Implementing checker for the detection of cross-channel invocation issues

olivieriluca · olivieriluca · commit 9bc0d96f55e8 · 2025-02-21T09:26:21.000+01:00
diff --git a/go-lisa/src/main/java/it/unive/golisa/GoLiSA.java b/go-lisa/src/main/java/it/unive/golisa/GoLiSA.java
@@ -11,6 +11,7 @@
 import it.unive.golisa.checker.IntegrityNIChecker;
 import it.unive.golisa.checker.NumericalOverflowOfVariablesChecker;
 import it.unive.golisa.checker.TaintChecker;
+import it.unive.golisa.checker.hf.CrossChannelInvocationsIssuesChecker;
 import it.unive.golisa.checker.hf.DifferentCrossChannelInvocationsChecker;
 import it.unive.golisa.checker.hf.UnhandledErrorsChecker;
 import it.unive.golisa.checker.hf.readwrite.ReadWritePairChecker;
@@ -177,11 +178,11 @@ public static void main(String[] args) throws AnalysisSetupException {
 					new ValueEnvironment<>(new TaintDomain()), new TypeEnvironment<>(new InferredTypes()));
 			conf.semanticChecks.add(new TaintChecker("Possible untrusted cross-contract invocation."));
 			break;
-		case "dcci":
+		case "cchi":
 			conf.openCallPolicy = RelaxedOpenCallPolicy.INSTANCE;
 			conf.abstractState = new SimpleAbstractState<>(new PointBasedHeap(), new ValueEnvironment<>(new Tarsis()),
 					new TypeEnvironment<>(new InferredTypes()));
-			conf.semanticChecks.add(new DifferentCrossChannelInvocationsChecker());
+			conf.semanticChecks.add(new CrossChannelInvocationsIssuesChecker());
 			break;
 		case "read-write":
 
diff --git a/go-lisa/src/main/java/it/unive/golisa/checker/hf/AutomatonUtils.java b/go-lisa/src/main/java/it/unive/golisa/checker/hf/AutomatonUtils.java
@@ -0,0 +1,50 @@
+package it.unive.golisa.checker.hf;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.SortedSet;
+
+import it.unive.lisa.analysis.string.tarsis.RegexAutomaton;
+import it.unive.lisa.util.datastructures.automaton.State;
+import it.unive.lisa.util.datastructures.automaton.Transition;
+import it.unive.lisa.util.datastructures.regex.RegularExpression;
+import it.unive.lisa.util.datastructures.regex.TopAtom;
+
+public class AutomatonUtils {
+
+	public static boolean containsTopTransaction(RegexAutomaton automaton) {
+		for(Transition<RegularExpression> t : automaton.getTransitions())
+			if(t.getSymbol().equals(TopAtom.INSTANCE))
+				return true;
+		return false;
+	}
+
+	public static boolean hasCycle(RegexAutomaton automaton) {
+
+       Set<State> initStates = automaton.getInitialStates();
+       
+       for(State i : initStates) {
+    	   Set<State> seen = new HashSet<State>();
+    	   return recursiveDFS(i,automaton,seen);
+       }
+       return false;
+       
+	}
+	
+    private static boolean recursiveDFS(State s, RegexAutomaton automaton, Set<State> seen) {
+		if(seen.add(s)) {
+			for(Transition<RegularExpression> t : automaton.getOutgoingTransitionsFrom(s)) {
+				if(seen.contains(t.getDestination()))
+					return true;
+				else 
+					recursiveDFS(t.getDestination(), automaton, Set.copyOf(seen));
+			}
+			return false;
+			
+		} else
+			return true;
+	}
+
+
+
+}
diff --git a/go-lisa/src/main/java/it/unive/golisa/checker/hf/CrossChannelInvocationsIssuesChecker.java b/go-lisa/src/main/java/it/unive/golisa/checker/hf/CrossChannelInvocationsIssuesChecker.java
@@ -33,36 +33,68 @@
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.lang3.tuple.Pair;
+
 /**
  * A Go Checker for the detection of different cross-channel invocations in
  * Hyperledger Fabric.
  * 
  * @author <a href="mailto:luca.olivieri@unive.it">Luca Olivieri</a>
  */
-public class DifferentCrossChannelInvocationsChecker implements
+public class CrossChannelInvocationsIssuesChecker implements
 		SemanticCheck<
 				SimpleAbstractState<PointBasedHeap, ValueEnvironment<Tarsis>, TypeEnvironment<InferredTypes>>> {
 
-	private Map<Statement, Set<Tarsis>> crossChannelInvocations;
+	private Map<Statement, Set<Tarsis>> crossContractInvocations;
+	
+	private boolean intraChaincode = true;
 
+	public CrossChannelInvocationsIssuesChecker() {
+	}
+	
+	public CrossChannelInvocationsIssuesChecker(boolean intraChaincode) {
+		this.intraChaincode = intraChaincode;
+	}
 	@Override
 	public void beforeExecution(CheckToolWithAnalysisResults<
 			SimpleAbstractState<PointBasedHeap, ValueEnvironment<Tarsis>, TypeEnvironment<InferredTypes>>> tool) {
-		crossChannelInvocations = new HashMap<>();
+		crossContractInvocations = new HashMap<>();
 	}
 
 	@Override
 	public void afterExecution(
 			CheckToolWithAnalysisResults<
 					SimpleAbstractState<PointBasedHeap, ValueEnvironment<Tarsis>,
 							TypeEnvironment<InferredTypes>>> tool) {
-
-		Statement[] invocations = crossChannelInvocations.keySet().toArray(new Statement[] {});
+		
+		Set<Statement> singleCrossChannelInvocations = new HashSet<>();
+		
+		//CASE 1: single CCIs with arbitrary channel
+		Statement[] invocations = crossContractInvocations.keySet().toArray(new Statement[] {});
+		for (int i = 0; i < invocations.length; i++) {
+			Set<Tarsis> stringApproximations = crossContractInvocations.get(invocations[i]);
+			for(Tarsis t : stringApproximations) {
+				if(mayCrossChannel(t)) {
+					singleCrossChannelInvocations.add(invocations[i]);
+					break;
+				}
+			}
+		}
+		
+		for(Statement cch : singleCrossChannelInvocations) {
+			tool.warnOn(cch, "Detected possible cross-channel invocation. It may lead to a lack of transparency because no new transactions are created during the invocation.");
+			if(intraChaincode)
+				tool.warnOn(cch, "Detected possible cross-channel invocation. It may lead to uncommited write operations during the execution of callee chaincode.");
+		}
+		
+		//CASE 2: CCIs with different channels
+		Set<Pair<Statement,Statement>> multipleCrossChannelInvocations  = new HashSet<>();
+		
 		boolean isDiff = false;
 		for (int i = 0; i < invocations.length - 1; i++) {
 			for (int j = i + 1; j < invocations.length; j++) {
-				Set<Tarsis> t1Set = crossChannelInvocations.get(invocations[i]);
-				Set<Tarsis> t2Set = crossChannelInvocations.get(invocations[j]);
+				Set<Tarsis> t1Set = crossContractInvocations.get(invocations[i]);
+				Set<Tarsis> t2Set = crossContractInvocations.get(invocations[j]);
 				for (Tarsis t1 : t1Set) {
 					for (Tarsis t2 : t2Set) {
 						if (t1.isTop() || t2.isTop()
@@ -79,13 +111,30 @@ public void afterExecution(
 						break;
 				}
 
-				if (isDiff)
-					tool.warnOn(invocations[i],
-							"Detected cross-channel invocations on different channels. The other invocation: "
-									+ invocations[j].getLocation());
+				if (isDiff) {
+					if(!multipleCrossChannelInvocations.contains(Pair.of(invocations[j], invocations[i])))
+						multipleCrossChannelInvocations.add(Pair.of(invocations[i], invocations[j]));
+				}
+					
 			}
 		}
+		
+		for( Pair<Statement, Statement> cchs : multipleCrossChannelInvocations) {
+			tool.warnOn(cchs.getLeft(),
+					"Detected cross-channel invocations on different channels. The other invocation: "
+							+ cchs.getRight().getLocation() + ". They may lead to a lack of transparency because no new transactions are created during the invocation.");
+			if(intraChaincode)
+				tool.warnOn(cchs.getLeft(),
+						"Detected cross-channel invocations on different channels. The other invocation: "
+								+ cchs.getRight().getLocation() + ". They may lead to uncommited write operations during the execution of callee chaincode.");
+		}
+
+	}
 
+	private boolean mayCrossChannel(Tarsis t) {
+		return t.isTop() || t.getAutomaton().getFinalStates().size() > 2
+				|| AutomatonUtils.containsTopTransaction(t.getAutomaton())
+				|| AutomatonUtils.hasCycle(t.getAutomaton());
 	}
 
 	@Override
@@ -142,9 +191,9 @@ public boolean visit(
 							channelValues = extractChannelValues(call, call.getParameters().length, node, result);
 						}
 
-						crossChannelInvocations.putIfAbsent(call, new HashSet<>());
+						crossContractInvocations.putIfAbsent(call, new HashSet<>());
 						if (channelValues != null)
-							crossChannelInvocations.get(call).addAll(channelValues);
+							crossContractInvocations.get(call).addAll(channelValues);
 					}
 
 				} catch (SemanticException e) {
