Add value support to RIVER

soot-infoflow-android/schema/SourcesAndSinks.xsd

@@ -96,6 +96,29 @@
     </xs:simpleContent>
 </xs:complexType>
 
+<xs:complexType name="valueParam">
+  <xs:simpleContent>
+     <xs:extension base="xs:string">
+      <xs:attribute name="index" type="xs:int" use="required"/>
+	  <xs:attribute name="regex" type="xs:boolean" use="optional" default="false"/>
+	  <xs:attribute name="caseSensitive" type="xs:boolean" use="optional" default="false"/>
+    </xs:extension>
+ </xs:simpleContent>
+
+</xs:complexType>
+
+<xs:complexType name="valueOnPath">
+	<xs:sequence>
+		<xs:choice minOccurs="1" maxOccurs="unbounded">
+			<xs:element name="param" type="valueParam" minOccurs="0" maxOccurs="unbounded" />
+		</xs:choice>
+	</xs:sequence>
+	<xs:attribute name="invocation" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:complexType name="turnAround">
+	<xs:attribute name="invocation" type="xs:string" use="required"/>
+</xs:complexType>
 <xs:complexType name="additionalFlowConditionType">
 	<xs:sequence>
 		<xs:choice minOccurs="1" maxOccurs="unbounded">
@@ -109,6 +132,8 @@
 					<xs:attribute name="className" type="xs:string" />
 				</xs:complexType>
 			</xs:element>
+	        <xs:element name="valueOnPath" type="valueOnPath" />
+	        <xs:element name="turnAround" type="turnAround" />
 		</xs:choice>
 		<xs:choice minOccurs="0" maxOccurs="unbounded">
 			<xs:element name="excludeClassName">

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/AbstractXMLSourceSinkParser.java

@@ -24,6 +24,8 @@
 import soot.jimple.infoflow.android.data.AndroidMethod;
 import soot.jimple.infoflow.android.data.CategoryDefinition;
 import soot.jimple.infoflow.data.AbstractMethodAndClass;
+import soot.jimple.infoflow.data.ValueOnPath;
+import soot.jimple.infoflow.data.ValueOnPath.Parameter;
 import soot.jimple.infoflow.river.conditions.SignatureFlowCondition;
 import soot.jimple.infoflow.sourcesSinks.definitions.AccessPathTuple;
 import soot.jimple.infoflow.sourcesSinks.definitions.FieldSourceSinkDefinition;
@@ -112,11 +114,15 @@ protected class SAXHandler extends DefaultHandler {
 
 		protected ICategoryFilter categoryFilter = null;
 
+		private Set<String> turnAroundPaths;
 		private Set<String> signaturesOnPath = new HashSet<>();
 		private Set<String> classNamesOnPath = new HashSet<>();
+		private Set<ValueOnPath> valuesOnPath = new HashSet<>();
 
 		private Set<String> excludedClassNames = new HashSet<>();
 		private Set<SourceSinkCondition> conditions = new HashSet<>();
+		private ValueOnPath vop;
+		private Parameter param;
 
 		public SAXHandler() {
 		}
@@ -177,10 +183,18 @@ public void startElement(String uri, String localName, String qName, Attributes
 				handleStarttagSignatureOnPath(attributes);
 				break;
 
+			case XMLConstants.VALUE_ON_PATH_TAG:
+				handleStarttagValueOnPath(attributes);
+				break;
+
 			case XMLConstants.CLASS_NAME_ON_PATH_TAG:
 				handleStarttagClassNameOnPath(attributes);
 				break;
 
+			case XMLConstants.TURN_AROUND_TAG:
+				handleStarttagTurnAround(attributes);
+				break;
+
 			case XMLConstants.EXCLUDE_CLASS_NAME_TAG:
 				handleStarttagExcludeClassName(attributes);
 				break;
@@ -254,6 +268,22 @@ protected void handleStarttagAccesspath(Attributes attributes) {
 		}
 
 		protected void handleStarttagParam(Attributes attributes, String qNameLower) {
+			if (vop != null) {
+				String tempStr = attributes.getValue(XMLConstants.INDEX_ATTRIBUTE);
+				if (tempStr != null && !tempStr.isEmpty())
+					paramIndex = Integer.parseInt(tempStr);
+				tempStr = attributes.getValue(XMLConstants.REGEX_ATTRIBUTE);
+				boolean regex = false;
+				if (tempStr != null && !tempStr.isEmpty())
+					regex = Boolean.parseBoolean(tempStr);
+				tempStr = attributes.getValue(XMLConstants.CASE_SENSITIVE_ATTRIBUTE);
+				boolean casesensitive = false;
+				if (tempStr != null && !tempStr.isEmpty())
+					casesensitive = Boolean.parseBoolean(tempStr);
+				param = new ValueOnPath.Parameter(paramIndex, regex, casesensitive);
+				vop.add(param);
+				return;
+			}
 			if ((methodSignature != null || fieldSignature != null) && attributes != null) {
 				String tempStr = attributes.getValue(XMLConstants.INDEX_ATTRIBUTE);
 				if (tempStr != null && !tempStr.isEmpty())
@@ -290,6 +320,25 @@ protected void handleStarttagSignatureOnPath(Attributes attributes) {
 			}
 		}
 
+		protected void handleStarttagValueOnPath(Attributes attributes) {
+			String invocation = getStringAttribute(attributes, XMLConstants.INVOCATION_ATTRIBUTE);
+			if (invocation != null) {
+				if (valuesOnPath == null)
+					valuesOnPath = new HashSet<>();
+				vop = new ValueOnPath("<" + invocation + ">");
+				valuesOnPath.add(vop);
+			}
+		}
+
+		protected void handleStarttagTurnAround(Attributes attributes) {
+			String invocationName = getStringAttribute(attributes, XMLConstants.INVOCATION_ATTRIBUTE);
+			if (invocationName != null) {
+				if (turnAroundPaths == null)
+					turnAroundPaths = new HashSet<>();
+				turnAroundPaths.add(invocationName);
+			}
+		}
+
 		protected void handleStarttagClassNameOnPath(Attributes attributes) {
 			String className = getStringAttribute(attributes, XMLConstants.CLASS_NAME_ATTRIBUTE);
 			if (className != null) {
@@ -331,6 +380,10 @@ private String parseSignature(Attributes attributes) {
 		 **/
 		@Override
 		public void characters(char[] ch, int start, int length) throws SAXException {
+			if (param != null) {
+				param.setContentToMatch(new String(ch, start, length));
+				param = null;
+			}
 		}
 
 		/**
@@ -391,15 +444,18 @@ public void endElement(String uri, String localName, String qName) throws SAXExc
 				accessPathParentElement = "";
 				paramIndex = -1;
 				paramTypes.clear();
+				vop = null;
+				param = null;
 				break;
 
 			case XMLConstants.ADDITIONAL_FLOW_CONDITION_TAG:
-				if (!classNamesOnPath.isEmpty() || !signaturesOnPath.isEmpty()) {
+				if (!classNamesOnPath.isEmpty() || !signaturesOnPath.isEmpty() || !valuesOnPath.isEmpty()) {
 					SignatureFlowCondition additionalFlowCondition = new SignatureFlowCondition(classNamesOnPath,
-							signaturesOnPath, excludedClassNames);
+							signaturesOnPath, valuesOnPath, excludedClassNames);
 					// Reset both for a new condition
 					classNamesOnPath = new HashSet<>();
 					signaturesOnPath = new HashSet<>();
+					valuesOnPath = new HashSet<>();
 
 					excludedClassNames = new HashSet<>();
 
@@ -422,7 +478,8 @@ protected void handleEndtagMethod() {
 					if (tempMeth != null) {
 						@SuppressWarnings("unchecked")
 						ISourceSinkDefinition ssd = createMethodSourceSinkDefinition(tempMeth, baseAPs,
-								paramAPs.toArray(new Set[paramAPs.size()]), returnAPs, callType, category, conditions);
+								paramAPs.toArray(new Set[paramAPs.size()]), returnAPs, callType, category, conditions,
+								turnAroundPaths);
 						addSourceSinkDefinition(methodSignature, ssd);
 					} else {
 						logger.error("Invalid method signature: " + methodSignature);
@@ -431,6 +488,7 @@ protected void handleEndtagMethod() {
 			}
 
 			// Start a new method and discard our old data
+			turnAroundPaths = null;
 			methodSignature = null;
 			fieldSignature = null;
 			baseAPs = new HashSet<>();
@@ -666,23 +724,25 @@ protected abstract ISourceSinkDefinition createMethodSourceSinkDefinition(Abstra
 	/**
 	 * Factory method for {@link MethodSourceSinkDefinition} instances
 	 *
-	 * @param method     The method that is to be defined as a source or sink
-	 * @param baseAPs    The access paths rooted in the base object that shall be
-	 *                   considered as sources or sinks
-	 * @param paramAPs   The access paths rooted in parameters that shall be
-	 *                   considered as sources or sinks. The index in the set
-	 *                   corresponds to the index of the formal parameter to which
-	 *                   the respective set of access paths belongs.
-	 * @param returnAPs  The access paths rooted in the return object that shall be
-	 *                   considered as sources or sinks
-	 * @param callType   The type of call (normal call, callback, etc.)
-	 * @param conditions Conditions which has to be true for the definition to be
-	 *                   valid
+	 * @param method          The method that is to be defined as a source or sink
+	 * @param baseAPs         The access paths rooted in the base object that shall
+	 *                        be considered as sources or sinks
+	 * @param paramAPs        The access paths rooted in parameters that shall be
+	 *                        considered as sources or sinks. The index in the set
+	 *                        corresponds to the index of the formal parameter to
+	 *                        which the respective set of access paths belongs.
+	 * @param returnAPs       The access paths rooted in the return object that
+	 *                        shall be considered as sources or sinks
+	 * @param callType        The type of call (normal call, callback, etc.)
+	 * @param conditions      Conditions which has to be true for the definition to
+	 *                        be valid
+	 * @param turnAroundPaths a set of turn around path method invocations
 	 * @return The newly created {@link MethodSourceSinkDefinition} instance
 	 */
 	protected abstract ISourceSinkDefinition createMethodSourceSinkDefinition(AbstractMethodAndClass method,
 			Set<AccessPathTuple> baseAPs, Set<AccessPathTuple>[] paramAPs, Set<AccessPathTuple> returnAPs,
-			CallType callType, ISourceSinkCategory category, Set<SourceSinkCondition> conditions);
+			CallType callType, ISourceSinkCategory category, Set<SourceSinkCondition> conditions,
+			Set<String> turnAroundPaths);
 
 	/**
 	 * Reads the method or field signature from the given attribute map

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/XMLConstants.java

@@ -18,13 +18,16 @@ public class XMLConstants {
 	public static final String ACCESSPATH_TAG = "accesspath";
 	public static final String PATHELEMENT_TAG = "pathelement";
 	public static final String ADDITIONAL_FLOW_CONDITION_TAG = "additionalflowcondition";
+	public static final String TURN_AROUND_TAG = "turnaround";
 	public static final String SIGNATURE_ON_PATH_TAG = "signatureonpath";
+	public static final String VALUE_ON_PATH_TAG = "valueonpath";
 	public static final String CLASS_NAME_ON_PATH_TAG = "classnameonpath";
 	public static final String CLASS_NAME_ATTRIBUTE = "className";
 	public static final String EXCLUDE_CLASS_NAME_TAG = "excludeclassname";
 
 	public static final String ID_ATTRIBUTE = "id";
 	public static final String SIGNATURE_ATTRIBUTE = "signature";
+	public static final String INVOCATION_ATTRIBUTE = "invocation";
 	public static final String CALL_TYPE = "callType";
 	public static final String TYPE_ATTRIBUTE = "type";
 	public static final String INDEX_ATTRIBUTE = "index";
@@ -33,6 +36,8 @@ public class XMLConstants {
 	public static final String LENGTH_ATTRIBUTE = "length";
 	public static final String FIELD_ATTRIBUTE = "field";
 	public static final String DESCRIPTION_ATTRIBUTE = "description";
+	public static final String REGEX_ATTRIBUTE = "regex";
+	public static final String CASE_SENSITIVE_ATTRIBUTE = "caseSensitive";
 
 	public static final String TRUE = "true";
 

soot-infoflow-android/src/soot/jimple/infoflow/android/source/parsers/xml/XMLSourceSinkParser.java

@@ -212,13 +212,17 @@ protected ISourceSinkDefinition createMethodSourceSinkDefinition(AbstractMethodA
 		return null;
 	}
 
+	@Override
 	protected ISourceSinkDefinition createMethodSourceSinkDefinition(AbstractMethodAndClass method,
 			Set<AccessPathTuple> baseAPs, Set<AccessPathTuple>[] paramAPs, Set<AccessPathTuple> returnAPs,
-			CallType callType, ISourceSinkCategory category, Set<SourceSinkCondition> conditions) {
+			CallType callType, ISourceSinkCategory category, Set<SourceSinkCondition> conditions,
+			Set<String> turnAround) {
 		ISourceSinkDefinition ssdef = createMethodSourceSinkDefinition(method, baseAPs, paramAPs, returnAPs, callType,
 				category);
 		if (ssdef != null)
 			ssdef.setConditions(conditions);
+		if (turnAround != null)
+			ssdef.setTurnArounds(turnAround);
 		return ssdef;
 	}
 

soot-infoflow-cmd/schema/SourcesAndSinks.xsd

@@ -50,6 +50,7 @@
 	<xs:restriction base="xs:string">
 		<xs:enumeration value="methodCall" />
 		<xs:enumeration value="callback" />
+		<xs:enumeration value="return" />
 	</xs:restriction>
 </xs:simpleType>
 
@@ -95,6 +96,29 @@
     </xs:simpleContent>
 </xs:complexType>
 
+<xs:complexType name="valueParam">
+  <xs:simpleContent>
+     <xs:extension base="xs:string">
+      <xs:attribute name="index" type="xs:int" use="required"/>
+	  <xs:attribute name="regex" type="xs:boolean" use="optional" default="false"/>
+	  <xs:attribute name="caseSensitive" type="xs:boolean" use="optional" default="false"/>
+    </xs:extension>
+ </xs:simpleContent>
+
+</xs:complexType>
+
+<xs:complexType name="valueOnPath">
+	<xs:sequence>
+		<xs:choice minOccurs="1" maxOccurs="unbounded">
+			<xs:element name="param" type="valueParam" minOccurs="0" maxOccurs="unbounded" />
+		</xs:choice>
+	</xs:sequence>
+	<xs:attribute name="invocation" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:complexType name="turnAround">
+	<xs:attribute name="invocation" type="xs:string" use="required"/>
+</xs:complexType>
 <xs:complexType name="additionalFlowConditionType">
 	<xs:sequence>
 		<xs:choice minOccurs="1" maxOccurs="unbounded">
@@ -108,9 +132,22 @@
 					<xs:attribute name="className" type="xs:string" />
 				</xs:complexType>
 			</xs:element>
+	        <xs:element name="valueOnPath" type="valueOnPath" />
+	        <xs:element name="turnAround" type="turnAround" />
+		</xs:choice>
+		<xs:choice minOccurs="0" maxOccurs="unbounded">
+			<xs:element name="excludeClassName">
+				<xs:complexType>
+					<xs:attribute name="className" type="xs:string" />
+				</xs:complexType>
+			</xs:element>
 		</xs:choice>
 	</xs:sequence>
 </xs:complexType>
 
 
+
+
+
+
 </xs:schema>

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/handler/SummaryTaintPropagationHandler.java

@@ -16,6 +16,7 @@
 import soot.jimple.infoflow.handlers.TaintPropagationHandler;
 import soot.jimple.infoflow.methodSummary.generator.gaps.GapManager;
 import soot.jimple.infoflow.methodSummary.generator.gaps.IGapManager;
+import soot.jimple.infoflow.problems.TaintPropagationResults;
 import soot.jimple.infoflow.solver.cfg.IInfoflowCFG;
 import soot.util.ConcurrentHashMultiMap;
 import soot.util.MultiMap;
@@ -201,7 +202,7 @@ protected void addResult(Abstraction abs, Stmt stmt) {
 
 	@Override
 	public boolean notifyFlowOut(Unit u, Abstraction d1, Abstraction incoming, Set<Abstraction> outgoing,
-			InfoflowManager manager, FlowFunctionType type) {
+			InfoflowManager manager, TaintPropagationResults results, FlowFunctionType type) {
 		// Do not propagate through excluded methods
 		SootMethod sm = manager.getICFG().getMethodOf(u);
 		if (excludedMethods.contains(sm)) {