Merge pull request #1 from secure-software-engineering/develop

Develop Into Master

Author: arktt

de.fraunhofer.iem.secucheck.analysis.sample/src/main/java/de/fraunhofer/iem/secucheck/analysis/sample/Main.java

@@ -47,10 +47,9 @@ private static void runSecucheckAnalysis(SecucheckAnalysis secucheckAnalysis)
 		secucheckAnalysis.setApplicationClassPath(getAppClassPath());
 		secucheckAnalysis.setSootClassPathJars(getSootClassPath());
 
-		//runDemoSet1(secucheckAnalysis, resultListener);
+		runDemoSet1(secucheckAnalysis, resultListener);
 		runDemoSet2(secucheckAnalysis, resultListener);
-		//runDemoSet3(secucheckAnalysis, resultListener);
-		//runDemoSet4(secucheckAnalysis, resultListener);
+		runDemoSet3(secucheckAnalysis, resultListener);
 
 	}
 
@@ -121,16 +120,10 @@ private static void runDemoSet2(SecucheckAnalysis secucheckAnalysis,
 		runAnalysisQuery(secucheckAnalysis, compositeOfTenth, 10, null);
 	}
 
-	private static void runDemoSet3(SecucheckAnalysis secucheckAnalysis, 
-			AnalysisResultListener resultListener) throws Exception {
-		
-	}
-	
-	/** Demo-set X: TODO: Fix the number. 
+	/** Demo-set 3: 
 	 *  - Demonstrates multiple composites
-	 *  - Demonstrates the result listener
 	 */
-	private static void runDemoSet4(SecucheckAnalysis secucheckAnalysis, 
+	private static void runDemoSet3(SecucheckAnalysis secucheckAnalysis, 
 			AnalysisResultListener resultListener) throws Exception {
 
 		List<CompositeTaintFlowQueryImpl> compositeOfFirst = Utility.getInList(
@@ -290,11 +283,17 @@ private static String getSootClassPath() {
 
 	private static List<EntryPoint> getEntryPoints(){
 		List<EntryPoint> entryPoints = new ArrayList<EntryPoint>();
+	
 		EntryPoint entryPoint = new EntryPoint();
 		entryPoint.setCanonicalClassName("AnalyzeMeLevel1");
 		entryPoint.setAllMethods(true);
 		entryPoints.add(entryPoint);
+		
+		entryPoint = new EntryPoint();
+		entryPoint.setCanonicalClassName("AnalyzeMeLevel2");
+		entryPoint.setAllMethods(true);
+		entryPoints.add(entryPoint);
+		
 		return entryPoints;
 	}
-		
 }

de.fraunhofer.iem.secucheck.analysis.sample/src/main/java/de/fraunhofer/iem/secucheck/analysis/sample/Utility.java

@@ -57,7 +57,7 @@ private static MethodImpl getSanitizerMethod(String canonicalClassName) {
 		List<InputParameter> inputs = new ArrayList<InputParameter>();
 		inputs.add(input);
 
-		List<OutputParameter> outputs = null;
+		List<OutputParameter> outputs = new ArrayList<OutputParameter>();
 		ReturnValue returnValue = null;
 
 		MethodImpl method = new MethodImpl();
@@ -76,8 +76,8 @@ private static MethodImpl getPropogatorMethod(String canonicalClassName) {
 		List<InputParameter> inputs = new ArrayList<InputParameter>();
 		inputs.add(input);
 
-		List<OutputParameter> outputs = null;
-		ReturnValue returnValue = null;
+		List<OutputParameter> outputs = new ArrayList<OutputParameter>();
+		ReturnValue returnValue = new ReturnValue();
 
 		MethodImpl method = new MethodImpl();
 		method.setName("propogator");
@@ -95,7 +95,7 @@ private static MethodImpl getSinkMethod(String canonicalClassName) {
 		List<InputParameter> inputs = new ArrayList<InputParameter>();
 		inputs.add(input);
 
-		List<OutputParameter> outputs = null;
+		List<OutputParameter> outputs = new ArrayList<OutputParameter>();
 		ReturnValue returnValue = null;
 
 		MethodImpl method = new MethodImpl();
@@ -115,9 +115,9 @@ public static MethodImpl getUsageSourceParameMethod(String canonicalClassName,
 		ReturnValue returnValue = null;
 
 		// For the first input parameter.
-		InputParameter inputParam = new InputParameter();
-		inputParam.setNumber(0);
-		inputs.add(inputParam);
+		OutputParameter outputParam = new OutputParameter();
+		outputParam.setNumber(0);
+		outputs.add(outputParam);
 
 		MethodImpl method = new MethodImpl();
 		method.setName("getSecret");

de.fraunhofer.iem.secucheck.analysis/src/main/java/de/fraunhofer/iem/secucheck/analysis/SecucheckTaintAnalysisBase.java

@@ -194,31 +194,31 @@ protected void internalTransform(String phaseName, Map options) {
 				icfg = new JimpleBasedInterproceduralCFG(true);
 				try {
 					executeAnalysis();
-				} catch (Exception e) {	}
+				} catch (Exception ex) {
+					ex.printStackTrace();
+				}
 			}
 		};
 	}
-
+	
+	
 	private static void drawCallGraph(CallGraph callGraph){
         DotGraph dot = new DotGraph("callgraph");
         Iterator<Edge> iteratorEdges = callGraph.iterator();
 
-        int i = 0;
         System.out.println("Call Graph size : "+ callGraph.size());
         while (iteratorEdges.hasNext()) {
             Edge edge = iteratorEdges.next();
             String node_src = edge.getSrc().toString();
             String node_tgt = edge.getTgt().toString();
-
             dot.drawEdge(node_src, node_tgt);
-            System.out.println(i++);
         }
-
-        dot.plot("/home/arkt/Desktop/cgs/callgraph.dot");
+        dot.plot("<file-path>");
     }
 
 	private void executeAnalysis() throws Exception {
-				
+		
+		// For dumping the call graph for debugging purposes.
 		//drawCallGraph(Scene.v().getCallGraph());
 
 		for (CompositeTaintFlowQueryImpl flowQuery : this.flowQueries) {