Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inheritance aware taint analysis, extended collections support #107

Merged
merged 15 commits into from Oct 9, 2015
Merged

Inheritance aware taint analysis, extended collections support #107

merged 15 commits into from Oct 9, 2015

Conversation

formanek
Copy link
Contributor

@formanek formanek commented Oct 9, 2015

Another evolution of the taint analysis closes #98, closes #99 and fixes #106.

@formanek
Added simple real instance class tracking, tainted taint sinks confir…
9e4f361 
…med for subclasses
@formanek
Real instance class tracking used for summaries, search in superclass…
13c9d0b 
… summaries
@formanek
Better mechanism for super summaries search, interface support, confi…
804042f 
…gured summaries cleaned
@formanek
Removed unneaded configured summaries (thanks to inheritance)
ff973da
@formanek
New method summaries (lists, sets, iterators, ...), normal equals method
eb385a1
@formanek
Loading non-parametric taint from config, ListIterator, Taint setters…
ab857bd 
… made package-private
@formanek
Added method summaries for maps, Hashtable and Properties (taint deri…
632cece 
…ved properly now)
@formanek
Summaries for methods in Collection class
172dca9
@formanek
Real instance class stored in summaries and used in other methods
27f3a67
@formanek
Method arguments tainted for derived summaries too
18a309a
@formanek
Removed reliance on special default toString summary
56df55d
@formanek
Storing summaries refactored, added debug possibility to output deriv…
8cf145d 
…ed summaries
@formanek
Refactored getting super summaries
151da4c
@formanek
Summaries with default behaviour saved if super method summaries exist
d5bb68d
@formanek
Summaries not rewritten, more taint locations added to report
b368ec4
@h3xstream
Copy link
Member

I didn't had the chance to review fully the commits. But it seems good as the refactoring support all the previous tests and add new one.

High level review:

  • Not sure what this assert is doing. Probably to avoid empty catch ?
  • With the high number of configuration, it would be nice to add tests to check the sanity of the configuration (method summaries).

h3xstream added a commit that referenced this pull request Oct 9, 2015
@h3xstream
Merge pull request #107 from formanek/master
c2d4141 
Inheritance aware taint analysis, extended collections support
@h3xstream h3xstream merged commit c2d4141 into find-sec-bugs:master Oct 9, 2015
@formanek
Copy link
Contributor Author

formanek commented Oct 9, 2015

I am using assert false to indicate that something never happens (if I'm not mistaken). In this case, every implementation of Java platform is required to support UTF-8, so UnsupportedEncodingException should never be thrown. I am thinking of assert commands as inner documentation better than comments, because we are warned if the assertion doesn't hold (when running with -ea parameter), so I'm using these quite often.

Well, adding tests would be always nice, but just extending the configuration was quite time consuming and testing everything would be even worse. It's probably faster just to review them. I will rather implement new detectors and features...

@h3xstream
Copy link
Member

Perfect.
Just throwing an idea for the sanity test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@formanek @h3xstream