Skip to content

Refactored Taint Analysis #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 117 commits into from
Feb 29, 2024
Merged

Refactored Taint Analysis #216

merged 117 commits into from
Feb 29, 2024

Conversation

Lipen
Copy link
Member

@Lipen Lipen commented Feb 9, 2024
edited
Loading

This PR contains the config-based taint analysis (using taint-configuration module) and the refactored version of IFDS.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 9, 2024
edited
Loading

Lifecycle test results

48 tests  ±0   48 ✅ ±0   1m 22s ⏱️ -5s
 5 suites ±0    0 💤 ±0 
 5 files   ±0    0 ❌ ±0 

Results for commit b39519f. ± Comparison against base commit 4499986.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 9, 2024
edited
Loading

Test results on JDK 19

1 325 tests  +51   1 313 ✅ +50   7m 4s ⏱️ + 3m 20s
   48 suites + 2      12 💤 + 1 
   48 files   + 2       0 ❌ ± 0 

Results for commit b39519f. ± Comparison against base commit 4499986.

This pull request removes 999 and adds 1050 tests. Note that renamed tests count towards both. 
org.jacodb.analysis.impl.JodaDateTimeAnalysisTest ‑ test Unused variable analysis()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ NPE on uninitialized array element dereferencing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [100] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_02
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [100] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_66a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [101] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_03
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [101] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_67a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [102] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_04
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [102] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_68a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [103] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_06
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [103] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_71a
…

org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ And(Not(True)) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ And(True) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ AnnotationType in unexpected()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(boolArg(true), false) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(boolArg(true), true) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(intArg(42), 42) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(intArg(42), 999) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(stringArg('test'), 'other') is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(stringArg('test'), 'test') is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(unresolved, any) is false()
…
This pull request removes 6 skipped tests and adds 7 skipped tests. Note that renamed tests count towards both. 
org.jacodb.analysis.impl.NpeAnalysisTest ‑ activation points maintain flow sensitivity()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ array aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ complex aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ context injection in points-to()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ mixed array and class aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ simple points-to analysis()

org.jacodb.analysis.impl.IfdsNpeTest ‑ activation points maintain flow sensitivity()
org.jacodb.analysis.impl.IfdsNpeTest ‑ array aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ complex aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ context injection in points-to()
org.jacodb.analysis.impl.IfdsNpeTest ‑ mixed array and class aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ no NPE after checked access with field()
org.jacodb.analysis.impl.IfdsNpeTest ‑ simple points-to analysis()

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 9, 2024
edited
Loading

Test results on JDK 8

1 325 tests  +51   1 311 ✅ +50   7m 28s ⏱️ + 3m 38s
   48 suites + 2      14 💤 + 1 
   48 files   + 2       0 ❌ ± 0 

Results for commit b39519f. ± Comparison against base commit 4499986.

This pull request removes 999 and adds 1050 tests. Note that renamed tests count towards both. 
org.jacodb.analysis.impl.JodaDateTimeAnalysisTest ‑ test Unused variable analysis()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ NPE on uninitialized array element dereferencing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [100] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_02
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [100] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_66a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [101] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_03
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [101] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_67a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [102] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_04
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [102] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_68a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [103] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_06
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [103] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_71a
…

org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ And(Not(True)) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ And(True) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ AnnotationType in unexpected()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(boolArg(true), false) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(boolArg(true), true) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(intArg(42), 42) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(intArg(42), 999) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(stringArg('test'), 'other') is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(stringArg('test'), 'test') is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(unresolved, any) is false()
…
This pull request removes 6 skipped tests and adds 7 skipped tests. Note that renamed tests count towards both. 
org.jacodb.analysis.impl.NpeAnalysisTest ‑ activation points maintain flow sensitivity()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ array aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ complex aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ context injection in points-to()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ mixed array and class aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ simple points-to analysis()

org.jacodb.analysis.impl.IfdsNpeTest ‑ activation points maintain flow sensitivity()
org.jacodb.analysis.impl.IfdsNpeTest ‑ array aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ complex aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ context injection in points-to()
org.jacodb.analysis.impl.IfdsNpeTest ‑ mixed array and class aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ no NPE after checked access with field()
org.jacodb.analysis.impl.IfdsNpeTest ‑ simple points-to analysis()

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 9, 2024
edited
Loading

Test results on JDK 11

1 325 tests  +51   1 315 ✅ +50   8m 3s ⏱️ + 4m 5s
   48 suites + 2      10 💤 + 1 
   48 files   + 2       0 ❌ ± 0 

Results for commit b39519f. ± Comparison against base commit 4499986.

This pull request removes 999 and adds 1050 tests. Note that renamed tests count towards both. 
org.jacodb.analysis.impl.JodaDateTimeAnalysisTest ‑ test Unused variable analysis()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ NPE on uninitialized array element dereferencing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [100] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_02
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [100] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_66a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [101] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_03
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [101] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_67a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [102] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_04
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [102] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_68a
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [103] juliet.testcases.CWE476_NULL_Pointer_Dereference.CWE476_NULL_Pointer_Dereference__int_array_06
org.jacodb.analysis.impl.NpeAnalysisTest ‑ [103] juliet.testcases.CWE690_NULL_Deref_From_Return.CWE690_NULL_Deref_From_Return__Properties_getProperty_trim_71a
…

org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ And(Not(True)) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ And(True) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ AnnotationType in unexpected()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(boolArg(true), false) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(boolArg(true), true) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(intArg(42), 42) is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(intArg(42), 999) is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(stringArg('test'), 'other') is false()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(stringArg('test'), 'test') is true()
org.jacodb.analysis.impl.ConditionEvaluatorTest ‑ ConstantEq(unresolved, any) is false()
…
This pull request removes 6 skipped tests and adds 7 skipped tests. Note that renamed tests count towards both. 
org.jacodb.analysis.impl.NpeAnalysisTest ‑ activation points maintain flow sensitivity()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ array aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ complex aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ context injection in points-to()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ mixed array and class aliasing()
org.jacodb.analysis.impl.NpeAnalysisTest ‑ simple points-to analysis()

org.jacodb.analysis.impl.IfdsNpeTest ‑ activation points maintain flow sensitivity()
org.jacodb.analysis.impl.IfdsNpeTest ‑ array aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ complex aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ context injection in points-to()
org.jacodb.analysis.impl.IfdsNpeTest ‑ mixed array and class aliasing()
org.jacodb.analysis.impl.IfdsNpeTest ‑ no NPE after checked access with field()
org.jacodb.analysis.impl.IfdsNpeTest ‑ simple points-to analysis()

♻️ This comment has been updated with latest results.

@codecov Codecov
Copy link

codecov bot commented Feb 9, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 75.07523% with 497 lines in your changes are missing coverage. Please review.

Project coverage is 75.81%. Comparing base (4499986) to head (b39519f).

Files Patch % Lines
...in/org/jacodb/analysis/taint/TaintFlowFunctions.kt 53.60% 110 Missing and 25 partials ⚠️
...kotlin/org/jacodb/analysis/npe/NpeFlowFunctions.kt 70.46% 47 Missing and 36 partials ⚠️
...b/taint/configuration/TaintConfigurationFeature.kt 64.65% 28 Missing and 13 partials ⚠️
...main/kotlin/org/jacodb/analysis/config/Position.kt 46.51% 12 Missing and 11 partials ⚠️
...main/kotlin/org/jacodb/analysis/ifds/IfdsResult.kt 61.66% 17 Missing and 6 partials ⚠️
...rg/jacodb/analysis/unused/UnusedVariableManager.kt 83.06% 12 Missing and 9 partials ⚠️
...n/kotlin/org/jacodb/analysis/taint/TaintManager.kt 88.34% 8 Missing and 11 partials ⚠️
...in/kotlin/org/jacodb/analysis/ifds/UnitResolver.kt 40.74% 15 Missing and 1 partial ⚠️
...main/kotlin/org/jacodb/analysis/ifds/AccessPath.kt 69.56% 4 Missing and 10 partials ⚠️
...n/org/jacodb/taint/configuration/TaintCondition.kt 78.78% 12 Missing and 2 partials ⚠️
... and 33 more
Additional details and impacted files 
@@              Coverage Diff              @@
##             develop     #216      +/-   ##
=============================================
- Coverage      77.25%   75.81%   -1.45%     
+ Complexity      1680     1649      -31     
=============================================
  Files            166      175       +9     
  Lines           9648    10241     +593     
  Branches        1730     1892     +162     
=============================================
+ Hits            7454     7764     +310     
- Misses          1509     1713     +204     
- Partials         685      764      +79

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Lipen Lipen marked this pull request as ready for review February 12, 2024 09:54
sergeypospelov
sergeypospelov requested changes Feb 12, 2024
View reviewed changes
Copy link
Member

@sergeypospelov sergeypospelov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix review comments, please

@Lipen Lipen requested a review from sergeypospelov February 21, 2024 11:51
sergeypospelov
sergeypospelov approved these changes Feb 26, 2024
View reviewed changes
Copy link
Member

@sergeypospelov sergeypospelov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Lipen
Copy link
Member Author

Lipen commented Feb 28, 2024

@lehvolk do you still have any objections? Can we merge this PR as it is?

@Lipen Lipen merged commit bf3f6b4 into develop Feb 29, 2024
@Lipen Lipen deleted the lipen/taint branch February 29, 2024 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergeypospelov sergeypospelov sergeypospelov approved these changes

@lehvolk lehvolk Awaiting requested review from lehvolk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Lipen @lehvolk @sergeypospelov