Refactoring sink propagation rule to be more flexible

MarcMil · MarcMil · commit d2c934f0b30d · 2025-11-17T09:12:22.000+01:00
diff --git a/soot-infoflow/src/soot/jimple/infoflow/problems/rules/forward/SinkPropagationRule.java b/soot-infoflow/src/soot/jimple/infoflow/problems/rules/forward/SinkPropagationRule.java
@@ -81,8 +81,7 @@ private void checkForSink(Abstraction d1, Abstraction source, Stmt stmt, final V
 				if (aliasing.mayAlias(val, ap.getPlainValue())) {
 					SinkInfo sinkInfo = sourceSinkManager.getSinkInfo(stmt, getManager(), source.getAccessPath());
 					if (sinkInfo != null) {
-						if (!getResults().addResult(new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt)))
-							killState = true;
+						registerTaintResult(sinkInfo, new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt));
 					}
 				}
 			}
@@ -151,10 +150,8 @@ public Collection<Abstraction> propagateCallToReturnFlow(Abstraction d1, Abstrac
 
 					// If we have already seen the same taint at the same sink, there is no need to
 					// propagate this taint any further.
-					if (sinkInfo != null
-							&& !getResults().addResult(new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt))) {
-						killState = true;
-					}
+					if (sinkInfo != null)
+						registerTaintResult(sinkInfo, new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt));
 				}
 			}
 		}
@@ -180,9 +177,8 @@ public Collection<Abstraction> propagateReturnFlow(Collection<Abstraction> calle
 			if (matches && source.isAbstractionActive() && ssm != null && aliasing != null
 					&& aliasing.mayAlias(source.getAccessPath().getPlainValue(), returnStmt.getOp())) {
 				SinkInfo sinkInfo = ssm.getSinkInfo(returnStmt, getManager(), source.getAccessPath());
-				if (sinkInfo != null
-						&& !getResults().addResult(new AbstractionAtSink(sinkInfo.getDefinitions(), source, returnStmt)))
-					killState = true;
+				if (sinkInfo != null)
+					registerTaintResult(sinkInfo, new AbstractionAtSink(sinkInfo.getDefinitions(), source, returnStmt));
 			}
 		}
 
@@ -193,4 +189,19 @@ public Collection<Abstraction> propagateReturnFlow(Collection<Abstraction> calle
 		return null;
 	}
 
+	/**
+	 * Registers a taint result
+	 * @param sinkInfo information about the sink (must not be null)
+	 * @param abstractionAtSink the abstraction at sink (must not be null)
+	 */
+	protected void registerTaintResult(SinkInfo sinkInfo, AbstractionAtSink abstractionAtSink) {
+		boolean continueDataFlow = getResults().addResult(abstractionAtSink);
+		if (!continueDataFlow)
+			setKillState();
+	}
+
+	protected void setKillState() {
+		killState = true;
+	}
+
 }

Original file line number	Diff line number	Diff line change
`@@ -81,8 +81,7 @@ private void checkForSink(Abstraction d1, Abstraction source, Stmt stmt, final V`
`81`	`81`	`if (aliasing.mayAlias(val, ap.getPlainValue())) {`
`82`	`82`	`SinkInfo sinkInfo = sourceSinkManager.getSinkInfo(stmt, getManager(), source.getAccessPath());`
`83`	`83`	`if (sinkInfo != null) {`
`84`		`- if (!getResults().addResult(new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt)))`
`85`		`- killState = true;`
	`84`	`+ registerTaintResult(sinkInfo, new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt));`
`86`	`85`	`}`
`87`	`86`	`}`
`88`	`87`	`}`
`@@ -151,10 +150,8 @@ public Collection<Abstraction> propagateCallToReturnFlow(Abstraction d1, Abstrac`
`151`	`150`
`152`	`151`	`// If we have already seen the same taint at the same sink, there is no need to`
`153`	`152`	`// propagate this taint any further.`
`154`		`- if (sinkInfo != null`
`155`		`- && !getResults().addResult(new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt))) {`
`156`		`- killState = true;`
`157`		`- }`
	`153`	`+ if (sinkInfo != null)`
	`154`	`+ registerTaintResult(sinkInfo, new AbstractionAtSink(sinkInfo.getDefinitions(), source, stmt));`
`158`	`155`	`}`
`159`	`156`	`}`
`160`	`157`	`}`
`@@ -180,9 +177,8 @@ public Collection<Abstraction> propagateReturnFlow(Collection<Abstraction> calle`
`180`	`177`	`if (matches && source.isAbstractionActive() && ssm != null && aliasing != null`
`181`	`178`	`&& aliasing.mayAlias(source.getAccessPath().getPlainValue(), returnStmt.getOp())) {`
`182`	`179`	`SinkInfo sinkInfo = ssm.getSinkInfo(returnStmt, getManager(), source.getAccessPath());`
`183`		`- if (sinkInfo != null`
`184`		`- && !getResults().addResult(new AbstractionAtSink(sinkInfo.getDefinitions(), source, returnStmt)))`
`185`		`- killState = true;`
	`180`	`+ if (sinkInfo != null)`
	`181`	`+ registerTaintResult(sinkInfo, new AbstractionAtSink(sinkInfo.getDefinitions(), source, returnStmt));`
`186`	`182`	`}`
`187`	`183`	`}`
`188`	`184`
`@@ -193,4 +189,19 @@ public Collection<Abstraction> propagateReturnFlow(Collection<Abstraction> calle`
`193`	`189`	`return null;`
`194`	`190`	`}`
`195`	`191`
	`192`	`+ /**`
	`193`	`+ * Registers a taint result`
	`194`	`+ * @param sinkInfo information about the sink (must not be null)`
	`195`	`+ * @param abstractionAtSink the abstraction at sink (must not be null)`
	`196`	`+ */`
	`197`	`+ protected void registerTaintResult(SinkInfo sinkInfo, AbstractionAtSink abstractionAtSink) {`
	`198`	`+ boolean continueDataFlow = getResults().addResult(abstractionAtSink);`
	`199`	`+ if (!continueDataFlow)`
	`200`	`+ setKillState();`
	`201`	`+ }`
	`202`	`+`
	`203`	`+ protected void setKillState() {`
	`204`	`+ killState = true;`
	`205`	`+ }`
	`206`	`+`
`196`	`207`	`}`