Merge branch 'develop' of github.com:secure-software-engineering/FlowDroid into develop

Author: StevenArzt

soot-infoflow-android/src/soot/jimple/infoflow/android/InfoflowAndroidConfiguration.java

@@ -698,6 +698,7 @@ public static enum CallbackAnalyzer {
 	private final AnalysisFileConfiguration analysisFileConfig = new AnalysisFileConfiguration();
 
 	private boolean mergeDexFiles = false;
+	private static boolean createActivityEntryMethods = true;
 
 	public InfoflowAndroidConfiguration() {
 		// We need to adapt some of the defaults. Most people don't care about
@@ -722,6 +723,7 @@ public void merge(InfoflowConfiguration config) {
 			this.analysisFileConfig.merge(androidConfig.analysisFileConfig);
 
 			this.mergeDexFiles = androidConfig.mergeDexFiles;
+			this.createActivityEntryMethods = androidConfig.createActivityEntryMethods;
 		}
 	}
 
@@ -806,6 +808,27 @@ public void setMergeDexFiles(boolean mergeDexFiles) {
 		this.mergeDexFiles = mergeDexFiles;
 	}
 
+	/**
+	 * Gets if Flowdroid should create new Methods when creating the Activity Entry
+	 * point
+	 * 
+	 * @return true/false
+	 */
+	public static boolean getCreateActivityEntryMethods() {
+		return createActivityEntryMethods;
+	}
+
+	/**
+	 * Sets if Flow Flowdroid should create new Methods when creating the Activity
+	 * Entry point
+	 * 
+	 * @param createActivityEntryMethods boolean that is true if Methods should be
+	 *                                   created
+	 */
+	public static void setCreateActivityEntryMethods(boolean createActivityEntryMethods) {
+		InfoflowAndroidConfiguration.createActivityEntryMethods = createActivityEntryMethods;
+	}
+
 	@Override
 	public int hashCode() {
 		final int prime = 31;

soot-infoflow-android/src/soot/jimple/infoflow/android/SetupApplication.java

@@ -35,6 +35,7 @@
 import soot.PackManager;
 import soot.Scene;
 import soot.SootClass;
+import soot.SootField;
 import soot.SootMethod;
 import soot.Unit;
 import soot.jimple.Stmt;
@@ -80,6 +81,7 @@
 import soot.jimple.infoflow.config.IInfoflowConfig;
 import soot.jimple.infoflow.data.Abstraction;
 import soot.jimple.infoflow.data.FlowDroidMemoryManager.PathDataErasureMode;
+import soot.jimple.infoflow.entryPointCreators.SimulatedCodeElementTag;
 import soot.jimple.infoflow.handlers.PostAnalysisHandler;
 import soot.jimple.infoflow.handlers.PreAnalysisHandler;
 import soot.jimple.infoflow.handlers.ResultsAvailableHandler;
@@ -1897,4 +1899,28 @@ public void setValueProvider(IValueProvider valueProvider) {
 		this.valueProvider = valueProvider;
 	}
 
+	/**
+	 * Removes all simulated code elements generated during entry point creation and
+	 * ICC instrumentation from the Soot Scene
+	 */
+	public void removeSimulatedCodeElements() {
+		for (Iterator<SootClass> scIt = Scene.v().getClasses().iterator(); scIt.hasNext();) {
+			SootClass sc = scIt.next();
+			if (sc.hasTag(SimulatedCodeElementTag.TAG_NAME))
+				scIt.remove();
+			else {
+				for (Iterator<SootMethod> smIt = sc.getMethods().iterator(); smIt.hasNext();) {
+					SootMethod sm = smIt.next();
+					if (sm.hasTag(SimulatedCodeElementTag.TAG_NAME))
+						smIt.remove();
+				}
+				for (Iterator<SootField> sfIt = sc.getFields().iterator(); sfIt.hasNext();) {
+					SootField sf = sfIt.next();
+					if (sf.hasTag(SimulatedCodeElementTag.TAG_NAME))
+						sfIt.remove();
+				}
+			}
+		}
+	}
+
 }

soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/filters/ApplicationCallbackFilter.java

@@ -25,8 +25,7 @@ public class ApplicationCallbackFilter extends AbstractCallbackFilter {
 	/**
 	 * Creates a new instance of the {@link ApplicationCallbackFilter} class
 	 * 
-	 * @param entrypoints
-	 *            The set of entry points into the app
+	 * @param entrypoints The set of entry points into the app
 	 */
 	public ApplicationCallbackFilter(Set<SootClass> entrypoints) {
 		this(getApplicationClass(entrypoints));
@@ -35,14 +34,14 @@ public ApplicationCallbackFilter(Set<SootClass> entrypoints) {
 	/**
 	 * Scans through the list of entry points and finds the application class
 	 * 
-	 * @param entrypoints
-	 *            A set containing all entry points in the current app
+	 * @param entrypoints A set containing all entry points in the current app
 	 * @return The name of the application class if one exists, otherwise null
 	 */
 	private static String getApplicationClass(Set<SootClass> entrypoints) {
 		SootClass scApplication = Scene.v().getSootClassUnsafe("android.app.Application");
 		for (SootClass sc : entrypoints) {
-			if (sc != null && Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scApplication.getType())) {
+			if (sc != null && scApplication != null
+					&& Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scApplication.getType())) {
 				return sc.getName();
 			}
 		}
@@ -52,8 +51,7 @@ private static String getApplicationClass(Set<SootClass> entrypoints) {
 	/**
 	 * Creates a new instance of the {@link ApplicationCallbackFilter} class
 	 * 
-	 * @param applicationClass
-	 *            The class extending android.app.Application
+	 * @param applicationClass The class extending android.app.Application
 	 */
 	public ApplicationCallbackFilter(String applicationClass) {
 		super();

soot-infoflow-android/src/soot/jimple/infoflow/android/entryPointCreators/components/ActivityEntryPointCreator.java

@@ -23,6 +23,7 @@
 import soot.jimple.JimpleBody;
 import soot.jimple.NopStmt;
 import soot.jimple.Stmt;
+import soot.jimple.infoflow.android.InfoflowAndroidConfiguration;
 import soot.jimple.infoflow.android.entryPointCreators.AndroidEntryPointConstants;
 import soot.jimple.infoflow.android.manifest.IManifestHandler;
 import soot.jimple.infoflow.cfg.LibraryClassPatcher;
@@ -228,9 +229,12 @@ protected void createAdditionalFields() {
 
 	@Override
 	protected void createAdditionalMethods() {
-		createGetIntentMethod();
-		createSetIntentMethod();
-		createSetResultMethod();
+		if (InfoflowAndroidConfiguration.getCreateActivityEntryMethods()) {
+
+			createGetIntentMethod();
+			createSetIntentMethod();
+			createSetResultMethod();
+		}
 	}
 
 	/**

soot-infoflow-android/src/soot/jimple/infoflow/android/manifest/IManifestHandler.java

@@ -6,6 +6,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 import soot.jimple.infoflow.util.SystemClassHandler;
 
@@ -104,6 +105,12 @@ public default Set<String> getEntryPointClasses() {
 		for (IAndroidComponent node : getAllComponents())
 			checkAndAddComponent(entryPoints, node);
 
+		if (entryPoints.isEmpty()){
+			//if no entry point is detected at all, the app is likely be malware, add all components
+			List<IAndroidComponent> allEnabled = getAllComponents().stream().filter(c -> c.isEnabled()).collect(Collectors.toList());
+			allEnabled.forEach(e->entryPoints.add(e.getNameString()));
+		}
+
 		if (app != null) {
 			String appName = app.getName();
 			if (appName != null && !appName.isEmpty())

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/generator/SummaryGenerationTaintWrapper.java

@@ -81,6 +81,8 @@ public Set<Abstraction> getTaintsForMethod(Stmt stmt, Abstraction d1, Abstractio
 
 		// Do create the gap
 		GapDefinition gap = gapManager.getOrCreateGapForCall(summaries, stmt);
+		if (gap == null)
+			return Collections.singleton(taintedPath);
 
 		// Produce a continuation
 		res = new HashSet<Abstraction>();

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/generator/SummaryGenerator.java

@@ -613,10 +613,7 @@ protected MethodSummaries createMethodSummary(String classpath, final String met
 		logger.info(String.format("Computing method summary for %s...", methodSig));
 		long nanosBeforeMethod = System.nanoTime();
 
-		final SourceSinkFactory sourceSinkFactory = new SourceSinkFactory(
-				config.getAccessPathConfiguration().getAccessPathLength());
-		final SummarySourceSinkManager sourceSinkManager = new SummarySourceSinkManager(methodSig, parentClass,
-				sourceSinkFactory);
+		final SummarySourceSinkManager sourceSinkManager = createSourceSinkManager(methodSig, parentClass);
 		final MethodSummaries summaries = new MethodSummaries();
 
 		final SummaryInfoflow infoflow = initInfoflow(summaries, gapManager);
@@ -644,10 +641,10 @@ public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
 				InfoflowResultPostProcessor processor;
 				if (infoflow.getManager() != null)
 					processor = new InfoflowResultPostProcessor(listener.getResult(), infoflow.getManager(), methodSig,
-							sourceSinkFactory, gapManager);
+							sourceSinkManager.getSourceSinkFactory(), gapManager);
 				else
 					processor = new InfoflowResultPostProcessor(listener.getResult(), infoflow.getConfig(), methodSig,
-							sourceSinkFactory, gapManager);
+							sourceSinkManager.getSourceSinkFactory(), gapManager);
 				processor.postProcess(summaries);
 
 				if (resultHandler != null)
@@ -669,6 +666,21 @@ public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
 		return summaries;
 	}
 
+	/**
+	 * Creates the source/sink manager for introducing new sources and sinks into
+	 * the taint analysis
+	 * 
+	 * @param methodSig   The signature of the method for which to create sources
+	 *                    and sinks, i.e., the method to be summarized
+	 * @param parentClass The class that contains the method to summarize
+	 * @return The new {@link SummarySourceSinkManager}
+	 */
+	protected SummarySourceSinkManager createSourceSinkManager(final String methodSig, final String parentClass) {
+		final SourceSinkFactory sourceSinkFactory = new SourceSinkFactory(
+				config.getAccessPathConfiguration().getAccessPathLength());
+		return new SummarySourceSinkManager(methodSig, parentClass, sourceSinkFactory);
+	}
+
 	private BaseEntryPointCreator createEntryPoint(Collection<String> entryPoints, String parentClass) {
 		SequentialEntryPointCreator dEntryPointCreater = new SequentialEntryPointCreator(entryPoints);
 

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/generator/gaps/NullGapManager.java

@@ -0,0 +1,56 @@
+package soot.jimple.infoflow.methodSummary.generator.gaps;
+
+import java.util.Collection;
+import java.util.Set;
+
+import soot.Local;
+import soot.jimple.Stmt;
+import soot.jimple.infoflow.data.Abstraction;
+import soot.jimple.infoflow.methodSummary.data.summary.GapDefinition;
+import soot.jimple.infoflow.methodSummary.data.summary.MethodSummaries;
+import soot.jimple.infoflow.solver.cfg.IInfoflowCFG;
+
+/**
+ * A pseudo gap manager that never creates any gaps
+ * 
+ * @author Steven Arzt
+ *
+ */
+public class NullGapManager implements IGapManager {
+
+	@Override
+	public GapDefinition getOrCreateGapForCall(MethodSummaries flows, Stmt gapCall) {
+		return null;
+	}
+
+	@Override
+	public GapDefinition getGapForCall(Stmt gapCall) {
+		return null;
+	}
+
+	@Override
+	public boolean isLocalReferencedInGap(Local local) {
+		return false;
+	}
+
+	@Override
+	public Set<GapDefinition> getGapDefinitionsForLocalUse(Local local) {
+		return null;
+	}
+
+	@Override
+	public Set<GapDefinition> getGapDefinitionsForLocalDef(Local local) {
+		return null;
+	}
+
+	@Override
+	public boolean needsGapConstruction(Stmt stmt, Abstraction abs, IInfoflowCFG icfg) {
+		return false;
+	}
+
+	@Override
+	public Collection<Stmt> getAllGapStmts() {
+		return null;
+	}
+
+}

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/postProcessor/InfoflowResultPostProcessor.java

@@ -161,14 +161,6 @@ public Thread newThread(Runnable r) {
 					// Reconstruct the sources
 					for (Stmt stmt : collectedAbstractions.get(a)) {
 						abstractionCount++;
-
-						// If this abstraction is directly the source abstraction,
-						// we do not
-						// need to construct paths
-						if (a.getSourceContext() != null) {
-							continue;
-						}
-
 						for (SummaryResultInfo si : pathBuilder.getResultInfos()) {
 							final AccessPath sourceAP = si.getSourceInfo().getAccessPath();
 							final AccessPath sinkAP = si.getSinkInfo().getAccessPath();