-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Started refactoring the unsafe/reflection masking code
- Loading branch information
1 parent
aafa02c
commit 6ecf460
Showing
8 changed files
with
345 additions
and
201 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
Phosphor/src/main/java/edu/columbia/cs/psl/phosphor/mask/DisabledReflectionMV.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| package edu.columbia.cs.psl.phosphor.mask; | ||
|
|
||
| import edu.columbia.cs.psl.phosphor.Configuration; | ||
| import org.objectweb.asm.MethodVisitor; | ||
| import org.objectweb.asm.Opcodes; | ||
|
|
||
| import static edu.columbia.cs.psl.phosphor.instrumenter.TaintMethodRecord.IS_INSTANCE; | ||
|
|
||
| class DisabledReflectionMV extends ReflectionMV implements Opcodes { | ||
| DisabledReflectionMV(MethodVisitor mv, String className, String methodName) { | ||
| super(Configuration.ASM_VERSION, mv); | ||
| if (!isApplicable(className, methodName)) { | ||
| throw new IllegalArgumentException(); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean isInterface) { | ||
| if (owner.equals("java/lang/Class") && name.startsWith("isInstance")) { | ||
| // Even if we are not masking other methods, this must be masked | ||
| IS_INSTANCE.delegateVisit(mv); | ||
| } else { | ||
| super.visitMethodInsn(opcode, owner, name, desc, isInterface); | ||
| } | ||
| } | ||
|
|
||
| public static boolean isApplicable(String className, String methodName) { | ||
| switch (className) { | ||
| case "org/codehaus/groovy/vmplugin/v5/Java5": | ||
| return methodName.equals("makeInterfaceTypes"); | ||
| case "jdk/internal/reflect/ReflectionFactory": | ||
| case "java/lang/reflect/ReflectAccess": | ||
| // Java >= 9 | ||
| // TODO keep? | ||
| case "java/io/ObjectOutputStream": | ||
| case "java/io/ObjectInputStream": | ||
| return true; | ||
| default: | ||
| return false; | ||
| } | ||
| } | ||
| } |
55 changes: 55 additions & 0 deletions
55
Phosphor/src/main/java/edu/columbia/cs/psl/phosphor/mask/ObjectStreamReflectionMV.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| package edu.columbia.cs.psl.phosphor.mask; | ||
|
|
||
| import edu.columbia.cs.psl.phosphor.Configuration; | ||
| import org.objectweb.asm.MethodVisitor; | ||
| import org.objectweb.asm.Opcodes; | ||
|
|
||
| import static edu.columbia.cs.psl.phosphor.instrumenter.TaintMethodRecord.IS_INSTANCE; | ||
|
|
||
| class ObjectStreamReflectionMV extends ReflectionMV { | ||
| private final String methodName; | ||
|
|
||
| ObjectStreamReflectionMV(MethodVisitor mv, String className, String methodName) { | ||
| super(Configuration.ASM_VERSION, mv); | ||
| if (!isApplicable(className, methodName)) { | ||
| throw new IllegalArgumentException(); | ||
| } | ||
| this.methodName = methodName; | ||
| } | ||
|
|
||
| @Override | ||
| public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean isInterface) { | ||
| if (owner.equals("java/lang/Class") && name.startsWith("isInstance")) { | ||
| // Even if we are not masking other methods, this must be masked | ||
| IS_INSTANCE.delegateVisit(mv); | ||
| } else if (owner.equals("sun/misc/Unsafe") && shouldMask(name)) { | ||
| owner = ReflectionMVFactory.getRuntimeUnsafePropagatorClassName(); | ||
| super.visitMethodInsn( | ||
| Opcodes.INVOKESTATIC, owner, name, "(Lsun/misc/Unsafe;" + desc.substring(1), isInterface); | ||
| } else { | ||
| super.visitMethodInsn(opcode, owner, name, desc, isInterface); | ||
| } | ||
| } | ||
|
|
||
| private boolean shouldMask(String name) { | ||
| switch (methodName) { | ||
| case "setObjFieldValues": | ||
| return name.startsWith("putObject") || name.startsWith("compareAndSwapObject"); | ||
| case "getObjFieldValues": | ||
| return name.startsWith("getObject"); | ||
| case "getPrimFieldValues": | ||
| case "setPrimFieldValues": | ||
| // Check for name.startsWith("put") || name.startsWith("get") was included but unhandled with a | ||
| // TODO and the note: name = name + "$$NOUNBOX" | ||
| // It is unclear if this needs to fixed | ||
| default: | ||
| return false; | ||
| } | ||
| } | ||
|
|
||
| public static boolean isApplicable(String className, String methodName) { | ||
| return (className.equals("java/io/ObjectStreamClass") || className.equals("java/io/ObjectStreamField")) | ||
| && Configuration.TAINT_THROUGH_SERIALIZATION | ||
| && !methodName.equals("getDeclaredSerialFields$$PHOSPHORTAGGED"); | ||
| } | ||
| } |
Oops, something went wrong.