[Soot-list] Help using InfoFlow under FlowDroid

ASHISH MISHRA ashish123.mishragkp at gmail.com
Tue Aug 5 02:47:57 EDT 2014 

Hi Steven,

I need to analyze android code but i am trying to run it first on test
input which is a normal java program with android.* lib dependencies . I
wish to use the information flow analysis on a single method. Here is what
i am doing .
1)for Libpath i am giving the path to my android.jar file
2) Apppath is the path to my Target program having a main method. I tried
giving relative address(relative to workspace ) and also tried with
absolute MyTestProgram.class path.
3) entrypoint - I am setting as <MyTestProgram: void main()> -- I am
passing the signature of the main method.* Is this correct.*
4) Souce - the signature of a source method which is called in
my MyTestProgram.
5) Sink - the signature of a sink method which is called in
my MyTestProgram.

But Still no success and i get the same output

*[main] INFO soot.jimple.infoflow.Infoflow - Basic class loading done.*
*[main] ERROR soot.jimple.infoflow.Infoflow - Only phantom classes loaded,
skipping analysis...*
*Exception in thread "main" java.lang.RuntimeException: oops
dynamicup.TestMain: void main(java.lang.String[])*
* at soot.Scene.signatureToClass(Scene.java:557)*
* at soot.Scene.grabMethod(Scene.java:589)*
* at soot.Scene.containsMethod(Scene.java:599)*
* at soot.jimple.infoflow.Infoflow.computeInfoflow(Infoflow.java:303)*
* at
soot.jimple.infoflow.AbstractInfoflow.computeInfoflow(AbstractInfoflow.java:95)*
* at testprograms.InfoFlowClass.main(InfoFlowClass.java:22)*

The problem is that my target class is not loaded in the Scene and so are
other classes like android.* .

I cant see what i am missing !  Thanks for the help.

Ashish




On Mon, Aug 4, 2014 at 9:10 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:

> Hi Ashish,
>
>
>
> Are you analyzing normal Java code or are you running FlowDroid on Android
> APK files?
>
>
>
> The Infoflow class has a method “setSootConfig” which you can use to
> specify additional Soot options such as “-pp” if required. Placing the JAR
> files on the libPath should usually however be enough.  What do you mean by
> “system path”? You need to put the full path and file name there, only
> putting a path is not sufficient.
>
>
>
> The message about FlowDroid finding any sources or sinks can have two
> reasons. Either your source/sink definition file does not contain any
> sources or sinks that are actually used inside your target application or
> FlowDroid could not find any classes for your target application. To fix
> the latter, make sure that your appPath is correct. It needs to point to
> the APK/JAR file of your target program (or the location where the class
> files reside). Does your target program have an entry point (a main
> method)? If not, you need to use an EntryPointCreator.
>
>
>
> Best regards,
>
>   Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
> *Im Auftrag von *ASHISH MISHRA
> *Gesendet:* Montag, 4. August 2014 17:15
> *An:* Steven Arzt
> *Cc:* Soot List
> *Betreff:* Re: [Soot-list] Help using InfoFlow under FlowDroid
>
>
>
> Thanks Steven for the quick reply,
>
>
>
> I passed my system path value concatenated with the path to  external jar
> dependencies as the *libPath argument * to the *computeInfoflow()* , but
> i supose its wrong way to do this as the soot class path doesn't seem to be
> set and i am getting  warnings like
>
>
>
>
>
> *Warning: java.lang.NoClassDefFoundError is a phantom class!*
>
> *Warning: java.lang.StringBuffer is a phantom class!*
>
> *Warning: java.lang.Boolean is a phantom class!*
>
> *Warning: java.lang.Long is a phantom class!*
>
> *Warning: java.lang.Integer is a phantom class!*
>
> *Warning: java.lang.Short is a phantom class!*
>
> *Warning: java.lang.Float is a phantom class!*
>
> ...
>
> ...
>
> [main] INFO soot.jimple.infoflow.Infoflow - Basic class loading done.
>
> [main] ERROR soot.jimple.infoflow.Infoflow - Only phantom classes loaded,
> skipping analysis...
>
>
>
>
>
> Is there an analogue to using "-pp" option of soot while running the
> Infoflow , In general while using soot i append system class path to soot
> class path so soot can see these files but in this case this doesn't seem
> to be possible.
>
>
>
> How can I resolve this issue.
>
>
>
> Thanks
>
> Ashish
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Mon, Aug 4, 2014 at 7:22 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>
> Hi Ashish,
>
>
>
> These two parameters help FlowDroid distinguish between what you actaully
> want to analyze (put that into appPath) and what is needed to load it (put
> that into libPath). So if you want to analyze a Java program, your own
> sources which you actually want to analyze go into appPath. If you have any
> library dependencies, put those into libPath.
>
>
>
> Best regards,
>
>   Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *ASHISH MISHRA
> *Gesendet:* Montag, 4. August 2014 15:25
> *An:* Soot List
> *Betreff:* [Soot-list] Help using InfoFlow under FlowDroid
>
>
>
> Hi ,
>
>
>
> I am trying to use the soot-Infoflow implementation to analyze information
> flow , given a method .
>
>
>
>  I have confusion about the parameters to pass to
>
>
>
> *computeInfoflow(*String *appPath*, String *libPath*, String entryPoint,
>
>                                    ISourceSinkManager sourcesSinks*)*
>
>
>
> *What should i pass to appPath (Is this the path to my class to be
> analyzed or some other class) *
>
> *What should i pass to libPath (I assume its the soot class path , is
> there a way i can use something like -pp option )*
>
>
>
> I browsed the source and could see how these parameters are used
>
>
>
> *Options.v().set_soot_classpath(appPath + File.pathSeparator + libPath); *
>
>
>
> But i can't see how the parameters passed  fit into this .
>
>
>
> If anyone faced a similar problem and suggest a solution(probably an
> example ) , it will be a great help.
>
>
>
> Regards
>
> Ashish
>
>
>
>
>
>
>
>
>
>
>
> Regards,
> Ashish Mishra
> Graduate Student,
> Computer Science and Automation Department,IISc
> Cell : +91-9611194714
> Mailto : ashishmishra at csa.iisc.ernet.in
>
>
>
>
>
> --
> Regards,
> Ashish Mishra
> Graduate Student,
> Computer Science and Automation Department,IISc
> Cell : +91-9611194714
> Mailto : ashishmishra at csa.iisc.ernet.in
>



-- 
Regards,
Ashish Mishra
Graduate Student,
Computer Science and Automation Department,IISc
Cell : +91-9611194714
Mailto : ashishmishra at csa.iisc.ernet.in
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140805/607b4c6e/attachment.html

More information about the Soot-list mailing list