DASCA
/
DASCA
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use SSAInstructionKey for map sinkSources.

This commit is contained in:
Achim D. Brucker 2016-09-18 02:12:56 +01:00
parent 73a9b8960f
commit e3aa14555e
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/eu.aniketos.dasca.dataflow/src/main/java/eu/aniketos/dasca/dataflow/util/SuperGraphUtil.java
View File

@ -336,17 +336,17 @@ public class SuperGraphUtil {
//* <<< get possible vulnerabilities for each SQL execute
HashMap<SSAInstruction, ArrayList<SSAInstruction>> sinkSources = new HashMap<SSAInstruction, ArrayList<SSAInstruction>>();
HashMap<SSAInstructionKey, ArrayList<SSAInstruction>> sinkSources = new HashMap<SSAInstructionKey, ArrayList<SSAInstruction>>();
for (SSAInstruction ssaInstruction : sqlExecutes) {
boolean isPreparedStmt = ssaInstruction.toString().contains("Prepared");
sinkSources.put(ssaInstruction, AnalysisUtil.analyzeStatementExecute(ssaInstruction, definitions, isPreparedStmt, badMethods));
sinkSources.put(new SSAInstructionKey(ssaInstruction), AnalysisUtil.analyzeStatementExecute(ssaInstruction, definitions, isPreparedStmt, badMethods));
}
boolean containsVulnerability = false;
for (SSAInstruction sink : sqlExecutes) {
if(!sinkSources.containsKey(sink)) { // no vulnerability possible
if(!sinkSources.containsKey(new SSAInstructionKey(sink))) { // no vulnerability possible
continue;
}
ArrayList<SSAInstruction> badSources = sinkSources.get(sink);
ArrayList<SSAInstruction> badSources = sinkSources.get(new SSAInstructionKey(sink));
if(badSources != null) {
for (SSAInstruction source : badSources) {
boolean isNotMutuallyExclusive = true;