add two insecure examples

a8b038ab · Joachim Müssig · 584aadd2 · a8b038ab · a8b038ab · a8b038ab
Commit a8b038ab authored Nov 22, 2019 by Joachim Müssig
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/Joak/ObjectSensLeakProgramPart.joak
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/Joak/ObjectSensLeakProgramPart.joak
+directoryPath : "/home/joachim/JoanaKeYBeispiele/SecureExamples/ObjectSensLeak",
+pathKeY : "dependencies/Key/KeY.jar",
+javaClass : "",
+pathToJar : "testdata/build/program.jar",
+pathToJavaFile : "program/",
+pathToSDG : "SDG/ObjectSensLeak.pdg",
+entryMethod : "ObjectSensLeak",
+annotationPath : "",
+fullyAutomatic : true,
+pathToSaver : "SDG/ObjectSensLeak.dispro",
+sources : [{securityLevel : "high", description : {from : "programPart", programPart : "parameter <param> 1 of method int ObjectSensLeak.callTest(int, int)"}}],
+sinks : [{securityLevel : "low", description : {from : "programPart", programPart : "(int ObjectSensLeak.callTest(int, int):5) return v5"}}]
\ No newline at end of file
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/Joak/ObjectSensLeakSDGNode.joak
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/Joak/ObjectSensLeakSDGNode.joak
+directoryPath : "/home/joachim/JoanaKeYBeispiele/SecureExamples/ObjectSensLeak",
+pathKeY : "dependencies/Key/KeY.jar",
+javaClass : "",
+pathToJar : "testdata/build/program.jar",
+pathToJavaFile : "program/",
+pathToSDG : "SDG/ObjectSensLeak.pdg",
+entryMethod : "ObjectSensLeak",
+annotationPath : "",
+fullyAutomatic : true,
+pathToSaver : "SDG/ObjectSensLeak.dispro",
+sources : [{securityLevel : "high", description : {from : "sdgNode", sdgNodeId : "59", sdgNode : "ObjectSensLeak.callTest(II)I -> param 1 FRMI"}}],
+sinks : [{securityLevel : "low", description : {from : "sdgNode", sdgNodeId : "57", sdgNode : "ObjectSensLeak.callTest(II)I -> ObjectSensLeak.callTest(int,int) EXIT"}}]
\ No newline at end of file
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/SDG/ObjectSensLeak.dispro
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/SDG/ObjectSensLeak.dispro
+{"formal_ins_to_pers_cg" : [
+{ "sdg_node" : 114, "cg_node" : {"id" : 5, "cg_node_id" :13, "ir" : {
+
+}}},
+{ "sdg_node" : 99, "cg_node" : {"id" : 4, "cg_node_id" :12, "ir" : {
+
+}}},
+{ "sdg_node" : 100, "cg_node" : {"id" : 4, "cg_node_id" :12, "ir" : {
+
+}}},
+{ "sdg_node" : 142, "cg_node" : {"id" : 5, "cg_node_id" :13, "ir" : {
+
+}}},
+],
+"cg_nodes" : [
+{"id" : 0, "cg_node_id" :0, "ir" : {
+"1" : "this"
+}},
+{"id" : 1, "cg_node_id" :0, "ir" : {
+
+}},
+{"id" : 2, "cg_node_id" :0, "ir" : {
+"1" : "this"
+}},
+{"id" : 3, "cg_node_id" :0, "ir" : {
+"1" : "this"
+}},
+{"id" : 4, "cg_node_id" :12, "ir" : {
+
+}},
+{"id" : 5, "cg_node_id" :13, "ir" : {
+
+}},
+],
+"localPointerKeys" : [{"id" : 0, "value_number" : 1, "node" : 0
+},
+{"id" : 1, "value_number" : 1, "node" : 1
+},
+{"id" : 2, "value_number" : 1, "node" : 2
+},
+{"id" : 3, "value_number" : 1, "node" : 3
+},
+{"id" : 4, "value_number" : 1, "node" : 4
+},
+{"id" : 5, "value_number" : 1, "node" : 5
+},
+],
+"disjunctPointsTo" : [],
+"entryNodesToCG" : [{ "sdg_node" : 44, "cg_node" : 6},
+{ "sdg_node" : 111, "cg_node" : 13},
+{ "sdg_node" : 18, "cg_node" : 0},
+{ "sdg_node" : 35, "cg_node" : 1},
+{ "sdg_node" : 56, "cg_node" : 9},
+{ "sdg_node" : 124, "cg_node" : 14},
+{ "sdg_node" : 96, "cg_node" : 12},
+{ "sdg_node" : 1, "cg_node" : 5},
+{ "sdg_node" : 69, "cg_node" : 11},
+],
+"nodeToSSA" : [{ "sdg_node" : 104, "iIndex" : 4},
+{ "sdg_node" : 122, "iIndex" : 3},
+{ "sdg_node" : 88, "iIndex" : 12},
+{ "sdg_node" : 84, "iIndex" : 11},
+{ "sdg_node" : 105, "iIndex" : 4},
+{ "sdg_node" : 106, "iIndex" : 4},
+{ "sdg_node" : 80, "iIndex" : 8},
+{ "sdg_node" : 79, "iIndex" : 5},
+{ "sdg_node" : 75, "iIndex" : 3},
+{ "sdg_node" : 74, "iIndex" : 0},
+{ "sdg_node" : 118, "iIndex" : 2},
+{ "sdg_node" : 66, "iIndex" : 3},
+{ "sdg_node" : 61, "iIndex" : 2},
+{ "sdg_node" : 51, "iIndex" : 4},
+{ "sdg_node" : 50, "iIndex" : 3},
+{ "sdg_node" : 49, "iIndex" : 3},
+{ "sdg_node" : 48, "iIndex" : 1},
+{ "sdg_node" : 47, "iIndex" : 1},
+{ "sdg_node" : 42, "iIndex" : 2},
+{ "sdg_node" : 40, "iIndex" : 1},
+{ "sdg_node" : 38, "iIndex" : 0},
+{ "sdg_node" : 32, "iIndex" : 5},
+{ "sdg_node" : 128, "iIndex" : 1},
+{ "sdg_node" : 29, "iIndex" : 4},
+{ "sdg_node" : 28, "iIndex" : 3},
+{ "sdg_node" : 27, "iIndex" : 3},
+{ "sdg_node" : 26, "iIndex" : 3},
+{ "sdg_node" : 25, "iIndex" : 3},
+{ "sdg_node" : 24, "iIndex" : 2},
+{ "sdg_node" : 23, "iIndex" : 1},
+{ "sdg_node" : 21, "iIndex" : 0},
+{ "sdg_node" : 117, "iIndex" : 1},
+{ "sdg_node" : 116, "iIndex" : 1},
+{ "sdg_node" : 115, "iIndex" : 1},
+{ "sdg_node" : 14, "iIndex" : 4},
+{ "sdg_node" : 107, "iIndex" : 5},
+{ "sdg_node" : 9, "iIndex" : 2},
+{ "sdg_node" : 8, "iIndex" : 1},
+{ "sdg_node" : 7, "iIndex" : 1},
+{ "sdg_node" : 6, "iIndex" : 0},
+{ "sdg_node" : 5, "iIndex" : 0},
+{ "sdg_node" : 101, "iIndex" : 1},
+]
+}
\ No newline at end of file
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/SDG/ObjectSensLeak.pdg
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/SDG/ObjectSensLeak.pdg
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/program/A.java
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/program/A.java
+public class A 
+{
+    private int i ;
+    public A ( int i ) 
+    {
+        this . i = i ;
+    }
+    public int doPrint ( ) 
+    {
+        return out ( this . i ) ;
+    }
+    public static int out ( int i ) 
+    {
+        return i ;
+    }
+}
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/program/ObjectSensLeak.java
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/program/ObjectSensLeak.java
+public class ObjectSensLeak 
+{
+    public static int high = 0 ;
+    public static int low = 1 ;
+    public static void main ( String [ ] args ) 
+    {
+        callTest ( high , low ) ;
+    }
+    public static int callTest ( int high , int low ) 
+    {
+        return test ( high , low ) ;
+    }
+    public static int test ( int h , int l ) 
+    {
+        A a1 = new A ( l ) ;
+        A a2 = new A ( h ) ;
+        return a1 . doPrint ( ) ;
+    }
+}
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink57/src/A.java
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink57/src/A.java
+public class A 
+{
+    private int i ;
+    public A ( int i ) 
+    {
+        this . i = i ;
+    }
+    public int doPrint ( ) 
+    {
+        return out ( this . i ) ;
+    }
+    public static int out ( int i ) 
+    {
+        return i ;
+    }
+	/*@
+	@ requires true;
+	@ ensures b;
+	@*/
+	private void assume(boolean b) { 
+
+	}
+}
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink57/src/ObjectSensLeak.java
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink57/src/ObjectSensLeak.java
+public class ObjectSensLeak 
+{
+    public static int high = 0 ;
+    public static int low = 1 ;
+    public static void main ( String [ ] args ) 
+    {
+        callTest ( high , low ) ;
+    }
+    public static int callTest ( int high , int low ) 
+    {
+        return test ( high , low ) ;
+    }
+    public static int test ( int h , int l ) 
+    {
+        A a1 = new A ( l ) ;
+        A a2 = new A ( h ) ;
+        return a1 . doPrint ( ) ;
+    }
+	/*@
+	@ requires true;
+	@ ensures b;
+	@*/
+	private void assume(boolean b) { 
+
+	}
+}
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink66/src/A.java
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink66/src/A.java
+public class A 
+{
+    private int i ;
+    public A ( int i ) 
+    {
+        this . i = i ;
+    }
+    public int doPrint ( ) 
+    {
+        return out ( this . i ) ;
+    }
+    public static int out ( int i ) 
+    {
+        return i ;
+    }
+	/*@
+	@ requires true;
+	@ ensures b;
+	@*/
+	private void assume(boolean b) { 
+
+	}
+}
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink66/src/ObjectSensLeak.java
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/slices/sliceSource59Sink66/src/ObjectSensLeak.java
+public class ObjectSensLeak 
+{
+//sliced:     public static int high = 0 ;
+    public static int low = 1 ;
+    public static void main ( String [ ] args ) 
+    {
+        callTest ( high , low ) ;
+    }
+    public static int callTest ( int high , int low ) 
+    {
+        return test ( high , low ) ;
+    }
+    public static int test ( int h , int l ) 
+    {
+        A a1 = new A ( l ) ;
+        A a2 = new A ( h ) ;
+        return a1 . doPrint ( ) ;
+    }
+	/*@
+	@ requires true;
+	@ ensures b;
+	@*/
+	private void assume(boolean b) { 
+
+	}
+}
--- a/testdata/FalsePositiveExamples/ObjectSensLeak/testdata/build/program.jar
+++ b/testdata/FalsePositiveExamples/ObjectSensLeak/testdata/build/program.jar
--- a/testdata/insecure Examples/Array2/program/Joak/Array2.joak
+++ b/testdata/insecure Examples/Array2/program/Joak/Array2.joak
+pathKeY : "dependencies/Key/KeY.jar",
+javaClass : "",
+pathToJar : "/home/joachim/JoanaKeYBeispiele/InsecureExample/Array2/program/testdata/build/src.jar",
+pathToJavaFile : "/home/joachim/JoanaKeYBeispiele/InsecureExample/Array2/program/src/",
+pathToSDG : "/home/joachim/JoanaKeYBeispiele/InsecureExample/Array2/program/SDG/Program.pdg",
+entryMethod : "Program",
+annotationPath : "",
+fullyAutomatic : true,
+pathToSaver : "/home/joachim/JoanaKeYBeispiele/InsecureExample/Array2/program/SDG/Program.dispro",
+sources : [{securityLevel : "high", description : {from : "sdgNode", sdgNodeId : "50", sdgNode : "Program.callFoo(I)I -> param 1 <param> 1"}}],
+sinks : [{securityLevel : "low", description : {from : "sdgNode", sdgNodeId : "56", sdgNode : "Program.callFoo(I)I -> return v5 Program.callFoo(I)I"}}]
\ No newline at end of file
--- a/testdata/insecure Examples/Array2/program/Joak/Array2ProgramPart.joak
+++ b/testdata/insecure Examples/Array2/program/Joak/Array2ProgramPart.joak
+directoryPath : "/home/joachim/JoanaKeYBeispiele/InsecureExample/Array2/program",
+pathKeY : "dependencies/Key/KeY.jar",
+javaClass : "",
+pathToJar : "testdata/build/src.jar",
+pathToJavaFile : "src/",
+pathToSDG : "SDG/Program.pdg",
+entryMethod : "Program",
+annotationPath : "",
+fullyAutomatic : true,
+pathToSaver : "SDG/Program.dispro",
+sources : [{securityLevel : "high", description : {from : "programPart", programPart : "parameter <param> 1 of method int Program.callFoo(int)"}}],
+sinks : [{securityLevel : "low", description : {from : "programPart", programPart : "(int Program.callFoo(int):5) return v5"}}]
\ No newline at end of file
--- a/testdata/insecure Examples/Array2/program/Joak/Array2SDGNode.joak
+++ b/testdata/insecure Examples/Array2/program/Joak/Array2SDGNode.joak
+directoryPath : "/home/joachim/JoanaKeYBeispiele/InsecureExample/Array2/program",
+pathKeY : "dependencies/Key/KeY.jar",
+javaClass : "",
+pathToJar : "testdata/build/src.jar",
+pathToJavaFile : "src/",
+pathToSDG : "SDG/Program.pdg",
+entryMethod : "Program",
+annotationPath : "",
+fullyAutomatic : true,
+pathToSaver : "SDG/Program.dispro",
+sources : [{securityLevel : "high", description : {from : "sdgNode", sdgNodeId : "50", sdgNode : "Program.callFoo(I)I -> param 1 FRMI"}}],
+sinks : [{securityLevel : "low", description : {from : "sdgNode", sdgNodeId : "47", sdgNode : "Program.callFoo(I)I -> Program.callFoo(int) EXIT"}}]
\ No newline at end of file
--- a/testdata/insecure Examples/Array2/program/SDG/Array2SDG.pdg
+++ b/testdata/insecure Examples/Array2/program/SDG/Array2SDG.pdg
+SDG "Program.main(java.lang.String[])" root 20 {
+ENTR 1 {
+O entry;
+V "Program.main(java.lang.String[])";
+P 4;
+S "Program.java":0,0-0,0;
+B "Program.main([Ljava/lang/String;)V":-1;
+C "Application";
+HE 2;
+HE 3;
+HE 4;
+HE 5;
+HE 6;
+HE 76;
+PS 3;
+PS 4;
+CF 4;
+CD 5;
+CD 6;
+CE 2;
+CE 3;
+CE 4;
+CE 76;
+}
+EXIT 2 {
+O exit;
+V "Program.main(java.lang.String[])";
+T "V";
+P 4;
+S "Program.java":0,0-0,0;
+B "<exit>":-2;
+RF 88;
+}
+FRMO 3 {
+O form-out;
+V "_exception_";
+T "Ljava/lang/Exception";
+P 4;
+S "Program.java":0,0-0,0;
+B "<exception>":-2;
+CF 76: "exc";
+PO 36;
+}
+FRMI 4 {
+O form-in;
+V "param 1";
+T "[Ljava/lang/String";
+P 4;
+S "Program.java":0,0-0,0;
+B "<param> 1":-2;
+LD ["null"];
+PS 76;
+CF 5;
+}
+NORM 5 {
+O declaration;
+V "v3 = new Program";
+T "LProgram";
+P 4;
+S "Program.java":4,0-4,0;
+B "Program.main([Ljava/lang/String;)V":0;
+CF 7;
+DD 7;
+DD 10;
+}
+CALL 6 {
+O call;
+V "v3.<init>()";
+T "V";
+P 4;
+S "Program.java":4,0-4,0;
+B "Program.main([Ljava/lang/String;)V":4;
+HE 7;
+HE 8;
+HE 77;
+PS 7;
+PS 8;
+CF 86;
+CE 7;
+CE 8;
+CE 77;
+CE 86;
+CL 37: "virtual";
+}
+ACTI 7 {
+O act-in;
+V "this [v3]";
+T "LProgram";
+P 4;
+S "Program.java":4,0-4,0;
+B "<param> 0":-2;
+PS 77;
+CF 6;
+CD 6;
+SU 8;
+SU 77;
+PI 40;
+}
+ACTO 8 {
+O act-out;
+V "ret _exception_";
+T "Ljava/lang/Exception";
+P 4;
+S "Program.java":4,0-4,0;
+B "<exception>":-2;
+HE 86;
+CF 3: "exc";
+CE 86;
+DD 3;
+}
+CALL 9 {
+O call;
+V "v7 = v3.callFoo(#(14))";
+T "I";
+P 4;
+S "Program.java":5,0-5,0;
+B "Program.main([Ljava/lang/String;)V":11;
+HE 10;
+HE 11;
+HE 12;
+HE 13;
+PS 10;
+PS 11;
+PS 12;
+PS 13;
+CF 87;
+CE 10;
+CE 11;
+CE 12;
+CE 13;
+CE 87;
+CL 46: "virtual";
+}
+ACTI 10 {
+O act-in;
+V "this [v3]";
+T "LProgram";
+P 4;
+S "Program.java":5,0-5,0;
+B "<param> 0":-2;
+CF 11;
+CD 9;
+SU 12;
+SU 13;
+PI 49;
+}
+ACTI 11 {
+O act-in;
+V "param 1 [#(14)]";
+T "I";
+P 4;
+S "Program.java":5,0-5,0;
+B "<param> 1":-2;
+CF 9;
+SU 12;
+SU 13;
+PI 50;
+}
+ACTO 12 {
+O act-out;
+V "ret 0";
+T "I";
+P 4;
+S "Program.java":5,0-5,0;
+B "<exit>":-2;
+CF 13: "exc";
+CF 14;
+}
+ACTO 13 {
+O act-out;
+V "ret _exception_";
+T "Ljava/lang/Exception";
+P 4;
+S "Program.java":5,0-5,0;
+B "<exception>":-2;
+HE 87;
+CF 3: "exc";
+CE 87;
+DD 3;
+}
+NORM 14 {
+O compound;
+V "return";
+T "V";
+P 4;
+S "Program.java":6,0-6,0;
+B "Program.main([Ljava/lang/String;)V":15;
+CF 76;
+}
+ENTR 20 {
+O entry;
+V "com.ibm.wala.FakeRootClass.fakeRootMethod()";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "com.ibm.wala.FakeRootClass.fakeRootMethod()V":-1;
+C "Primordial";
+HE 21;
+HE 22;
+HE 23;
+PS 22;
+CF 23;
+CD 23;
+CE 21;
+CE 22;
+}
+EXIT 21 {
+O exit;
+V "com.ibm.wala.FakeRootClass.fakeRootMethod()";
+T "V";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "<exit>":-2;
+}
+FRMO 22 {
+O form-out;
+V "_exception_";
+T "Ljava/lang/Exception";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "<exception>":-2;
+CF 21: "exc";
+}
+CALL 23 {
+O call;
+V "fakeWorldClinit()";
+T "V";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "com.ibm.wala.FakeRootClass.fakeRootMethod()V":-1;
+U "com.ibm.wala.FakeRootClass.fakeWorldClinit()V";
+HE 24;
+HE 25;
+HE 78;
+HE 83;
+PS 24;
+CF 83;
+CD 25;
+CE 24;
+CE 78;
+CE 83;
+}
+ACTO 24 {
+O act-out;
+V "ret _exception_";
+T "Ljava/lang/Exception";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "<exception>":-2;
+CF 22: "exc";
+DD 22;
+}
+NORM 25 {
+O declaration;
+V "v3 = new java.lang.String[]";
+T "[Ljava/lang/String";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "com.ibm.wala.FakeRootClass.fakeRootMethod()V":-1;
+HE 26;
+HE 28;
+CF 22: "exc";
+CF 26;
+CD 22;
+CD 26;
+CD 28;
+DD 28;
+DD 32;
+DD 35;
+}
+NORM 26 {
+O declaration;
+V "v5 = new java.lang.String";
+T "Ljava/lang/String";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "com.ibm.wala.FakeRootClass.fakeRootMethod()V":-1;
+CF 28;
+DD 27;
+}
+EXPR 27 {
+O modify;
+V "v3[#(0)] = v5";
+T "Ljava/lang/String";
+P 5;
+S "com/ibm/wala/FakeRootClass.java":0,0-0,0;
+B "com.ibm.wala.FakeRootClass.fakeRootMethod()V":-1;
+CF 29;
+CE 29;
+DD 29;