why cfg dose not include getFilters()?

[xiziyunqi105]

📝 Overall Description

i analysis spring-cloud-gateway-server-3.1.0.jar，and add convertToRoute() as entrypoint:

public void onStart() {
        List<JClass> list = solver.getHierarchy().applicationClasses().toList();
        for (JClass jClass : list) {
            jClass.getDeclaredMethods().forEach(jMethod->{

                String s = jMethod.getName();

                Set<Modifier> modifiers1 = jMethod.getModifiers();

                int i1=0;

                List<Modifier> listmodifiers1 = new ArrayList<>(modifiers1);

                for(Modifier listmodifiers11 : listmodifiers1){

                if(listmodifiers11.toString().matches("abstract")){

                    i1=1;

                }

                }

                if (s.matches("convertToRoute") || s.matches("doFilter") || s.matches("doAuthenticate") && i1==0) {

                    solver.addEntryPoint(new EntryPoint(jMethod, EmptyParamProvider.get()));

                }

            });

i want to find taint convertToRoute()-> getFilters()->loadGatewayFilters() in class RouteDefinitionRouteLocator:

        private Route convertToRoute(RouteDefinition routeDefinition) {
		AsyncPredicate<ServerWebExchange> predicate = combinePredicates(routeDefinition);
		List<GatewayFilter> gatewayFilters = getFilters(routeDefinition);

		return Route.async(routeDefinition).asyncPredicate(predicate).replaceFilters(gatewayFilters).build();
	}

	@SuppressWarnings("unchecked")
	List<GatewayFilter> loadGatewayFilters(String id, List<FilterDefinition> filterDefinitions) {
		ArrayList<GatewayFilter> ordered = new ArrayList<>(filterDefinitions.size());
		for (int i = 0; i < filterDefinitions.size(); i++) {
			FilterDefinition definition = filterDefinitions.get(i);
			GatewayFilterFactory factory = this.gatewayFilterFactories.get(definition.getName());
			if (factory == null) {
				throw new IllegalArgumentException(
						"Unable to find GatewayFilterFactory with name " + definition.getName());
			}
			if (logger.isDebugEnabled()) {
				logger.debug("RouteDefinition " + id + " applying filter " + definition.getArgs() + " to "
						+ definition.getName());
			}

			// @formatter:off
			Object configuration = this.configurationService.with(factory)
					.name(definition.getName())
					.properties(definition.getArgs())
					.eventFunction((bound, properties) -> new FilterArgsEvent(
							// TODO: why explicit cast needed or java compile fails
							RouteDefinitionRouteLocator.this, id, (Map<String, Object>) properties))
					.bind();
			// @formatter:on

			// some filters require routeId
			// TODO: is there a better place to apply this?
			if (configuration instanceof HasRouteId) {
				HasRouteId hasRouteId = (HasRouteId) configuration;
				hasRouteId.setRouteId(id);
			}

			GatewayFilter gatewayFilter = factory.apply(configuration);
			if (gatewayFilter instanceof Ordered) {
				ordered.add(gatewayFilter);
			}
			else {
				ordered.add(new OrderedGatewayFilter(gatewayFilter, i + 1));
			}
		}

		return ordered;
	}

	private List<GatewayFilter> getFilters(RouteDefinition routeDefinition) {
		List<GatewayFilter> filters = new ArrayList<>();

		// TODO: support option to apply defaults after route specific filters?
		if (!this.gatewayProperties.getDefaultFilters().isEmpty()) {
			filters.addAll(loadGatewayFilters(routeDefinition.getId(),
					new ArrayList<>(this.gatewayProperties.getDefaultFilters())));
		if (!routeDefinition.getFilters().isEmpty()) {
			filters.addAll(loadGatewayFilters(routeDefinition.getId(), new ArrayList<>(routeDefinition.getFilters())));
		}

		AnnotationAwareOrderComparator.sort(filters);
		return filters;
	}

i add sources and transfor:

sources:
  { kind: param, method: "<org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: org.springframework.cloud.gateway.route.Route convertToRoute(org.springframework.cloud.gateway.route.RouteDefinition)>", index: 0 }

sinks:
   { level: 4, method: "<org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: java.util.List getFilters(org.springframework.cloud.gateway.route.RouteDefinition)>", index: 0 }
transfers:
   { method: "<java.util.ArrayList: void <init>(java.util.Collection)>", from: 0, to: base, type: java.util.List}
   { method: "<org.springframework.cloud.gateway.route.RouteDefinition: java.util.List getFilters()>", from: base, to: result}
call-site-mode: true

and i find taint from convertToRoute()-> getFilters():

Detected 1 taint flow(s):
TaintFlow{<org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: org.springframework.cloud.gateway.route.Route convertToRoute(org.springframework.cloud.gateway.route.RouteDefinition)>/0 -> <org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: org.springframework.cloud.gateway.route.Route convertToRoute(org.springframework.cloud.gateway.route.RouteDefinition)>[1@L117] $r3 = invokespecial %this.getFilters(routeDefinition)/0}

why i cannot find the taint convertToRoute()-> getFilters()->loadGatewayFilters()?
and i did not find getFilters in cfg. thank you very much.

🎯 Expected Behavior

find the taint convertToRoute()-> getFilters()->loadGatewayFilters() in spring-cloud-gateway-server-3.1.0.jar

🐛 Current Behavior

find the taint convertToRoute()-> getFilters() in spring-cloud-gateway-server-3.1.0.jar

🔄 Reproducible Example

No response

⚙️ Tai-e Arguments

optionsFile: null
printHelp: false
classPath: []
appClassPath:

• //spring-cloud-gateway-server-3.1.0.jar
  #mainClass: BOOT-INF.classes.pl.wya.springgatewaydemo.SpringGatewayDemoApplication
  inputClasses: []
  javaVersion: 8
  prependJVM: false
  allowPhantom: true
  worldBuilderClass: pascal.taie.frontend.soot.SootWorldBuilder
  outputDir: output
  preBuildIR: false
  worldCacheMode: false
  scope: ALL
  nativeModel: true
  planFile: null
  analyses:
  ir-dumper: ;
  pta: cs:ci;implicit-entries:false;distinguish-string-constants:null;reflection-inference:solar;taint-config:java-benchmarks/log4j/2.14.0/taint-config.yml;reflection-log:java-benchmarks/log4j/2.14.0/refl.log; #dump-ci:true;
  onlyGenPlan: false
  keepResult:
• $KEEP-ALL

📜 Tai-e Log

19:00:05: Executing ':Main.main()'...

> Task :buildSrc:checkKotlinGradlePluginConfigurationErrors
> Task :buildSrc:generateExternalPluginSpecBuilders UP-TO-DATE
> Task :buildSrc:extractPrecompiledScriptPluginPlugins UP-TO-DATE
> Task :buildSrc:compilePluginsBlocks UP-TO-DATE
> Task :buildSrc:generatePrecompiledScriptPluginAccessors UP-TO-DATE
> Task :buildSrc:generateScriptPluginAdapters UP-TO-DATE
> Task :buildSrc:compileKotlin UP-TO-DATE
> Task :buildSrc:compileJava NO-SOURCE
> Task :buildSrc:compileGroovy NO-SOURCE
> Task :buildSrc:pluginDescriptors UP-TO-DATE
> Task :buildSrc:processResources UP-TO-DATE
> Task :buildSrc:classes UP-TO-DATE
> Task :buildSrc:jar UP-TO-DATE
> Task :compileJava UP-TO-DATE
> Task :processResources UP-TO-DATE
> Task :classes UP-TO-DATE
> Task :checkstyleMain UP-TO-DATE

> Task :Main.main()
Tai-e starts ...
Output directory: /apache/taie/Tai-e/output
Writing options to /apache/taie/Tai-e/output/options.yml
Writing log to /apache/taie/Tai-e/output/tai-e.log
java.version: 17.0.13
java.version.date: 2024-10-15
java.runtime.version: 17.0.13+11-LTS
java.vendor: Amazon.com Inc.
java.vendor.version: Corretto-17.0.13.11.1
os.name: Mac OS X
os.version: 12.3
os.arch: aarch64
Tai-e Version: 0.5.1-SNAPSHOT
Tai-e Commit: 9eb966e35d518a6813a6a5be78dfaff4b90c907b
Writing analysis plan to output/tai-e-plan.yml
WorldBuilder starts ...
Scanning /lib/spring-cloud-gateway-server-3.1.0.jar ... 330 classes
Warning: main class was not given!
7376 classes with 66436 methods in the world
WorldBuilder finishes, elapsed time: 2.71s
ir-dumper starts ...
Dumping IR in /apache/taie/Tai-e/output/tir
7376 classes in scope (ALL) of class analyses
ir-dumper finishes, elapsed time: 20.41s
pta starts ...
Using reflection log from //apache/taie/Tai-e/java-benchmarks/log4j/2.14.0/refl.log
Reflective target '<org.apache.logging.log4j.core.config.LoggerConfig$RootLogger: org.apache.logging.log4j.core.config.LoggerConfig createLogger(java.lang.String,org.apache.logging.log4j.Level,java.lang.String,org.apache.logging.log4j.core.config.AppenderRef[],org.apache.logging.log4j.core.config.Property[],org.apache.logging.log4j.core.config.Configuration,org.apache.logging.log4j.core.Filter)>' for Method.invoke is not found
Reflective target '<org.apache.logging.log4j.core.config.LoggersPlugin: org.apache.logging.log4j.core.config.Loggers createLoggers(org.apache.logging.log4j.core.config.LoggerConfig[])>' for Method.invoke is not found
Reflective target '<org.apache.logging.log4j.core.pattern.MessagePatternConverter: org.apache.logging.log4j.core.pattern.MessagePatternConverter newInstance(org.apache.logging.log4j.core.config.Configuration,java.lang.String[])>' for Method.invoke is not found
Reflective caller class 'org.apache.logging.log4j.core.config.plugins.visitors.PluginElementVisitor' is absent
Loading taint config from /apache/taie/Tai-e/java-benchmarks/log4j/2.14.0/taint-config.yml
Cannot find taint-transfer method '<org.apache.logging.log4j.message.ReusableMessageFactory: org.apache.logging.log4j.message.Message newMessage(java.lang.String)>'
Cannot find taint-transfer method '<org.apache.logging.log4j.core.impl.ReusableLogEventFactory: org.apache.logging.log4j.core.LogEvent createEvent(java.lang.String,org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.Level,org.apache.logging.log4j.message.Message,java.util.List,java.lang.Throwable)>'
Cannot find taint-transfer method '<org.apache.logging.log4j.core.impl.MutableLogEvent: void formatTo(java.lang.StringBuilder)>'
TaintConfig:
sources:
  - { kind: "param", method: "<org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: org.springframework.cloud.gateway.route.Route convertToRoute(org.springframework.cloud.gateway.route.RouteDefinition)>", index: "0", type: "org.springframework.cloud.gateway.route.RouteDefinition" }

sinks:
  - { method: "<org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: java.util.List loadGatewayFilters(java.lang.String,java.util.List)>", index: "1" }

transfers:
  - { method: "<java.lang.StringBuilder: void <init>(java.lang.String)>", from: "0", to: "base", type: "java.lang.StringBuilder" }
  - { method: "<java.lang.StringBuilder: java.lang.String substring(int,int)>", from: "base", to: "result", type: "java.lang.String" }
  - { method: "<java.lang.StringBuilder: void getChars(int,int,char[],int)>", from: "base", to: "2", type: "char[]" }
  - { method: "<java.lang.String: java.lang.String substring(int)>", from: "base", to: "result", type: "java.lang.String" }
  - { method: "<java.lang.String: void <init>(char[],int,int)>", from: "0", to: "base", type: "java.lang.String" }
  - { method: "<java.util.ArrayList: void <init>(java.util.Collection)>", from: "0", to: "base", type: "java.util.List" }
  - { method: "<org.springframework.cloud.gateway.route.RouteDefinition: java.util.List getFilters()>", from: "base", to: "result", type: "java.util.List" }

callSiteMode: true

[Pointer analysis] elapsed time: 1.97s
Detected 0 taint flow(s):
TFGDumper starts ...
Source nodes:
VarNode{<org.springframework.cloud.gateway.route.RouteDefinitionRouteLocator: org.springframework.cloud.gateway.route.Route convertToRoute(org.springframework.cloud.gateway.route.RouteDefinition)>/routeDefinition}
Sink nodes:
Dumping /apache/taie/Tai-e/output/taint-flow-graph.dot
TFGDumper finishes, elapsed time: 0.44s
-------------- Pointer analysis statistics: --------------
#var pointers:                5,5774 (insens) / 5,5774 (sens)
#objects:                     5232 (insens) / 5232 (sens)
#var points-to:               112,9992 (insens) / 112,9992 (sens)
#static field points-to:      1736 (sens)
#instance field points-to:    14,4000 (sens)
#array points-to:             1,1631 (sens)
#reachable methods:           8015 (insens) / 8015 (sens)
#call graph edges:            4,2824 (insens) / 4,2825 (sens)
----------------------------------------
pta finishes, elapsed time: 3.39s
Tai-e finishes, elapsed time: 26.66s

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

For more on this, please refer to https://docs.gradle.org/8.10/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.

BUILD SUCCESSFUL in 28s
14 actionable tasks: 2 executed, 12 up-to-date
19:00:33: Execution finished ':Main.main()'.

ℹ️ Additional Information

[xiziyunqi105]

spring-cloud-gateway-server-3.1.0.jar.zip

[ayanamists]

I sincerely suggest you adjust your format. It seems there are some problems with your Markdown syntax, making your issue quite difficult to read on the GitHub web. Although I can read the email issue in a monospaced font editor, I believe most people capable of answering your question do not use this method.

[xiziyunqi105]

I sincerely suggest you adjust your format. It seems there are some problems with your Markdown syntax, making your issue quite difficult to read on the GitHub web. Although I can read the email issue in a monospaced font editor, I believe most people capable of answering your question do not use this method.

Thanks for your advice~