diff --git a/build.gradle b/build.gradle index fcfcf29..237cab1 100755 --- a/build.gradle +++ b/build.gradle @@ -111,7 +111,7 @@ publishing { maven(MavenPublication) { groupId = 'edu.ucr.cs.riple.taint' artifactId = 'ucrtainting-checker' - version = '0.3-SNAPSHOT-securibench' + version = '0.3-SNAPSHOT' from components.java } diff --git a/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/UCRTaintingChecker.java b/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/UCRTaintingChecker.java index bbbe595..215b060 100755 --- a/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/UCRTaintingChecker.java +++ b/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/UCRTaintingChecker.java @@ -43,17 +43,17 @@ /** This is the entry point for pluggable type-checking. */ @StubFiles({ -// "stubs/apache.commons.io.astub", -// "stubs/apache.commons.lang.astub", -// "stubs/codeql.astub", -// "stubs/Connection.astub", -// "stubs/Files.astub", -// "stubs/find-sec-bugs-sanitizers.astub", - "stubs/securibench.astub", -// "stubs/httpservletreq.astub", + "stubs/apache.commons.io.astub", + "stubs/apache.commons.lang.astub", + "stubs/codeql.astub", + "stubs/Connection.astub", + "stubs/Files.astub", + "stubs/find-sec-bugs-sanitizers.astub", + "stubs/general.astub", + "stubs/httpservletreq.astub", // "stubs/StringBuffer.astub", -// "stubs/taintedMethods.astub", -// "stubs/tdmljp.astub", + "stubs/taintedMethods.astub", + "stubs/tdmljp.astub", }) @SupportedOptions({ UCRTaintingChecker.ANNOTATED_PACKAGES, diff --git a/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/stubs/securibench.astub b/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/stubs/securibench.astub deleted file mode 100644 index 6bcd86d..0000000 --- a/src/main/java/edu/ucr/cs/riple/taint/ucrtainting/stubs/securibench.astub +++ /dev/null @@ -1,231 +0,0 @@ -import edu.ucr.cs.riple.taint.ucrtainting.qual.RTainted; -import edu.ucr.cs.riple.taint.ucrtainting.qual.RUntainted; - -package javax.servlet; -public class ServletResponse { - public void setContentType(@RUntainted String type); - public void setCharacterEncoding(@RUntainted String charset); -} - -public class ServletConfig { - public @RTainted String getInitParameter(String arg); - public public java.util.Enumeration<@RTainted String> getInitParameterNames(String arg); -} - -public class ServletContext { - public @RTainted String getInitParameter(String arg); -} - -package javax.servlet.http; -public class Cookie { - public void setPath(@RUntainted String uri); - public void setDomain(@RUntainted String domain); - public void setComment(@RUntainted String purpose); - public void setValue(@RUntainted String newValue); -} - -public interface HttpServletResponse { - public void setDateHeader(@RUntainted String name, long date); - public void setHeader(@RUntainted String name, String value); - public void sendError(int sc, @RUntainted String msg) throws IOException; - public void addIntHeader(@RUntainted String name, int value); - public void sendRedirect(@RUntainted String location) throws IOException; - public void sendError(int sc) throws IOException; - public void addDateHeader(@RUntainted String name, long date); - public void addHeader(@RUntainted String name, @RUntainted String value); - public void setIntHeader(@RUntainted String name, int value); - public void addCookie(@RUntainted Cookie cookie); - public void setContentType(@RUntainted String type); -} - -package javax.mail.internet; -public class InternetAddress { - public static InternetAddress[] parse(@RUntainted String addresslist) throws AddressException; - public static InternetAddress[] parse(@RUntainted String addresslist, boolean strict) throws AddressException; -} - -package java.sql; -public interface Statement { - public void addBatch(@RUntainted String sql); - public @RUntainted boolean execute(@RUntainted String sql) throws SQLException; - public @RUntainted ResultSet executeQuery(@RUntainted String sql) throws SQLException; - public @RUntainted int executeUpdate(@RUntainted String sql) throws SQLException; - public @RUntainted int executeUpdate(@RUntainted String sql, int arg) throws SQLException; - public @RUntainted int executeUpdate(@RUntainted String sql, String... args) throws SQLException; -} - -public class Connection { - @RUntainted CallableStatement prepareCall(@RUntainted String sql, int resultSetType, int resultSetConcurrency) throws SQLException; - @RUntainted PreparedStatement prepareStatement(@RUntainted String sql, int autoGeneratedKeys) throws SQLException; - @RUntainted PreparedStatement prepareStatement(@RUntainted String sql, int columnIndexes[]) throws SQLException; - @RUntainted PreparedStatement prepareStatement(@RUntainted String sql) throws SQLException; - @RUntainted CallableStatement prepareCall(@RUntainted String sql) throws SQLException; - @RUntainted CallableStatement prepareCall(@RUntainted String sql, int resultSetType, int resultSetConcurrency, int resultSetHoldability) throws SQLException; - @RUntainted PreparedStatement prepareStatement(@RUntainted String sql, int resultSetType, int resultSetConcurrency, int resultSetHoldability) throws SQLException; - @RUntainted PreparedStatement prepareStatement(@RUntainted String sql, String columnNames[]) throws SQLException; - @RUntainted PreparedStatement prepareStatement(@RUntainted String sql, int resultSetType, int resultSetConcurrency) throws SQLException; -} - -public class DriverManager { - public static @RUntainted Connection getConnection(@RUntainted String url) throws SQLException; - public static @RUntainted Connection getConnection(@RUntainted String url, @RUntainted String user, @RUntainted String password) throws SQLException; - public static @RUntainted Connection getConnection(@RUntainted String url, @RUntainted java.util.Properties info) throws SQLException; -} - -package java.lang; -public class System { - public static void load(@RUntainted String filename); - public static void loadLibrary(@RUntainted String libname); - public static @RUntainted String getenv(@RUntainted String name); - public static @RTainted String getProperty(@RUntainted String name); -} - -public class ProcessBuilder { - public ProcessBuilder(@RUntainted java.util.List<@RUntainted String> command); - public ProcessBuilder(@RUntainted String... command); - public ProcessBuilder command(@RUntainted java.util.List<@RUntainted String> command); - public ProcessBuilder command(@RUntainted String... command); - public @RUntainted java.util.List<@RUntainted String> command(); -} - -public class Runtime { - public @RUntainted Process exec(@RUntainted String command, @RUntainted String[] envp, @RUntainted File dir) throws IOException; - public @RUntainted Process exec(@RUntainted String[] cmdarray, @RUntainted String[] envp) throws IOException; - public @RUntainted Process exec(@RUntainted String[] cmdarray, @RUntainted String[] envp, @RUntainted File dir) throws IOException; - public @RUntainted Process exec(@RUntainted String command) throws IOException; - public @RUntainted Process exec(@RUntainted String command, @RUntainted String[] envp) throws IOException; - public @RUntainted Process exec(@RUntainted String cmdarray[]) throws IOException; -} - -public class Thread { - public static void sleep(long millis, int nanos) throws InterruptedException; - public static native void sleep(long millis) throws InterruptedException; -} - -public class Character { - public static @RUntainted boolean isDigit(@RUntainted char ch); - public static @RUntainted boolean isLetter(@RUntainted char ch); -} - -public class Class { - public static @RUntainted Class forName(@RUntainted String className) throws ClassNotFoundException; -} - -package java.io; -public class File { - public File(@RUntainted File parent, @RUntainted String child); - public File(@RUntainted String pathname); - public File(@RUntainted String parent, @RUntainted String child); - public File(@RUntainted URI uri); -} - -public class PrintStream { - public void println(@RUntainted String x); -} -public class PrintWriter { - public void print(@RUntainted String s); - public void println(@RUntainted String s); - public void println(@RUntainted Object obj); - -} - -public class FileWriter { - public FileWriter(@RUntainted String x); -} - -public class FileInputStream { - public FileInputStream(@RUntainted String x); -} - -package java.net; -public class Socket { - public Socket(@RUntainted String host, @RUntainted int port); - public Socket(@RUntainted String host, int port, boolean stream); - public Socket(@RUntainted String host, int port, InetAddress localAddr, int localPort); -} - -public class URLDecoder { - public static @RUntainted String decode(@RUntainted String s, @RUntainted String enc) - throws java.io.UnsupportedEncodingException; -} - -public class URLEncoder { - public static @RUntainted String encode(@RUntainted String s, @RUntainted String enc) - throws java.io.UnsupportedEncodingException; -} - -package javax.servlet.http; -public interface HttpServletRequest { - public @RTainted String getHeader(@RUntainted String name); - public java.util.Enumeration<@RTainted String> getHeaders(@RUntainted String name); - public java.util.Enumeration<@RTainted String> getHeaderNames(@RUntainted String name); - public @RTainted String getParameter(@RUntainted String name); - public @RTainted String[] getParameterValues(@RUntainted String name); - public @RTainted Session getSession(); - public @RTainted Session getProtocol(); - public @RTainted Session getScheme(); - public @RTainted Session getAuthType(); - public @RTainted Session getQueryString(); - public @RTainted Session getRemoteUser(); - public @RTainted Session getRequestURL(); -} - -package javax.servlet; -public interface ServletRequest { - public @RTainted String getHeader(@RUntainted String name); - public java.util.Enumeration<@RTainted String> getHeaders(@RUntainted String name); - public java.util.Enumeration<@RTainted String> getHeaders(@RUntainted String name); - public @RTainted String getParameter(@RUntainted String name); - public @RTainted String[] getParameterValues(@RUntainted String name); - public @RTainted Session getSession(); - public @RTainted Session getProtocol(); - public @RTainted Session getScheme(); - public @RTainted Session getAuthType(); - public @RTainted Session getQueryString(); - public @RTainted Session getRemoteUser(); - public @RTainted Session getRequestURL(); -} - -public interface HttpSession { - public void setAttribute(@RUntainted String name, Object value); - public void putValue(@RUntainted String name, @RUntainted Object value); -} - -package java.lang.reflect; -public class Field { - public @RUntainted Object get(@RUntainted Object obj) - throws IllegalAccessException, IllegalArgumentException; - public void set(@RUntainted Object obj, @RUntainted Object value) - throws IllegalAccessException, IllegalArgumentException; -} - -public class Method { - public @RUntainted Object invoke(@RUntainted Object obj, @RUntainted Object... args) - throws IllegalAccessException, IllegalArgumentException, java.lang.reflect.InvocationTargetException; -} - -package javax.persistence; -public class EntityManager { - public @RUntainted Query createQuery(@RUntainted CriteriaDelete deleteQuery); - public @RUntainted Query createNativeQuery(@RUntainted String sqlString); - public @RUntainted Query createNativeQuery(@RUntainted String sqlString, @RUntainted Class resultClass); - public @RUntainted TypedQuery createQuery(@RUntainted CriteriaQuery criteriaQuery); - public @RUntainted Query createNativeQuery(@RUntainted String sqlString, @RUntainted String resultSetMapping); - public @RUntainted TypedQuery createQuery(@RUntainted String qlString, @RUntainted Class resultClass); - public @RUntainted Query createQuery(@RUntainted CriteriaUpdate updateQuery); - public @RUntainted Query createQuery(@RUntainted String qlString); -} - -package java.util.logging; -public class Logger { - public void warning(@RUntainted String msg); - public void severe(@RUntainted String msg); - public void finest(@RUntainted String msg); - public void finer(@RUntainted String msg); - public void fine(@RUntainted String msg); - public void info(@RUntainted String msg); - public void config(@RUntainted String msg); - public void log(Level level, @RUntainted String msg, Object param1); - public void log(Level level, @RUntainted String msg); - public void log(Level level, @RUntainted String msg, @RUntainted Throwable thrown); -} \ No newline at end of file