Difference between revisions of "Writing Toolbox Analyzers"
BenHolland (Talk | contribs) (→Analyzing Class Loaders Usage) |
BenHolland (Talk | contribs) (→Analyzing Class Loader Usage) |
||
Line 4: | Line 4: | ||
== Analyzing Class Loader Usage == | == Analyzing Class Loader Usage == | ||
− | + | ||
+ | <pre> | ||
+ | public class ClassLoaderUsage extends Analyzer { | ||
+ | |||
+ | @Override | ||
+ | public String getName() { | ||
+ | return "Class Loader Usage"; | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | public String getDescription() { | ||
+ | return "Discovers uses of Java class loaders."; | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | public String[] getAssumptions() { | ||
+ | return new String[] { "Uses of class loader APIs are only made through direct method calls." }; | ||
+ | } | ||
+ | |||
+ | @Override | ||
+ | protected Q evaluateEnvelope() { | ||
+ | // get all ClassLoader implementations (getting type hierarchy here | ||
+ | // instead of just base types and overrides because the custom | ||
+ | // ClassLoader methods may contain valuable contextual information) | ||
+ | Q classLoaderAPIs = CommonQueries.typeHierarchy(context, | ||
+ | Common.typeSelect("java.lang", "ClassLoader"), | ||
+ | TraversalDirection.REVERSE); | ||
+ | |||
+ | // get the class loader API methods | ||
+ | Q classLoaderMethods = CommonQueries.declarations(context, | ||
+ | classLoaderAPIs, TraversalDirection.FORWARD) | ||
+ | .nodesTaggedWithAny(Node.METHOD); | ||
+ | |||
+ | // remove the boring class loader methods inherited from Object | ||
+ | classLoaderMethods = classLoaderMethods.difference(SetDefinitions | ||
+ | .objectMethodOverrides()); | ||
+ | |||
+ | // get the calls to the class loader API methods by the application | ||
+ | return CommonQueries.interactions(context, appContext, | ||
+ | classLoaderMethods, Edge.CALL); | ||
+ | } | ||
+ | |||
+ | } | ||
+ | </pre> | ||
== Analyzing Reflection Usage == | == Analyzing Reflection Usage == |
Revision as of 14:50, 5 February 2015
The Toolbox Commons project defines an Analyzer
interface that encapsulates the logic for traversing a program graph to extract an "envelope" (a subgraph that is either empty if a property is satisfied or non-empty containing the necessary information to locate the violation of the property). Analyzers encapsulate their descriptions, assumptions, analysis context, and analysis logic. Of course you can define your own "Analyzer" simply by writing a program with your analysis logic, but we find this abstraction helps keep code organized when contributing to a toolbox project.
Let's update our Starter Toolbox to define a few new Analyzer
objects. Specifically let's write analyzers that detect uses of Java class loaders, reflection, native code, and native processes. We want to be able to detect the usage of these language features because these exotic features tend to break naive program analysis implementations. Depending on our implementation, without the ability to detect these features we may not be able to tell if our analysis is sound or complete.
Contents
Analyzing Class Loader Usage
public class ClassLoaderUsage extends Analyzer { @Override public String getName() { return "Class Loader Usage"; } @Override public String getDescription() { return "Discovers uses of Java class loaders."; } @Override public String[] getAssumptions() { return new String[] { "Uses of class loader APIs are only made through direct method calls." }; } @Override protected Q evaluateEnvelope() { // get all ClassLoader implementations (getting type hierarchy here // instead of just base types and overrides because the custom // ClassLoader methods may contain valuable contextual information) Q classLoaderAPIs = CommonQueries.typeHierarchy(context, Common.typeSelect("java.lang", "ClassLoader"), TraversalDirection.REVERSE); // get the class loader API methods Q classLoaderMethods = CommonQueries.declarations(context, classLoaderAPIs, TraversalDirection.FORWARD) .nodesTaggedWithAny(Node.METHOD); // remove the boring class loader methods inherited from Object classLoaderMethods = classLoaderMethods.difference(SetDefinitions .objectMethodOverrides()); // get the calls to the class loader API methods by the application return CommonQueries.interactions(context, appContext, classLoaderMethods, Edge.CALL); } }
Analyzing Reflection Usage
TODO
Analyzing Native Code Usage
TODO
Analyzing Native Process Usage
TODO
Running Analyzers
TODO