added some logging and methods for obtaining referenced classes even before the Soot scene is loaded

StevenArzt · StevenArzt · commit eee57b2c9c50 · 2026-01-13T15:35:10.000+01:00
diff --git a/soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java b/soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java
@@ -16,6 +16,9 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import heros.solver.Pair;
 import heros.solver.PathEdge;
 import soot.ArrayType;
@@ -101,6 +104,8 @@
  */
 public class SummaryTaintWrapper implements IReversibleTaintWrapper, ICollectionsSupport {
 
+	private final Logger logger = LoggerFactory.getLogger(getClass());
+
 	protected InfoflowManager manager;
 	private AtomicInteger wrapperHits = new AtomicInteger();
 	private AtomicInteger wrapperMisses = new AtomicInteger();
@@ -362,12 +367,14 @@ private AccessPathPropagator getOriginalCallSite(AccessPathPropagator propagator
 	 */
 	public SummaryTaintWrapper(IMethodSummaryProvider flows) {
 		this.flows = flows;
+		logger.info("Initializing summary taint wrapper with summaries for {} classes...",
+				flows.getAllClassesWithSummaries().size());
 		setContainerStrategyFactory(new DefaultConfigContainerStrategyFactory());
 	}
 
 	/**
-	 * Creates a new instance of the {@link SummaryTaintWrapper} class.
-	 * Uses summaries present within the StubDroid JAR file. 
+	 * Creates a new instance of the {@link SummaryTaintWrapper} class. Uses
+	 * summaries present within the StubDroid JAR file.
 	 */
 	public SummaryTaintWrapper() throws URISyntaxException, IOException {
 		this(new EagerSummaryProvider());
diff --git a/soot-infoflow/src/soot/jimple/infoflow/river/conditions/SignatureFlowCondition.java b/soot-infoflow/src/soot/jimple/infoflow/river/conditions/SignatureFlowCondition.java
@@ -3,19 +3,22 @@
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 import heros.solver.Pair;
 import soot.Scene;
 import soot.SootClass;
 import soot.SootMethod;
 import soot.Type;
 import soot.jimple.Stmt;
+import soot.jimple.infoflow.data.SootMethodAndClass;
 import soot.jimple.infoflow.results.DataFlowResult;
 import soot.jimple.infoflow.results.InfoflowResults;
 import soot.jimple.infoflow.results.ResultSinkInfo;
 import soot.jimple.infoflow.results.ResultSourceInfo;
 import soot.jimple.infoflow.river.ConditionalSecondarySourceDefinition;
 import soot.jimple.infoflow.sourcesSinks.definitions.SourceSinkCondition;
+import soot.jimple.infoflow.util.SootMethodRepresentationParser;
 import soot.util.MultiMap;
 
 /**
@@ -314,4 +317,10 @@ public String toString() {
 		return "AdditionalFlowCondition: " + "classNamesOnPath=" + classNamesOnPath + ", signaturesOnPath="
 				+ signaturesOnPath + ", excludedClasses=" + excludedClassNames;
 	}
+
+	@Override
+	public Set<SootMethodAndClass> getReferencedMethodDefs() {
+		final SootMethodRepresentationParser rep = SootMethodRepresentationParser.v();
+		return signaturesOnPath.stream().map(s -> rep.parseSootMethodString(s)).collect(Collectors.toSet());
+	}
 }
diff --git a/soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/definitions/SourceSinkCondition.java b/soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/definitions/SourceSinkCondition.java
@@ -2,9 +2,12 @@
 
 import java.util.Collections;
 import java.util.Set;
+import java.util.stream.Collectors;
 
+import soot.Scene;
 import soot.SootClass;
 import soot.SootMethod;
+import soot.jimple.infoflow.data.SootMethodAndClass;
 import soot.jimple.infoflow.results.DataFlowResult;
 import soot.jimple.infoflow.results.InfoflowResults;
 
@@ -17,40 +20,49 @@
  */
 public abstract class SourceSinkCondition {
 
-    /**
-     * Evaluates the condition on the given data flow result
-     *
-     * @param result  The data flow result
-     * @param results All results of this data flow analysis
-     * @return True if the given data flow result matches the condition, otherwise
-     * false
-     */
-    public abstract boolean evaluate(DataFlowResult result, InfoflowResults results);
-
-    /**
-     * Gets all methods referenced by this condition
-     *
-     * @return The methods referenced by this condition
-     */
-    public Set<SootMethod> getReferencedMethods() {
-        return Collections.emptySet();
-    }
-
-    /**
-     * Gets all classes referenced by this condition
-     *
-     * @return The classes referenced by this condition
-     */
-    public Set<SootClass> getReferencedClasses() {
-        return Collections.emptySet();
-    }
-
-    /**
-     * Gets all classes excluded by this condition
-     *
-     * @return The classes excluded by this condition
-     */
-    public Set<SootClass> getExcludedClasses() {
-        return Collections.emptySet();
-    }
+	/**
+	 * Evaluates the condition on the given data flow result
+	 *
+	 * @param result  The data flow result
+	 * @param results All results of this data flow analysis
+	 * @return True if the given data flow result matches the condition, otherwise
+	 *         false
+	 */
+	public abstract boolean evaluate(DataFlowResult result, InfoflowResults results);
+
+	/**
+	 * Gets all methods referenced by this condition
+	 *
+	 * @return The methods referenced by this condition
+	 */
+	public Set<SootMethod> getReferencedMethods() {
+		Set<SootMethodAndClass> refs = getReferencedMethodDefs();
+		return refs == null || refs.isEmpty() ? Collections.emptySet()
+				: refs.stream().map(d -> Scene.v().grabMethod(d.getSignature())).collect(Collectors.toSet());
+	}
+
+	/**
+	 * Gets all definitions of methods referenced by this condition
+	 * 
+	 * @return All definitions of methods referenced by this condition
+	 */
+	public abstract Set<SootMethodAndClass> getReferencedMethodDefs();
+
+	/**
+	 * Gets all classes referenced by this condition
+	 *
+	 * @return The classes referenced by this condition
+	 */
+	public Set<SootClass> getReferencedClasses() {
+		return Collections.emptySet();
+	}
+
+	/**
+	 * Gets all classes excluded by this condition
+	 *
+	 * @return The classes excluded by this condition
+	 */
+	public Set<SootClass> getExcludedClasses() {
+		return Collections.emptySet();
+	}
 }
diff --git a/soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/manager/BaseSourceSinkManager.java b/soot-infoflow/src/soot/jimple/infoflow/sourcesSinks/manager/BaseSourceSinkManager.java
@@ -434,7 +434,14 @@ public SourceInfo getSourceInfo(Stmt sCallSite, InfoflowManager manager) {
 		if (sCallSite.hasTag(SimulatedCodeElementTag.TAG_NAME))
 			return null;
 
+		// Look up the source definition
 		Collection<ISourceSinkDefinition> defs = getSource(sCallSite, manager.getICFG());
+		if (defs == null || defs.isEmpty())
+			return null;
+
+		// We seem to have a source for this statement. Create the detailed
+		// specification object. Note that subsequent filtering may still invalidate the
+		// source.
 		Collection<Pair<AccessPath, ISourceSinkDefinition>> pairs = createSourceInfoPairs(sCallSite, manager, defs);
 		return pairs.size() > 0 ? new SourceInfo(pairs) : null;
 	}
