Merge branch 'develop' of github.com:secure-software-engineering/FlowDroid into develop

Author: StevenArzt

soot-infoflow-android/SourcesAndSinks.txt

@@ -306,10 +306,6 @@
 <java.io.OutputStream: void write(byte[],int,int)> -> _SINK_
 <java.io.OutputStream: void write(int)> -> _SINK_
 
-<java.io.FileOutputStream: void write(byte[])> -> _SINK_
-<java.io.FileOutputStream: void write(byte[],int,int)> -> _SINK_
-<java.io.FileOutputStream: void write(int)> -> _SINK_
-
 <java.io.Writer: void write(char[])> -> _SINK_
 <java.io.Writer: void write(char[],int,int)> -> _SINK_
 <java.io.Writer: void write(int)> -> _SINK_

soot-infoflow-android/src/soot/jimple/infoflow/android/source/AccessPathBasedSourceSinkManager.java

@@ -426,11 +426,12 @@ protected boolean isEntryPointMethod(SootMethod method) {
 	}
 
 	@Override
-	protected ISourceSinkDefinition getSinkDefinition(Stmt sCallSite, InfoflowManager manager, AccessPath ap) {
-		ISourceSinkDefinition definition = super.getSinkDefinition(sCallSite, manager, ap);
-		if (definition != null)
-			return definition;
+	protected Collection<ISourceSinkDefinition> getSinkDefinitions(Stmt sCallSite, InfoflowManager manager, AccessPath ap) {
+		Collection<ISourceSinkDefinition> definitions = super.getSinkDefinitions(sCallSite, manager, ap);
+		if (definitions.size() > 0)
+			return definitions;
 
+		HashSet<ISourceSinkDefinition> sinkDefs = new HashSet<>();
 		if (sCallSite.containsInvokeExpr()) {
 			final SootMethod callee = sCallSite.getInvokeExpr().getMethod();
 			final String subSig = callee.getSubSignature();
@@ -455,24 +456,24 @@ protected ISourceSinkDefinition getSinkDefinition(Stmt sCallSite, InfoflowManage
 					if (Scene.v().getOrMakeFastHierarchy().isSubclass(sc, clazz)) {
 						SootMethod sm = clazz.getMethodUnsafe(subSig);
 						if (sm != null) {
-							ISourceSinkDefinition def = this.sinkMethods.get(sm);
-							if (def != null)
-								return def;
+							Collection<ISourceSinkDefinition> defs = this.sinkMethods.get(sm);
+							sinkDefs.addAll(defs);
 							break;
 						}
 					}
 				}
 			}
 		}
-		return null;
+		return sinkDefs;
 	}
 
 	@Override
-	protected ISourceSinkDefinition getInverseSink(Stmt sCallSite, IInfoflowCFG cfg) {
-		ISourceSinkDefinition definition = super.getInverseSink(sCallSite, cfg);
-		if (definition != null)
+	protected Collection<ISourceSinkDefinition> getInverseSinkDefinition(Stmt sCallSite, IInfoflowCFG cfg) {
+		Collection<ISourceSinkDefinition> definition = super.getInverseSinkDefinition(sCallSite, cfg);
+		if (definition.size() > 0)
 			return definition;
 
+		HashSet<ISourceSinkDefinition> sinkDefs = new HashSet<>();
 		if (sCallSite.containsInvokeExpr()) {
 			final SootMethod callee = sCallSite.getInvokeExpr().getMethod();
 			final String subSig = callee.getSubSignature();
@@ -482,15 +483,15 @@ protected ISourceSinkDefinition getInverseSink(Stmt sCallSite, IInfoflowCFG cfg)
 				if (Scene.v().getOrMakeFastHierarchy().isSubclass(sc, clazz)) {
 					SootMethod sm = clazz.getMethodUnsafe(subSig);
 					if (sm != null) {
-						ISourceSinkDefinition def = this.sinkMethods.get(sm);
-						if (def != null)
-							return def;
+						Collection<ISourceSinkDefinition> adefs = this.sinkMethods.get(sm);
+						sinkDefs.addAll(adefs);
 						break;
 					}
 				}
 			}
 		}
-		return null;
+
+		return sinkDefs;
 	}
 
 	@Override

soot-infoflow-android/src/soot/jimple/infoflow/android/source/AndroidSourceSinkManager.java

@@ -35,6 +35,7 @@
 import soot.jimple.infoflow.sourcesSinks.definitions.MethodSourceSinkDefinition.CallType;
 import soot.jimple.infoflow.sourcesSinks.definitions.SourceSinkCondition;
 import soot.jimple.infoflow.sourcesSinks.definitions.SourceSinkType;
+import soot.util.MultiMap;
 
 /**
  * Abstract class for all Flowdroid XML parsers. Returns a Set of Methods when
@@ -265,7 +266,7 @@ protected void handleStarttagParam(Attributes attributes, String qNameLower) {
 		}
 
 		protected void handleStarttagPathelement(Attributes attributes) {
-			if (methodSignature != null && attributes != null) {
+			if (attributes != null) {
 				String tempStr = attributes.getValue(XMLConstants.FIELD_ATTRIBUTE);
 				if (tempStr != null && !tempStr.isEmpty()) {
 					pathElements.add(tempStr);
@@ -519,7 +520,7 @@ protected void handleEndtagAccesspath() {
 
 	}
 
-	protected Map<String, ISourceSinkDefinition> sourcesAndSinks;
+	protected MultiMap<String, ISourceSinkDefinition> sourcesAndSinks;
 
 	protected Set<ISourceSinkDefinition> sources = new HashSet<>();
 	protected Set<ISourceSinkDefinition> sinks = new HashSet<>();
@@ -592,10 +593,7 @@ protected void parseInputStream(InputStream stream) {
 	 * @param ssd       The source or sink definition
 	 */
 	protected void addSourceSinkDefinition(String signature, IAccessPathBasedSourceSinkDefinition ssd) {
-		if (sourcesAndSinks.containsKey(signature))
-			sourcesAndSinks.get(signature).merge(ssd);
-		else
-			sourcesAndSinks.put(signature, ssd);
+		sourcesAndSinks.put(signature, ssd);
 	}
 
 	public Set<ISourceSinkDefinition> getSources() {
@@ -622,10 +620,7 @@ public Set<ISourceSinkDefinition> getAllMethods() {
 	}
 
 	protected void addSourceSinkDefinition(String signature, ISourceSinkDefinition ssd) {
-		if (sourcesAndSinks.containsKey(signature))
-			sourcesAndSinks.get(signature).merge(ssd);
-		else
-			sourcesAndSinks.put(signature, ssd);
+		sourcesAndSinks.put(signature, ssd);
 	}
 
 	/**

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/AbstractXMLSourceSinkParser.java

@@ -30,6 +30,7 @@
 import soot.jimple.infoflow.sourcesSinks.definitions.MethodSourceSinkDefinition.CallType;
 import soot.jimple.infoflow.sourcesSinks.definitions.SourceSinkCondition;
 import soot.jimple.infoflow.sourcesSinks.definitions.SourceSinkType;
+import soot.util.HashMultiMap;
 
 /**
  * Parses informations from the new Dataformat (XML) with the help of SAX.
@@ -94,7 +95,7 @@ public static XMLSourceSinkParser fromStream(InputStream inputStream, ICategoryF
 	 * @param filter A filter for excluding certain categories of sources and sinks
 	 */
 	protected XMLSourceSinkParser(ICategoryFilter categoryFilter) {
-		this.sourcesAndSinks = new HashMap<>();
+		this.sourcesAndSinks = new HashMultiMap<>();
 		this.categoryFilter = categoryFilter;
 	}
 

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/XMLSourceSinkParser.java

@@ -1,2 +1,3 @@
 /target/
-/build/
+/build/
+/sootOutput/

soot-infoflow-android/test/soot/jimple/infoflow/android/test/droidBench/FieldSourceTest.java

@@ -19,7 +19,6 @@
 
     <build>
         <finalName>soot-infoflow-integration-classes</finalName>
-        <sourceDirectory>src</sourceDirectory>
         <testSourceDirectory>test</testSourceDirectory>
         <outputDirectory>build/classes</outputDirectory>
         <testOutputDirectory>build/testclasses</testOutputDirectory>
@@ -38,14 +37,6 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
                 <version>${maven-jar-plugin.version}</version>
-                <configuration>
-                    <archive>
-                        <manifest>
-                            <addClasspath>true</addClasspath>
-                            <mainClass>soot.jimple.infoflow.methodSummary.Main</mainClass>
-                        </manifest>
-                    </archive>
-                </configuration>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -91,6 +82,11 @@
                 <targetPath>schema</targetPath>
             </resource>
         </resources>
+        <testResources>
+            <testResource>
+                <directory>soot-infoflow-summaries/res</directory>
+            </testResource>
+        </testResources>
     </build>
 
     <dependencies>