Refactored Taint Analysis (#216)

Co-authored-by: Sergey Pospelov <[email protected]>

Author: Lipen

buildSrc/src/main/kotlin/Dependencies.kt

@@ -29,7 +29,8 @@ object Versions {
     const val kotlinx_metadata = "0.5.0"
     const val kotlinx_serialization = "1.4.1"
     const val licenser = "0.6.1"
-    const val mockito = "4.8.0"
+    const val mockk = "1.13.3"
+    const val sarif4k = "0.5.0"
     const val shadow = "8.1.1"
     const val slf4j = "1.7.36"
     const val soot_utbot_fork = "4.4.0-FORK-2"
@@ -134,6 +135,11 @@ object Libs {
     )
 
     // https://github.com/Kotlin/kotlinx.serialization
+    val kotlinx_serialization_core = dep(
+        group = "org.jetbrains.kotlinx",
+        name = "kotlinx-serialization-core",
+        version = Versions.kotlinx_serialization
+    )
     val kotlinx_serialization_json = dep(
         group = "org.jetbrains.kotlinx",
         name = "kotlinx-serialization-json",
@@ -199,11 +205,11 @@ object Libs {
         version = Versions.jdot
     )
 
-    // https://github.com/mockito/mockito
-    val mockito_core = dep(
-        group = "org.mockito",
-        name = "mockito-core",
-        version = Versions.mockito
+    // https://github.com/mockk/mockk
+    val mockk = dep(
+        group = "io.mockk",
+        name = "mockk",
+        version = Versions.mockk
     )
 
     // https://github.com/JetBrains/java-annotations
@@ -275,6 +281,13 @@ object Libs {
         name = "cwe${cweNum}",
         version = Versions.juliet
     )
+
+    // https://github.com/detekt/sarif4k
+    val sarif4k = dep(
+        group = "io.github.detekt.sarif4k",
+        name = "sarif4k",
+        version = Versions.sarif4k
+    )
 }
 
 object Plugins {
@@ -320,4 +333,4 @@ object Plugins {
 
 fun PluginDependenciesSpec.id(plugin: Plugins.ProjectPlugin) {
     id(plugin.id).version(plugin.version)
-}
+}

jacodb-analysis/build.gradle.kts

@@ -6,14 +6,20 @@ plugins {
 dependencies {
     api(project(":jacodb-core"))
     api(project(":jacodb-api"))
+    api(project(":jacodb-taint-configuration"))
 
     implementation(Libs.kotlin_logging)
     implementation(Libs.slf4j_simple)
     implementation(Libs.kotlinx_coroutines_core)
     implementation(Libs.kotlinx_serialization_json)
+    api(Libs.sarif4k)
 
     testImplementation(testFixtures(project(":jacodb-core")))
     testImplementation(project(":jacodb-api"))
+    testImplementation(kotlin("test"))
+    testImplementation(Libs.mockk)
+
+    // Additional deps for analysis:
     testImplementation(files("src/test/resources/pointerbench.jar"))
     testImplementation(Libs.joda_time)
     testImplementation(Libs.juliet_support)

jacodb-analysis/src/main/kotlin/org/jacodb/analysis/AnalysisMain.kt

@@ -0,0 +1,185 @@
+/*
+ *  Copyright 2022 UnitTestBot contributors (utbot.org)
+ * <p>
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ * <p>
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.jacodb.analysis.config
+
+import org.jacodb.analysis.ifds.AccessPath
+import org.jacodb.analysis.ifds.ElementAccessor
+import org.jacodb.analysis.ifds.Maybe
+import org.jacodb.analysis.ifds.onSome
+import org.jacodb.analysis.ifds.toPath
+import org.jacodb.analysis.taint.Tainted
+import org.jacodb.api.cfg.JcBool
+import org.jacodb.api.cfg.JcConstant
+import org.jacodb.api.cfg.JcInt
+import org.jacodb.api.cfg.JcStringConstant
+import org.jacodb.api.cfg.JcValue
+import org.jacodb.api.ext.isAssignable
+import org.jacodb.taint.configuration.And
+import org.jacodb.taint.configuration.AnnotationType
+import org.jacodb.taint.configuration.ConditionVisitor
+import org.jacodb.taint.configuration.ConstantBooleanValue
+import org.jacodb.taint.configuration.ConstantEq
+import org.jacodb.taint.configuration.ConstantGt
+import org.jacodb.taint.configuration.ConstantIntValue
+import org.jacodb.taint.configuration.ConstantLt
+import org.jacodb.taint.configuration.ConstantMatches
+import org.jacodb.taint.configuration.ConstantStringValue
+import org.jacodb.taint.configuration.ConstantTrue
+import org.jacodb.taint.configuration.ContainsMark
+import org.jacodb.taint.configuration.IsConstant
+import org.jacodb.taint.configuration.IsType
+import org.jacodb.taint.configuration.Not
+import org.jacodb.taint.configuration.Or
+import org.jacodb.taint.configuration.PositionResolver
+import org.jacodb.taint.configuration.SourceFunctionMatches
+import org.jacodb.taint.configuration.TypeMatches
+
+open class BasicConditionEvaluator(
+    internal val positionResolver: PositionResolver<Maybe<JcValue>>,
+) : ConditionVisitor<Boolean> {
+
+    override fun visit(condition: ConstantTrue): Boolean {
+        return true
+    }
+
+    override fun visit(condition: Not): Boolean {
+        return !condition.arg.accept(this)
+    }
+
+    override fun visit(condition: And): Boolean {
+        return condition.args.all { it.accept(this) }
+    }
+
+    override fun visit(condition: Or): Boolean {
+        return condition.args.any { it.accept(this) }
+    }
+
+    override fun visit(condition: IsConstant): Boolean {
+        positionResolver.resolve(condition.position).onSome { return it is JcConstant }
+        return false
+    }
+
+    override fun visit(condition: IsType): Boolean {
+        // Note: TaintConfigurationFeature.ConditionSpecializer is responsible for
+        // expanding IsType condition upon parsing the taint configuration.
+        error("Unexpected condition: $condition")
+    }
+
+    override fun visit(condition: AnnotationType): Boolean {
+        // Note: TaintConfigurationFeature.ConditionSpecializer is responsible for
+        // expanding AnnotationType condition upon parsing the taint configuration.
+        error("Unexpected condition: $condition")
+    }
+
+    override fun visit(condition: ConstantEq): Boolean {
+        positionResolver.resolve(condition.position).onSome { value ->
+            return when (val constant = condition.value) {
+                is ConstantBooleanValue -> {
+                    value is JcBool && value.value == constant.value
+                }
+
+                is ConstantIntValue -> {
+                    value is JcInt && value.value == constant.value
+                }
+
+                is ConstantStringValue -> {
+                    // TODO: if 'value' is not string, convert it to string and compare with 'constant.value'
+                    value is JcStringConstant && value.value == constant.value
+                }
+            }
+        }
+        return false
+    }
+
+    override fun visit(condition: ConstantLt): Boolean {
+        positionResolver.resolve(condition.position).onSome { value ->
+            return when (val constant = condition.value) {
+                is ConstantIntValue -> {
+                    value is JcInt && value.value < constant.value
+                }
+
+                else -> error("Unexpected constant: $constant")
+            }
+        }
+        return false
+    }
+
+    override fun visit(condition: ConstantGt): Boolean {
+        positionResolver.resolve(condition.position).onSome { value ->
+            return when (val constant = condition.value) {
+                is ConstantIntValue -> {
+                    value is JcInt && value.value > constant.value
+                }
+
+                else -> error("Unexpected constant: $constant")
+            }
+        }
+        return false
+    }
+
+    override fun visit(condition: ConstantMatches): Boolean {
+        positionResolver.resolve(condition.position).onSome { value ->
+            val re = condition.pattern.toRegex()
+            return re.matches(value.toString())
+        }
+        return false
+    }
+
+    override fun visit(condition: SourceFunctionMatches): Boolean {
+        TODO("Not implemented yet")
+    }
+
+    override fun visit(condition: ContainsMark): Boolean {
+        error("This visitor does not support condition $condition. Use FactAwareConditionEvaluator instead")
+    }
+
+    override fun visit(condition: TypeMatches): Boolean {
+        positionResolver.resolve(condition.position).onSome { value ->
+            return value.type.isAssignable(condition.type)
+        }
+        return false
+    }
+}
+
+class FactAwareConditionEvaluator(
+    private val fact: Tainted,
+    positionResolver: PositionResolver<Maybe<JcValue>>,
+) : BasicConditionEvaluator(positionResolver) {
+
+    override fun visit(condition: ContainsMark): Boolean {
+        if (fact.mark != condition.mark) return false
+        positionResolver.resolve(condition.position).onSome { value ->
+            val variable = value.toPath()
+
+            // FIXME: Adhoc for arrays
+            val variableWithoutStars = variable.removeTrailingElementAccessors()
+            val factWithoutStars = fact.variable.removeTrailingElementAccessors()
+            if (variableWithoutStars == factWithoutStars) return true
+
+            return variable == fact.variable
+        }
+        return false
+    }
+
+    private fun AccessPath.removeTrailingElementAccessors(): AccessPath {
+        val accesses = accesses.toMutableList()
+        while (accesses.lastOrNull() is ElementAccessor) {
+            accesses.removeLast()
+        }
+        return AccessPath(value, accesses)
+    }
+}