Merge pull request #75 from MarcMil/develop

Fix support for EditText's InputTypes

Author: StevenArzt

soot-infoflow-android/src/soot/jimple/infoflow/android/axml/flags/BitwiseFlagSystem.java

@@ -0,0 +1,90 @@
+package soot.jimple.infoflow.android.axml.flags;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * In some cases, bitmasks might be used in a way where there is a precendence of certain
+ * masks to save space.
+ * For "normal" bitmasks, the traditional way of checking is much faster.
+ * 
+ * Simple Example:
+ * Option A (can be used alone or in combination with others): 01
+ * Option B (cannot be used with option A): 10
+ * Option C (only valid when used with Option A): 11
+ * 
+ * In this case, we could do checking of B via ((v & 10) == 1) && ((v & 1) != 1) 
+ * but sometimes there are a lot of options (e.g. inputType)
+ * 
+ * @param <T> the keys used to distinguish flags
+ */
+public class BitwiseFlagSystem<T> {
+	private List<T> keys = new ArrayList<T>();
+	private List<Integer> values = new ArrayList<Integer>();
+
+	/**
+	 * Associate the given key with the bits set in set bits.
+	 * The first registration wins.
+	 * @param key the key
+	 * @param setBits the bits set
+	 */
+	public void register(T key, int setBits) {
+		keys.add(key);
+		values.add(setBits);
+	}
+
+	/**
+	 * Returns all matching flags
+	 * @param inputValue input value
+	 */
+	public final Collection<T> getFlags(int value) {
+		List<T> matchedResults = new ArrayList<>(4);
+		List<Integer> matchedValues = new ArrayList<>(4);
+		for (int i = 0; i < keys.size(); i++) {
+			int v = values.get(i);
+			if ((v & value) == v) {
+				if (!hadAnyMatch(v, matchedValues)) {
+					matchedResults.add(keys.get(i));
+					matchedValues.add(v);
+				}
+
+			}
+		}
+		return matchedResults;
+	}
+
+	private static boolean hadAnyMatch(int value, List<Integer> matchedValues) {
+		for (int c : matchedValues) {
+			if ((c & value) == value) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Checks whether all the given flags are set
+	 * @param inputValue input value
+	 * @param flag the flags to check
+	 */
+	@SafeVarargs
+	public final boolean isSet(int inputValue, T... flag) {
+		List<T> flagsLeft = new ArrayList<T>(flag.length);
+		for (T i : flag)
+			flagsLeft.add(i);
+
+		for (T t : getFlags(inputValue)) {
+			Iterator<T> it = flagsLeft.iterator();
+			while (it.hasNext()) {
+				if (it.next().equals(t)) {
+					it.remove();
+					if (flagsLeft.isEmpty())
+						return true;
+				}
+			}
+		}
+		return false;
+	}
+}

soot-infoflow-android/src/soot/jimple/infoflow/android/axml/flags/InputType.java

@@ -0,0 +1,94 @@
+package soot.jimple.infoflow.android.axml.flags;
+
+import java.util.Collection;
+
+/**
+ * Support for EditText's input type
+ */
+public class InputType {
+	private static final BitwiseFlagSystem<Integer> FLAG_SYSTEM = new BitwiseFlagSystem<>();
+	public static int textFilter = 177;
+	public static int textPostalAddress = 113;
+	public static int textWebEmailAddress = 209;
+	public static int textWebPassword = 225;
+	public static int textEmailSubject = 49;
+	public static int textLongMessage = 81;
+	public static int textPersonName = 97;
+	public static int textPhonetic = 193;
+	public static int textVisiblePassword = 145;
+	public static int textWebEditText = 161;
+	public static int date = 20;
+	public static int numberDecimal = 8194;
+	public static int numberPassword = 225;
+	public static int numberSigned = 4098;
+	public static int phone = 3;
+	public static int textAutoComplete = 65537;
+	public static int textAutoCorrect = 32769;
+	public static int textCapCharacters = 4097;
+	public static int textCapWords = 8193;
+	public static int textEmailAddress = 33;
+	public static int textCapSentences = 16385;
+	public static int textImeMultiLine = 262145;
+	public static int textMultiLine = 131073;
+	public static int textNoSuggestions = 524289;
+	public static int textPassword = 129;
+	public static int textShortMessage = 65;
+	public static int textUri = 27;
+	public static int time = 36;
+	public static int datetime = 4;
+	public static int number = 2;
+	public static int text = 1;
+
+	static {
+		//The order can be determined via the Android Framework and is highly relevant
+		//See ResFlagsAttr.convertToResXmlFormat method to get the order
+		FLAG_SYSTEM.register(textFilter, 177);
+		FLAG_SYSTEM.register(textPostalAddress, 113);
+		FLAG_SYSTEM.register(textWebEmailAddress, 209);
+		FLAG_SYSTEM.register(textWebPassword, 225);
+		FLAG_SYSTEM.register(textEmailSubject, 49);
+		FLAG_SYSTEM.register(textLongMessage, 81);
+		FLAG_SYSTEM.register(textPersonName, 97);
+		FLAG_SYSTEM.register(textPhonetic, 193);
+		FLAG_SYSTEM.register(textVisiblePassword, 145);
+		FLAG_SYSTEM.register(textWebEditText, 161);
+		FLAG_SYSTEM.register(date, 20);
+		FLAG_SYSTEM.register(numberDecimal, 8194);
+		FLAG_SYSTEM.register(numberPassword, 18);
+		FLAG_SYSTEM.register(numberSigned, 4098);
+		FLAG_SYSTEM.register(phone, 3);
+		FLAG_SYSTEM.register(textAutoComplete, 65537);
+		FLAG_SYSTEM.register(textAutoCorrect, 32769);
+		FLAG_SYSTEM.register(textCapCharacters, 4097);
+		FLAG_SYSTEM.register(textCapSentences, 16385);
+		FLAG_SYSTEM.register(textCapWords, 8193);
+		FLAG_SYSTEM.register(textEmailAddress, 33);
+		FLAG_SYSTEM.register(textImeMultiLine, 262145);
+		FLAG_SYSTEM.register(textMultiLine, 131073);
+		FLAG_SYSTEM.register(textNoSuggestions, 524289);
+		FLAG_SYSTEM.register(textPassword, 129);
+		FLAG_SYSTEM.register(textShortMessage, 65);
+		FLAG_SYSTEM.register(textUri, 17);
+		FLAG_SYSTEM.register(time, 36);
+		FLAG_SYSTEM.register(datetime, 4);
+		FLAG_SYSTEM.register(number, 2);
+		FLAG_SYSTEM.register(text, 1);
+	}
+
+	/**
+	 * Checks whether all the given flags are set
+	 * @param inputValue input value
+	 * @param flag the flags to check
+	 */
+	public static boolean isSet(int inputValue, Integer... flag) {
+		return FLAG_SYSTEM.isSet(inputValue, flag);
+	}
+
+	/**
+	 * Returns all matching flags
+	 * @param inputValue input value
+	 */
+	public static Collection<Integer> getFlags(int inputValue) {
+		return FLAG_SYSTEM.getFlags(inputValue);
+	}
+}

soot-infoflow-android/src/soot/jimple/infoflow/android/resources/controls/EditTextControl.java

@@ -1,11 +1,13 @@
 package soot.jimple.infoflow.android.resources.controls;
 
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
 
 import pxb.android.axml.AxmlVisitor;
 import soot.SootClass;
 import soot.jimple.infoflow.android.axml.AXmlAttribute;
+import soot.jimple.infoflow.android.axml.flags.InputType;
 import soot.jimple.infoflow.sourcesSinks.definitions.AccessPathTuple;
 import soot.jimple.infoflow.sourcesSinks.definitions.ISourceSinkCategory;
 import soot.jimple.infoflow.sourcesSinks.definitions.MethodSourceSinkDefinition;
@@ -20,14 +22,6 @@
  *
  */
 public class EditTextControl extends AndroidLayoutControl {
-
-	public final static int TYPE_CLASS_TEXT = 0x00000001;
-	public final static int TYPE_CLASS_NUMBER = 0x00000002;
-	public final static int TYPE_NUMBER_VARIATION_PASSWORD = 0x00000010;
-	public final static int TYPE_TEXT_VARIATION_PASSWORD = 0x00000080;
-	public final static int TYPE_TEXT_VARIATION_VISIBLE_PASSWORD = 0x00000090;
-	public final static int TYPE_TEXT_VARIATION_WEB_PASSWORD = 0x000000e0;
-
 	protected final static SourceSinkDefinition UI_PASSWORD_SOURCE_DEF;
 	protected final static SourceSinkDefinition UI_ELEMENT_SOURCE_DEF;
 
@@ -84,6 +78,7 @@ public String getID() {
 	private int inputType;
 	private boolean isPassword;
 	private String text;
+	private Collection<Integer> inputTypeFlags;
 
 	EditTextControl(SootClass viewClass) {
 		super(viewClass);
@@ -105,6 +100,8 @@ public EditTextControl(int id, SootClass viewClass, Map<String, Object> addition
 	 */
 	void setInputType(int inputType) {
 		this.inputType = inputType;
+		this.inputTypeFlags = InputType.getFlags(inputType);
+
 	}
 
 	/**
@@ -116,6 +113,21 @@ public int getInputType() {
 		return inputType;
 	}
 
+	/**
+	 * Returns true if the input satiesfies all specified types
+	 * @see InputType
+	 * @param type the types to check
+	 */
+	public boolean satisfiesInputType(int... type) {
+		if (inputTypeFlags == null)
+			return false;
+
+		for (int i : type)
+			if (!inputTypeFlags.contains(i))
+				return false;
+		return true;
+	}
+
 	/**
 	 * Gets the text of this edit control
 	 * 
@@ -131,7 +143,7 @@ protected void handleAttribute(AXmlAttribute<?> attribute, boolean loadOptionalD
 		final int type = attribute.getType();
 
 		if (attrName.equals("inputType") && type == AxmlVisitor.TYPE_INT_HEX) {
-			inputType = (Integer) attribute.getValue();
+			setInputType((Integer) attribute.getValue());
 		} else if (attrName.equals("password")) {
 			if (type == AxmlVisitor.TYPE_INT_HEX)
 				isPassword = ((Integer) attribute.getValue()) != 0; // -1 for
@@ -152,14 +164,15 @@ public boolean isSensitive() {
 		if (isPassword)
 			return true;
 
-		if ((inputType & TYPE_CLASS_NUMBER) == TYPE_CLASS_NUMBER)
-			return ((inputType & TYPE_NUMBER_VARIATION_PASSWORD) == TYPE_NUMBER_VARIATION_PASSWORD);
+		if (satisfiesInputType(InputType.numberPassword))
+			return true;
+		if (satisfiesInputType(InputType.textVisiblePassword))
+			return true;
+		if (satisfiesInputType(InputType.textWebPassword))
+			return true;
+		if (satisfiesInputType(InputType.textPassword))
+			return true;
 
-		if ((inputType & TYPE_CLASS_TEXT) == TYPE_CLASS_TEXT) {
-			return ((inputType & TYPE_TEXT_VARIATION_PASSWORD) == TYPE_TEXT_VARIATION_PASSWORD)
-					|| ((inputType & TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) == TYPE_TEXT_VARIATION_VISIBLE_PASSWORD)
-					|| ((inputType & TYPE_TEXT_VARIATION_WEB_PASSWORD) == TYPE_TEXT_VARIATION_WEB_PASSWORD);
-		}
 		return false;
 	}