Example 6 with FrameNode
use of org.objectweb.asm.tree.FrameNode in project phosphor by gmu-swe.
the class UninstrumentedCompatMV method visitMethodInsn.
@Override
public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean itf) {
if (Instrumenter.isIgnoredClass(owner)) {
super.visitMethodInsn(opcode, owner, name, desc, itf);
return;
}
Type ownerType = Type.getObjectType(owner);
if (opcode == INVOKEVIRTUAL && ownerType.getSort() == Type.ARRAY && ownerType.getElementType().getSort() != Type.OBJECT && ownerType.getDimensions() > 1) {
// System.out.println("got to change the owner on primitive array call from " +owner+" to " + MultiDTaintedArray.getTypeForType(ownerType));
owner = MultiDTaintedArray.getTypeForType(ownerType).getInternalName();
}
Type origReturnType = Type.getReturnType(desc);
boolean isCalledOnArrayType = false;
if ((owner.equals("java/lang/System") || owner.equals("java/lang/VMSystem") || owner.equals("java/lang/VMMemoryManager")) && name.equals("arraycopy") && !desc.equals("(Ljava/lang/Object;ILjava/lang/Object;IILjava/lang/DCompMarker;)V")) {
owner = Type.getInternalName(TaintUtils.class);
super.visitMethodInsn(opcode, owner, name, desc, itf);
return;
}
if (Instrumenter.isIgnoredClass(owner) || Instrumenter.isIgnoredMethod(owner, name, desc)) {
super.visitMethodInsn(opcode, owner, name, desc, itf);
return;
}
if ((opcode == Opcodes.INVOKEVIRTUAL || opcode == Opcodes.INVOKESPECIAL) && !analyzer.stack.isEmpty()) {
int argsize = 0;
for (Type t : Type.getArgumentTypes(desc)) argsize += t.getSize();
// System.out.println(name + desc + analyzer.stack);
Object calledOn = analyzer.stack.get(analyzer.stack.size() - argsize - 1);
if (calledOn instanceof String && ((String) calledOn).startsWith("[")) {
// System.out.println("Called on arraystack");
isCalledOnArrayType = true;
}
}
if (!isCalledOnArrayType && Configuration.WITH_SELECTIVE_INST && !owner.startsWith("[") && Instrumenter.isIgnoredMethodFromOurAnalysis(owner, name, desc)) {
if (name.equals("<init>")) {
super.visitInsn(Opcodes.ACONST_NULL);
desc = desc.substring(0, desc.indexOf(')')) + Type.getDescriptor(UninstrumentedTaintSentinel.class) + ")" + desc.substring(desc.indexOf(')') + 1);
} else
name += TaintUtils.METHOD_SUFFIX_UNINST;
desc = TaintUtils.remapMethodDescForUninst(desc);
super.visitMethodInsn(opcode, owner, name, desc, itf);
} else if (!Instrumenter.isIgnoredClass(owner) && !owner.startsWith("[") && !isCalledOnArrayType) {
// call into the instrumented version
boolean hasChangedDesc = false;
if (desc.equals(TaintUtils.remapMethodDesc(desc))) {
// Calling an instrumented method possibly!
Type[] args = Type.getArgumentTypes(desc);
int argsSize = 0;
for (int i = 0; i < args.length; i++) {
argsSize += args[args.length - i - 1].getSize();
// TODO optimize
if (args[args.length - i - 1].getDescriptor().endsWith("java/lang/Object;")) {
ensureBoxedAt(i, args[args.length - i - 1]);
}
}
} else {
hasChangedDesc = true;
String newDesc = TaintUtils.remapMethodDesc(desc);
Type[] args = Type.getArgumentTypes(desc);
int[] argStorage = new int[args.length];
for (int i = 0; i < args.length; i++) {
Type t = args[args.length - i - 1];
int lv = lvs.getTmpLV(t);
super.visitVarInsn(t.getOpcode(Opcodes.ISTORE), lv);
argStorage[args.length - i - 1] = lv;
}
for (int i = 0; i < args.length; i++) {
Type t = args[i];
if (t.getSort() == Type.OBJECT) {
super.visitVarInsn(Opcodes.ALOAD, argStorage[i]);
if (t.getDescriptor().equals("Ljava/lang/Object;")) {
// need to box!
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(MultiDTaintedArray.class), "boxIfNecessary", "(Ljava/lang/Object;)Ljava/lang/Object;", false);
}
} else if (t.getSort() == Type.ARRAY) {
if (t.getDimensions() == 1 && t.getElementType().getSort() != Type.OBJECT) {
FrameNode fn = getCurrentFrameNode();
super.visitVarInsn(Opcodes.ALOAD, argStorage[i]);
Label ok = new Label();
Label isnull = new Label();
super.visitJumpInsn(IFNULL, isnull);
super.visitVarInsn(Opcodes.ALOAD, argStorage[i]);
super.visitInsn(Opcodes.ARRAYLENGTH);
if (Configuration.MULTI_TAINTING)
super.visitTypeInsn(Opcodes.ANEWARRAY, Configuration.TAINT_TAG_INTERNAL_NAME);
else
super.visitIntInsn(Opcodes.NEWARRAY, Opcodes.T_INT);
super.visitJumpInsn(Opcodes.GOTO, ok);
super.visitLabel(isnull);
fn.accept(this);
super.visitInsn(Opcodes.ACONST_NULL);
super.visitLabel(ok);
fn.stack = new LinkedList(fn.stack);
fn.stack.add(Configuration.TAINT_TAG_ARRAY_INTERNAL_NAME);
fn.accept(this);
super.visitVarInsn(Opcodes.ALOAD, argStorage[i]);
} else
super.visitVarInsn(Opcodes.ALOAD, argStorage[i]);
} else {
super.visitInsn(Configuration.NULL_TAINT_LOAD_OPCODE);
super.visitVarInsn(t.getOpcode(Opcodes.ILOAD), argStorage[i]);
}
lvs.freeTmpLV(argStorage[i]);
}
desc = newDesc;
}
Type newReturnType = Type.getReturnType(desc);
if (name.equals("<init>") && hasChangedDesc) {
super.visitInsn(Opcodes.ACONST_NULL);
desc = desc.substring(0, desc.indexOf(')')) + Type.getDescriptor(TaintSentinel.class) + ")" + desc.substring(desc.indexOf(')') + 1);
} else {
if ((origReturnType.getSort() == Type.ARRAY && origReturnType.getDimensions() == 1 && origReturnType.getElementType().getSort() != Type.OBJECT) || (origReturnType.getSort() != Type.ARRAY && origReturnType.getSort() != Type.OBJECT && origReturnType.getSort() != Type.VOID)) {
desc = desc.substring(0, desc.indexOf(')')) + newReturnType.getDescriptor() + ")" + desc.substring(desc.indexOf(')') + 1);
super.visitVarInsn(ALOAD, lvs.getPreAllocedReturnTypeVar(newReturnType));
name += TaintUtils.METHOD_SUFFIX;
} else if (hasChangedDesc)
name += TaintUtils.METHOD_SUFFIX;
}
super.visitMethodInsn(opcode, owner, name, desc, itf);
if (origReturnType.getSort() == Type.ARRAY && origReturnType.getDimensions() == 1 && origReturnType.getElementType().getSort() != Type.OBJECT) {
// unbox array
super.visitFieldInsn(GETFIELD, newReturnType.getInternalName(), "val", origReturnType.getDescriptor());
} else if (origReturnType.getSort() != Type.ARRAY && origReturnType.getSort() != Type.OBJECT && origReturnType.getSort() != Type.VOID) {
// unbox prim
super.visitFieldInsn(GETFIELD, newReturnType.getInternalName(), "val", origReturnType.getDescriptor());
}
} else {
if (!name.equals("clone") && !name.equals("equals"))
System.out.println("Call UNTOUCHED" + owner + name + desc);
super.visitMethodInsn(opcode, owner, name, desc, itf);
}
}
Also used :
Type(org.objectweb.asm.Type)
FrameNode(org.objectweb.asm.tree.FrameNode)
Label(org.objectweb.asm.Label)
TaintUtils(edu.columbia.cs.psl.phosphor.TaintUtils)
UninstrumentedTaintSentinel(edu.columbia.cs.psl.phosphor.runtime.UninstrumentedTaintSentinel)
TaintSentinel(edu.columbia.cs.psl.phosphor.runtime.TaintSentinel)
LinkedList(java.util.LinkedList)
Example 7 with FrameNode
use of org.objectweb.asm.tree.FrameNode in project phosphor by gmu-swe.
the class UninstrumentedCompatMV method visitFieldInsn.
@Override
public void visitFieldInsn(int opcode, String owner, String name, String desc) {
Type t = Type.getType(desc);
if (t.getSort() == Type.ARRAY && t.getDimensions() > 1 && t.getElementType().getSort() != Type.OBJECT)
desc = MultiDTaintedArray.getTypeForType(t).getDescriptor();
switch(opcode) {
case Opcodes.GETFIELD:
case Opcodes.GETSTATIC:
super.visitFieldInsn(opcode, owner, name, desc);
break;
case Opcodes.PUTFIELD:
case Opcodes.PUTSTATIC:
if (t.getSort() == Type.ARRAY && t.getDimensions() == 1 && t.getElementType().getSort() != Type.OBJECT) {
// 1d prim array - need to make sure that there is some taint here
FrameNode fn = getCurrentFrameNode();
fn.type = Opcodes.F_NEW;
super.visitInsn(Opcodes.DUP);
Label ok = new Label();
super.visitJumpInsn(IFNULL, ok);
if (opcode == Opcodes.PUTFIELD) {
// O A
super.visitInsn(DUP2);
// O A O A
} else
super.visitInsn(Opcodes.DUP);
super.visitInsn(Opcodes.ARRAYLENGTH);
if (!Configuration.MULTI_TAINTING)
super.visitIntInsn(Opcodes.NEWARRAY, Opcodes.T_INT);
else
super.visitTypeInsn(Opcodes.ANEWARRAY, Configuration.TAINT_TAG_INTERNAL_NAME);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, Configuration.TAINT_TAG_ARRAYDESC);
super.visitLabel(ok);
if (!skipFrames)
fn.accept(this);
}
super.visitFieldInsn(opcode, owner, name, desc);
break;
}
}Example 8 with FrameNode
use of org.objectweb.asm.tree.FrameNode in project phosphor by gmu-swe.
the class ReflectionHidingMV method visitMethodInsn.
@Override
public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean itfc) {
Type[] args = Type.getArgumentTypes(desc);
if (isObjOutputStream && name.equals("getClass")) {
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getClassOOS", "(Ljava/lang/Object;)Ljava/lang/Class;", false);
return;
}
if ((disable || className.equals("java/io/ObjectOutputStream") || className.equals("java/io/ObjectInputStream")) && owner.equals("java/lang/Class") && !owner.equals(className) && name.startsWith("isInstance$$PHOSPHORTAGGED")) {
// Even if we are ignoring other hiding here, we definitely need to
// do this.
String retDesc = "Ledu/columbia/cs/psl/phosphor/struct/TaintedBooleanWith" + (Configuration.MULTI_TAINTING ? "Obj" : "Int") + "Tag;";
if (Configuration.IMPLICIT_TRACKING)
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "isInstance", "(Ljava/lang/Class;Ljava/lang/Object;" + Type.getDescriptor(ControlTaintTagStack.class) + retDesc + ")" + retDesc, false);
else
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "isInstance", "(Ljava/lang/Class;Ljava/lang/Object;" + retDesc + ")" + retDesc, false);
return;
}
if (disable) {
if ((this.methodName.startsWith("setObjFieldValues") || this.className.startsWith("java/math/BigInteger")) && owner.equals("sun/misc/Unsafe") && (name.startsWith("putObject") || name.startsWith("compareAndSwapObject"))) {
owner = Type.getInternalName(ReflectionMasker.class);
super.visitMethodInsn(INVOKESTATIC, owner, name, "(Lsun/misc/Unsafe;" + desc.substring(1), itfc);
return;
} else if (this.methodName.startsWith("getObjFieldValues") && owner.equals("sun/misc/Unsafe") && name.startsWith("getObject")) {
owner = Type.getInternalName(ReflectionMasker.class);
super.visitMethodInsn(INVOKESTATIC, owner, name, "(Lsun/misc/Unsafe;" + desc.substring(1), itfc);
return;
} else if ((this.methodName.startsWith("getPrimFieldValues") || this.methodName.startsWith("setPrimFieldValues")) && owner.equals("sun/misc/Unsafe") && (name.startsWith("put") || name.startsWith("get"))) {
name = name + "$$NOUNBOX";
super.visitMethodInsn(opcode, owner, name, desc, itfc);
return;
}
super.visitMethodInsn(opcode, owner, name, desc, itfc);
return;
}
if ((owner.equals("java/lang/reflect/Method") || owner.equals("java/lang/reflect/Constructor")) && (name.startsWith("invoke") || name.startsWith("newInstance"))) {
if (owner.equals("java/lang/reflect/Method")) {
// method owner [Args
// Try the fastpath where we know we don't change the method
{
// orig version
if (Configuration.IMPLICIT_TRACKING) {
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "fixAllArgs", "(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;" + Type.getDescriptor(ControlTaintTagStack.class) + ")" + Type.getDescriptor(MethodInvoke.class), false);
} else {
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "fixAllArgs", "(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;Z)" + Type.getDescriptor(MethodInvoke.class), false);
}
// B
super.visitInsn(Opcodes.DUP);
// B B
super.visitFieldInsn(Opcodes.GETFIELD, Type.getInternalName(MethodInvoke.class), "m", "Ljava/lang/reflect/Method;");
// B M
super.visitInsn(Opcodes.SWAP);
// M B
super.visitInsn(Opcodes.DUP);
super.visitFieldInsn(Opcodes.GETFIELD, Type.getInternalName(MethodInvoke.class), "o", "Ljava/lang/Object;");
super.visitInsn(Opcodes.SWAP);
super.visitFieldInsn(Opcodes.GETFIELD, Type.getInternalName(MethodInvoke.class), "a", "[Ljava/lang/Object;");
if (Configuration.IMPLICIT_TRACKING)
super.visitVarInsn(ALOAD, lvs.idxOfMasterControlLV);
}
} else {
if (Configuration.IMPLICIT_TRACKING) {
super.visitInsn(POP);
super.visitInsn(Opcodes.SWAP);
// [A C
super.visitInsn(Opcodes.DUP_X1);
// C [A C
super.visitVarInsn(ALOAD, lvs.idxOfMasterControlLV);
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "fixAllArgs", "([Ljava/lang/Object;Ljava/lang/reflect/Constructor;" + Type.getDescriptor(ControlTaintTagStack.class) + ")[Ljava/lang/Object;", false);
super.visitVarInsn(ALOAD, lvs.idxOfMasterControlLV);
} else {
super.visitInsn(Opcodes.SWAP);
// [A C
super.visitInsn(Opcodes.DUP_X1);
// C [A C
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "fixAllArgs", "([Ljava/lang/Object;Ljava/lang/reflect/Constructor;Z)[Ljava/lang/Object;", false);
}
}
} else if ((owner.equals("java/lang/reflect/Method")) && name.startsWith("get") && !className.equals(owner) && !className.startsWith("sun/reflect") && !className.startsWith("java/lang/Class")) {
if (args.length == 0) {
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getOrigMethod", "(Ljava/lang/reflect/Method;Z)Ljava/lang/reflect/Method;", false);
} else if (args.length == 1) {
super.visitInsn(Opcodes.SWAP);
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getOrigMethod", "(Ljava/lang/reflect/Method;Z)Ljava/lang/reflect/Method;", false);
super.visitInsn(Opcodes.SWAP);
} else if (args.length == 2) {
int lv1 = lvs.getTmpLV();
super.visitVarInsn(Opcodes.ASTORE, lv1);
int lv2 = lvs.getTmpLV();
super.visitVarInsn(Opcodes.ASTORE, lv2);
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getOrigMethod", "(Ljava/lang/reflect/Method;Z)Ljava/lang/reflect/Method;", false);
super.visitVarInsn(Opcodes.ALOAD, lv2);
super.visitVarInsn(Opcodes.ALOAD, lv1);
lvs.freeTmpLV(lv1);
lvs.freeTmpLV(lv2);
}
} else if ((owner.equals("java/lang/reflect/Constructor")) && name.startsWith("get") && !className.equals(owner) && !className.startsWith("sun/reflect") && !className.equals("java/lang/Class")) {
if (args.length == 0) {
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getOrigMethod", "(Ljava/lang/reflect/Constructor;Z)Ljava/lang/reflect/Constructor;", false);
} else if (args.length == 1) {
super.visitInsn(Opcodes.SWAP);
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getOrigMethod", "(Ljava/lang/reflect/Constructor;Z)Ljava/lang/reflect/Constructor;", false);
super.visitInsn(Opcodes.SWAP);
} else if (args.length == 2) {
int lv1 = lvs.getTmpLV();
super.visitVarInsn(Opcodes.ASTORE, lv1);
int lv2 = lvs.getTmpLV();
super.visitVarInsn(Opcodes.ASTORE, lv2);
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "getOrigMethod", "(Ljava/lang/reflect/Constructor;Z)Ljava/lang/reflect/Constructor;", false);
super.visitVarInsn(Opcodes.ALOAD, lv2);
super.visitVarInsn(Opcodes.ALOAD, lv1);
lvs.freeTmpLV(lv1);
lvs.freeTmpLV(lv2);
}
} else if (owner.equals("java/lang/Class") && (((name.equals("getConstructor") || (name.equals("getDeclaredConstructor"))) && args.length == 1) || ((name.equals("getMethod") || name.equals("getDeclaredMethod"))) && args.length == 2)) {
if (args.length == 2) {
// super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "addTypeParams", "(Ljava/lang/Class;Ljava/lang/String;[Ljava/lang/Class;)" + Type.getDescriptor(Pair.class));
// super.visitInsn(Opcodes.DUP);
// super.visitFieldInsn(Opcodes.GETFIELD, Type.getInternalName(Pair.class), "o0", Type.getDescriptor(Class.class));
// super.visitInsn(Opcodes.SWAP);
// super.visitInsn(Opcodes.DUP);
// super.visitFieldInsn(Opcodes.GETFIELD, Type.getInternalName(Pair.class), "o1", Type.getDescriptor(String.class));
// super.visitInsn(Opcodes.SWAP);
// super.visitFieldInsn(Opcodes.GETFIELD, Type.getInternalName(Pair.class), "o2", Type.getDescriptor(Class[].class));
opcode = Opcodes.INVOKESTATIC;
owner = Type.getInternalName(ReflectionMasker.class);
desc = "(Ljava/lang/Class;" + desc.substring(1);
if (!Configuration.IMPLICIT_TRACKING) {
desc = "(Ljava/lang/Class;Ljava/lang/String;[Ljava/lang/Class;Z)Ljava/lang/reflect/Method;";
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
}
} else {
super.visitInsn((Configuration.IMPLICIT_TRACKING ? ICONST_1 : ICONST_0));
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "addTypeParams", "([Ljava/lang/Class;ZZ)[Ljava/lang/Class;", false);
}
}
if (owner.equals("java/lang/reflect/Array") && !owner.equals(className)) {
owner = Type.getInternalName(ArrayReflectionMasker.class);
}
if (owner.equals("java/lang/reflect/Field") && opcode == Opcodes.INVOKEVIRTUAL && (name.equals("get") || name.equals("get$$PHOSPHORTAGGED") || name.equals("set$$PHOSPHORTAGGED") || name.equals("getInt$$PHOSPHORTAGGED") || name.equals("getBoolean$$PHOSPHORTAGGED") || name.equals("getChar$$PHOSPHORTAGGED") || name.equals("getDouble$$PHOSPHORTAGGED") || name.equals("getByte$$PHOSPHORTAGGED") || name.equals("getFloat$$PHOSPHORTAGGED") || name.equals("getLong$$PHOSPHORTAGGED") || name.equals("getShort$$PHOSPHORTAGGED") || name.equals("setAccessible$$PHOSPHORTAGGED") || name.equals("set") || name.equals("setInt$$PHOSPHORTAGGED") || name.equals("setBoolean$$PHOSPHORTAGGED") || name.equals("setChar$$PHOSPHORTAGGED") || name.equals("setDouble$$PHOSPHORTAGGED") || name.equals("setByte$$PHOSPHORTAGGED") || name.equals("setFloat$$PHOSPHORTAGGED") || name.equals("setLong$$PHOSPHORTAGGED") || name.equals("setShort$$PHOSPHORTAGGED") || name.equals("getType") || name.equals("getType$$PHOSPHORTAGGED"))) {
owner = Type.getInternalName(RuntimeReflectionPropogator.class);
opcode = Opcodes.INVOKESTATIC;
desc = "(Ljava/lang/reflect/Field;" + desc.substring(1);
if (name.equals("get")) {
desc = "(Ljava/lang/reflect/Field;Ljava/lang/Object;Z)Ljava/lang/Object;";
super.visitInsn((Configuration.MULTI_TAINTING ? Opcodes.ICONST_1 : Opcodes.ICONST_0));
} else if (name.equals("set")) {
desc = "(Ljava/lang/reflect/Field;Ljava/lang/Object;Ljava/lang/Object;Z)V";
super.visitInsn((Configuration.MULTI_TAINTING ? Opcodes.ICONST_1 : Opcodes.ICONST_0));
}
}
super.visitMethodInsn(opcode, owner, name, desc, itfc);
if (owner.equals("java/lang/Class") && desc.endsWith("[Ljava/lang/reflect/Field;") && !className.equals("java/lang/Class")) {
if (!Configuration.WITHOUT_FIELD_HIDING)
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "removeTaintFields", "([Ljava/lang/reflect/Field;)[Ljava/lang/reflect/Field;", false);
} else if (owner.equals("java/lang/Class") && !className.equals(owner) && (desc.equals("()[Ljava/lang/reflect/Method;") || desc.equals("(" + Type.getDescriptor(ControlTaintTagStack.class) + ")[Ljava/lang/reflect/Method;"))) {
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "removeTaintMethods", "([Ljava/lang/reflect/Method;)[Ljava/lang/reflect/Method;", false);
} else if (owner.equals("java/lang/Class") && !className.equals(owner) && (desc.equals("()[Ljava/lang/reflect/Constructor;") || desc.equals("(" + Type.getDescriptor(ControlTaintTagStack.class) + ")[Ljava/lang/reflect/Constructor;"))) {
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "removeTaintConstructors", "([Ljava/lang/reflect/Constructor;)[Ljava/lang/reflect/Constructor;", false);
} else if (owner.equals("java/lang/Class") && name.equals("getInterfaces")) {
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "removeTaintedInterface", "([Ljava/lang/Class;)[Ljava/lang/Class;", false);
} else if (owner.equals("java/lang/Throwable") && (name.equals("getOurStackTrace") || name.equals("getStackTrace")) && desc.equals("()" + "[" + Type.getDescriptor(StackTraceElement.class))) {
String stackTraceElDesc = "[" + Type.getDescriptor(StackTraceElement.class);
if (className.equals("java/lang/Throwable")) {
super.visitVarInsn(Opcodes.ALOAD, 0);
super.visitMethodInsn(Opcodes.INVOKEVIRTUAL, "java/lang/Object", "getClass", "()Ljava/lang/Class;", false);
} else
super.visitLdcInsn(Type.getObjectType(className));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "removeExtraStackTraceElements", "(" + stackTraceElDesc + "Ljava/lang/Class;)" + stackTraceElDesc, false);
} else if (owner.equals("java/lang/Object") && name.equals("getClass") && !isObjOutputStream) {
super.visitInsn((Configuration.MULTI_TAINTING ? ICONST_1 : ICONST_0));
super.visitMethodInsn(Opcodes.INVOKESTATIC, Type.getInternalName(ReflectionMasker.class), "removeTaintClass", "(Ljava/lang/Class;Z)Ljava/lang/Class;", false);
}
if ((owner.equals("java/lang/reflect/Method") || owner.equals("java/lang/reflect/Constructor")) && !(className.equals("java/lang/Class")) && (name.equals("invoke") || name.equals("newInstance") || name.equals("invoke$$PHOSPHORTAGGED") || name.equals("newInstance$$PHOSPHORTAGGED"))) {
// System.out.println(className + " vs " + owner);
// Unbox if necessary
FrameNode fn = TaintAdapter.getCurrentFrameNode(analyzer);
fn.type = Opcodes.F_NEW;
super.visitInsn(Opcodes.DUP);
super.visitTypeInsn(Opcodes.INSTANCEOF, Type.getInternalName((Configuration.MULTI_TAINTING ? TaintedPrimitiveWithObjTag.class : TaintedPrimitiveWithIntTag.class)));
Label notPrimitive = new Label();
Label isOK = new Label();
// Label notPrimitiveArray = new Label();
super.visitJumpInsn(Opcodes.IFEQ, notPrimitive);
FrameNode fn2 = TaintAdapter.getCurrentFrameNode(analyzer);
fn2.type = Opcodes.F_NEW;
super.visitTypeInsn(Opcodes.CHECKCAST, Type.getInternalName((Configuration.MULTI_TAINTING ? TaintedPrimitiveWithObjTag.class : TaintedPrimitiveWithIntTag.class)));
super.visitMethodInsn(Opcodes.INVOKEVIRTUAL, Type.getInternalName((Configuration.MULTI_TAINTING ? TaintedPrimitiveWithObjTag.class : TaintedPrimitiveWithIntTag.class)), "toPrimitiveType", "()Ljava/lang/Object;", false);
// super.visitJumpInsn(Opcodes.GOTO, isOK);
super.visitLabel(notPrimitive);
fn2.accept(this);
// super.visitInsn(Opcodes.DUP);
// super.visitTypeInsn(Opcodes.INSTANCEOF, Type.getInternalName((Configuration.MULTI_TAINTING ? TaintedPrimitiveArrayWithObjTag.class : TaintedPrimitiveArrayWithIntTag.class)));
// super.visitJumpInsn(Opcodes.IFEQ, isOK);
// super.visitTypeInsn(Opcodes.CHECKCAST, Type.getInternalName((Configuration.MULTI_TAINTING ? TaintedPrimitiveArrayWithObjTag.class : TaintedPrimitiveArrayWithIntTag.class)));
// super.visitMethodInsn(Opcodes.INVOKEVIRTUAL, Type.getInternalName((Configuration.MULTI_TAINTING ? TaintedPrimitiveArrayWithObjTag.class : TaintedPrimitiveArrayWithIntTag.class)), "toStackType", "()Ljava/lang/Object;", false);
// super.visitLabel(isOK);
// fn.accept(this);
}
}
Also used :
RuntimeReflectionPropogator(edu.columbia.cs.psl.phosphor.runtime.RuntimeReflectionPropogator)
FrameNode(org.objectweb.asm.tree.FrameNode)
TaintedPrimitiveWithObjTag(edu.columbia.cs.psl.phosphor.struct.TaintedPrimitiveWithObjTag)
Label(org.objectweb.asm.Label)
TaintedPrimitiveWithIntTag(edu.columbia.cs.psl.phosphor.struct.TaintedPrimitiveWithIntTag)
ControlTaintTagStack(edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack)
Type(org.objectweb.asm.Type)
ArrayReflectionMasker(edu.columbia.cs.psl.phosphor.runtime.ArrayReflectionMasker)
ArrayReflectionMasker(edu.columbia.cs.psl.phosphor.runtime.ArrayReflectionMasker)
ReflectionMasker(edu.columbia.cs.psl.phosphor.runtime.ReflectionMasker)
MethodInvoke(edu.columbia.cs.psl.phosphor.struct.MethodInvoke)
Example 9 with FrameNode
use of org.objectweb.asm.tree.FrameNode in project phosphor by gmu-swe.
the class StringTaintVerifyingMV method visitFieldInsn.
@Override
public void visitFieldInsn(int opcode, String owner, String name, String desc) {
Type t = Type.getType(desc);
if (nextLoadIsTainted && opcode == Opcodes.GETFIELD && !Instrumenter.isIgnoredClass(owner) && t.getSort() == Type.ARRAY && !name.endsWith(TaintUtils.TAINT_FIELD) && !name.equals("taint") && t.getElementType().getSort() != Type.OBJECT && t.getDimensions() == 1 && !checkedThisFrame.contains(owner + "." + name) && (owner.equals("java/lang/String") || implementsSerializable || owner.equals("java/io/BufferedInputStream") || owner.startsWith("java/lang/reflect"))) {
// System.out.println(owner+name+desc+analyzer.stackTagStatus);
nextLoadIsTainted = false;
// checkedThisFrame.add(owner+"."+name);
// Tag Obj
super.visitInsn(SWAP);
// Obj Tag
super.visitInsn(POP);
// Obj
// Make sure that it's been initialized
Label isOK = new Label();
// Label doInit = new Label();
FrameNode fn1 = TaintAdapter.getCurrentFrameNode(analyzer);
super.visitInsn(DUP);
// Obj Obj
super.visitFieldInsn(opcode, owner, name, desc);
// Obj F
// if value is null, do nothing
super.visitJumpInsn(IFNULL, isOK);
// Obj
super.visitInsn(DUP);
// Obj Obj
String shadowDesc = TaintUtils.getShadowTaintType(desc);
String shadowObj = Type.getType(shadowDesc).getInternalName();
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, shadowDesc);
// Obj tf
// if taint is null, def init
super.visitJumpInsn(IFNONNULL, isOK);
// Obj
// if taint is not null, check the length
// super.visitInsn(DUP); // O O
// super.visitInsn(DUP); // O O O
// super.visitFieldInsn(opcode, owner, name,desc);
// super.visitInsn(ARRAYLENGTH);
// super.visitInsn(SWAP);
// super.visitFieldInsn(opcode, owner, name+TaintUtils.TAINT_FIELD, Configuration.TAINT_TAG_ARRAYDESC);
// super.visitInsn(ARRAYLENGTH);
// super.visitJumpInsn(IF_ICMPLE, isOK); //if taint is shorter than value, reinit it
// super.visitLabel(doInit);
// TaintAdapter.acceptFn(fn1, this);
// super.visitInsn(DUP); // O O
// super.visitInsn(DUP); // O O O
// super.visitFieldInsn(opcode, owner, name, desc); //O O A
// super.visitInsn(ARRAYLENGTH);//O O L
// if (!Configuration.MULTI_TAINTING)
// super.visitIntInsn(NEWARRAY, T_INT);//O O A
// else
// super.visitTypeInsn(ANEWARRAY, Configuration.TAINT_TAG_INTERNAL_NAME);
super.visitInsn(DUP);
super.visitInsn(DUP);
// Obj Obj
super.visitFieldInsn(opcode, owner, name, desc);
// Obj Obj
super.visitTypeInsn(NEW, shadowObj);
super.visitInsn(DUP_X1);
super.visitInsn(SWAP);
super.visitMethodInsn(INVOKESPECIAL, shadowObj, "<init>", "(" + desc + ")V", false);
// Obj Obj TF
// O
super.visitFieldInsn(PUTFIELD, owner, name + TaintUtils.TAINT_FIELD, shadowDesc);
// Obj
super.visitLabel(isOK);
TaintAdapter.acceptFn(fn1, this);
// O
super.visitInsn(DUP);
// OO
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, shadowDesc);
super.visitInsn(SWAP);
super.visitFieldInsn(opcode, owner, name, desc);
// super.visitMethodInsn(INVOKEVIRTUAL, shadowObj, "ensureVal", "("+desc+")V", false);
return;
} else if (opcode == Opcodes.GETFIELD && !Instrumenter.isIgnoredClass(owner) && t.getSort() == Type.ARRAY && !name.endsWith(TaintUtils.TAINT_FIELD) && !name.equals("taint") && t.getElementType().getSort() != Type.OBJECT && t.getDimensions() == 2 && !checkedThisFrame.contains(owner + "." + name)) {
super.visitInsn(SWAP);
super.visitInsn(POP);
// Make sure that it's been initialized
Label isOK = new Label();
Label doInit = new Label();
FrameNode fn1 = TaintAdapter.getCurrentFrameNode(analyzer);
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name, desc);
// if value is null, do nothing
super.visitJumpInsn(IFNULL, isOK);
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, "[[I");
// if taint is null, def init
super.visitJumpInsn(IFNULL, doInit);
// if taint is not null, check the length
// O O
super.visitInsn(DUP);
// O O O
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name, desc);
super.visitInsn(ARRAYLENGTH);
super.visitInsn(SWAP);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, "[[I");
super.visitInsn(ARRAYLENGTH);
// if taint is shorter than value, reinit it
super.visitJumpInsn(IF_ICMPLE, isOK);
super.visitLabel(doInit);
TaintAdapter.acceptFn(fn1, this);
// O O
super.visitInsn(DUP);
// O O O
super.visitInsn(DUP);
// O O A
super.visitFieldInsn(opcode, owner, name, desc);
super.visitInsn(DUP);
// O O A L
super.visitInsn(ARRAYLENGTH);
// O O A TA
super.visitMultiANewArrayInsn("[[I", 1);
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(TaintUtils.class), "create2DTaintArray", "(Ljava/lang/Object;[[I)[[I", false);
// O
super.visitFieldInsn(PUTFIELD, owner, name + TaintUtils.TAINT_FIELD, "[[I");
super.visitLabel(isOK);
TaintAdapter.acceptFn(fn1, this);
// O
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, "[[I");
super.visitInsn(SWAP);
super.visitFieldInsn(opcode, owner, name, desc);
return;
} else if (opcode == Opcodes.GETFIELD && !Instrumenter.isIgnoredClass(owner) && t.getSort() == Type.ARRAY && !name.endsWith(TaintUtils.TAINT_FIELD) && !name.equals("taint") && t.getElementType().getSort() != Type.OBJECT && t.getDimensions() == 3 && !checkedThisFrame.contains(owner + "." + name)) {
super.visitInsn(SWAP);
super.visitInsn(POP);
// Make sure that it's been initialized
Label isOK = new Label();
Label doInit = new Label();
FrameNode fn1 = TaintAdapter.getCurrentFrameNode(analyzer);
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name, desc);
// if value is null, do nothing
super.visitJumpInsn(IFNULL, isOK);
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, "[[[I");
// if taint is null, def init
super.visitJumpInsn(IFNULL, doInit);
// if taint is not null, check the length
// O O
super.visitInsn(DUP);
// O O O
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name, desc);
super.visitInsn(ARRAYLENGTH);
super.visitInsn(SWAP);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, "[[[I");
super.visitInsn(ARRAYLENGTH);
// if taint is shorter than value, reinit it
super.visitJumpInsn(IF_ICMPLE, isOK);
super.visitLabel(doInit);
TaintAdapter.acceptFn(fn1, this);
// O O
super.visitInsn(DUP);
// O O O
super.visitInsn(DUP);
// O O A
super.visitFieldInsn(opcode, owner, name, desc);
super.visitInsn(DUP);
// O O A L
super.visitInsn(ARRAYLENGTH);
// O O A TA
super.visitMultiANewArrayInsn("[[[I", 1);
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(TaintUtils.class), "create3DTaintArray", "(Ljava/lang/Object;[[[I)[[[I", false);
// O
super.visitFieldInsn(PUTFIELD, owner, name + TaintUtils.TAINT_FIELD, "[[[I");
super.visitLabel(isOK);
TaintAdapter.acceptFn(fn1, this);
// O
super.visitInsn(DUP);
super.visitFieldInsn(opcode, owner, name + TaintUtils.TAINT_FIELD, "[[[I");
super.visitInsn(SWAP);
super.visitFieldInsn(opcode, owner, name, desc);
return;
} else
super.visitFieldInsn(opcode, owner, name, desc);
}
Also used :
Type(org.objectweb.asm.Type)
FrameNode(org.objectweb.asm.tree.FrameNode)
Label(org.objectweb.asm.Label)
TaintUtils(edu.columbia.cs.psl.phosphor.TaintUtils)
Example 10 with FrameNode
use of org.objectweb.asm.tree.FrameNode in project phosphor by gmu-swe.
the class TaintAdapter method generateEmptyTaintArray.
/**
* Precondition: top stack element is an array Postconditoins: top stack
* element is the same array, second stack element is an int array of the
* same length.
*/
protected void generateEmptyTaintArray(String arrayDesc) {
Type arrayType = Type.getType(arrayDesc);
Label isNull = new Label();
Label done = new Label();
if (arrayType.getDimensions() == 2) {
FrameNode fn = getCurrentFrameNode();
super.visitInsn(DUP);
super.visitInsn(TaintUtils.IGNORE_EVERYTHING);
super.visitJumpInsn(IFNULL, isNull);
super.visitInsn(TaintUtils.IGNORE_EVERYTHING);
super.visitInsn(DUP);
super.visitInsn(DUP);
super.visitInsn(ARRAYLENGTH);
super.visitMultiANewArrayInsn("[[I", 1);
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(TaintUtils.class), "create2DTaintArray", "(Ljava/lang/Object;[[I)[[I", false);
if (!(Configuration.taintTagFactory instanceof DataAndControlFlowTagFactory)) {
super.visitInsn(DUP);
super.visitInsn(ICONST_2);
super.visitMethodInsn(Opcodes.INVOKEINTERFACE, Type.getInternalName(TaintTagFactory.class), "generateEmptyTaintArray", "([Ljava/lang/Object;I)V", false);
}
super.visitInsn(SWAP);
FrameNode fn2 = getCurrentFrameNode();
super.visitJumpInsn(GOTO, done);
super.visitLabel(isNull);
acceptFn(fn);
super.visitInsn(ACONST_NULL);
super.visitInsn(SWAP);
super.visitLabel(done);
acceptFn(fn2);
} else if (arrayType.getDimensions() == 3) {
FrameNode fn = getCurrentFrameNode();
super.visitInsn(DUP);
super.visitInsn(TaintUtils.IGNORE_EVERYTHING);
super.visitJumpInsn(IFNULL, isNull);
super.visitInsn(TaintUtils.IGNORE_EVERYTHING);
super.visitInsn(DUP);
super.visitInsn(DUP);
super.visitInsn(ARRAYLENGTH);
super.visitMultiANewArrayInsn("[[[I", 1);
super.visitMethodInsn(INVOKESTATIC, Type.getInternalName(TaintUtils.class), "create3DTaintArray", "(Ljava/lang/Object;[[[I)[[[I", false);
if (!(Configuration.taintTagFactory instanceof DataAndControlFlowTagFactory)) {
super.visitInsn(DUP);
super.visitInsn(ICONST_3);
super.visitMethodInsn(Opcodes.INVOKEINTERFACE, Type.getInternalName(TaintTagFactory.class), "generateEmptyTaintArray", "([Ljava/lang/Object;I)V", false);
}
super.visitInsn(SWAP);
FrameNode fn2 = getCurrentFrameNode();
super.visitJumpInsn(GOTO, done);
super.visitLabel(isNull);
acceptFn(fn);
super.visitInsn(ACONST_NULL);
super.visitInsn(SWAP);
super.visitLabel(done);
acceptFn(fn2);
} else if (arrayType.getDimensions() == 1) {
FrameNode fn = getCurrentFrameNode();
super.visitInsn(DUP);
super.visitInsn(TaintUtils.IGNORE_EVERYTHING);
super.visitJumpInsn(IFNULL, isNull);
super.visitInsn(TaintUtils.IGNORE_EVERYTHING);
Type wrapType = MultiDTaintedArray.getTypeForType(arrayType);
super.visitInsn(DUP);
super.visitTypeInsn(NEW, wrapType.getInternalName());
super.visitInsn(DUP_X1);
super.visitInsn(SWAP);
super.visitMethodInsn(INVOKESPECIAL, wrapType.getInternalName(), "<init>", "(" + arrayType.getDescriptor() + ")V", false);
// super.visitInsn(SWAP);
super.visitInsn(SWAP);
FrameNode fn2 = getCurrentFrameNode();
super.visitJumpInsn(GOTO, done);
super.visitLabel(isNull);
acceptFn(fn);
super.visitInsn(ACONST_NULL);
super.visitInsn(SWAP);
super.visitLabel(done);
acceptFn(fn2);
} else {
throw new IllegalStateException("Can't handle casts to multi-d array type of dimension " + arrayType.getDimensions());
}
}
Also used :
Type(org.objectweb.asm.Type)
FrameNode(org.objectweb.asm.tree.FrameNode)
Label(org.objectweb.asm.Label)
TaintUtils(edu.columbia.cs.psl.phosphor.TaintUtils)
Aggregations
FrameNode (org.objectweb.asm.tree.FrameNode)25
Label (org.objectweb.asm.Label)15
Type (org.objectweb.asm.Type)15
AbstractInsnNode (org.objectweb.asm.tree.AbstractInsnNode)7
MethodInsnNode (org.objectweb.asm.tree.MethodInsnNode)6
TaintUtils (edu.columbia.cs.psl.phosphor.TaintUtils)5
OffsetPreservingLabel (edu.columbia.cs.psl.phosphor.instrumenter.asm.OffsetPreservingLabel)5
FieldInsnNode (org.objectweb.asm.tree.FieldInsnNode)5
InsnNode (org.objectweb.asm.tree.InsnNode)5
LdcInsnNode (org.objectweb.asm.tree.LdcInsnNode)5
LineNumberNode (org.objectweb.asm.tree.LineNumberNode)5
LabelNode (org.objectweb.asm.tree.LabelNode)4
VarInsnNode (org.objectweb.asm.tree.VarInsnNode)4
JumpInsnNode (org.objectweb.asm.tree.JumpInsnNode)3
MethodNode (org.objectweb.asm.tree.MethodNode)3
NeverNullArgAnalyzerAdapter (edu.columbia.cs.psl.phosphor.instrumenter.analyzer.NeverNullArgAnalyzerAdapter)2
ReflectionMasker (edu.columbia.cs.psl.phosphor.runtime.ReflectionMasker)2
TaintSentinel (edu.columbia.cs.psl.phosphor.runtime.TaintSentinel)2
UninstrumentedTaintSentinel (edu.columbia.cs.psl.phosphor.runtime.UninstrumentedTaintSentinel)2
MultiDTaintedArray (edu.columbia.cs.psl.phosphor.struct.multid.MultiDTaintedArray)2
