def get_method_invokes(self, caller, callee=None): caller = self.get_pysoot_method(caller) if caller is None: return [] cls = self.p.classes[caller.class_name] invokes = [ s[2] for s in walk_all_statements({caller.class_name: cls}, [caller]) if is_invoke(s[2]) ] if callee: callee = self.get_pysoot_method(callee) if callee is None: return [] all_invokes = list(invokes) invokes = [] for s in all_invokes: tmp = SweetSpotFinder.get_invoked_method(s) if callee.class_name == tmp[0] and callee.name == tmp[ 1] and callee.params == tmp[2]: invokes.append(s) return invokes
def get_function_setter(self, inp, filter_method): filter_method = self.get_pysoot_method(filter_method) if filter_method is None: return [] bslicer = self.p.backwardslicer() try: bslicer.slice(inp) except Exception as e: log.error(str(e)) return [], [], False bbs = [ x for x in bslicer.affected_blocks if self.p.blocks_to_methods[x].name == filter_method.name ] tainted_vars = bslicer.tainted_in_method(filter_method) dd_f = [] dep_caller = False # find those tainted variables that are tainted and returned by a function call # consider only the blocks within the caller function class_method = self.p.classes[filter_method.class_name] invokes = [ s[2] for s in walk_all_statements( {filter_method.class_name: class_method}, [filter_method]) if is_invoke(s[2]) ] for c in invokes: if hasattr(c, 'left_op') and hasattr( c.left_op, 'name') and c.left_op.name in tainted_vars: tmp_m = [ c.right_op.class_name, c.right_op.method_name, list(c.right_op.method_params), c.left_op.type ] if tmp_m not in dd_f and tmp_m[0] in self.p.classes: dd_f.append(tmp_m) # consider also the caller if its parameters are tainted. # get function parameters first_block = filter_method.blocks[0] for st in first_block.statements: if hasattr(st, 'right_op') and type( st.right_op) == pysoot.sootir.soot_value.SootParamRef: if hasattr(st, 'left_op') and hasattr( st.left_op, 'name') and st.left_op.name in tainted_vars: dep_caller = True break return bbs, dd_f, dep_caller