Location reporting includes the usages + orignial sources now.

Author: arktt

de.fraunhofer.iem.secucheck.analysis/src/main/java/de/fraunhofer/iem/secucheck/analysis/internal/SingleFlowAnalysis.java

@@ -49,6 +49,7 @@
 import soot.jimple.internal.JNopStmt;
 import soot.tagkit.Host;
 import soot.tagkit.PositionTag;
+import soot.tagkit.AbstractHost;
 import wpds.impl.Weight.NoWeight;
 
 class SingleFlowAnalysis implements Analysis {
@@ -183,21 +184,28 @@ private SameTypedPair<LocationDetails> getDetailsPair(TaintFlowQueryImpl flowQue
 		LocationDetails startDetails = new LocationDetails();
 		SootMethod sourceMethodDefinition = Utility.findSourceMethodDefinition(flowQuery, start.stmt().getMethod(),
 				start.stmt().getUnit().get());
-		
-		startDetails.setClassName(sourceMethodDefinition.getClass().getName());
-		startDetails.setLineNumber(sourceMethodDefinition.getJavaSourceStartLineNumber());
-		startDetails.setColumnNumber(sourceMethodDefinition.getJavaSourceStartColumnNumber());
+		startDetails.setSourceClassName(sourceMethodDefinition.getDeclaringClass().getName());
 		startDetails.setMethodSignature(sourceMethodDefinition.getSignature());
+		
+		AbstractHost sourceHost = (AbstractHost) start.asNode().stmt().getUnit().get();
+		startDetails.setUsageLineNumber(sourceHost.getJavaSourceStartLineNumber());
+		startDetails.setUsageColumnNumber(sourceHost.getJavaSourceStartColumnNumber());
+		startDetails.setUsageMethodSignature(start.stmt().getMethod().getSignature());
+		startDetails.setUsageClassName(start.stmt().getMethod().getDeclaringClass().getName());
 		startDetails.setType(LocationType.Source);
 
 		LocationDetails endDetails = new LocationDetails();
 		SootMethod sinkMethodDefinition = Utility.findSinkMethodDefinition(flowQuery, end.stmt().getMethod(),
 				end.stmt().getUnit().get());
-		endDetails.setClassName(sinkMethodDefinition.getClass().getName());
-		endDetails.setLineNumber(sinkMethodDefinition.getJavaSourceStartLineNumber());
-		endDetails.setColumnNumber(sinkMethodDefinition.getJavaSourceStartColumnNumber());
+		endDetails.setSourceClassName(sinkMethodDefinition.getDeclaringClass().getName());
 		endDetails.setMethodSignature(sinkMethodDefinition.getSignature());
-		endDetails.setType(LocationType.Sink);
+		
+		AbstractHost sinkHost = (AbstractHost) end.asNode().stmt().getUnit().get();
+		endDetails.setUsageLineNumber(sinkHost.getJavaSourceStartLineNumber());
+		endDetails.setUsageColumnNumber(sinkHost.getJavaSourceStartColumnNumber());
+		endDetails.setUsageMethodSignature(end.stmt().getMethod().getSignature());
+		endDetails.setUsageClassName(end.stmt().getMethod().getDeclaringClass().getName());
+		endDetails.setType(LocationType.Sink);		
 
 		return new SameTypedPair<LocationDetails>(startDetails, endDetails);
 	}

de.fraunhofer.iem.secucheck.analysis/src/main/java/de/fraunhofer/iem/secucheck/analysis/internal/Utility.java

@@ -48,8 +48,7 @@ static SootMethod getSootMethod(Method method) {
 
 	static SootMethod findSourceMethodDefinition(TaintFlowQuery partialFlow, 
 			SootMethod method, Stmt actualStatement) {
-		for (Object object : partialFlow.getFrom()) {
-			Method sourceMethod = (Method) object;
+		for (Method sourceMethod : partialFlow.getFrom()) {
 			String sourceSootSignature = "<" + sourceMethod.getSignature() + ">";
 			if (method.getSignature().equals(sourceSootSignature)) {
 				return method;
@@ -63,11 +62,10 @@ static SootMethod findSourceMethodDefinition(TaintFlowQuery partialFlow,
 
 	static SootMethod findSinkMethodDefinition(TaintFlowQuery partialFlow,
 			SootMethod method, Stmt actualStatement) {
-		for (Object object : partialFlow.getTo()) {
-			Method sinkMethod = (Method) object;
-			String sourceSootSignature = "<" + sinkMethod.getSignature() + ">";
+		for (Method sinkMethod : partialFlow.getTo()) {
+			String sinkSootSignature = "<" + sinkMethod.getSignature() + ">";
 			if (actualStatement.containsInvokeExpr() &&
-					actualStatement.toString().contains(sourceSootSignature)) {
+					actualStatement.toString().contains(sinkSootSignature)) {
 				return actualStatement.getInvokeExpr().getMethodRef().tryResolve();
 			}
 		}

de.fraunhofer.iem.secucheck.analysis/src/main/java/de/fraunhofer/iem/secucheck/analysis/result/LocationDetails.java

@@ -1,22 +1,40 @@
 package de.fraunhofer.iem.secucheck.analysis.result;
 
 public class LocationDetails {
-	private String className;
+	
+	private String sourceClassName;
+	private String usageClassName;
+	
 	private String methodSignature;
-	private int lineNumber;
-	private int colNumber;
+	private String usageMethodSignature;
+	
+	private int usageLineNumber;
+	private int usageColNumber;
+	
 	private LocationType type;
 
 	public LocationDetails() { }
 
-	public String getClassName() { return className; }
-	public int getLineNumber() { return lineNumber; }
-	public int ColumnNumber() { return colNumber; }
+	public String getSourceClassName() { return sourceClassName; }
+	public String getUsageClassName() { return usageClassName; }
+
 	public String getMethodSignature() { return methodSignature; }
+	public String getUsageMethodSignature() { return usageMethodSignature; }
+	
 	public LocationType getType() { return type; }
-	public void setClassName(String className) { this.className = className; }
-	public void setLineNumber(int lineNumber) { this.lineNumber = lineNumber; }
-	public void setMethodSignature(String methodSignature) { this.methodSignature = methodSignature;	}
+	
+	public int getLineNumber() { return usageLineNumber; }
+	public int ColumnNumber() { return usageColNumber; }
+	
+	
+	public void setSourceClassName(String sourceClassName) { this.sourceClassName = sourceClassName; }
+	public void setUsageClassName(String usageClassName) { this.usageClassName = usageClassName; }
+	
+	public void setMethodSignature(String methodSignature) { this.methodSignature = methodSignature; }
+	public void setUsageMethodSignature(String usageMethodSignature) { this.usageMethodSignature = usageMethodSignature; }
+	
 	public void setType(LocationType type) { this.type = type; }
-	public void setColumnNumber(int colNumber) { this.colNumber = colNumber; }
-}
+	
+	public void setUsageLineNumber(int usageLineNumber) { this.usageLineNumber = usageLineNumber; }
+	public void setUsageColumnNumber(int usageColNumber) { this.usageColNumber = usageColNumber; }
+}