About how to collect and evaluate library methods in TaintWrapperSource.txt

[fanweneddie]

Hi, @X-czh @zjzijielu ,

I know that file TaintWrapperSource.txt contains a list of methods in Java library. But I don't know how to collect them and how to evaluate the MethodWrapType(e.g. the type of method <java.util.concurrent.ThreadLocalRandom: int nextInt(int)> is TaintReturn) of each method?

[X-czh]

@fanweneddie Do you mean how to parse the file and get the method wrap types for each of the methods? If this is the case, then you can refer to the code here: https://github.com/xlab-uiuc/cflow/blob/master/src/main/java/taintAnalysis/taintWrapper/TaintWrapper.java.

[fanweneddie]

@X-czh,
Actually, I know the meaning of each type(e.g. TaintBoth) and how to deal with it.
But given a java library method(such as <java.util.concurrent.ThreadLocalRandom: int nextInt(int)>), how could you evaluate its type(such as TaintReturn)? Is there any heuristics?

[X-czh]

In general, you need to look into the implementation:

1. A method could change the state of its base object by a tainted parameter/base object => base should be tainted
2. A method could return a value that could be tainted by a tainted parameter/base object internally => return val should be tainted
3. A method could kill taints of its base object, e.g. ArrayList#clear() => kill the taint on the base object

Most of the rules come directly from FlowDroid's rules. We added a few for some cases not covered by FD.

[fanweneddie]

@X-czh
OK! Thanks for your explanation. I understand what you mean.