Skip to content

Commit 2d9adec

Browse files
arkttarktt
committed
Sample application extended to test multi-level taint-flows.
1 parent 4b9e365 commit 2d9adec

File tree

8 files changed

+671
-186
lines changed

8 files changed

+671
-186
lines changed

de.fraunhofer.iem.secucheck.analysis.sample/src/main/java/AnalyzeMe.java

-36
This file was deleted.

de.fraunhofer.iem.secucheck.analysis.sample/src/main/java/AnalyzeMeLevel1.java

+165
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,165 @@
1+
/**
2+
* This class will always be the base (entry-point) of synthetic
3+
* taint-flow in the test logic. The level number indicates the
4+
* level the class belongs to in the taint-flow graph hierarchy.
5+
*/
6+
public class AnalyzeMeLevel1 {
7+
8+
/// Start: Taint-flow elements definition.
9+
10+
public int getSecret() { return 42; }
11+
public void publish(int number) { System.out.print(number); }
12+
public int sanatizer(int number) { return number = 0; }
13+
public int propogator(int number) { return number; }
14+
15+
/// End: Taint-flow elements definition.
16+
17+
18+
/// Start: Intra-type taint-flow definitions.
19+
20+
/*
21+
* Simple taint-flow without any issue.
22+
*/
23+
public void workNoIssue() {
24+
int secret = getSecret();
25+
publish(10);
26+
}
27+
28+
/*
29+
* Taint-flow without any issue.
30+
*/
31+
public void workNoIssueSanitizer() {
32+
int secret = getSecret();
33+
secret = sanatizer(secret);
34+
publish(secret);
35+
}
36+
37+
/*
38+
* Taint-flow without any issue.
39+
*/
40+
public void workNoIssueSanitizerProgator() {
41+
int secret = getSecret();
42+
secret = sanatizer(secret);
43+
secret = propogator(secret);
44+
publish(secret);
45+
}
46+
47+
/*
48+
* Simple taint-flow with issue.
49+
*/
50+
public void workWithIssue() {
51+
int secret = getSecret();
52+
publish(secret);
53+
}
54+
55+
/*
56+
* Simple taint-flow with issue from the parameter.
57+
*/
58+
public void workWithIssueParam(int secret) {
59+
publish(secret);
60+
}
61+
62+
63+
/*
64+
* Taint-flow with issue using a Propogator.
65+
*/
66+
public void workWithIssueProgator() {
67+
int secret = getSecret();
68+
secret = propogator(secret);
69+
publish(secret);
70+
}
71+
72+
/*
73+
* Taint-flow with issue using the Propogator and
74+
* the Parameter.
75+
*/
76+
public void workWithIssueProgatorParam(int secret){
77+
secret = propogator(secret);
78+
publish(secret);
79+
}
80+
81+
/// End: Intra-type taint-flow definitions.
82+
83+
84+
/// Start: Inter-type taint-flow definitions.
85+
86+
/*
87+
* Simple 2-level taint-flow with a direct issue.
88+
*/
89+
public void workWithOtherTypeIssue() {
90+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
91+
int secret = level2Instance.getSecret();
92+
level2Instance.publish(secret);
93+
}
94+
95+
/*
96+
* Simple 2-level taint-flow with a direct issue
97+
* using the Parameter.
98+
*/
99+
public void workWithOtherTypeIssueParam(int secret) {
100+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
101+
level2Instance.publish(secret);
102+
}
103+
104+
/*
105+
* 2-level taint-flow with a direct issue using
106+
* the Propogator.
107+
*/
108+
public void workWithOtherTypeIssueProgator() {
109+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
110+
int secret = level2Instance.getSecret();
111+
secret = level2Instance.propogator(secret);
112+
level2Instance.publish(secret);
113+
}
114+
115+
/*
116+
* 2-level taint-flow with a direct issue using
117+
* the Propogator and the Parameter.
118+
*/
119+
public void workWithOtherTypeIssueProgatorParam(int secret){
120+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
121+
secret = level2Instance.propogator(secret);
122+
level2Instance.publish(secret);
123+
}
124+
125+
/*
126+
* Simple 2-level taint-flow with an indirect
127+
* call with no issue.
128+
*/
129+
public void workWithOtherTypeIndirectNoIssue() {
130+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
131+
int secret = level2Instance.getSecret();
132+
level2Instance.indirectNoIssue(secret);
133+
}
134+
135+
/*
136+
* 2-level taint-flow with an indirect issue.
137+
*/
138+
public void workWithOtherTypeIndirectIssue() {
139+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
140+
int secret = level2Instance.getSecret();
141+
level2Instance.indirectIssue(secret);
142+
}
143+
144+
/*
145+
* 2-level taint-flow with an indirect issue
146+
* using the Porpogator and the Sanitizer.
147+
*/
148+
public void workWithOtherTypeIndirectSantNoIssue() {
149+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
150+
int secret = level2Instance.getSecret();
151+
level2Instance.indirectSanitizerNoIssue(secret);
152+
}
153+
154+
/*
155+
* 2-level taint-flow with an indirect issue
156+
* using the Porpogator and the Sanitizer.
157+
*/
158+
public void workWithOtherTypeIndirectSantPropIssue() {
159+
AnalyzeMeLevel2 level2Instance = new AnalyzeMeLevel2();
160+
int secret = level2Instance.getSecret();
161+
level2Instance.indirectSanitizerPropogatorIssue(secret);
162+
}
163+
164+
/// End: Inter-type taint-flow definitions.
165+
}

de.fraunhofer.iem.secucheck.analysis.sample/src/main/java/AnalyzeMeLevel2.java

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
2+
/**
3+
* This class will always be at the second level of synthetic
4+
* taint-flow in the test logic. In other words if in the taint-flows
5+
* there another type encountered this will be immediately after
6+
* the base (entry-point) type. The level number indicates the
7+
* level the class belongs to in the taint-flow graph hierarchy.
8+
*/
9+
public class AnalyzeMeLevel2 {
10+
11+
public AnalyzeMeLevel2() { }
12+
13+
/// Start: Taint-flow elements definition.
14+
15+
public int getSecret() { return 42; }
16+
public void publish(int number) { System.out.print(number); }
17+
public int sanatizer(int number) { return number = 0; }
18+
public int propogator(int number) { return number; }
19+
20+
/// End: Taint-flow elements definition.
21+
22+
public void indirectNoIssue(int number) {
23+
number = 10;
24+
publish(number);
25+
}
26+
27+
public void indirectIssue(int number) {
28+
publish(number);
29+
}
30+
31+
public void indirectSanitizerNoIssue(int number) {
32+
number = sanatizer(number);
33+
publish(number);
34+
}
35+
36+
public void indirectSanitizerPropogatorIssue(int number) {
37+
number = sanatizer(number);
38+
number = propogator(number);
39+
publish(number);
40+
}
41+
}

de.fraunhofer.iem.secucheck.analysis.sample/src/main/java/de/fraunhofer/iem/secucheck/analysis/sample/ConsoleResultListener.java

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
package de.fraunhofer.iem.secucheck.analysis.sample;
2+
3+
import de.fraunhofer.iem.secucheck.analysis.result.AnalysisResultListener;
4+
import de.fraunhofer.iem.secucheck.analysis.result.CompositeTaintFlowQueryResult;
5+
import de.fraunhofer.iem.secucheck.analysis.result.SecucheckTaintAnalysisResult;
6+
import de.fraunhofer.iem.secucheck.analysis.result.TaintFlowQueryResult;
7+
8+
public class ConsoleResultListener implements AnalysisResultListener {
9+
public void reportFlowResult(TaintFlowQueryResult result) {
10+
System.out.println();
11+
System.out.println("Recieved single flow result, size:" + result.size());
12+
}
13+
14+
public void reportCompositeFlowResult(CompositeTaintFlowQueryResult result) {
15+
System.out.println();
16+
System.out.println("Recieved composite flow result, size:" + result.size());
17+
}
18+
19+
public void reportCompleteResult(SecucheckTaintAnalysisResult result) {
20+
System.out.println();
21+
System.out.println("Recieved complete result, size:" + result.size());
22+
}
23+
24+
public boolean isCancelled() {
25+
return false;
26+
}
27+
}

0 commit comments

Comments
 (0)