[Soot-list] How to automaticly instrument the results of FlowDroid with the same Soot scene?
Jin Li
lijin1988 at gmail.com
Wed Oct 22 03:39:26 EDT 2014
Hi Steven,
Follow your instructions, I tried as follows:
First. I implemented IInfoflowConfig interface and put the instrumentation
options in the setSootOptions() method.
public class SetConfigForInstrument implements IInfoflowConfig {
@Override
public void setSootOptions(Options arg0) {
Options.v().set_src_prec(Options.src_prec_apk);
//output as APK, too//-f J
Options.v().set_output_format(Options.output_format_dex);
Options.v().set_output_dir("D:\\Android\\sootOutput");
Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
Options.v().set_allow_phantom_refs(true);
Options.v().set_whole_program(true);
Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);
Scene.v().addBasicClass("InstrumentHelper$1",SootClass.SIGNATURES);
Scene.v().loadNecessaryClasses();
}
}
Second, I implemented ResultsAvailableHandler interface and override the
onResultsAvailable method
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
// Dump the results
if (results == null) {
print("No results found.");
System.exit(0);
}
else {
SetupApplication setapp = new
SetupApplication(G_androidJar, G_filename);
setapp.setSootConfig(new SetConfigForInstrument());
System.out.println("After setupapplication!");
PackManager.v().getPack("jtp").add(new
Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
PackManager.v().runPacks();
PackManager.v().writeOutput();
}
}
And in this method I use setSootConfig to set the instrumentation
configurations and then do the transformations.
However, exceptions still appears.
Exception in thread "main" java.lang.RuntimeException: No method void
setContext(android.content.Context) in class InstrumentHelper
It seems that soot still can't find my instrumentation classes and methods.
What am I doing wrong?
Best regards,
Jin
2014-10-21 17:14 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:
> Hi Jin,
>
>
>
> In such a case, you need to directly start FlowDroid with the correct
> options for instrumentation. The Infoflow and SetupApplication classes
> support a method called setSootConfig which accepts an object of type
> IInfoflowConfig. In the callback method contained this interface, you can
> overwrite the Soot options you need. This way, you can have FlowDroid use
> Soot with the correct output format, output directory, etc.
>
>
>
> Pass an object implementing the ResultsAvailableHandler interface to
> runInfoflow(). The callback method in this interface will be called once
> FlowDroid is done, but Soot is still running. This is the optimal position
> to do your instrumentation work.
>
>
>
> Best regards,
>
> Steven
>
>
>
> *Von:* Jin Li [mailto:lijin1988 at gmail.com]
> *Gesendet:* Dienstag, 21. Oktober 2014 10:20
> *An:* soot-list at CS.McGill.CA; Steven Arzt
> *Betreff:* How to automaticly instrument the results of FlowDroid with
> the same Soot scene?
>
>
>
> Hi All,
>
> I want to instrument the resutls of FlowDroid as soon as the results being
> available.
>
> I use runAnalysis(fileName, androidJar) to get the InfoFlowResults.
>
> After that, I reset the soot and set options for instrumenting. But I
> can't find the stmt resutls that I reserved from FlowDroid.
>
> some code snippets:
>
> public class TaintFlowInstrumentDriver {
>
> public static InfoflowResults infoflowResults;
>
> /**
> * @param args[0] = path to apk-file
> * @param args[1] = path to android-dir (path/android-platforms)
> * @throws InterruptedException
> * @throws IOException
> */
> public static void main(String[] args) throws IOException,
> InterruptedException {
>
> //insert some code for getting flowdroid results which represents
> the taintgraph
> if(args.length < 2){
> printUsage();
> return;
> }
> String filePath = args[0];
> String androidJarPath = args[1];
> infoflowResults = runAnalysis(filePath, androidJarPath);
>
> soot.G.reset();
> //prefer Android APK files// -src-prec apk
> Options.v().set_src_prec(
>
> Options.src_prec_apk);
>
> //output as APK, too//-f J
> Options.v().set_output_format(Options.output_format_dex);
> Options.v().set_output_dir("D:\\Android\\sootOutput");
>
> Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
> Options.v().set_allow_phantom_refs(true);
> Options.v().set_whole_program(true);
>
> Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
>
> Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
>
>
>
> Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
> Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
> Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);
>
> Scene.v().loadNecessaryClasses();
> PackManager.v().getPack("jtp").add(new
> Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
> PackManager.v().runPacks();
> PackManager.v().writeOutput();
> }
>
>
>
> If I use soot.G.reset(), I can't find the Soot stmt objects produced by
> FlowDroid in my bodytransformer.
>
> If I don't use soot.G.reset(), I can't set the instrumenting options.
>
> How can I correctly instrument the retults of the FlowDroid?
>
> Best regards,
>
> Jin
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141022/9a046c49/attachment.html
More information about the Soot-list
mailing list