diff --git a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/JSVFA.scala b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/JSVFA.scala index f146028c..a8cbff7d 100644 --- a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/JSVFA.scala +++ b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/JSVFA.scala @@ -240,6 +240,24 @@ abstract class JSVFA } } + trait CopyFromSessionTag extends RuleAction { + + def apply( + sootMethod: SootMethod, + invokeStmt: jimple.Stmt, + localDefs: SimpleLocalDefs + ) = { + /** + * TO-DO + * Implement logic here + */ + } + } + + /** + * Core Code + */ + def createSceneTransform(): (String, Transform) = ("wjtp", new Transform("wjtp.svfa", new Transformer())) diff --git a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/DSL.scala b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/DSL.scala index 872da94d..a0cd1b3a 100644 --- a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/DSL.scala +++ b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/DSL.scala @@ -84,7 +84,8 @@ trait DSL { rule sessionMethods = if NamedMethodRule(className: "javax.servlet.http.HttpSession", methodName: "getAttribute") then [ - CopyFromMethodCallToLocal() + CopyFromMethodCallToLocal(), + CopyFromSessionTag() ] rule skipNativeMethods = if NativeRule() then DoNothing() diff --git a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/LanguageParser.scala b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/LanguageParser.scala index df6f1f31..e092e74c 100644 --- a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/LanguageParser.scala +++ b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/LanguageParser.scala @@ -156,10 +156,15 @@ class LanguageParser(val jsvfa: JSVFA) extends RegexParsers { _.toString } + def COPY_FROM_SESSION_TAG: Parser[String] = + """CopyFromSessionTag""".r ^^ { + _.toString + } + def ACTIONS: Parser[String] = DO_NOTHING | COPY_BETWEEN_ARGS | COPY_FROM_METHOD_ARGUMENT_TO_BASE_OBJECT | COPY_FROM_METHOD_CALL_TO_LOCAL | - COPY_FROM_METHOD_ARGUMENT_TO_LOCAL ^^ { + COPY_FROM_METHOD_ARGUMENT_TO_LOCAL | COPY_FROM_SESSION_TAG ^^ { _.toString } diff --git a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/RuleFactory.scala b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/RuleFactory.scala index ccf5e5fa..46966726 100644 --- a/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/RuleFactory.scala +++ b/modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/dsl/RuleFactory.scala @@ -38,6 +38,9 @@ class RuleFactory(val jsvfa: JSVFA) { case "CopyFromMethodCallToLocal" => ruleActions = ruleActions ++ List(new jsvfa.CopyFromMethodCallToLocal {}) + case "CopyFromSessionTag" => + ruleActions = + ruleActions ++ List(new jsvfa.CopyFromSessionTag {}) case _ => ruleActions = ruleActions ++ List(new DoNothing {}) } diff --git a/modules/securibench/src/test/scala/br/unb/cic/securibench/deprecated/SecuribenchTestSuite.scala b/modules/securibench/src/test/scala/br/unb/cic/securibench/deprecated/SecuribenchTestSuite.scala index 0c930ff3..ac4a9865 100644 --- a/modules/securibench/src/test/scala/br/unb/cic/securibench/deprecated/SecuribenchTestSuite.scala +++ b/modules/securibench/src/test/scala/br/unb/cic/securibench/deprecated/SecuribenchTestSuite.scala @@ -1182,7 +1182,7 @@ class SecuribenchTestSuite extends FunSuite { /** SESSION TESTs */ - ignore( + test( "in the class Session1 we should detect 1 conflict of a simple session test case" ) { val testName = "Session1" @@ -1191,6 +1191,7 @@ class SecuribenchTestSuite extends FunSuite { val svfa = new SecuribenchTest(s"securibench.micro.session.$testName", "doGet") svfa.buildSparseValueFlowGraph() + // println(svfa.svgToDotModel()) assert(svfa.reportConflictsSVG().size == expectedConflicts) }