| Subject | XML-security (1.0.4) from SIR with 92 junit tests | |||||||||||||||
| Scenario | Test No. 66 passed in
the fixed code of version1-seed2 but failed in the buggy code; case study was performed on the buggy code. |
|||||||||||||||
| backward
failure tracing (functional sequence of events) |
0.
test 66 failed -> 1. in ExclusiveC14NInterop::test_Y1, assertTrue (success == null) failed -> 2. success = ExclusiveC14NInterop::t("data/interop/c14n/Y1", "exc-signature.xml") does not equal to null but is "1 3" instead -> 3. in ExclusiveC14NInterop::t, String r is returned since its length != 0 -> r = sb.toString().trim() -> sb.append(i," ") -> 4. refVerify=false -> verify=checkSignatureValue(signature.pubkey) is false and signature._signedInfo is not as expected -> signature is unexpectedly constructed by signature=new XMLSignature::<init>(signature related element extracted from the xml file, "data/interop/c14n/Y1/exc-signature.xml") -> 5. signature of the xml content, i.e. signature._signedInfo is unexpectedly constructed by signature._signedInfo=XMLSignature::SignedInfo(signature related element from the xml file, "data/interop/c14n/Y1/exc-signature.xml") -> 6. in the above constructor of SignedInfo, signature._signedInfo._c14nizedBytes = Canonicalizer::CanonicalizerSubtree(Node extracted from the xml) is not as exepcted -> [via a virtual call through CanonicalizerSpi::engineCanonicalizerSubTree() ->] 7. unexpected signature._signedInfo._c14nizedBytes = Canonicalizer20010315Excl::engineCanonicalizerSubTree(the above Node, "") -> 8. in Canonicalizer20010315Excl::engineCanonicalizerSubTree, byte[] baos, as is returned to signature._signedInfo._c14nizedBytes after being written via Canonicalizer20010315Excl::CanonicalizerSubTree (rootNode of the xml, a hash-map inscopeNamespaces of the Node, a map alreadyVisible:Node->String), is unexpected -> 9. in Canonicalizer20010315Excl::CanonicalizerSubTree, attribute list written to baos, by attrs=updateInscopeNamespacesAndReturnVisibleAttrs(an Element of the xml file being traversed, inscopeNamespaces, alreadyVisible), is not as expected -> 10. Canonicalizer20010315Excl::updateInscopeNamespacesAndReturnVisibleAttrs(), a vector ns used for returning the attribute list is unexpectedly written -> inscopeNamespaces was changed unexpectedly (certain elements in it were wrongly removed) -> key "xmlns" is removed from inscopeNamespaces -> the condition (name=="xmlns" || value=="") wrongly evaluated to be true for some attribute (each attribute is a name:value pair) -> orginally "&&" in the condition was changed to "||"; |
|||||||||||||||
| sequence of
events* (in terms of Jimple IR statement ids) |
5621
( the original value of name=="xmlns" || value==""
changed from false to true, causing the removal of the key "xmlns"
) -> 5622 ( the removal of key "xmlns" from the inscopeNamespaces map ) -> 5691 ( ns changed ) -> 5699 ( ns sorted ) -> 5886 ( ns passed back to attrs in CanonicalizerSubTree ) -> 5888 (attrs.size() changed due to the change before in ns ) -> 5889,5890,5891,5892,5893,5894,5895,5897 ( consequent changes due to change in attrs) -> 6024,6025,6026,6027,6028,6029,6030,6031,6032,6033,6034,6035,6036,6037,6056,6057,6058,6060,6061 ( changes in attrs written to baos in function outputAttrToWritter) -> 5905, 5906 ( iteratively causing changes in attrs again, primarily ) and 5907,5908 ( iteratively causing changes in attrs again, secondarily) -> 5398 ( baos transformed after changes in attrs reflected to it ) -> 13628, 13630 ( _signedInfo changed in its _c14nizedBytes member ) -> 17134, 17135 ( the changed reflected to signature.PublicKey ) -> 17136, 17137, 17141,17142,17143 ( change propagated to the boolean variable verify due to failure in signature verification, the reflected in an output of verify's value ) -> 17145 ( change of verify from originally true to false caused a condition failure here ) -> 17155 ( refVerify falsified and further caused a condition failure ) -> 17171 ( sb changed ) -> 17205 ( sb.toString().trim() passed to string r, and then r.length()!=0 caused non-null string to return ) -> 17273, 17274 ( the non-null string r passed to success in test_Y1 after returning from t() ) -> 17277 ( success!= null caused 0 passed to assertTrue ) -> 17278 ( assertion failed ) -> test case failed. |
|||||||||||||||
| Statements in the failure sequence |
Ranking by different techniques | |||||||||||||||
| SensA_rand | SensA_inc | Static slicing | Dynamic slicing | |||||||||||||
| 5621 | 62.5 | 62.5 | 1.0 | 1.0 | ||||||||||||
| 5622 | 62.5 | 62.5 | 3.5 | 10167.0 | ||||||||||||
| 5691 | 62.5 | 62.5 | 349.5 | 107.0 | ||||||||||||
| 5699 | 62.5 | 62.5 | 40.0 | 19.0 | ||||||||||||
| 5886 | 62.5 | 62.5 | 2520.0 | 143.5 | ||||||||||||
| 5888 | 62.5 | 62.5 | 349.5 | 26.5 | ||||||||||||
| 5889 | 62.5 | 62.5 | 1137.0 | 35.5 | ||||||||||||
| 5890 | 62.5 | 62.5 | 349.5 | 35.5 | ||||||||||||
| 5891 | 62.5 | 62.5 | 1137.0 | 53.5 | ||||||||||||
| 5892 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 5893 | 62.5 | 62.5 | 349.5 | 53.5 | ||||||||||||
| 5894 | 62.5 | 62.5 | 1137.0 | 53.5 | ||||||||||||
| 5895 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 5897 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6024 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6025 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6026 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6027 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6028 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6029 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6030 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6031 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6032 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6033 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6034 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6035 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6036 | 62.5 | 62.5 | 4672.0 | 71.0 | ||||||||||||
| 6037 | 62.5 | 62.5 | 4672.0 | 71.0 | ||||||||||||
| 6056 | 62.5 | 62.5 | 4672.0 | 71.0 | ||||||||||||
| 6057 | 62.5 | 62.5 | 2520.0 | 71.0 | ||||||||||||
| 6058 | 62.5 | 62.5 | 4672.0 | 71.0 | ||||||||||||
| 6060 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 6061 | 62.5 | 62.5 | 2520.0 | 53.5 | ||||||||||||
| 5905 | 62.5 | 62.5 | 4672.0 | 206.5 | ||||||||||||
| 5906 | 62.5 | 62.5 | 12.5 | 26.5 | ||||||||||||
| 5398 | 62.5 | 62.5 | 4672.0 | 10167.0 | ||||||||||||
| 5907 | 153.5 | 133.5 | 4672.0 | 206.5 | ||||||||||||
| 5908 | 153.5 | 133.5 | 349.5 | 53.5 | ||||||||||||
| 13628 | 1153.5 | 1134.0 | 12199.5 | 10167.0 | ||||||||||||
| 13630 | 1153.5 | 1134.0 | 4672.0 | 10167.0 | ||||||||||||
| 17134 | 1153.5 | 1134.0 | 12199.5 | 10167.0 | ||||||||||||
| 17135 | 1153.5 | 1134.0 | 14225.0 | 1003.5 | ||||||||||||
| 17136 | 1153.5 | 1134.0 | 15832.5 | 10167.0 | ||||||||||||
| 17137 | 1153.5 | 1134.0 | 15832.5 | 10167.0 | ||||||||||||
| 17141 | 1153.5 | 1134.0 | 17203.0 | 10167.0 | ||||||||||||
| 17142 | 1153.5 | 1134.0 | 18058.5 | 10167.0 | ||||||||||||
| 17143 | 1153.5 | 1134.0 | 17203.0 | 10167.0 | ||||||||||||
| 17145 | 1153.5 | 1134.0 | 17203.0 | 10167.0 | ||||||||||||
| 17155 | 10526.0 | 10526.0 | 15832.5 | 10167.0 | ||||||||||||
| 17171 | 10526.0 | 10526.0 | 17203.0 | 10167.0 | ||||||||||||
| 17205 | 10526.0 | 10526.0 | 18058.5 | 10167.0 | ||||||||||||
| 17273 | 1153.5 | 1134.0 | 18486.5 | 10167.0 | ||||||||||||
| 17274 | 1153.5 | 1134.0 | 18801.0 | 10167.0 | ||||||||||||
| 17277 | 10526.0 | 10526.0 | 19032.0 | 10167.0 | ||||||||||||
| 17278 | 10526.0 | 10526.0 | 18801.0 | 10167.0 | ||||||||||||
| Average cost of inspecting the whole sequence in the ranking | 6.60% | 6.63% | 33.15% | 17.90% | ||||||||||||
| Number of statements to be examined in order to inspect the whole sequence | 1249.0 | 1255.0 | 6274.0 | 3388.0 | ||||||||||||