From 31ff504d5670895adb0b7911f12a3ae26024f9ca Mon Sep 17 00:00:00 2001 From: Nikita Stroganov Date: Tue, 13 Jun 2023 01:06:05 +0300 Subject: [PATCH 1/2] Add an example of default taint config file --- .../src/main/resources/taint/config.yaml | 107 +++++++++++++++++- 1 file changed, 103 insertions(+), 4 deletions(-) diff --git a/utbot-framework/src/main/resources/taint/config.yaml b/utbot-framework/src/main/resources/taint/config.yaml index 428fda9d5a..5d4afd7120 100644 --- a/utbot-framework/src/main/resources/taint/config.yaml +++ b/utbot-framework/src/main/resources/taint/config.yaml @@ -2,10 +2,109 @@ sources: - java.util.Scanner.next: add-to: return marks: user-input + - java.io.BufferedReader.readLine: + add-to: return + marks: user-input + - javax.servlet.http.HttpServletRequest.getParameter: + add-to: return + marks: user-input + - java.util.Properties.getProperty: + add-to: return + marks: user-input + - java.sql.ResultSet.getString: + add-to: return + marks: user-input + - javax.servlet.http.HttpServletRequest.getQueryString: + add-to: return + marks: user-input + +cleaners: + - java.lang.String.isEmpty: + remove-from: this + marks: [ ] + conditions: + return: true + +passes: + - java.lang.String.getBytes: + get-from: this + add-to: return + marks: [ ] + - java.lang.String.split: + get-from: this + add-to: return + marks: [ ] + - java.lang.String.concat: + get-from: [ this, arg1 ] + add-to: return + marks: [ ] + - java.lang.StringBuilder.append: + get-from: arg1 + add-to: this + marks: [ ] + - java.lang.StringBuilder.toString: + get-from: this + add-to: return + marks: [ ] + + - java.sql.Connection.prepareStatement: + get-from: arg1 + add-to: [ this, return ] + marks: [ ] + - java.sql.PreparedStatement.setString: + get-from: arg2 + add-to: this + marks: [ ] + + - java.sql.Statement.addBatch: + get-from: arg1 + add-to: this + marks: [ ] + + - java.io.ByteArrayOutputStream.writeData: + get-from: arg1 + add-to: this + marks: [ ] + - java.io.ByteArrayOutputStream.toByteArray: + get-from: this + add-to: return + marks: [ ] + - java.io.ByteArrayInputStream.: + get-from: arg1 + add-to: [ this, return ] + marks: [ ] + - java.io.ObjectInputStream.: + get-from: arg1 + add-to: [ this, return ] + marks: [ ] + - java.io.ObjectInputStream.readObject: + get-from: this + add-to: return + marks: [ ] sinks: - - java.lang.RuntimeException.: + - java.sql.Statement.execute: check: arg1 - marks: [] - conditions: - arg1: { not: "" } + marks: user-input + - java.sql.Statement.executeUpdate: + check: arg1 + marks: user-input + - java.sql.Statement.executeBatch: + check: this + marks: user-input + - java.sql.Statement.executeQuery: + check: arg1 + marks: user-input + + - java.sql.PreparedStatement.execute: + check: this + marks: user-input + - java.sql.PreparedStatement.executeUpdate: + check: this + marks: user-input + - java.sql.PreparedStatement.executeBatch: + check: this + marks: user-input + - java.sql.PreparedStatement.executeQuery: + check: this + marks: user-input From e0b1fde60168da14ce749be92e296bb8114a370c Mon Sep 17 00:00:00 2001 From: Nikita Stroganov Date: Tue, 13 Jun 2023 12:46:32 +0300 Subject: [PATCH 2/2] Add conditions to default taint config file --- .../src/main/resources/taint/config.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/utbot-framework/src/main/resources/taint/config.yaml b/utbot-framework/src/main/resources/taint/config.yaml index 5d4afd7120..bc708767de 100644 --- a/utbot-framework/src/main/resources/taint/config.yaml +++ b/utbot-framework/src/main/resources/taint/config.yaml @@ -30,18 +30,32 @@ passes: get-from: this add-to: return marks: [ ] + conditions: + this: { not: "" } - java.lang.String.split: get-from: this add-to: return marks: [ ] + conditions: + this: { not: "" } + - java.lang.String.concat: + get-from: this + add-to: return + marks: [ ] + conditions: + this: { not: "" } - java.lang.String.concat: - get-from: [ this, arg1 ] + get-from: arg1 add-to: return marks: [ ] + conditions: + arg1: { not: "" } - java.lang.StringBuilder.append: get-from: arg1 add-to: this marks: [ ] + conditions: + arg1: { not: "" } - java.lang.StringBuilder.toString: get-from: this add-to: return