Fix toString() summaries for BigDecimal/BigInteger

t1mlange · t1mlange · commit 9da1972794cc · 2023-04-26T12:29:56.000+02:00
diff --git a/soot-infoflow-summaries/summariesManual/java.math.BigDecimal.xml b/soot-infoflow-summaries/summariesManual/java.math.BigDecimal.xml
@@ -855,9 +855,7 @@
 					<from sourceSinkType="Field"
 						AccessPath="[java.math.BigDecimal: java.lang.Object value]"
 						AccessPathTypes="[java.lang.Object]" />
-					<to sourceSinkType="Return"
-						AccessPath="[java.math.BigDecimal: java.lang.Object value]"
-						AccessPathTypes="[java.lang.Object]" />
+					<to sourceSinkType="Return" />
 				</flow>
 			</flows>
 		</method>
diff --git a/soot-infoflow-summaries/summariesManual/java.math.BigInteger.xml b/soot-infoflow-summaries/summariesManual/java.math.BigInteger.xml
@@ -470,8 +470,7 @@
 				<flow isAlias="false" typeChecking="false">
 					<from sourceSinkType="Field" AccessPath="[java.math.BigInteger: java.lang.Object value]"
 						AccessPathTypes="[java.lang.Object]" />
-					<to sourceSinkType="Return" AccessPath="[java.math.BigInteger: java.lang.Object value]"
-						AccessPathTypes="[java.lang.Object]" />
+					<to sourceSinkType="Return" />
 				</flow>
 			</flows>
 		</method>
diff --git a/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/ApiClassClient.java b/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/ApiClassClient.java
@@ -3,6 +3,9 @@
 import java.io.ByteArrayOutputStream;
 import java.io.ObjectOutputStream;
 import java.io.ObjectOutputStream.PutField;
+import java.math.BigInteger;
+import java.util.HashMap;
+import java.util.Map;
 
 public class ApiClassClient {
 	public Object source() {
@@ -284,4 +287,19 @@ public void taintedFieldToString() {
 		char c = str.charAt(2);
 		sink(c);
 	}
+
+	public void bigIntegerToString() {
+		BigInteger i = new BigInteger(stringSource());
+		String str = i.toString();
+		char c = str.charAt(2);
+		sink(c);
+	}
+
+	public void mapToString() {
+		Map<String, String> map = new HashMap<>();
+		map.put("Secret", stringSource());
+		String str = map.toString();
+		char c = str.charAt(2);
+		sink(c);
+	}
 }
diff --git a/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java b/soot-infoflow-summaries/test/soot/jimple/infoflow/test/methodSummary/junit/SummaryTaintWrapperTests.java
@@ -217,6 +217,16 @@ public void taintedFieldToString() {
 		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void taintedFieldToString()>");
 	}
 
+	@Test(timeout = 30000)
+	public void bigIntegerToString() {
+		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void bigIntegerToString()>");
+	}
+
+	@Test(timeout = 30000)
+	public void mapToString() {
+		testFlowForMethod("<soot.jimple.infoflow.test.methodSummary.ApiClassClient: void mapToString()>");
+	}
+
 	@Test
 	public void testAllSummaries() throws URISyntaxException, IOException {
 		EagerSummaryProvider provider = new EagerSummaryProvider(TaintWrapperFactory.DEFAULT_SUMMARY_DIR);
