Refactored policy handling to use CustomPolicy class and updated related tests

merendamattia · merendamattia · commit 9f29f0f2e011 · 2025-10-10T19:32:03.000+02:00
diff --git a/src/main/java/it/unipr/crosschain/Bridge.java b/src/main/java/it/unipr/crosschain/Bridge.java
@@ -5,6 +5,7 @@
 import it.unipr.analysis.contract.SmartContract;
 import it.unipr.cfg.EVMCFG;
 import it.unipr.cfg.ProgramCounterLocation;
+import it.unipr.utils.CustomPolicy;
 import it.unipr.utils.VulnerabilitiesObject;
 import it.unive.lisa.program.ClassUnit;
 import it.unive.lisa.program.cfg.CodeMemberDescriptor;
@@ -16,7 +17,6 @@
 import java.nio.file.Path;
 import java.util.*;
 import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang3.tuple.Pair;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.json.JSONArray;
@@ -30,7 +30,7 @@ public class Bridge implements Iterable<SmartContract> {
 
 	private EVMCFG xCFG;
 
-	private final List<Pair<String, String>> policy;
+	private CustomPolicy policy;
 
 	/** Detected vulnerabilities in the bridge. */
 	private VulnerabilitiesObject _vulnerabilities;
@@ -85,7 +85,6 @@ public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath) {
 	public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath, Path policyPath, String name) {
 		this.name = name;
 		this.contracts = new ArrayList<>();
-		this.policy = new ArrayList<>();
 
 		Map<String, Path> abiFiles = mapFilesByName(abiDirectoryPath, ".abi");
 		Map<String, Path> bytecodeFiles = mapFilesByName(bytecodeDirectoryPath, ".bytecode");
@@ -100,10 +99,17 @@ public Bridge(Path bytecodeDirectoryPath, Path abiDirectoryPath, Path policyPath
 		log.info("Created bridge {} with {} contracts using bytecodes at {} and ABIs at {}.",
 				name, contracts.size(), bytecodeDirectoryPath.toString(), abiDirectoryPath.toString());
 
-		if (policyPath != null)
-			loadPolicy(policyPath);
-		else
+		if (policyPath != null) {
+			try {
+				this.policy = new CustomPolicy(policyPath);
+			} catch (IOException e) {
+				log.warn("Error reading policy file: {}. Creating bridge without custom policy. Using default policy",
+						e.getMessage());
+			}
+		} else {
+			this.policy = new CustomPolicy();
 			log.info("Created bridge without custom policy. Using default policy");
+		}
 
 	}
 
@@ -163,36 +169,8 @@ public EVMCFG getXCFG() {
 	 *
 	 * @return a list of event-function pairs
 	 */
-	public List<Pair<String, String>> getPolicy() {
-		return policy;
-	}
-
-	/**
-	 * Checks if an event has an associated function in the policy.
-	 *
-	 * @param event the name of the event to check
-	 *
-	 * @return true if the event has an associated function, false otherwise
-	 */
-	public boolean hasEventFunctionMapping(String event) {
-		for (Pair<String, String> pair : policy)
-			if (pair.getLeft().equals(event))
-				return true;
-		return false;
-	}
-
-	/**
-	 * Gets the function name associated with an event from the policy.
-	 *
-	 * @param event the name of the event
-	 *
-	 * @return the associated function name, or null if not found
-	 */
-	public String getFunctionForEvent(String event) {
-		for (Pair<String, String> pair : policy)
-			if (pair.getLeft().equals(event))
-				return pair.getRight();
-		return null;
+	public CustomPolicy getPolicy() {
+		return policy != null ? policy : new CustomPolicy();
 	}
 
 	/**
@@ -266,43 +244,6 @@ public EVMCFG buildPartialXCFG() {
 		return xCFG;
 	}
 
-	/**
-	 * Loads the cross-chain policy from a JSON file and populates the policy
-	 * list. The JSON file should contain an array named "policy" with
-	 * event-function pairs.
-	 *
-	 * @param policyPath the path to the policy JSON file
-	 */
-	private void loadPolicy(Path policyPath) {
-		try {
-			log.info("Loading policy from: {}", policyPath);
-			String content = Files.readString(policyPath);
-			JSONObject policyJson = new JSONObject(content);
-
-			if (policyJson.has("policy")) {
-				JSONArray eventFunctionPairs = policyJson.getJSONArray("policy");
-
-				for (int i = 0; i < eventFunctionPairs.length(); i++) {
-					JSONObject pair = eventFunctionPairs.getJSONObject(i);
-					String event = pair.getString("event");
-					String function = pair.getString("function");
-					policy.add(Pair.of(event, function));
-				}
-
-				log.info("Loaded {} event-function pairs from policy.", policy.size());
-				log.debug("Policy: {}", policy);
-			} else {
-				log.warn("Policy file does not contain 'policy' array.");
-			}
-		} catch (IOException e) {
-			log.warn("Error reading policy file: {}. Creating bridge without custom policy. Using default policy",
-					e.getMessage());
-		} catch (Exception e) {
-			log.warn("Error parsing policy JSON: {}. Creating bridge without custom policy. Using default policy",
-					e.getMessage());
-		}
-	}
-
 	/**
 	 * Scans a directory for files with a given extension and maps them by their
 	 * base name. The base name is derived from the file name without its
@@ -342,14 +283,9 @@ public JSONObject toJson() {
 			contractsArray.put(contract.toJson());
 		}
 
-		JSONObject policyJson = new JSONObject();
-		for (Pair<String, String> pair : policy) {
-			policyJson.put(pair.getLeft(), pair.getRight());
-		}
-
 		json.put("name", name);
 		json.put("smart_contracts", contractsArray);
-		json.put("policy", policyJson);
+		json.put("policy", policy != null ? policy.toJson() : new JSONArray());
 		json.put("bridge_vulnerabilities", _vulnerabilities != null ? _vulnerabilities.toJson() : new JSONArray());
 		return json;
 	}
diff --git a/src/main/java/it/unipr/crosschain/xEVMLiSA.java b/src/main/java/it/unipr/crosschain/xEVMLiSA.java
@@ -11,10 +11,7 @@
 import it.unipr.crosschain.taint.*;
 import it.unipr.frontend.EVMLiSAFeatures;
 import it.unipr.frontend.EVMLiSATypeSystem;
-import it.unipr.utils.EVMLiSAExecutor;
-import it.unipr.utils.LiSAConfigurationManager;
-import it.unipr.utils.MyCache;
-import it.unipr.utils.VulnerabilitiesObject;
+import it.unipr.utils.*;
 import it.unive.lisa.LiSA;
 import it.unive.lisa.analysis.SimpleAbstractState;
 import it.unive.lisa.analysis.heap.MonolithicHeap;
@@ -27,7 +24,6 @@
 import java.nio.file.Path;
 import java.util.*;
 import java.util.concurrent.Future;
-import org.apache.commons.lang3.tuple.Pair;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.json.JSONArray;
@@ -152,17 +148,39 @@ public static Set<Edge> getCrossChainEdgesUsingEventsAndFunctionsEntrypoint(Brid
 	 * @return true if the event should be linked to the function according to
 	 *             the policy
 	 */
-	public static boolean applyPolicy(List<Pair<String, String>> policy, Signature event, Signature function) {
+	public static boolean applyPolicy(CustomPolicy policy, Signature event, Signature function) {
 		if (policy == null || policy.isEmpty())
 			return event.getName().equalsIgnoreCase(function.getName());
 
-		for (Pair<String, String> pair : policy) {
-			String eventPolicy = pair.getLeft();
-			String functionPolicy = pair.getRight();
-			if (eventPolicy.equalsIgnoreCase(event.getName())
-					&& functionPolicy.equalsIgnoreCase(function.getName()))
+		String eventName = event.getName();
+		String functionName = function.getName();
+
+		List<CustomPolicy.PolicyEntry> candidates = policy.getEntriesByEvent(eventName);
+		if (candidates.isEmpty())
+			candidates = policy.getEntries();
+
+		for (CustomPolicy.PolicyEntry entry : candidates)
+			if (eventMatches(entry.getSourceFunction(), eventName)
+					&& entry.getDestinationFunction().getName().equalsIgnoreCase(functionName))
+				return true;
+
+		return false;
+	}
+
+	/**
+	 * Verifies whether the provided event name matches any of the events
+	 * associated with the given source function specification.
+	 *
+	 * @param sourceSpec the source function descriptor declared in the policy
+	 * @param eventName  the name of the runtime event being considered
+	 *
+	 * @return {@code true} if {@code eventName} matches one of the policy event
+	 *             names, {@code false} otherwise
+	 */
+	private static boolean eventMatches(CustomPolicy.FunctionSpec sourceSpec, String eventName) {
+		for (String policyEvent : sourceSpec.getEvents())
+			if (policyEvent.equalsIgnoreCase(eventName))
 				return true;
-		}
 		return false;
 	}
 
diff --git a/src/main/java/it/unipr/utils/CustomPolicy.java b/src/main/java/it/unipr/utils/CustomPolicy.java
@@ -50,6 +50,18 @@ public final class CustomPolicy {
 	private final Map<String, List<PolicyEntry>> entriesByEvent;
 	private final Set<String> knownEvents;
 
+	/**
+	 * Creates an empty policy with no entries. All lookups return empty
+	 * collections and {@link #toJson()} yields an empty {@code policy} array.
+	 */
+	public CustomPolicy() {
+		this.entries = Collections.emptyList();
+		this.entriesBySourceName = Collections.emptyMap();
+		this.entriesByDestinationName = Collections.emptyMap();
+		this.entriesByEvent = Collections.emptyMap();
+		this.knownEvents = Collections.emptySet();
+	}
+
 	/**
 	 * Creates a policy view by eagerly loading and caching the data contained
 	 * in the provided JSON file.
@@ -237,8 +249,26 @@ public Set<String> getKnownEvents() {
 	}
 
 	/**
-	 * Serializes the in-memory representation of this policy into a JSON string
-	 * that mirrors the original input format.
+	 * Checks whether the policy contains no entries.
+	 *
+	 * @return {@code true} if the policy is empty, {@code false} otherwise
+	 */
+	public boolean isEmpty() {
+		return entries.isEmpty();
+	}
+
+	/**
+	 * Returns the number of policy entries loaded in memory.
+	 *
+	 * @return the amount of entries contained in this policy
+	 */
+	public int size() {
+		return entries.size();
+	}
+
+	/**
+	 * Serializes the in-memory representation of this policy into a
+	 * {@link JSONObject} that mirrors the original input format.
 	 *
 	 * @return the JSON serialization of the policy
 	 */
diff --git a/src/test/java/it/unipr/analysis/cron/utils/CustomPolicyTest.java b/src/test/java/it/unipr/analysis/cron/utils/CustomPolicyTest.java
@@ -1,5 +1,7 @@
 package it.unipr.analysis.cron.utils;
 
+import it.unipr.analysis.contract.Signature;
+import it.unipr.crosschain.xEVMLiSA;
 import it.unipr.utils.CustomPolicy;
 import it.unipr.utils.CustomPolicy.PolicyEntry;
 import java.io.IOException;
@@ -8,6 +10,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import org.json.JSONObject;
@@ -21,7 +24,8 @@ public void loadsPolicyAndProvidesLookups() throws IOException {
 		Path policyPath = Paths.get("evm-testcases", "cross-chain-custom-policy", "custom-policy.json");
 		CustomPolicy policy = new CustomPolicy(policyPath);
 
-		assert policy.getEntries().size() == 17;
+		assert policy.size() == 17;
+		assert !policy.isEmpty();
 
 		List<PolicyEntry> transferOutEntries = policy.getEntriesBySourceFunction("transferOut");
 		assert transferOutEntries.size() == 1;
@@ -53,4 +57,51 @@ public void toJsonRoundTripMatchesOriginal() throws IOException {
 
 		assert original.similar(serialized);
 	}
+
+	@Test
+	public void emptyPolicyProvidesEmptyCollections() {
+		CustomPolicy emptyPolicy = new CustomPolicy();
+		assert emptyPolicy.isEmpty();
+		assert emptyPolicy.size() == 0;
+		assert emptyPolicy.getEntries().isEmpty();
+		assert emptyPolicy.getEntriesByEvent("any").isEmpty();
+		assert emptyPolicy.getEntriesBySourceFunction("any").isEmpty();
+		assert emptyPolicy.getKnownEvents().isEmpty();
+		JSONObject json = emptyPolicy.toJson();
+		assert json.has("policy");
+		assert json.getJSONArray("policy").isEmpty();
+	}
+
+	@Test
+	public void applyPolicyRespectsConfiguration() throws IOException {
+		Path policyPath = Paths.get("evm-testcases", "cross-chain-custom-policy", "custom-policy.json");
+		CustomPolicy policy = new CustomPolicy(policyPath);
+
+		Signature depositEvent = new Signature("Deposit", "event", Collections.emptyList(), Collections.emptyList(),
+				"Deposit(address)", "0x00000000");
+		Signature depositFunction = new Signature("deposit", "function", Collections.emptyList(),
+				Collections.emptyList(), "deposit(address)", "0x00000000");
+		assert xEVMLiSA.applyPolicy(policy, depositEvent, depositFunction);
+
+		Signature outboundEvent = new Signature("Outbound", "event", Collections.emptyList(), Collections.emptyList(),
+				"Outbound(address)", "0x00000001");
+		Signature transferOutFunction = new Signature("transferOut", "function", Collections.emptyList(),
+				Collections.emptyList(), "transferOut(address)", "0x00000002");
+		assert xEVMLiSA.applyPolicy(policy, outboundEvent, transferOutFunction);
+
+		Signature randomEvent = new Signature("Random", "event", Collections.emptyList(), Collections.emptyList(),
+				"Random()", "0x00000003");
+		assert !xEVMLiSA.applyPolicy(policy, randomEvent, depositFunction);
+
+		Signature fallbackEvent = new Signature("Foo", "event", Collections.emptyList(), Collections.emptyList(),
+				"Foo()", "0x00000004");
+		Signature fallbackFunction = new Signature("foo", "function", Collections.emptyList(), Collections.emptyList(),
+				"foo()", "0x00000005");
+		assert xEVMLiSA.applyPolicy(null, fallbackEvent, fallbackFunction);
+		CustomPolicy emptyPolicy = new CustomPolicy();
+		assert xEVMLiSA.applyPolicy(emptyPolicy, fallbackEvent, fallbackFunction);
+		Signature mismatchFunction = new Signature("bar", "function", Collections.emptyList(), Collections.emptyList(),
+				"bar()", "0x00000006");
+		assert !xEVMLiSA.applyPolicy(emptyPolicy, fallbackEvent, mismatchFunction);
+	}
 }
