Benjamin Muskalla
b4eadefb92
Fix test
2021-11-16 17:28:01 +01:00
Benjamin Muskalla
0e6bb28016
Only consider store steps
2021-11-16 10:46:24 +01:00
Benjamin Muskalla
f4310898b3
Capture sources flowing into parameters
2021-11-15 16:28:28 +01:00
Benjamin Muskalla
bca6cecd1c
Remove basic support for lambda flow
2021-11-15 12:38:30 +01:00
Benjamin Muskalla
a0b7f267ff
Only capture taint from own fields
...
Also exclude `Charset` as relevant taint-carrying type. This is generally
what we want to lets us avoid tracking arguments that lead to FP.
2021-11-12 10:15:15 +01:00
Benjamin Muskalla
b8809a20d8
Support propagating taint of inner object
2021-11-12 09:39:59 +01:00
Benjamin Muskalla
2d4176bec0
Ignore Number-derived types
2021-11-10 16:30:27 +01:00
Benjamin Muskalla
dbd393b77a
Support flow into field of referenced objects
2021-11-10 16:30:27 +01:00
Benjamin Muskalla
6960a7b97e
Remove extraneous last column
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
e2bd792fc2
Consider bulk-like data for argument accessors
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
739fe75194
Support flow for factory and strategy pattern
...
* Support models for factories that create
new instances of an object while tainting it with incoming data
* Support models to infer super types for
private implementations to expose the models
at the right level
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
747ab122c3
Restrict fluent api models to same type access
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
9500c9c8bc
Support lambda flow for source models
...
Also rely on public API to detect the source node
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
35baa1c3df
Support bulkdata for boxed types as well
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
83b4070f31
Fix bug to accept bulk data for char/byte arrays
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
281f25403d
Match enclosing unit without casting to specific nodes
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
0e9fcc6c39
Only generate models for local supertypes
...
Avoid generating models for classes
implementing external SPI (e.g. `FileFilter`).
Keep `toString` models intact as they're
commonly used as taint-propagation method
(e.g. see `Joiner`).
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
157f56f48a
Capture model for defining interface
...
Instead of modeling individual implementations, take a more general
approach of reuse dataflows for interfaces defined by a library. This allows
tracking flows across all implementations and aligns better with how we
manually model frameworks. This may have some FPs given all possible flows
are modeled for a specific interface but also covers more scenarios where
we don't know which implementation of an interface is used.
2021-11-10 16:30:22 +01:00
Benjamin Muskalla
f36bb8baaf
Exclude models for simpler types
...
Avoid generating models for types that can't really propagate taint
in a valuable way (e.g. primitivies, BigInt, ..). Keep tracking
bulk-like data (e.g. char[] or byte[]).
2021-11-10 16:30:22 +01:00
Benjamin Muskalla
7a7ec06819
Simplify sink configuration
2021-11-10 16:30:20 +01:00
Benjamin Muskalla
2b2ac82fb7
Fix bug in sink detection
2021-11-10 16:30:20 +01:00
Benjamin Muskalla
c616eb1473
Fix finding more sources
2021-11-10 16:30:19 +01:00
Benjamin Muskalla
a1d8dfb524
Initial support for source models
2021-11-10 16:30:19 +01:00
Benjamin Muskalla
f9fea15a52
Initial support for capturing sink models
2021-11-10 16:30:18 +01:00
Benjamin Muskalla
364de55b8d
Support parameter->parameter flow
2021-11-10 16:30:18 +01:00
Benjamin Muskalla
cd11ef3bf6
Support outgoing taint flow from fields
2021-11-10 16:30:18 +01:00
Benjamin Muskalla
c3462be2c9
Capture argument->return value flows
2021-11-10 16:30:18 +01:00
Benjamin Muskalla
4ca006ba3d
Only expose visible innner classes
2021-11-10 16:30:18 +01:00
Benjamin Muskalla
88032afdc3
Add test for final class
2021-11-10 16:30:17 +01:00
Benjamin Muskalla
ec772fb6b2
Add support for qualifier flow
2021-11-10 16:30:17 +01:00
Benjamin Muskalla
32ef40c77b
Add scaffolding for summary model generator
2021-11-10 16:30:17 +01:00
