Merge pull request diffblue#216 from trtikm/PR_02

marek-trtik · smowton · commit 6f3389d86650 · 2017-03-01T12:12:04.000Z
Introducing "rules.json" file for the extended analyser.
diff --git a/regression/december_demo_sprint/Sakai/APP/rules.json b/regression/december_demo_sprint/Sakai/APP/rules.json
@@ -0,0 +1,107 @@
+[
+  {
+    "comment": "Potentially tained data was returned from the called function.",
+    "class": "TaintSource",
+    "method": "get_tainted_int:()I",
+    "result": {
+      "location": "return_value",
+      "taint": "<TaintSource.get_tainted_int@Integer>"
+    }
+  },
+  {
+    "comment": "Potentially tained data was returned from the tainted input stream.",
+    "class": "TaintedInputStream",
+    "method": "read:([BII)I",
+    "result": {
+      "location": "arg1",
+      "taint": "<TaintedInputStream.read@byte[]>"
+    }
+  },
+  {
+    "comment": "Conversion of an array of potentially tainted bytes to a string.",
+    "class": "java.lang.String",
+    "method": "<init>:([BII)V",
+    "input": {
+      "location": "arg1",
+      "taint": "<TaintedInputStream.read@byte[]>"
+    },
+    "result": {
+      "location": "arg0",
+      "taint": "<toString(TaintedInputStream.read@byte[])@String>"
+    }
+  },
+  {
+    "comment": "Appending a potentially tainted string into the StringBuilder instance. Making the builder tainted.",
+    "class": "java.lang.StringBuilder",
+    "method": "append:(Ljava/lang/String;)Ljava/lang/StringBuilder;",
+    "input": {
+      "location": "arg1",
+      "taint": "<toString(TaintedInputStream.read@byte[])@String>"
+    },
+    "result": {
+      "location": "arg0",
+      "taint": "<StringBuilder.append(toString(TaintedInputStream.read@byte[]))@StringBuilder>"
+    }
+  },
+  {
+    "comment": "Conversion of potentially tainted data in the StringBuilder to a potentially tainted string.",
+    "class": "java.lang.StringBuilder",
+    "method": "toString:()Ljava/lang/String;",
+    "input": {
+      "location": "arg0",
+      "taint": "<StringBuilder.append(toString(TaintedInputStream.read@byte[]))@StringBuilder>"
+    },
+    "result": {
+      "location": "return_value",
+      "taint": "<toString(TaintedInputStream.read@byte[])@String>"
+    }
+  },
+  {
+    "comment": "Inserting a potentially tainted string into a HashMap container. Making the container tainted.",
+    "class": "java.util.HashMap",
+    "method": "put:(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;",
+    "input": {
+      "location": "arg2",
+      "taint": "<toString(TaintedInputStream.read@byte[])@String>"
+    },
+    "result": {
+      "location": "arg0",
+      "taint": "<HashMap.put(toString(TaintedInputStream.read@byte[]))@HashMap>"
+    }
+  },
+  {
+    "comment": "Retrieving a potentially tainted string from a HashMap container.",
+    "class": "java.util.HashMap",
+    "method": "get:(Ljava/lang/Object;)Ljava/lang/Object;",
+    "input": {
+      "location": "arg0",
+      "taint": "<HashMap.put(toString(TaintedInputStream.read@byte[]))@HashMap>"
+    },
+    "result": {
+      "location": "return_value",
+      "taint": "<toString(TaintedInputStream.read@byte[])@String>"
+    }
+  },
+  {
+    "comment": "Retrieving a potentially tainted character from a potentially tainted string.",
+    "class": "java.lang.String",
+    "method": "charAt:(I)C",
+    "input": {
+      "location": "arg0",
+      "taint": "<toString(TaintedInputStream.read@byte[])@String>"
+    },
+    "result": {
+      "location": "return_value",
+      "taint": "<charAt(toString(TaintedInputStream.read@byte[]))@Character>"
+    }
+  },
+  {
+    "comment": "Writing a potentially tainted data into the output",
+    "class": "TaintSink",
+    "method": "receive_taint:(C)V",
+    "sinkTarget": {
+      "location": "arg0",
+      "taint": "<charAt(toString(TaintedInputStream.read@byte[]))@Character>"
+    }
+  }
+]
