[Soot-list] NullPointerException in soot.SootMethod.getBodyFromMethodSource

Eric Bodden eric.bodden at ec-spride.de
Wed Jul 4 03:59:50 EDT 2012 

Hello.

Ok, I see your use case now. However, you have to keep in mind the following:
At the time you search for entry points, you have not yet conducted a
whole-program analysis. Hence, at this point it is unclear what your
whole program actually is. At this time, it does not make much sense
to ask the hierarchy for subclasses because the hierarchy does not yet
know the universe of all classes to be considered. This is kind of a
chicken/egg problem. Here is a possible other solution that I can see:

Use process-dir to process all classes in your jar(s). At this time,
scann all classes, one by one, checking if the class is a subclass of
javax.servlet.http.HttpServlet and contains one of the methods you are
looking for. Do not use the hierarchy. Store a table of those methods.

Then reset Soot, and now run it in whole-program mode. As entry
points, choose the methods computed above.

I think this should work. If not, let us know.

Eric

On 3 July 2012 18:11, Marc-Andre Laverdiere-Papineau
<marc-andre.laverdiere-papineau at polymtl.ca> wrote:
> Hello,
>
> I work with servlet entry points. I find all classes that are subclasses
> of HttpServlet and then the doGet, etc. methods
>
> Code is like this:
>
> final SootClass servletClass =
> Scene.v().loadClassAndSupport("javax.servlet.http.HttpServlet");
>
> FastHierarchy fh = Scene.v().getOrMakeFastHierarchy();
> final String[] servletMethods = new String[]{
> //HTTP Servlet
> "doGet", "doPost", "doPut", "doDelete", "init", "destroy",
> "getServletInfo",
> //From JspC
> "_jspInit", "_jspDestroy", "_jspService"
> };
> for (SootClass sc : Scene.v().getApplicationClasses()){
>         if (!sc.isInterface() && fh.isSubclass(sc, servletClass)){
>     logger.debug("Servlet detected: {}", sc.toString());
>         for(String method : servletMethods){
>         if (sc.declaresMethodByName(method))
>                 entryPoints.add(sc.getMethodByName(method));
> }
> }
> }
>
> On 2012-07-03 11:51, Eric Bodden wrote:
>> Hi all.
>>
>> G.reset() resets all static state. But that's not Marc-Andre's
>> problem. His problem is that Soot also releases all the method bodies
>> after they were written out. Calling G.reset() does not undo this
>> "garbage collection".
>>
>> Marc: How do you compute entry points, i.e., based on which conditions?
>>
>> Eric
>>
>> On 3 July 2012 16:45, Patrick Lam <p.lam at ece.uwaterloo.ca> wrote:
>>> On 07/03/2012 10:20 AM, Marc-Andre Laverdiere-Papineau wrote:
>>>> So what would be the proper way of picking my entry points then?
>>>
>>> G.reset() ought to work, but maybe it doesn't. You could run Soot once,
>>> save the results, quit the JVM, and run Soot again, loading the results.
>>> At least that will tell you if it works or not.
>>>
>>> pat
>>> _______________________________________________
>>> Soot-list mailing list
>>> Soot-list at sable.mcgill.ca
>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>
>>
>>
>
>
> --
> Marc-André Laverdière-Papineau
> Étudiant au doctorat - PhD Student
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list



-- 
Eric Bodden, Ph.D., http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Principal Investigator in Secure Services at CASED
Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt

More information about the Soot-list mailing list