = self.get_pysoot_method(caller)
if caller is None:
return []
cls = self.p.classes[caller.class_name]
invokes = [
s[2]
for s in walk_all_statements({caller.class_name: cls}, [caller])
if is_invoke(s[2])
]
if callee:
callee = self.get_pysoot_method(callee)
if callee is None:
return []
all_invokes = list(invokes)
invokes = []
for s in all_invokes:
tmp = SweetSpotFinder.get_invoked_method(s)
if callee.class_name == tmp[0] and callee.name == tmp[
1] and callee.params == tmp[2]:
invokes.append(s)
return invokes
def get_function_setter(self, inp, filter_method):
filter_method = self.get_pysoot_method(filter_method)
if filter_method is None:
return []
bslicer = self.p.backwardslicer()
try:
bslicer.slice(inp)
except Exception as e:
log.error(str(e))
return [], [], False
bbs = [
x for x in bslicer.affected_blocks
if self.p.blocks_to_methods[x].name == filter_method.name
]
tainted_vars = bslicer.tainted_in_method(filter_method)
dd_f = []
dep_caller = False
# find those tainted variables that are tainted and returned by a function call
# consider only the blocks within the caller function
class_method = self.p.classes[filter_method.class_name]
invokes = [
s[2] for s in walk_all_statements(
{filter_method.class_name: class_method}, [filter_method])
if is_invoke(s[2])
]
for c in invokes:
if hasattr(c, 'left_op') and hasattr(
c.left_op, 'name') and c.left_op.name in tainted_vars:
tmp_m = [
c.right_op.class_name, c.right_op.method_name,
list(c.right_op.method_params), c.left_op.type
]
if tmp_m not in dd_f and tmp_m[0] in self.p.classes:
dd_f.append(tmp_m)
# consider also the caller if its parameters are tainted.
# get function parameters
first_block = filter_method.blocks[0]
for st in first_block.statements:
if hasattr(st, 'right_op') and type(
st.right_op) == pysoot.sootir.soot_value.SootParamRef:
if hasattr(st, 'left_op') and hasattr(
st.left_op,
'name') and st.left_op.name in tainted_vars:
dep_caller = True
break
return bbs, dd_f, dep_caller