[Soot-list] regarding FlowDroid - finding paths- to Toast.show()

Steven Arzt Steven.Arzt at cased.de
Fri May 30 07:21:37 EDT 2014 

Hi Sarah,

 

So you find a path in the second example (the one printed in yellow)? That
comes as a surprise if you have not enabled implicit flow tracking since you
are not actually leaking any sensitive information. Please double-check that
you have not confused the two examples.

 

Best regards,

  Steven 

 

Von: aras_h1988 at yahoo.com [mailto:aras_h1988 at yahoo.com] 
Gesendet: Freitag, 30. Mai 2014 11:27
An: H S; Steven Arzt; soot-list at sable.mcgill.ca; soot-list at CS.McGill.CA;
Siegfried Rasthofer
Betreff: AW: regarding FlowDroid - finding paths- to Toast.show()

 


Gesendet über Yahoo Mail für Android

 

  _____  

From: H S <aras_h1988 at yahoo.com>; 
To: Steven Arzt <steven.arzt at cased.de>; soot-list at sable.mcgill.ca
<soot-list at sable.mcgill.ca>; soot-list at CS.McGill.CA
<soot-list at cs.mcgill.ca>; Siegfried Rasthofer
<siegfried.rasthofer at cased.de>; 
Subject: regarding FlowDroid - finding paths- to Toast.show() 
Sent: Thu, May 29, 2014 12:59:38 AM 

 


 

 

 Hi all:

 I should find paths by running flowDroid on my code.
 I have Toast in my code, the flowDroid can detect it as an sink, where I
 gave its signature before.
 But it is unable now to detect the path from source to sink.
 here is the code which contains the toast which is as an sink.

 //in openAlert(v)
 alertDialogBuilder.setNegativeButton("No",new
 DialogInterface.OnClickListener() {
             public void onClick(DialogInterface dialog,int id) {
                 // cancel the alert box and put a Toast to the user
                 dialog.cancel();
                 Toast.makeText(getApplicationContext(), "You chose a
negative answer", Toast.LENGTH_LONG).show();
              }
         });

 and here is the source :
                                               String Number =
editText.getText().toString();//source
             NumberInt = Integer.parseInt(Number);
             if (NumberInt<50){
                 openAlert(v);
             }

 The probable scenario: The user gives a number in field number(source), if
 it is smaller than- say 50-, then  an Alert-Dialog pops up, if he clicks on
 No in the Alert-Dialog, the toast will appear.

 But now I cannot catch this path.

 

*However I can catch a path from text field to this below Toast.show() which
is considered as an sink.

Here is the code:

 

if (NumberInt<50){

                openAlert(v);

            }

            else{

               Toast.makeText(getApplicationContext(), "Number is not less
than 50 to show the dialog",Toast.LENGTH_LONG).show();

               // Log.i("INFO", "getNumber     " + NumberInt);

            }


 Any suggestion would be appreciated.

 Sarah




>
>
> _______________________________________________
> Soot-list mailing list
>  <javascript:return> Soot-list at CS.McGill.CA
>  <https://mailman.cs.mcgill.ca/mailman/listinfo/soot-list>
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list


>

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140530/b0666bde/attachment-0002.html

More information about the Soot-list mailing list