Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(Question) about path between sources and sinks. #729

Open
Alireza-Ardalani opened this issue Apr 8, 2024 · 0 comments
Open

(Question) about path between sources and sinks. #729

Alireza-Ardalani opened this issue Apr 8, 2024 · 0 comments

Comments

@Alireza-Ardalani
Copy link

Alireza-Ardalani commented Apr 8, 2024
edited
Loading

I use the following configuration, using FlowDroid as library =>

    SetupApplication setupApplication = new SetupApplication(jarString, apkFile);
    InfoflowConfiguration config = setupApplication.getConfig();
    config.setAliasingAlgorithm(FlowSensitive);
    config.setCodeEliminationMode(NoCodeElimination);
    config.getSolverConfiguration().setDataFlowSolver(InfoflowConfiguration.DataFlowSolver.ContextFlowSensitive);
    config.getSolverConfiguration().setSparsePropagationStrategy(InfoflowConfiguration.SparsePropagationStrategy.Precise);
    config.setDataFlowDirection(InfoflowConfiguration.DataFlowDirection.Backwards);
    config.setImplicitFlowMode(AllImplicitFlows);
    config.getPathConfiguration().setPathReconstructionMode(Precise);
    config.getPathConfiguration().setPathBuildingAlgorithm(ContextSensitive);
    config.setMemoryThreshold(1.0d);
    config.getPathConfiguration().setPathReconstructionTimeout(1000);
    config.setDataFlowTimeout(1000);
    config.getPathConfiguration().setMaxPathLength(100);
    config.setLogSourcesAndSinks(true);
    config.getAccessPathConfiguration().setAccessPathLength(10);
    config.getAccessPathConfiguration().setUseRecursiveAccessPaths(false);
    config.getAccessPathConfiguration().setUseThisChainReduction(false);

I need a precise path between source and sink without any elimination, therefore according to my search I think this is the precise configuration ( If I miss something, I would so thankful for mentioning it)

I change the default source and sink in sourceAndSink.txt, therefore FlowDroid found some result in my test cases.

Q1) when I look at some flow, I cannot trace the source to sink, according to the provided path by FlowDroid. For example =>

  1. <com.lionmobi.netmaster.activity.SaveResultActivity: void changeFirewallAdEnable()> --> $r2 = virtualinvoke $r1.<android.widget.LinearLayout: android.view.View findViewById(int)>(2131427749)

  2. <com.lionmobi.netmaster.activity.SaveResultActivity: void changeFirewallAdEnable()> --> if $r2 == null goto return

  3. <android.os.Handler: boolean postDelayed(java.lang.Runnable,long)> --> this := @this: android.os.Handler

  4. <com.baidu.location.a.i$b: void run()> --> r0 := @this: com.baidu.location.a.i$b

  5. <com.baidu.location.a.i: void a(com.baidu.location.a.i,android.os.Message)> --> $r0 := @parameter0: com.baidu.location.a.i

  6. <com.baidu.location.a.i: void g(android.os.Message)> --> r0 := @this: com.baidu.location.a.i

  7. <com.baidu.location.a.a: com.baidu.location.a.a a()> --> $r0 = <com.baidu.location.a.a: com.baidu.location.a.a c>

So in this path, I cannot find any relation between 2 and 3.

Did I miss something?

Q2) For resolving the problem I searched during the issues and find "TaintWrapper" which I did not used in my code, So it could be cause of some problem?

If yes, my previous results are not reliable without "TaintWrapper" ?

Q3) If I should use "TaintWrapper", should I add new method signature to it? because I started to define new sinks from thirdParty library and just add them to new sink file.

Thank you for your time and consideration.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Alireza-Ardalani