[Soot-list] Help: How to retrive the value passed in mehod call.
pratibind.jha at accenture.com
pratibind.jha at accenture.com
Thu Jan 23 00:41:11 EST 2014
Thanks Marc-André,
My Purpose of doing analysis using soot is to identify whether constant string comes from configuration file or properties file or some other source where string is hard coded or not?.
Thanks and Regard's
Pratibind Jha
Intern ATL
-----Original Message-----
From: soot-list-bounces at sable.mcgill.ca [mailto:soot-list-bounces at sable.mcgill.ca] On Behalf Of Marc-André Laverdière
Sent: Wednesday, January 22, 2014 8:22 PM
To: soot-list at sable.mcgill.ca
Subject: Re: [Soot-list] Help: How to retrive the value passed in mehod call.
As a sidenote, it is possible to cheat a little bit. You can always
write some code that would load the values from the configuration
file, generate a stub that would pass those values to the program, and
run your analysis on that.
Of course, the validity of your results goes kaput if anyone changes
the config file...
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 01/21/2014 03:51 AM, Bodden, Eric wrote:
> Hi Pratibind.
>
>> Yes, String could be from any source like, like you mention "
>> String concatenation or loaded from files or other resources".
>> string is always constant like the statement "String str =
>> "Constant String";" which is loaded from different file or other
>> source, now it has been passed as argument to method like
>> "someMethodName(SourceLocation.str)".
>
> Well, if the string could be located inside configuration files
> then this is a problem. Your analysis would need to understand
> those files. It might be easier to actually execute the code with
> some instrumentation and then perform a dynamic analysis for those
> strings. By just analyzing the code as such (statically) there is
> not much hope that you will be able to recover the strings unless
> they are constants in the code.
>
> Eric
>
>
>
> _______________________________________________ Soot-list mailing
> list Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
_______________________________________________
Soot-list mailing list
Soot-list at sable.mcgill.ca
http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
________________________________
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. .
______________________________________________________________________________________
www.accenture.com
More information about the Soot-list
mailing list