added some helper methods

StevenArzt · StevenArzt · commit 15d0de17f21e · 2026-01-14T11:22:11.000+01:00
diff --git a/soot-infoflow-android/src/soot/jimple/infoflow/android/source/AccessPathBasedSourceSinkManager.java b/soot-infoflow-android/src/soot/jimple/infoflow/android/source/AccessPathBasedSourceSinkManager.java
@@ -10,7 +10,16 @@
 import soot.SootMethod;
 import soot.Unit;
 import soot.Value;
-import soot.jimple.*;
+import soot.jimple.AssignStmt;
+import soot.jimple.Constant;
+import soot.jimple.DefinitionStmt;
+import soot.jimple.IdentityStmt;
+import soot.jimple.InstanceInvokeExpr;
+import soot.jimple.InvokeExpr;
+import soot.jimple.InvokeStmt;
+import soot.jimple.ParameterRef;
+import soot.jimple.ReturnStmt;
+import soot.jimple.Stmt;
 import soot.jimple.infoflow.InfoflowManager;
 import soot.jimple.infoflow.android.InfoflowAndroidConfiguration;
 import soot.jimple.infoflow.android.callbacks.AndroidCallbackDefinition;
@@ -70,7 +79,8 @@ public AccessPathBasedSourceSinkManager(Collection<? extends ISourceSinkDefiniti
 	}
 
 	@Override
-	protected Collection<Pair<AccessPath, ISourceSinkDefinition>> createSourceInfoPairs(Stmt sCallSite, InfoflowManager manager, Collection<ISourceSinkDefinition> defs) {
+	protected Collection<Pair<AccessPath, ISourceSinkDefinition>> createSourceInfoPairs(Stmt sCallSite,
+			InfoflowManager manager, Collection<ISourceSinkDefinition> defs) {
 		HashSet<ISourceSinkDefinition> delegateToSuper = new HashSet<>();
 		HashSet<Pair<AccessPath, ISourceSinkDefinition>> matchingDefs = new HashSet<>();
 		for (ISourceSinkDefinition def : defs) {
@@ -97,61 +107,61 @@ protected Collection<Pair<AccessPath, ISourceSinkDefinition>> createSourceInfoPa
 
 				// For parameters in callback methods, we need special handling
 				switch (methodDef.getCallType()) {
-					case Callback:
-						if (sCallSite instanceof IdentityStmt) {
-							IdentityStmt is = (IdentityStmt) sCallSite;
-							if (is.getRightOp() instanceof ParameterRef) {
-								ParameterRef paramRef = (ParameterRef) is.getRightOp();
-								if (methodDef.getParameters() != null
-										&& methodDef.getParameters().length > paramRef.getIndex()) {
-									for (AccessPathTuple apt : methodDef.getParameters()[paramRef.getIndex()]) {
-										aps.add(apt.toAccessPath(is.getLeftOp(), manager, false));
-										apTuples.add(apt);
-									}
+				case Callback:
+					if (sCallSite instanceof IdentityStmt) {
+						IdentityStmt is = (IdentityStmt) sCallSite;
+						if (is.getRightOp() instanceof ParameterRef) {
+							ParameterRef paramRef = (ParameterRef) is.getRightOp();
+							if (methodDef.getParameters() != null
+									&& methodDef.getParameters().length > paramRef.getIndex()) {
+								for (AccessPathTuple apt : methodDef.getParameters()[paramRef.getIndex()]) {
+									aps.add(apt.toAccessPath(is.getLeftOp(), manager, false));
+									apTuples.add(apt);
 								}
 							}
 						}
-						break;
-					case MethodCall:
-						// Check whether we need to taint the base object
-						if (sCallSite instanceof InvokeStmt && sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr
-								&& methodDef.getBaseObjects() != null) {
-							Value baseVal = ((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase();
-							for (AccessPathTuple apt : methodDef.getBaseObjects()) {
-								if (apt.getSourceSinkType().isSource()) {
-									aps.add(apt.toAccessPath(baseVal, manager, true));
-									apTuples.add(apt);
-								}
+					}
+					break;
+				case MethodCall:
+					// Check whether we need to taint the base object
+					if (sCallSite instanceof InvokeStmt && sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr
+							&& methodDef.getBaseObjects() != null) {
+						Value baseVal = ((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase();
+						for (AccessPathTuple apt : methodDef.getBaseObjects()) {
+							if (apt.getSourceSinkType().isSource()) {
+								aps.add(apt.toAccessPath(baseVal, manager, true));
+								apTuples.add(apt);
 							}
 						}
+					}
 
-						// Check whether we need to taint the return object
-						if (sCallSite instanceof DefinitionStmt && methodDef.getReturnValues() != null) {
-							Value returnVal = ((DefinitionStmt) sCallSite).getLeftOp();
-							for (AccessPathTuple apt : methodDef.getReturnValues()) {
-								if (apt.getSourceSinkType().isSource()) {
-									aps.add(apt.toAccessPath(returnVal, manager, false));
-									apTuples.add(apt);
-								}
+					// Check whether we need to taint the return object
+					if (sCallSite instanceof DefinitionStmt && methodDef.getReturnValues() != null) {
+						Value returnVal = ((DefinitionStmt) sCallSite).getLeftOp();
+						for (AccessPathTuple apt : methodDef.getReturnValues()) {
+							if (apt.getSourceSinkType().isSource()) {
+								aps.add(apt.toAccessPath(returnVal, manager, false));
+								apTuples.add(apt);
 							}
 						}
+					}
 
-						// Check whether we need to taint parameters
-						if (sCallSite.containsInvokeExpr() && methodDef.getParameters() != null
-								&& methodDef.getParameters().length > 0)
-							for (int i = 0; i < sCallSite.getInvokeExpr().getArgCount(); i++) {
-								if (methodDef.getParameters().length > i) {
-									for (AccessPathTuple apt : methodDef.getParameters()[i]) {
-										if (apt.getSourceSinkType().isSource()) {
-											aps.add(apt.toAccessPath(sCallSite.getInvokeExpr().getArg(i), manager, true));
-											apTuples.add(apt);
-										}
+					// Check whether we need to taint parameters
+					if (sCallSite.containsInvokeExpr() && methodDef.getParameters() != null
+							&& methodDef.getParameters().length > 0)
+						for (int i = 0; i < sCallSite.getInvokeExpr().getArgCount(); i++) {
+							if (methodDef.getParameters().length > i) {
+								for (AccessPathTuple apt : methodDef.getParameters()[i]) {
+									if (apt.getSourceSinkType().isSource()) {
+										aps.add(apt.toAccessPath(sCallSite.getInvokeExpr().getArg(i), manager, true));
+										apTuples.add(apt);
 									}
 								}
 							}
-						break;
-					default:
-						return null;
+						}
+					break;
+				default:
+					return null;
 				}
 			} else if (def instanceof FieldSourceSinkDefinition) {
 				// Check whether we need to taint the left side of the assignment
@@ -368,10 +378,12 @@ public SourceInfo getInverseSinkInfo(Stmt sCallSite, InfoflowManager manager) {
 						matchingDefs.add(new Pair<>(ap, methodDef));
 				}
 				// Check whether the base object matches our definition
-				else if (sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr && methodDef.getBaseObjects() != null) {
+				else if (sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr
+						&& methodDef.getBaseObjects() != null) {
 					for (AccessPathTuple apt : methodDef.getBaseObjects()) {
 						if (apt.getSourceSinkType().isSink()) {
-							AccessPath ap = apt.toAccessPath(((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase(), manager, true);
+							AccessPath ap = apt.toAccessPath(((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase(),
+									manager, true);
 							matchingDefs.add(new Pair<>(ap, def));
 							break;
 						}
@@ -389,7 +401,8 @@ else if (methodDef.getParameters() != null && methodDef.getParameters().length >
 						if (methodDef.getParameters().length > i) {
 							for (AccessPathTuple apt : methodDef.getParameters()[i]) {
 								if (apt.getSourceSinkType().isSink()) {
-									AccessPath ap = apt.toAccessPath(sCallSite.getInvokeExpr().getArg(i), manager, true);
+									AccessPath ap = apt.toAccessPath(sCallSite.getInvokeExpr().getArg(i), manager,
+											true);
 									aps.add(ap);
 									apts.add(apt);
 								}
@@ -478,73 +491,74 @@ public SinkInfo getInverseSourceInfo(Stmt sCallSite, InfoflowManager manager, Ac
 
 				// For parameters in callback methods, we need special handling
 				switch (methodDef.getCallType()) {
-					case Callback:
-						if (sCallSite instanceof IdentityStmt) {
-							IdentityStmt is = (IdentityStmt) sCallSite;
-							if (is.getRightOp() instanceof ParameterRef) {
-								ParameterRef paramRef = (ParameterRef) is.getRightOp();
-								if (methodDef.getParameters() != null
-										&& methodDef.getParameters().length > paramRef.getIndex()) {
-									for (AccessPathTuple apt : methodDef.getParameters()[paramRef.getIndex()]) {
-										AccessPath ap = apt.toAccessPath(is.getLeftOp(), manager, false);
-										if (accessPathMatches(sourceAccessPath, apt)) {
-											aps.add(ap);
-											apTuples.add(apt);
-										}
-									}
-								}
-							}
-						}
-						break;
-					case MethodCall:
-						// Check whether we need to taint the base object
-						if (sCallSite instanceof InvokeStmt && sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr
-								&& methodDef.getBaseObjects() != null) {
-							Value baseVal = ((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase();
-							for (AccessPathTuple apt : methodDef.getBaseObjects()) {
-								if (apt.getSourceSinkType().isSource()) {
-									AccessPath ap = apt.toAccessPath(baseVal, manager, true);
+				case Callback:
+					if (sCallSite instanceof IdentityStmt) {
+						IdentityStmt is = (IdentityStmt) sCallSite;
+						if (is.getRightOp() instanceof ParameterRef) {
+							ParameterRef paramRef = (ParameterRef) is.getRightOp();
+							if (methodDef.getParameters() != null
+									&& methodDef.getParameters().length > paramRef.getIndex()) {
+								for (AccessPathTuple apt : methodDef.getParameters()[paramRef.getIndex()]) {
+									AccessPath ap = apt.toAccessPath(is.getLeftOp(), manager, false);
 									if (accessPathMatches(sourceAccessPath, apt)) {
 										aps.add(ap);
 										apTuples.add(apt);
 									}
 								}
 							}
 						}
+					}
+					break;
+				case MethodCall:
+					// Check whether we need to taint the base object
+					if (sCallSite instanceof InvokeStmt && sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr
+							&& methodDef.getBaseObjects() != null) {
+						Value baseVal = ((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase();
+						for (AccessPathTuple apt : methodDef.getBaseObjects()) {
+							if (apt.getSourceSinkType().isSource()) {
+								AccessPath ap = apt.toAccessPath(baseVal, manager, true);
+								if (accessPathMatches(sourceAccessPath, apt)) {
+									aps.add(ap);
+									apTuples.add(apt);
+								}
+							}
+						}
+					}
 
-						// Check whether we need to taint the return object
-						if (sCallSite instanceof DefinitionStmt && methodDef.getReturnValues() != null) {
-							Value returnVal = ((DefinitionStmt) sCallSite).getLeftOp();
-							for (AccessPathTuple apt : methodDef.getReturnValues()) {
-								if (apt.getSourceSinkType().isSource()) {
-									AccessPath ap = apt.toAccessPath(returnVal, manager, false);
-									if (accessPathMatches(sourceAccessPath, apt)) {
-										aps.add(ap);
-										apTuples.add(apt);
-									}
+					// Check whether we need to taint the return object
+					if (sCallSite instanceof DefinitionStmt && methodDef.getReturnValues() != null) {
+						Value returnVal = ((DefinitionStmt) sCallSite).getLeftOp();
+						for (AccessPathTuple apt : methodDef.getReturnValues()) {
+							if (apt.getSourceSinkType().isSource()) {
+								AccessPath ap = apt.toAccessPath(returnVal, manager, false);
+								if (accessPathMatches(sourceAccessPath, apt)) {
+									aps.add(ap);
+									apTuples.add(apt);
 								}
 							}
 						}
+					}
 
-						// Check whether we need to taint parameters
-						if (sCallSite.containsInvokeExpr() && methodDef.getParameters() != null
-								&& methodDef.getParameters().length > 0)
-							for (int i = 0; i < sCallSite.getInvokeExpr().getArgCount(); i++) {
-								if (methodDef.getParameters().length > i) {
-									for (AccessPathTuple apt : methodDef.getParameters()[i]) {
-										if (apt.getSourceSinkType().isSource()) {
-											AccessPath ap = apt.toAccessPath(sCallSite.getInvokeExpr().getArg(i), manager, true);
-											if (accessPathMatches(sourceAccessPath, apt)) {
-												aps.add(ap);
-												apTuples.add(apt);
-											}
+					// Check whether we need to taint parameters
+					if (sCallSite.containsInvokeExpr() && methodDef.getParameters() != null
+							&& methodDef.getParameters().length > 0)
+						for (int i = 0; i < sCallSite.getInvokeExpr().getArgCount(); i++) {
+							if (methodDef.getParameters().length > i) {
+								for (AccessPathTuple apt : methodDef.getParameters()[i]) {
+									if (apt.getSourceSinkType().isSource()) {
+										AccessPath ap = apt.toAccessPath(sCallSite.getInvokeExpr().getArg(i), manager,
+												true);
+										if (accessPathMatches(sourceAccessPath, apt)) {
+											aps.add(ap);
+											apTuples.add(apt);
 										}
 									}
 								}
 							}
-						break;
-					default:
-						return null;
+						}
+					break;
+				default:
+					return null;
 				}
 			} else if (def instanceof FieldSourceSinkDefinition) {
 				// Check whether we need to taint the left side of the assignment
diff --git a/soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/postProcessor/SummaryPathBuilder.java b/soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/postProcessor/SummaryPathBuilder.java
@@ -52,7 +52,7 @@ public SummarySourceInfo() {
 
 		public SummarySourceInfo(AccessPath source, Stmt context, Object userData, AccessPath sourceAP, boolean isAlias,
 				boolean isInCallee, boolean pathAgnosticResults) {
-			super(null, source, context, userData, null, null, null, pathAgnosticResults);
+			super(null, source, context, userData, (Stmt[]) null, null, null, pathAgnosticResults);
 			this.sourceAP = sourceAP;
 			this.isAlias = isAlias;
 			this.isInCallee = isInCallee;
diff --git a/soot-infoflow/src/soot/jimple/infoflow/results/InfoflowResults.java b/soot-infoflow/src/soot/jimple/infoflow/results/InfoflowResults.java
@@ -115,6 +115,21 @@ public int numConnections() {
 		return num;
 	}
 
+	/**
+	 * Gets the total number of additional data flows that can be used for filtering
+	 * context-sensitive sinks. The technique for counting flows is equivalent to
+	 * numConnections().
+	 * 
+	 * @return The number of source-to-sink connections in the additional data flows
+	 */
+	public int numAdditionalFlows() {
+		int num = 0;
+		if (this.additionalResults != null)
+			for (ResultSinkInfo sink : this.additionalResults.keySet())
+				num += this.additionalResults.get(sink).size();
+		return num;
+	}
+
 	/**
 	 * Gets whether this result object is empty, i.e. contains no information flows
 	 *
diff --git a/soot-infoflow/src/soot/jimple/infoflow/results/ResultSourceInfo.java b/soot-infoflow/src/soot/jimple/infoflow/results/ResultSourceInfo.java
@@ -48,6 +48,16 @@ public ResultSourceInfo(ISourceSinkDefinition definition, AccessPath source, Stm
 		this.pathAgnosticResults = pathAgnosticResults;
 	}
 
+	public ResultSourceInfo(ISourceSinkDefinition definition, AccessPath source, Stmt context, Object userData,
+			Stmt[] path, AccessPath[] pathAPs, Stmt[] pathCallSites, boolean pathAgnosticResults) {
+		super(definition, source, context, userData);
+
+		this.path = path;
+		this.pathAPs = pathAPs;
+		this.pathCallSites = pathCallSites;
+		this.pathAgnosticResults = pathAgnosticResults;
+	}
+
 	public Stmt[] getPath() {
 		return this.path;
 	}
diff --git a/soot-infoflow/src/soot/jimple/infoflow/river/ConditionalFlowPostProcessor.java b/soot-infoflow/src/soot/jimple/infoflow/river/ConditionalFlowPostProcessor.java
@@ -34,7 +34,8 @@ public InfoflowResults onResultsAvailable(InfoflowResults results, IInfoflowCFG
 		if (results.size() == 0)
 			return results;
 
-		logger.info("Filtering conditional flows, starting with {} flows...", results.numConnections());
+		logger.info("Filtering conditional flows, starting with {} normal flows and {} additional flows...",
+				results.numConnections(), results.numAdditionalFlows());
 		HashSet<ResultSinkInfo> tbr = new HashSet<>();
 
 		for (DataFlowResult dfRes : results.getResultSet()) {
diff --git a/soot-infoflow/src/soot/jimple/infoflow/river/ConditionalSecondarySourceDefinition.java b/soot-infoflow/src/soot/jimple/infoflow/river/ConditionalSecondarySourceDefinition.java
@@ -4,26 +4,31 @@
 import soot.jimple.infoflow.sourcesSinks.definitions.ISourceSinkDefinition;
 
 /**
- * Special source definition for sources of secondary flows that are also conditional sinks.
+ * Special source definition for sources of secondary flows that are also
+ * conditional sinks.
  *
  * @author Tim Lange
  */
 public class ConditionalSecondarySourceDefinition extends AbstractSourceSinkDefinition {
-    public static ConditionalSecondarySourceDefinition INSTANCE = new ConditionalSecondarySourceDefinition();
+	public static ConditionalSecondarySourceDefinition INSTANCE = new ConditionalSecondarySourceDefinition();
 
-    @Override
-    public ISourceSinkDefinition getSourceOnlyDefinition() {
-        return null;
-    }
+	private ConditionalSecondarySourceDefinition() {
+		//
+	}
 
-    @Override
-    public ISourceSinkDefinition getSinkOnlyDefinition() {
-        return null;
-    }
+	@Override
+	public ISourceSinkDefinition getSourceOnlyDefinition() {
+		return null;
+	}
 
-    @Override
-    public boolean isEmpty() {
-        return false;
-    }
+	@Override
+	public ISourceSinkDefinition getSinkOnlyDefinition() {
+		return null;
+	}
+
+	@Override
+	public boolean isEmpty() {
+		return false;
+	}
 
 }
diff --git a/soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/definitions/MethodSourceSinkDefinition.java b/soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/definitions/MethodSourceSinkDefinition.java
