Skip to content

Commit

Permalink
Merge pull request #193 from CROSSINGTUD/fix_178
Browse files Browse the repository at this point in the history
Resolving #178
  • Loading branch information
kruegers committed Nov 17, 2019
2 parents 69a1679 + b4594f6 commit 1c4b5da
Show file tree
Hide file tree
Showing 4 changed files with 128 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,18 @@
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.stream.Collectors;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;

import boomerang.jimple.Statement;
import crypto.analysis.AlternativeReqPredicate;
import crypto.analysis.AnalysisSeedWithSpecification;
Expand Down Expand Up @@ -42,9 +45,11 @@
import crypto.rules.CryptSLSplitter;
import crypto.rules.CryptSLValueConstraint;
import crypto.typestate.CryptSLMethodToSootMethod;
import soot.Body;
import soot.IntType;
import soot.SootMethod;
import soot.Type;
import soot.Unit;
import soot.Value;
import soot.jimple.AssignStmt;
import soot.jimple.Constant;
Expand All @@ -54,6 +59,7 @@
import soot.jimple.NewExpr;
import soot.jimple.Stmt;
import soot.jimple.StringConstant;
import soot.jimple.internal.JNewArrayExpr;

public class ConstraintSolver {

Expand Down Expand Up @@ -597,7 +603,6 @@ protected Map<String, CallSiteWithExtractedValue> extractValueAsString(String va

for (ExtractedValue wrappedAllocSite : parsAndVals.get(wrappedCallSite)) {
final Stmt allocSite = wrappedAllocSite.stmt().getUnit().get();

if (wrappedCallSite.getVarName().equals(varName)) {
InvokeExpr invoker = callSite.getInvokeExpr();
if (callSite.equals(allocSite)) {
Expand All @@ -617,13 +622,43 @@ protected Map<String, CallSiteWithExtractedValue> extractValueAsString(String va
} else {
varVal.put(retrieveConstantFromValue, new CallSiteWithExtractedValue(wrappedCallSite, wrappedAllocSite));
}
} else if (wrappedAllocSite.getValue() instanceof JNewArrayExpr) {
soot.Value arrayLocal = ((AssignStmt) allocSite).getLeftOp();
varVal.putAll(extractSootArray(wrappedCallSite, wrappedAllocSite, arrayLocal));
}
}
}
}
}
return varVal;
}

/***
* Function that finds the values assigned to a soot array.
* @param callSite call site at which sootValue is involved
* @param allocSite allocation site at which sootValue is involved
* @param arrayLocal soot array local variable for which values are to be found
* @return extracted array values
*/
private Map<String, CallSiteWithExtractedValue> extractSootArray(CallSiteWithParamIndex callSite, ExtractedValue allocSite, soot.Value arrayLocal){
Body methodBody = allocSite.stmt().getMethod().getActiveBody();
Map<String, CallSiteWithExtractedValue> arrVal = Maps.newHashMap();
if (methodBody != null) {
Iterator<Unit> unitIterator = methodBody.getUnits().snapshotIterator();
while (unitIterator.hasNext()) {
final Unit unit = unitIterator.next();
if (unit instanceof AssignStmt) {
AssignStmt uStmt = (AssignStmt) (unit);
soot.Value leftValue = uStmt.getLeftOp();
soot.Value rightValue = uStmt.getRightOp();
if (leftValue.toString().contains(arrayLocal.toString()) && !rightValue.toString().contains("newarray")) {
arrVal.put(retrieveConstantFromValue(rightValue), new CallSiteWithExtractedValue(callSite, allocSite));
}
}
}
}
return arrVal;
}
}

public List<ISLConstraint> getRequiredPredicates() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,4 +115,24 @@ public void oracleExample() {
scanner.exec();
assertErrors();
}

@Test
public void sslExample() {
String mavenProjectPath = new File("../CryptoAnalysisTargets/SSLMisuseExample").getAbsolutePath();
MavenProject mavenProject = createAndCompile(mavenProjectPath);
HeadlessCryptoScanner scanner = createScanner(mavenProject);

setErrorsCount(new ErrorSpecification.Builder("<crypto.SSLExample: void MisuseOne()>")
.withTPs(ConstraintError.class, 1)
.build());
setErrorsCount(new ErrorSpecification.Builder("<crypto.SSLExample: void MisuseTwo()>")
.withTPs(ConstraintError.class, 1)
.build());
setErrorsCount(new ErrorSpecification.Builder("<crypto.SSLExample: void MisuseThree()>")
.withTPs(ConstraintError.class, 2)
.build());

scanner.exec();
assertErrors();
}
}
29 changes: 29 additions & 0 deletions CryptoAnalysisTargets/SSLMisuseExample/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>SSLMisuseExample</groupId>
<artifactId>SSLMisuseExample</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>SSLMisuseExample</name>
<url>http://maven.apache.org</url>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>

<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package crypto;
import java.security.NoSuchAlgorithmException;

import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.SSLParameters;

public class SSLExample {

public void NoMisuse() throws NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
String[] paramOne = {"TLSv1.1", "TLSv1.2"};
String[] paramTwo = {"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"};
SSLParameters params = new SSLParameters();
params.setCipherSuites(paramTwo);
params.setProtocols(paramOne);
}

public void MisuseOne() throws NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
String[] paramOne = {"IPv4", "TLSv1.2"};
String[] paramTwo = {"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"};
SSLParameters params = new SSLParameters();
params.setCipherSuites(paramTwo);
params.setProtocols(paramOne);
}

public void MisuseTwo() throws NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
String[] paramOne = {"TLSv1.1", "TLSv1.2"};
String[] paramTwo = {"TLS_ECDHE_ECDSA_WITH_AES_256_SHA_SHA384"};
SSLParameters params = new SSLParameters();
params.setCipherSuites(paramTwo);
params.setProtocols(paramOne);
}

public void MisuseThree() throws NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
String[] paramOne = {"TLSv2.1", "TLSv1.2"};
String[] paramTwo = {"TL_ECDHE_ECDSA_WITH_AES_256_SHA_SHA384"};
SSLParameters params = new SSLParameters();
params.setCipherSuites(paramTwo);
params.setProtocols(paramOne);
}

}

0 comments on commit 1c4b5da

Please sign in to comment.