1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 from error import error
20
21 from analysis import TAINTED_PACKAGE_CREATE, TAINTED_PACKAGE_CALL
22
23 FIELD_ACCESS = { "R" : 0, "W" : 1 }
24 PACKAGE_ACCESS = { TAINTED_PACKAGE_CREATE : 0, TAINTED_PACKAGE_CALL : 1 }
27 self.levels = {}
28 self.hlevels = []
29
30 - def add(self, level, value) :
31 self.levels[ level ] = value
32 self.hlevels.append( level )
33
35 return self.levels[ "L%d" % l ]
36
38 buff = ""
39 for i in self.hlevels :
40 buff += self.levels[ i ]
41 return buff
42
44 - def __init__(self, tainted_information) :
45 self.__tainted = tainted_information
46
47 self._cached_signatures = {}
48 self._cached_fields = {}
49 self._cached_packages = {}
50
51 self.levels = {
52
53 "L0" : {
54 0 : ( "_get_strings_a", "_get_fields_a", "_get_packages_a" ),
55 1 : ( "_get_strings_pa", "_get_fields_a", "_get_packages_a" ),
56 2 : ( "_get_strings_a", "_get_fields_a", "_get_packages_pa_1" ),
57 3 : ( "_get_strings_a", "_get_fields_a", "_get_packages_pa_2" ),
58 },
59
60
61 "L1" : [ "_get_strings_a1" ],
62
63
64 "L2" : [ "_get_exceptions" ],
65
66
67 "L3" : [ "_get_fill_array_data" ],
68 }
69
70 self._init_caches()
71
72 - def _get_bb(self, analysis_method, functions, options) :
73 l = []
74 for b in analysis_method.basic_blocks.get() :
75 l.append( (b.start, "B") )
76 l.append( (b.start, "[") )
77
78 internal = []
79
80 if "return" in b.get_last().get_name() :
81 internal.append( (b.end, "R") )
82 elif "if" in b.get_last().get_name() :
83 internal.append( (b.end, "I") )
84 elif "goto" in b.get_last().get_name() :
85 internal.append( (b.end, "G") )
86
87 for f in functions :
88 try :
89 internal.extend( getattr( self, f )( analysis_method, options ) )
90 except TypeError :
91 internal.extend( getattr( self, f )( analysis_method ) )
92
93 internal.sort()
94
95 for i in internal :
96 if i[0] >= b.start and i[0] <= b.end :
97 l.append( i )
98
99 del internal
100
101 l.append( (b.end, "]") )
102 return l
103
105 if self._cached_fields == {} :
106 for f_t, f in self.__tainted["variables"].get_fields() :
107 self._cached_fields[ f ] = f_t.get_paths_length()
108 n = 0
109 for f in sorted( self._cached_fields ) :
110 self._cached_fields[ f ] = n
111 n += 1
112
113 if self._cached_packages == {} :
114 for m_t, m in self.__tainted["packages"].get_packages() :
115 self._cached_packages[ m ] = m_t.get_paths_length()
116 n = 0
117 for m in sorted( self._cached_packages ) :
118 self._cached_packages[ m ] = n
119 n += 1
120
122 buff = ""
123 for b in analysis_method.basic_blocks.get() :
124 for i in b.ins :
125 if i.op_name == "FILL-ARRAY-DATA" :
126 buff_tmp = i.get_operands()
127 for j in range(0, len(buff_tmp)) :
128 buff += "\\x%02x" % ord( buff_tmp[j] )
129 return buff
130
132 buff = ""
133
134 method = analysis_method.get_method()
135 handlers = method.get_code().handlers
136
137
138
139 for handler_catch_list in method.get_code().handlers :
140
141 for handler_catch in handler_catch_list.list :
142
143 for handler in handler_catch.handlers :
144 buff += analysis_method.get_vm().get_class_manager().get_type( handler.type_idx )
145
146 return buff
147
149 buff = ""
150
151 strings_method = self.__tainted["variables"].get_strings_by_method( analysis_method.get_method() )
152 for s in strings_method :
153 for path in strings_method[s] :
154 buff += s.replace('\n', ' ')
155 return buff
156
158 l = []
159
160 strings_method = self.__tainted["variables"].get_strings_by_method( analysis_method.get_method() )
161 for s in strings_method :
162 for path in strings_method[s] :
163 l.append( (path.get_bb().start + path.get_idx(), "S%d" % len(s) ) )
164 return l
165
166
168 l = []
169
170 strings_method = self.__tainted["variables"].get_strings_by_method( analysis_method.get_method() )
171 for s in strings_method :
172 for path in strings_method[s] :
173 l.append( (path.get_bb().start + path.get_idx(), "S") )
174 return l
175
185
195
218
243
244 - def get_method(self, analysis_method, signature_type, signature_arguments={}) :
245 key = "%s-%s-%s" % (analysis_method, signature_type, signature_arguments)
246 if key in self._cached_signatures :
247 return self._cached_signatures[ key ]
248
249 s = Sign()
250
251
252 for i in signature_type.split(":") :
253
254 if i == "L0" :
255 _type = self.levels[ i ][ signature_arguments[ i ][ "type" ] ]
256 try :
257 _arguments = signature_arguments[ i ][ "arguments" ]
258 except KeyError :
259 _arguments = []
260
261 value = self._get_bb( analysis_method, _type, _arguments )
262 s.add( i, ''.join(i[1] for i in value))
263
264 elif i == "L1" :
265 for f in self.levels[ i ] :
266 value = getattr( self, f )( analysis_method )
267 s.add( i, value )
268
269 else :
270 for f in self.levels[ i ] :
271 value = getattr( self, f )( analysis_method )
272 s.add( i, value )
273
274 self._cached_signatures[ key ] = s
275 return s
276