cpg-analysis/de.fraunhofer.aisec.cpg.analysis.fsm/DFAOrderEvaluator

DFAOrderEvaluator

open class DFAOrderEvaluator(val dfa: DFA, val consideredBases: Set<Node>, val nodeToRelevantMethod: Map<Node, Set<String>>, val consideredResetNodes: Set<Node> = emptySet(), val thisPositionOfNode: Map<Node, Int> = mapOf(), val eliminateUnreachableCode: Boolean = true)

This class uses a DFA to evaluate if the order of statements in the CPG is correct. It needs the following inputs:

  • dfa: Describes the desired correct order of nodes

  • consideredBases: A set of the IDs of nodes (typically the VariableDeclaration) which are considered.

  • nodeToRelevantMethod: A mapping between CPG nodes and their operators used by the respective edges in the dfa. Currently, we only consider CallExpressions. If a node is not contained in this list, it is not considered by the evaluation as we assume that the method is not relevant.

  • consideredResetNodes: These nodes reset the order evaluation such that e.g., a reassignment of a variable with a new object is handled correctly. In this case, the constructor node must be part of the consideredResetNodes. This allows the DFAOrderEvaluator to detect that in such a case,

    (1) Botan p7 = new Botan(2);
    (2) p7.start(iv);
    (3) p7.finish(buf);

    (4) p7 = new Botan(3);
    (5) p7.start(iv);
Content copied to clipboard

(4) should actually start a new order evaluation.

  • thisPositionOfNode: If a non-object oriented language was used, this is a map from CPG nodes (i.e., the CallExpression) to the argument position serving as base of the operation.

To improve the results, it is useful to run de.fraunhofer.aisec.cpg.passes.UnreachableEOGPass prior to running the analysis and set the flag eliminateUnreachableCode to true. This removes results which may occur in unreachable code.

Constructors

Link copied to clipboard
constructor(dfa: DFA, consideredBases: Set<Node>, nodeToRelevantMethod: Map<Node, Set<String>>, consideredResetNodes: Set<Node> = emptySet(), thisPositionOfNode: Map<Node, Int> = mapOf(), eliminateUnreachableCode: Boolean = true)

Properties

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val dfa: DFA
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

Functions

Link copied to clipboard
open fun actionAcceptingTermination(base: String, fsm: DFA, interproceduralFlow: Boolean)

Contains the functionality which is executed if the DFA terminated in an accepting state for the given base. This means that all required statements have been executed for base so far. The fsm holds the execution trace found by the analysis.

Link copied to clipboard
open fun actionMissingTransitionForNode(node: Node, fsm: DFA, interproceduralFlow: Boolean)

Contains the functionality which is executed if the DFA does not contain a suitable transition for the given node. The evaluation ensures that the node is relevant, i.e., its operator is considered by the DFA and its base is subject to analysis. This means that the order is broken at node.

Link copied to clipboard
open fun actionNonAcceptingTermination(base: String, fsm: DFA, interproceduralFlow: Boolean)

Contains the functionality which is executed if the DFA did not terminate in an accepting state for the given base. This means that not all required statements have been executed for base so far. The fsm holds the execution trace found by the analysis.

Link copied to clipboard
fun evaluateOrder(startNode: Node, stopOnWrongBase: Boolean = true): Boolean

Checks if a sequence of Nodes/statements starting from startNode follows the sequence given by the dfa. If the sequence of statements violates the rules, the method returns false, if it is correct, the method returns true. The flag stopOnWrongBase makes the FSM stop evaluation of a base if an unexpected operation was observed for that base.

Link copied to clipboard
fun getBaseOfNode(node: CallExpression): Node?

Returns the "base" node belonging to node, on which the DFA is based on. Ideally, this is a variable declaration in the end.