private void RewriteSanitizeChannel(Channel sanitizeChannel, DirectFcnCall node)
{
//Store condition: From(sc) >= l
var storeSanitizedValue = sanitizeChannel.Label.Level >= _securityLevel.Level;
//Get sanitized value condition: To(sc) >= l ^ l >= min(C)
var getSanitizedValue = sanitizeChannel.Label.TargetLevel >= _securityLevel.Level && _securityLevel.Level >= _minInputLevel;
if (storeSanitizedValue || getSanitizedValue)
{
//determine if it should read or store a sanitized value
var function = getSanitizedValue && !_isOriginalProgram ? FunctionNames.GetSanitize : FunctionNames.StoreSanitize;
//construct a new call
var name = new TranslatedQualifiedName(new QualifiedName(new Name(function)), new Span());
var parameters = new List <ActualParam>();
parameters.Add(new ActualParam(new Span(), new LongIntLiteral(new Span(), sanitizeChannel.Id)));
parameters.Add(new ActualParam(new Span(), node));
var signature = new CallSignature(parameters, new Span());
//let factory create a new DirectFcnCall AST node.
var captureSanitizeCall = (DirectFcnCall)_factory.Call(new Span(), name, signature, node.IsMemberOf);
//visit the new call
base.VisitDirectFcnCall(captureSanitizeCall);
}
else
{
//insert default value
var defaultValue = CreateDefaultValue();
base.VisitElement(defaultValue);
}
}
public override LangElement ConstUse(Span span, TranslatedQualifiedName name)
{
if (name.OriginalName.IsSimpleName)
{
var namestr = name.OriginalName.Name.Value;
if (_defines != null && _defines.Count != 0 && _defines.TryGetValue(namestr, out string value))
{
// replace the constant use with literal:
if (long.TryParse(value, out long l))
{
return(new LongIntLiteral(span, l));
}
if (double.TryParse(value, out double d))
{
return(new DoubleLiteral(span, d));
}
if (bool.TryParse(value, out bool b))
{
return(new BoolLiteral(span, b));
}
return(new StringLiteral(span, value));
}
}
//
return(base.ConstUse(span, name));
}
private void RewriteInputChannel(Channel inputChannel, ItemUse node)
{
//only keep the input channel if it's security label >= current level
if (inputChannel.Label.Level >= _securityLevel.Level)
{
bool isSanitizeTransformation = _securityLevel.Level < _minInputLevel; //it is the sanitize transformation
bool sanitizeChannelsAvailable = _sanitizeChannels.Any();
bool doInput = _isOriginalProgram || isSanitizeTransformation || (inputChannel.Label.Level == _securityLevel.Level && !sanitizeChannelsAvailable);
var function = doInput ? FunctionNames.StoreInput : FunctionNames.GetInput;
//construct a new call to the store/get input function
var name = new TranslatedQualifiedName(new QualifiedName(new Name(function)), new Span());
var parameters = new List <ActualParam>();
parameters.Add(new ActualParam(new Span(), new LongIntLiteral(new Span(), inputChannel.Id)));
parameters.Add(new ActualParam(new Span(), node));
var signature = new CallSignature(parameters, new Span());
//let factory create a new DirectFcnCall AST node.
var storeInput = (DirectFcnCall)_factory.Call(new Span(), name, signature, node.IsMemberOf);
//visit the new call
base.VisitDirectFcnCall(storeInput);
}
else
{
//insert default value
var defaultValue = CreateDefaultValue();
base.VisitElement(defaultValue);
}
}
public virtual LangElement Call(Span span, TranslatedQualifiedName name, CallSignature signature, LangElement memberOfOpt)
{
Debug.Assert(memberOfOpt == null || memberOfOpt is Expression);
return(new DirectFcnCall(span, name, signature)
{
IsMemberOf = (Expression)memberOfOpt
});
}
public virtual LangElement Call(Span span, TranslatedQualifiedName name, CallSignature signature, LangElement memberOfOpt)
{
Debug.Assert(memberOfOpt == null || memberOfOpt is VarLikeConstructUse);
return(new DirectFcnCall(span, name, signature.Parameters, signature.GenericParams)
{
IsMemberOf = (VarLikeConstructUse)memberOfOpt
});
}
private void RewriteOutputChannel(Channel outputChannel, DirectFcnCall node)
{
//the original program (P') captures all output values
if (_isOriginalProgram || outputChannel.Label.Level == _securityLevel.Level || _securityLevel.Level < _minInputLevel)
{
var functionName = _securityLevel.Level < _minInputLevel ? FunctionNames.CaptureOutput : FunctionNames.StoreOutput;
//construct a new call to the capture output function
var name = new TranslatedQualifiedName(new QualifiedName(new Name(functionName)), new Span());
var parameters = new List <ActualParam>();
parameters.Add(new ActualParam(new Span(), new LongIntLiteral(new Span(), outputChannel.Id)));
if (node.CallSignature.Parameters.Length > 0)
{
parameters.Add(node.CallSignature.Parameters[0]);
}
var signature = new CallSignature(parameters, new Span());
//let factory create a new DirectFcnCall AST node.
var storeOutputCall = (DirectFcnCall)_factory.Call(new Span(), name, signature, node.IsMemberOf);
//visit the new call
base.VisitDirectFcnCall(storeOutputCall);
}
//performing an output to an output channel is only allowed if the current execution has the same security level
if (_isOriginalProgram || outputChannel.Label.Level == _securityLevel.Level)
{
//add a semicolon between the new call and the original call
base.VisitEmptyStmt((EmptyStmt)_factory.EmptyStmt(new Span(0, 1)));
if (!_isOriginalProgram)
{
//construct a new call to the get output function
var name = new TranslatedQualifiedName(new QualifiedName(new Name(FunctionNames.GetOutput)), new Span());
var parameters = new List <ActualParam>
{
new ActualParam(new Span(), new LongIntLiteral(new Span(), outputChannel.Id))
};
var signature = new CallSignature(parameters, new Span());
//let factory create a new DirectFcnCall AST node.
var readOutputCall = (DirectFcnCall)_factory.Call(new Span(), name, signature, node.IsMemberOf);
//replace parameter with a read_output call
node.CallSignature.Parameters[0] = new ActualParam(new Span(), readOutputCall);
//visit the original call
base.VisitDirectFcnCall(node);
}
}
}
/// <summary>Gets <c>true</c> if name corresponds to func_num_args, func_get_arg, func_get_args.</summary>
public static bool IsGetArgsOrArgsNumFunctionName(this TranslatedQualifiedName qname)
{
// func_num_args, func_get_arg, func_get_args
if (qname.OriginalName.IsSimpleName && qname.OriginalName.Name.Value.StartsWith("func_", StringComparison.OrdinalIgnoreCase))
{
if (qname.OriginalName.Name == new Name("func_num_args") ||
qname.OriginalName.Name == new Name("func_func_get_argnum_args") ||
qname.OriginalName.Name == new Name("func_get_args"))
{
return(true);
}
}
return(false);
}
public GlobalConstUse(Text.Span span, TranslatedQualifiedName name)
: base(span)
{
this._fullName = name;
}
public static bool IsAssertFunctionName(this TranslatedQualifiedName qname)
{
return(qname.OriginalName == SpecialNames.assert);
}
public virtual LangElement ConstUse(Span span, TranslatedQualifiedName name)
{
return(new GlobalConstUse(span, name));
}
public override LangElement ConstUse(Span span, TranslatedQualifiedName name) => CountLE(base.ConstUse(span, name));
public override LangElement Call(Span span, TranslatedQualifiedName name, CallSignature signature, LangElement memberOfOpt) => CountLE(base.Call(span, name, signature, memberOfOpt));
public DirectFcnCall(Text.Span span, TranslatedQualifiedName name,
IList <ActualParam> parameters, IList <TypeRef> genericParams)
: base(span, parameters, genericParams)
{
_fullName = name;
}
public DirectFcnCall(Text.Span span, TranslatedQualifiedName name, CallSignature signature)
: base(span, signature)
{
_fullName = name;
}