public TaintStatus(TaintInfo taintInfo, Analysis.FlagType flag)
{
this.tainted = taintInfo.taint;
this.priority = taintInfo.priority;
lines = getLines(taintInfo, flag);
}
public TaintStatus(TaintInfo taintInfo)
{
this.tainted = taintInfo.taint;
this.priority = taintInfo.priority;
lines = getLines(taintInfo);
}
private List <List <int> > getLines(TaintInfo info)
{
List <List <int> > result = new List <List <int> >();
if (info.point == null || info.point.Partial == null || (info.taint.allFalse() && !info.nullValue))
{
return(result);
}
int firstLine = info.point.Partial.Position.FirstLine;
foreach (TaintFlow flowPair in info.possibleTaintFlows)
{
var flow = flowPair.flow;
List <List <int> > flows = getLines(flow);
foreach (List <int> oneFlow in flows)
{
oneFlow.Add(firstLine);
}
result.AddRange(flows);
}
if (result.Count == 0)
{
result.Add(new List <int>()
{
firstLine
});
}
return(result);
}
internal static void AssertHasTaintStatus(FlowOutputSet outSet, string variableName, string assertMessage, TaintStatus taintStatus, Analysis.FlagType flag)
{
var varID = new VariableIdentifier(variableName);
var variable = outSet.GetVariable(varID);
var values = variable.ReadMemory(outSet.Snapshot).PossibleValues.ToArray();
var computedTaintStatus = new TaintStatus(false, true);
if (values.Count() == 0)
{
computedTaintStatus.priority.setAll(false);
}
foreach (var value in values)
{
if (!(value is InfoValue <TaintInfo>))
{
continue;
}
TaintInfo valueTaintInfo = (value as InfoValue <TaintInfo>).Data;
TaintStatus valueTaintStatus = new TaintStatus(valueTaintInfo, flag);
computedTaintStatus.tainted.copyTaint(true, valueTaintStatus.tainted);
computedTaintStatus.priority.copyTaint(false, valueTaintStatus.priority);
computedTaintStatus.lines.AddRange(valueTaintStatus.lines);
}
String taintStatusString = taintStatus.ToString(flag);
String computedTaintStatusString = computedTaintStatus.ToString(flag);
Assert.IsTrue(taintStatus.EqualTo(computedTaintStatus, flag), "Taint status of the taint type {0} of variable ${1} should be {2}, taint analysis computed {3}", flag, variableName, taintStatusString, computedTaintStatusString);
}
private List <List <int> > getLines(TaintInfo info, Analysis.FlagType flag)
{
List <List <int> > result = new List <List <int> >();
if ((!info.taint.get(flag) && !info.nullValue) || info.point == null || info.point.Partial == null)
{
return(result);
}
int firstLine = info.point.Partial.Position.FirstLine;
if (info.possibleTaintFlows.Count == 0)
{
result.Add(new List <int>()
{
firstLine
});
}
foreach (TaintFlow flowPair in info.possibleTaintFlows)
{
var flow = flowPair.flow;
if (!flow.taint.get(flag))
{
continue;
}
List <List <int> > flows = getLines(flow);
foreach (List <int> oneFlow in flows)
{
oneFlow.Add(firstLine);
}
result.AddRange(flows);
}
if (result.Count == 0)
{
result.Add(new List <int>()
{
firstLine
});
}
return(result);
}
