Safe Haskell	None
Language	Haskell2010

Tokstyle.Analysis.SecurityRank

Synopsis

data SecurityRankContext l = SecurityRankContext {
- srcCurrentFile :: FilePath
- srcAnnotations :: AnnotationMap
- srcSummaries :: Map FunctionName SecurityRankSummary
- srcFuncDecls :: Map FunctionName (FilePath, Node (Lexeme l))
- srcFuncDefs :: Map FunctionName (FilePath, Node (Lexeme l))
- srcStructDefs :: Map Text (Node (Lexeme l))
- srcCallGraph :: CallGraph
- srcPointsToContext :: PointsToContext l
- srcCurrentContext :: Context
- srcDynamicCallGraph :: Map (FunctionName, Context) (Set (FunctionName, Context))
- srcAnalyzedCfgs :: Map (FunctionName, Context) (CFG l SecurityRankState)
}
data SecurityRankState = SecurityRankState {
- srsTaintState :: TaintState
- srsFptrSigs :: Map AbstractLocation SecurityRankSummaryData
- srsDiagnostics :: [Diagnostic]
}
type SecurityRankSummary = Map Context SecurityRankSummaryData
data SecurityRankSummaryData = SecurityRankSummaryData {
- srsOutputRanks :: Map AbstractLocation SecurityRank
- srsSinks :: Map Int SecurityRank
- srsdDiagnostics :: [String]
}
runInterproceduralAnalysis :: AnnotationMap -> Map FunctionName PointsToSummary -> Map FunctionName (FilePath, Node (Lexeme Text)) -> Map FunctionName (FilePath, Node (Lexeme Text)) -> Map Text (Node (Lexeme Text)) -> Map FunctionName SecurityRankSummary -> SecurityRankContext Text
analyzeFunction :: SecurityRankContext Text -> Node (Lexeme Text) -> (SecurityRankState, CFG Text SecurityRankState, Set (FunctionName, Context))
findFunctionDecls :: [(FilePath, [Node (Lexeme Text)])] -> Map FunctionName (FilePath, Node (Lexeme Text))
findFunctionDefs :: [(FilePath, [Node (Lexeme Text)])] -> Map FunctionName (FilePath, Node (Lexeme Text))
findStructDefs :: [Node (Lexeme Text)] -> Map Text (Node (Lexeme Text))
getFuncNameFromDef :: Node (Lexeme Text) -> FunctionName
buildSecurityRankSummaryFromAnnotation :: AnnotationMap -> FunctionName -> Node (Lexeme Text) -> SecurityRankSummary
buildPointsToSummaryFromAnnotation :: AnnotationMap -> FunctionName -> Node (Lexeme Text) -> PointsToSummary

Documentation

data SecurityRankContext l Source #

The context for the security rank analysis.

Constructors

SecurityRankContext

Fields

srcCurrentFile :: FilePath
srcAnnotations :: AnnotationMap
srcSummaries :: Map FunctionName SecurityRankSummary
srcFuncDecls :: Map FunctionName (FilePath, Node (Lexeme l))
srcFuncDefs :: Map FunctionName (FilePath, Node (Lexeme l))
srcStructDefs :: Map Text (Node (Lexeme l))
srcCallGraph :: CallGraph
srcPointsToContext :: PointsToContext l
srcCurrentContext :: Context
srcDynamicCallGraph :: Map (FunctionName, Context) (Set (FunctionName, Context))
srcAnalyzedCfgs :: Map (FunctionName, Context) (CFG l SecurityRankState)

Instances

Instances details

DataFlow SecurityRankContext Text SecurityRankState Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank Methods emptyFacts :: SecurityRankContext Text -> SecurityRankState Source # transfer :: SecurityRankContext Text -> Text -> SecurityRankState -> Node (Lexeme Text) -> (SecurityRankState, Set (Text, [Int])) Source # join :: SecurityRankContext Text -> SecurityRankState -> SecurityRankState -> SecurityRankState Source #

data SecurityRankState Source #

The state that flows through the intra-procedural analysis.

Constructors

SecurityRankState
Fields srsTaintState :: TaintState srsFptrSigs :: Map AbstractLocation SecurityRankSummaryData srsDiagnostics :: [Diagnostic]

Instances

Instances details

Eq SecurityRankState Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank Methods (==) :: SecurityRankState -> SecurityRankState -> Bool # (/=) :: SecurityRankState -> SecurityRankState -> Bool #
Show SecurityRankState Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank Methods showsPrec :: Int -> SecurityRankState -> ShowS # show :: SecurityRankState -> String # showList :: [SecurityRankState] -> ShowS #
DataFlow SecurityRankContext Text SecurityRankState Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank Methods emptyFacts :: SecurityRankContext Text -> SecurityRankState Source # transfer :: SecurityRankContext Text -> Text -> SecurityRankState -> Node (Lexeme Text) -> (SecurityRankState, Set (Text, [Int])) Source # join :: SecurityRankContext Text -> SecurityRankState -> SecurityRankState -> SecurityRankState Source #

type SecurityRankSummary = Map Context SecurityRankSummaryData Source #

The full, context-sensitive security rank summary for a function.

data SecurityRankSummaryData Source #

The summary for a function's security rank analysis in a specific context.

Constructors

SecurityRankSummaryData
Fields srsOutputRanks :: Map AbstractLocation SecurityRank Maps an output location (return value or dereferenced pointer param) to the rank it will be tainted with. srsSinks :: Map Int SecurityRank Maps an input parameter's index to the rank it's expected to have (as a sink). srsdDiagnostics :: [String]

Instances

Instances details

Eq SecurityRankSummaryData Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank.Types Methods (==) :: SecurityRankSummaryData -> SecurityRankSummaryData -> Bool # (/=) :: SecurityRankSummaryData -> SecurityRankSummaryData -> Bool #
Ord SecurityRankSummaryData Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank.Types Methods compare :: SecurityRankSummaryData -> SecurityRankSummaryData -> Ordering # (<) :: SecurityRankSummaryData -> SecurityRankSummaryData -> Bool # (<=) :: SecurityRankSummaryData -> SecurityRankSummaryData -> Bool # (>) :: SecurityRankSummaryData -> SecurityRankSummaryData -> Bool # (>=) :: SecurityRankSummaryData -> SecurityRankSummaryData -> Bool # max :: SecurityRankSummaryData -> SecurityRankSummaryData -> SecurityRankSummaryData # min :: SecurityRankSummaryData -> SecurityRankSummaryData -> SecurityRankSummaryData #
Show SecurityRankSummaryData Source #
Instance details Defined in Tokstyle.Analysis.SecurityRank.Types Methods showsPrec :: Int -> SecurityRankSummaryData -> ShowS # show :: SecurityRankSummaryData -> String # showList :: [SecurityRankSummaryData] -> ShowS #

runInterproceduralAnalysis :: AnnotationMap -> Map FunctionName PointsToSummary -> Map FunctionName (FilePath, Node (Lexeme Text)) -> Map FunctionName (FilePath, Node (Lexeme Text)) -> Map Text (Node (Lexeme Text)) -> Map FunctionName SecurityRankSummary -> SecurityRankContext Text Source #

The main entry point for the inter-procedural security rank analysis. It computes summaries for all functions until a fixpoint is reached.

analyzeFunction :: SecurityRankContext Text -> Node (Lexeme Text) -> (SecurityRankState, CFG Text SecurityRankState, Set (FunctionName, Context)) Source #

Runs an intra-procedural analysis on a single function.

findFunctionDecls :: [(FilePath, [Node (Lexeme Text)])] -> Map FunctionName (FilePath, Node (Lexeme Text)) Source #

Finds all function declarations and definitions.

findFunctionDefs :: [(FilePath, [Node (Lexeme Text)])] -> Map FunctionName (FilePath, Node (Lexeme Text)) Source #

Finds all function definitions.

findStructDefs :: [Node (Lexeme Text)] -> Map Text (Node (Lexeme Text)) Source #

getFuncNameFromDef :: Node (Lexeme Text) -> FunctionName Source #

buildSecurityRankSummaryFromAnnotation :: AnnotationMap -> FunctionName -> Node (Lexeme Text) -> SecurityRankSummary Source #

buildPointsToSummaryFromAnnotation :: AnnotationMap -> FunctionName -> Node (Lexeme Text) -> PointsToSummary Source #