Added cross-chain policy support and refactored Bridge initialization

Author: merendamattia

scripts/python/benchmark-checkers/cross-chain/smartaxe/manually-labeled/THORChain20210629/cross-chain-policy.json

@@ -0,0 +1,76 @@
+{
+  "policy": [
+    {
+      "event": "Deposit",
+      "function": "deposit"
+    },
+    {
+      "event": "Deposit",
+      "function": "depositWithExpiry"
+    },
+    {
+      "event": "TransferOut",
+      "function": "transferOut"
+    },
+    {
+      "event": "TransferOut",
+      "function": "batchTransferOut"
+    },
+    {
+      "event": "TransferAllowance",
+      "function": "transferAllowance"
+    },
+    {
+      "event": "VaultTransfer",
+      "function": "returnVaultAssets"
+    },
+    {
+      "event": "TransferOutAndCall",
+      "function": "transferOutAndCall"
+    },
+    {
+      "event": "Outbound",
+      "function": "transferOut"
+    },
+    {
+      "event": "Deposited",
+      "function": "depositIncentives"
+    },
+    {
+      "event": "Deposited",
+      "function": "depositBatchIncentives"
+    },
+    {
+      "event": "Deposited",
+      "function": "_depositAndSync"
+    },
+    {
+      "event": "Transfer",
+      "function": "_transfer"
+    },
+    {
+      "event": "Transfer",
+      "function": "_mint"
+    },
+    {
+      "event": "Transfer",
+      "function": "_burn"
+    },
+    {
+      "event": "Approval",
+      "function": "_approve"
+    },
+    {
+      "event": "OwnershipTransferred",
+      "function": "constructor"
+    },
+    {
+      "event": "OwnershipTransferred",
+      "function": "renounceOwnership"
+    },
+    {
+      "event": "OwnershipTransferred",
+      "function": "transferOwnership"
+    }
+  ]
+}

src/main/java/it/unipr/EVMLiSA.java

@@ -192,9 +192,14 @@ private void go(String[] args) {
 		if (cmd.hasOption("cross-chain-analysis")
 				&& cmd.hasOption("bytecode-directory-path")
 				&& cmd.hasOption("abi-directory-path")) {
+			Path policyPath = null;
+			if (cmd.hasOption("cross-chain-policy"))
+				policyPath = Path.of(cmd.getOptionValue("cross-chain-policy"));
+
 			xEVMLiSA.runAnalysis(
 					Path.of(cmd.getOptionValue("bytecode-directory-path")),
-					Path.of(cmd.getOptionValue("abi-directory-path")));
+					Path.of(cmd.getOptionValue("abi-directory-path")),
+					policyPath);
 			return;
 		}
 
@@ -969,6 +974,13 @@ private Options getOptions() {
 				.hasArg(false)
 				.build();
 
+		Option crossChainPolicyOption = Option.builder()
+				.longOpt("cross-chain-policy")
+				.desc("Import a cross-chain policy.")
+				.required(false)
+				.hasArg(true)
+				.build();
+
 		Option crossChainBytecodeDirectoryPathOption = Option.builder()
 				.longOpt("bytecode-directory-path")
 				.desc("Directory path of bytecode files.")
@@ -1013,6 +1025,7 @@ private Options getOptions() {
 		options.addOption(enableCrossChainAnalysisOption);
 		options.addOption(crossChainBytecodeDirectoryPathOption);
 		options.addOption(crossChainAbiDirectoryPathOption);
+		options.addOption(crossChainPolicyOption);
 
 		return options;
 	}

src/main/java/it/unipr/crosschain/Bridge.java

@@ -16,6 +16,7 @@
 import java.nio.file.Path;
 import java.util.*;
 import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.json.JSONArray;
@@ -29,42 +30,28 @@ public class Bridge implements Iterable<SmartContract> {
 
 	private EVMCFG xCFG;
 
+	private final List<Pair<String, String>> policy;
+
 	/** Detected vulnerabilities in the bridge. */
 	private VulnerabilitiesObject _vulnerabilities;
 
 	public Bridge(String name) {
-		this.name = name;
-		this.contracts = new ArrayList<>();
+		this(null, null, null, name);
+	}
+
+	public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath, Path policyPath) {
+		this(bytecodeDirectoryPath, abiDirectoryPath, policyPath, "unknown_bridge_" + System.currentTimeMillis());
 	}
 
-	/**
-	 * Initializes the bridge by mapping and matching smart contracts from the
-	 * ABI and bytecode directories. It creates `SmartContract` objects for each
-	 * contract that has both an ABI and a bytecode file.
-	 *
-	 * @param bytecodeDirectoryPath the path to the directory containing
-	 *                                  bytecode files
-	 * @param abiDirectoryPath      the path to the directory containing ABI
-	 *                                  files
-	 */
 	public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath) {
-		this(bytecodeDirectoryPath, abiDirectoryPath, "unknown_bridge_" + System.currentTimeMillis());
+		this(bytecodeDirectoryPath, abiDirectoryPath, null, "unknown_bridge_" + System.currentTimeMillis());
 	}
 
-	/**
-	 * Constructs a Bridge object, initializing its fields and mapping smart
-	 * contracts from the specified ABI and bytecode directories. It creates
-	 * `SmartContract` objects for any contracts that have matching ABI and
-	 * bytecode files.
-	 *
-	 * @param bytecodeDirectoryPath the path to the directory containing
-	 *                                  bytecode files
-	 * @param abiDirectoryPath      the path to the directory containing ABI
-	 *                                  files
-	 * @param name                  the name of the bridge
-	 */
-	public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath, String name) {
-		this(name);
+	public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath, Path policyPath, String name) {
+		this.name = name;
+		this.contracts = new ArrayList<>();
+		this.policy = new ArrayList<>();
+
 		Map<String, Path> abiFiles = mapFilesByName(abiDirectoryPath, ".abi");
 		Map<String, Path> bytecodeFiles = mapFilesByName(bytecodeDirectoryPath, ".bytecode");
 
@@ -76,6 +63,12 @@ public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath, String name) {
 			}
 		}
 		log.info("Created bridge {} with {} contracts.", name, contracts.size());
+
+		if (policyPath != null)
+			loadPolicy(policyPath);
+		else
+			log.info("Created bridge without policy. Using default policy");
+
 	}
 
 	public String getName() {
@@ -104,6 +97,24 @@ public EVMCFG getXCFG() {
 		return xCFG;
 	}
 
+	public List<Pair<String, String>> getPolicy() {
+		return policy;
+	}
+
+	public boolean hasEventFunctionMapping(String event) {
+		for (Pair<String, String> pair : policy)
+			if (pair.getLeft().equals(event))
+				return true;
+		return false;
+	}
+
+	public String getFunctionForEvent(String event) {
+		for (Pair<String, String> pair : policy)
+			if (pair.getLeft().equals(event))
+				return pair.getRight();
+		return null;
+	}
+
 	public void addEdges(Set<Edge> edges) {
 		for (Edge edge : edges)
 			addEdge(edge);
@@ -165,6 +176,34 @@ public EVMCFG buildPartialXCFG() {
 		return xCFG;
 	}
 
+	private void loadPolicy(Path policyPath) {
+		try {
+			log.info("Loading policy from: {}", policyPath);
+			String content = Files.readString(policyPath);
+			JSONObject policyJson = new JSONObject(content);
+
+			if (policyJson.has("policy")) {
+				JSONArray eventFunctionPairs = policyJson.getJSONArray("policy");
+
+				for (int i = 0; i < eventFunctionPairs.length(); i++) {
+					JSONObject pair = eventFunctionPairs.getJSONObject(i);
+					String event = pair.getString("event");
+					String function = pair.getString("function");
+					policy.add(Pair.of(event, function));
+				}
+
+				log.info("Loaded {} event-function pairs from policy.", policy.size());
+				log.debug("Policy: {}", policy);
+			} else {
+				log.warn("Policy file does not contain 'policy' array.");
+			}
+		} catch (IOException e) {
+			log.error("Error reading policy file: {}", e.getMessage());
+		} catch (Exception e) {
+			log.error("Error parsing policy JSON: {}", e.getMessage());
+		}
+	}
+
 	/**
 	 * Scans a directory for files with a given extension and maps them by their
 	 * base name. The base name is derived from the file name without its
@@ -204,8 +243,14 @@ public JSONObject toJson() {
 			contractsArray.put(contract.toJson());
 		}
 
+		JSONObject policyJson = new JSONObject();
+		for (Pair<String, String> pair : policy) {
+			policyJson.put(pair.getLeft(), pair.getRight());
+		}
+
 		json.put("name", name);
 		json.put("smart_contracts", contractsArray);
+		json.put("policy", policyJson);
 		json.put("bridge_vulnerabilities", _vulnerabilities != null ? _vulnerabilities.toJson() : new JSONArray());
 		return json;
 	}

src/main/java/it/unipr/crosschain/xEVMLiSA.java

@@ -26,6 +26,7 @@
 import java.nio.file.Path;
 import java.util.*;
 import java.util.concurrent.Future;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.json.JSONArray;
@@ -34,21 +35,11 @@
 public class xEVMLiSA {
 	private static final Logger log = LogManager.getLogger(xEVMLiSA.class);
 
-	/**
-	 * Runs analysis by initializing a bridge using the specified bytecode
-	 * directory path and ABI directory path, and then invoking the
-	 * analyzeBridge method on the bridge.
-	 *
-	 * @param bytecodeDirectoryPath The path to the directory containing the
-	 *                                  smart contract bytecode files.
-	 * @param abiDirectoryPath      The path to the directory containing the ABI
-	 *                                  (Application Binary Interface) files.
-	 */
-	public static void runAnalysis(Path bytecodeDirectoryPath, Path abiDirectoryPath) {
+	public static void runAnalysis(Path bytecodeDirectoryPath, Path abiDirectoryPath, Path policyPath) {
 		EVMLiSA.setLinkUnsoundJumpsToAllJumpdest();
 		EVMLiSA.setCores(Runtime.getRuntime().availableProcessors() - 1);
 
-		Bridge bridge = new Bridge(bytecodeDirectoryPath, abiDirectoryPath);
+		Bridge bridge = new Bridge(bytecodeDirectoryPath, abiDirectoryPath, policyPath);
 
 		analyzeBridge(bridge);
 
@@ -102,7 +93,7 @@ public static Set<Edge> getCrossChainEdgesUsingEventsAndFunctionsEntrypoint(Brid
 				for (Signature event : contractSource.getEventsSignature()) {
 					for (Signature function : contractDestination.getFunctionsSignature()) {
 
-						if (xEVMLiSA.defaultPolicy(event, function)) {
+						if (xEVMLiSA.applyPolicy(bridge.getPolicy(), event, function)) {
 							functionsUsed.add(function.getFullSignature());
 							eventUsed.add(event.getFullSignature());
 
@@ -139,17 +130,18 @@ public static Set<Edge> getCrossChainEdgesUsingEventsAndFunctionsEntrypoint(Brid
 		return crossChainEdges;
 	}
 
-	/**
-	 * Matches events and functions by name.
-	 *
-	 * @param event    The event signature to compare with the function's name.
-	 * @param function The function signature whose name will be compared with
-	 *                     the event's name.
-	 * 
-	 * @return True if the names match, false otherwise.
-	 */
-	public static boolean defaultPolicy(Signature event, Signature function) {
-		return event.getName().equalsIgnoreCase(function.getName());
+	public static boolean applyPolicy(List<Pair<String, String>> policy, Signature event, Signature function) {
+		if (policy == null || policy.isEmpty())
+			return event.getName().equalsIgnoreCase(function.getName());
+
+		for (Pair<String, String> pair : policy) {
+			String eventPolicy = pair.getLeft();
+			String functionPolicy = pair.getRight();
+			if (eventPolicy.equalsIgnoreCase(event.getName())
+					&& functionPolicy.equalsIgnoreCase(function.getName()))
+				return true;
+		}
+		return false;
 	}
 
 	/**

src/test/java/it/unipr/analysis/cron/SmartaxeBenchmark.java

@@ -55,7 +55,7 @@ private void runBenchmark() {
 					String name = dir.getFileName().toString();
 
 					EVMLiSA.setWorkingDirectory(workingDirectory.resolve(name));
-					bridges.add(new Bridge(bytecodeDirectoryPath, abiDirectoryPath, name));
+					bridges.add(new Bridge(bytecodeDirectoryPath, abiDirectoryPath, null, name));
 				}
 			}
 		} catch (IOException e) {