[Soot-list] Incomplete Call Graph for Web Application
wanzhiyuan at zju.edu.cn
wanzhiyuan at zju.edu.cn
Tue Dec 11 02:27:10 EST 2012
Hi there.
I have encountered some problems when generating call graph of web applications using Soot. The interface edge has not been added to the call graph, that makes the call graph incomplete.
Here is a sample code snippet under analysis (a simple servlet) (method "main" presented as a stub):
------------------------------------------------------------------------------------------------------------------------------------------------------
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class TestServlet extends HttpServlet {
public static void main(String[] args) {
try {
new TestServlet().doPost(null, null);
} catch (Exception e) {
e.printStackTrace();
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String tainted = request.getParameter("name");
try {
Connection conn = DriverManager.getConnection(
"localhost", "test", "test");
Statement statement = conn.createStatement();
//statement.execute("select * from student where name = '" + tainted + "'");
statement.execute(tainted);
} catch (SQLException e) {
e.printStackTrace();
}
}
}
------------------------------------------------------------------------------------------------------------------------------------------------------
The command line I used is:
C:\soot>java -cp soot-2.5.0.jar soot.Main -w -app -p cg.spark on -cp "C:/Program Files/Java/jdk6/lib/jce.jar;C:/Program Files/Java/jdk6/lib/rt.jar;C:/classes/;C:/lib/servlet.jar" -p cg verbose:true TestServlet
------------------------------------------------------------------------------------------------------------------------------------------------------
And I extracted the part in call graph of method "TestServlet.doPost":
<TestServlet: void doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)> may call <java.sql.DriverManager: void <clinit>()>
<TestServlet: void doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)> may call <java.lang.Throwable: void printStackTrace()>
<TestServlet: void doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)> may call <java.lang.Object: void <clinit>()>
<TestServlet: void doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)> may call <java.sql.DriverManager: java.sql.Connection getConnection(java.lang.String,java.lang.String,java.lang.String)>
As the details above illustrate, I found that all the interface edges (e.g. request.getParamter, conn.createStatement, statement.execute) are ignored by Spark.
However servlets are dominating compoments in web applications, is there any suggestion to make the call graph of web app complete?
Thanks,
Zhiyuan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121211/d3e02dee/attachment.html
More information about the Soot-list
mailing list