Java源码示例:soot.jimple.StaticInvokeExpr
示例1
private void prepareAlarmManagerSet(Body body, InvokeStmt setStmt, SootMethodRef reportRef) {
Value oldVal = setStmt.getInvokeExpr().getArg(1);
Local longLocal = UtilInstrumenter.generateFreshLocal(body, LongType.v());
SootMethod currentTimeMillis = Scene.v().getMethod("<java.lang.System: long currentTimeMillis()>");
StaticInvokeExpr timeInvoke = Jimple.v().newStaticInvokeExpr(currentTimeMillis.makeRef());
AssignStmt timeInitalize = Jimple.v().newAssignStmt(longLocal, timeInvoke);
AddExpr addTime = Jimple.v().newAddExpr(longLocal, LongConstant.v(2000L));
AssignStmt timeAssign = Jimple.v().newAssignStmt(longLocal, addTime);
body.getUnits().insertBefore(timeInitalize, setStmt);
body.getUnits().insertBefore(timeAssign, setStmt);
InvokeExpr expr = setStmt.getInvokeExpr();
expr.setArg(0, IntConstant.v(0));
expr.setArg(1, longLocal);
// Report the change
InvokeStmt reportStmt = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(
reportRef, oldVal, longLocal));
reportStmt.addTag(new InstrumentedCodeTag());
body.getUnits().insertAfter(reportStmt, setStmt);
}
示例2
public static Unit makeJimpleStaticCallForPathExecution(String methodName, Object... args) {
SootClass sootClass = Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_PATH_EXECUTION);
Unit generated = null;
ArrayList<Type> argTypes = new ArrayList<Type>();
ArrayList<Value> argList = new ArrayList<Value>();
if (args != null) {
if (args.length % 2 != 0) {
throw new RuntimeException(
"Mismatched argument types:values in static call to "
+ methodName);
} else {
for (int i = 0; i < args.length; i++)
if (i % 2 == 0) // First type, then argument
argTypes.add((Type) args[i]);
else
argList.add((Value) args[i]);
}
}
SootMethod createAndAdd = sootClass.getMethod(methodName, argTypes);
StaticInvokeExpr sie = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), argList);
generated = Jimple.v().newInvokeStmt(sie);
return generated;
}
示例3
private void instrumentEachBranchAccess(Body body, Unit unit){
SootClass sootClass = Scene.v().getSootClass(
UtilInstrumenter.JAVA_CLASS_FOR_PATH_INSTRUMENTATION);
// Create the method invocation
SootMethod createAndAdd = sootClass.getMethod("reportConditionOutcomeSynchronous",
Collections.<Type>singletonList(BooleanType.v()));
StaticInvokeExpr sieThen = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), IntConstant.v(1));
StaticInvokeExpr sieElse = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), IntConstant.v(0));
Unit sieThenUnit = Jimple.v().newInvokeStmt(sieThen);
sieThenUnit.addTag(new InstrumentedCodeTag());
Unit sieElseUnit = Jimple.v().newInvokeStmt(sieElse);
sieElseUnit.addTag(new InstrumentedCodeTag());
//treatment of target statement ("true"-branch)
IfStmt ifStmt = (IfStmt)unit;
Stmt targetStmt = ifStmt.getTarget();
if(!branchTargetStmt.contains(targetStmt.toString())) {
branchTargetStmt.add(sieThenUnit.toString());
body.getUnits().insertBefore(sieThenUnit, targetStmt);
NopStmt nop = Jimple.v().newNopStmt();
GotoStmt gotoNop = Jimple.v().newGotoStmt(nop);
body.getUnits().insertBeforeNoRedirect(nop, targetStmt);
body.getUnits().insertBeforeNoRedirect(gotoNop, sieThenUnit);
}
//treatment of "else"-branch
body.getUnits().insertAfter(sieElseUnit, unit);
}
示例4
@Override
public void caseStaticInvokeExpr(StaticInvokeExpr v) {
//just propagate the taint value of previous statement
Stmt prevStmt = stmtVisitor.getPreviousDataFlowPathElement(currentStatement);
if(prevStmt == null)
throw new RuntimeException("there is no previous statement");
else {
//create an assignment between the incoming taint-value and the
//assigned taint-value inside the method
SMTBinding bindingPrevStmt = stmtVisitor.getBindingForTaintedValue(prevStmt);
//if there is no taint-tracking involved, we do not have to create an SMT formula
if(bindingPrevStmt == null)
return;
AccessPath accessPath = stmtVisitor.getCorrectAccessPathForStmt(currentStatement);
Local identityStmtTaintValue = accessPath.getPlainValue();
SMTBinding bindingCurentStmt = stmtVisitor.getLatestBindingForValue(identityStmtTaintValue);
if(bindingCurentStmt == null) {
bindingCurentStmt = stmtVisitor.createNewBindingForValue(identityStmtTaintValue);
stmtVisitor.addValueBindingToVariableDeclaration(identityStmtTaintValue, bindingCurentStmt);
}
if(bindingCurentStmt != bindingPrevStmt) {
SMTSimpleAssignment simpleAssignForTaintProp = new SMTSimpleAssignment(bindingCurentStmt, new SMTBindingValue(bindingPrevStmt));
SMTAssertStatement simpleAssignAssert = new SMTAssertStatement(simpleAssignForTaintProp);
stmtVisitor.addAssertStmtToAllPrograms(simpleAssignAssert);
}
this.result = bindingCurentStmt;
}
}
示例5
@Override
public void caseStaticInvokeExpr(StaticInvokeExpr sie) {
BuilderMethodReference method = DexPrinter.toMethodReference
(sie.getMethodRef(), dexFile);
List<Register> arguments = getInvokeArgumentRegs(sie);
stmtV.addInsn(buildInvokeInsn("INVOKE_STATIC", method, arguments), origStmt);
}
示例6
public void caseStaticInvokeExpr(StaticInvokeExpr expr) {
result = result.add(mgr.INITIALIZATION_ERRORS);
for (int i = 0; i < expr.getArgCount(); i++) {
result = result.add(mightThrow(expr.getArg(i)));
}
result = result.add(mightThrow(expr.getMethodRef()));
}
示例7
public static StaticInvokeExpr createJimpleStaticInvokeExpr(String javaClass, String call, List<Object> args) {
SootClass sootClass = Scene.v().getSootClass(javaClass);
ArrayList<Type> argTypes = new ArrayList<Type>();
ArrayList<Value> argList = new ArrayList<Value>();
if (args != null) {
if (args.size() % 2 != 0) {
throw new RuntimeException(
"Mismatched argument types:values in static call to "
+ call);
} else {
for (int i = 0; i < args.size(); i++)
if (i % 2 == 0) // First type, then argument
argTypes.add((Type) args.get(i));
else
argList.add((Value) args.get(i));
}
}
SootMethod createAndAdd = sootClass.getMethod(call, argTypes);
StaticInvokeExpr sie = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), argList);
log.debug("new invoke expression: "+ sie);
return sie;
}
示例8
private static void initializePeP(SootClass sc){
SootMethod onCreate = null;
log.info("add Pep initialization in class "+ sc);
for(SootMethod sm : sc.getMethods()){
if(sm.getName().equals("onCreate") &&
sm.getParameterCount() == 1 &&
sm.getParameterType(0).toString().equals("android.os.Bundle")){
onCreate = sm;
}
}
if(onCreate != null){
List<Unit> generated = new ArrayList<Unit>();
Body body = onCreate.retrieveActiveBody();
Local thisLocal = body.getThisLocal();
SootClass context = Scene.v().forceResolve("android.content.Context", SootClass.BODIES);
// SootMethod applicationContext =sc.getMethod("android.content.Context getApplicationContext()");
SootMethod applicationContext = context.getMethod("android.content.Context getApplicationContext()");
SpecialInvokeExpr virtInvExpr = Jimple.v().newSpecialInvokeExpr(thisLocal, applicationContext.makeRef());
Local applicationContextLocal = generateFreshLocal(body, RefType.v("android.content.Context"));
generated.add(Jimple.v().newAssignStmt(applicationContextLocal, virtInvExpr));
List<Object> args = new ArrayList<Object>();
args.add(RefType.v("android.content.Context"));
args.add(applicationContextLocal);
StaticInvokeExpr staticInvExpr = Instrumentation.createJimpleStaticInvokeExpr(Settings.instance.INSTRUMENTATION_HELPER_JAVA, Settings.instance.INSTRUMENTATION_HELPER_INITIALIZE_METHOD, args);
generated.add(Jimple.v().newInvokeStmt(staticInvExpr));
Unit onCreateSpecialInvoke = getSuperOnCreateUnit(body);
if(onCreateSpecialInvoke == null)
throw new RuntimeException("error: super.onCreate() statement missing in method "+ onCreate);
body.getUnits().insertAfter(generated, onCreateSpecialInvoke);
}
}
示例9
public void caseStaticInvokeExpr(StaticInvokeExpr expr) {
handleCall(expr, expr.getMethod());
}
示例10
public void caseStaticInvokeExpr(StaticInvokeExpr v) {
printInvokeExpr(v);
}
示例11
private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
if(isMethodInterComponentSink(sinkExpr.getMethod())){
SootMethod method = cfg.getMethodOf(unit);
Body body = null;
if(method.hasActiveBody())
body = method.retrieveActiveBody();
else
throw new RuntimeException("No body found!");
Set<String> sourceCategories = getDataIdList(sourceInfo);
final String hashSetType = "java.util.HashSet";
List<Unit> generated = new ArrayList<Unit>();
//HashSet initialization
Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
generated.add(assignStmt);
//constructor call
SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
generated.add(constructorCallStmt);
//add categories to HashSet
for(String cat : sourceCategories){
InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
generated.add(addCallStmt);
}
//get Intent
Value intent = sinkExpr.getArg(0);
List<Object> args = new ArrayList<Object>();
args.add(RefType.v("android.content.Intent"));
args.add(intent);
args.add(RefType.v(hashSetType));
args.add(hashSetLocal);
StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
Settings.INSTRUMENTATION_HELPER_JAVA,
"addTaintInformationToIntent",
args);
InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
generated.add(invStmt);
return generated;
}
return Collections.emptyList();
}
示例12
/**
* Computes the targets of an invoke expression using a given points-to graph.
*
* <p>For static invocations, there is only target. For instance method
* invocations, the targets depend on the type of receiver objects pointed-to
* by the instance variable whose method is being invoked.</p>
*
* <p>If the instance variable points to a summary node, then the returned
* value is <tt>null</tt> signifying a <em>default</em> call-site.</p>
*/
private Set<SootMethod> getTargets(SootMethod callerMethod, Stmt callStmt, InvokeExpr ie, PointsToGraph ptg) {
Set<SootMethod> targets = new HashSet<SootMethod>();
SootMethod invokedMethod = ie.getMethod();
String subsignature = invokedMethod.getSubSignature();
// Static and special invocations refer to the target method directly
if (ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr) {
targets.add(invokedMethod);
return targets;
} else {
assert (ie instanceof InterfaceInvokeExpr || ie instanceof VirtualInvokeExpr);
// Get the receiver
Local receiver = (Local) ((InstanceInvokeExpr) ie).getBase();
// Get what objects the receiver points-to
Set<AnyNewExpr> heapNodes = ptg.getTargets(receiver);
if (heapNodes != null) {
// For each object, find the invoked method for the declared type
for (AnyNewExpr heapNode : heapNodes) {
if (heapNode == PointsToGraph.SUMMARY_NODE) {
// If even one pointee is a summary node, then this is a default site
return null;
} else if (heapNode instanceof NewArrayExpr) {
// Probably getClass() or something like that on an array
return null;
}
// Find the top-most class that declares a method with the given
// signature and add it to the resulting targets
SootClass sootClass = ((RefType) heapNode.getType()).getSootClass();
do {
if (sootClass.declaresMethod(subsignature)) {
targets.add(sootClass.getMethod(subsignature));
break;
} else if (sootClass.hasSuperclass()) {
sootClass = sootClass.getSuperclass();
} else {
sootClass = null;
}
} while (sootClass != null);
}
}
if (targets.isEmpty()) {
// System.err.println("Warning! Null call at: " + callStmt+ " in " + callerMethod);
}
return targets;
}
}
示例13
/**
* Returns true if a method call is fixed, i.e., assuming that all classes in the Scene resemble library code,
* then client code cannot possible overwrite the called method.
* This is trivially true for InvokeStatic and InvokeSpecial, but can also hold for virtual invokes if
* all possible call targets in the library cannot be overwritten.
* @see #clientOverwriteableOverwrites(SootMethod)
*/
public static boolean isFixed(InvokeExpr ie) {
return ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr || !clientOverwriteableOverwrites(ie.getMethod());
}
