[Soot-list] How to automaticly instrument the results of FlowDroid with the same Soot scene?

Jin Li lijin1988 at gmail.com
Wed Oct 22 09:57:56 EDT 2014 

Hi Steven,

>From your previous email,  you mentioned that I can pass an object
implementing the IInfoflowConfig to the setSootConfig method in
SetupApplication class for the purpose of setting instrumentation
configuration.

My question is what is the time that I setSootConfig for instrumentation?

Is it before the runInfoflow()?  or after the results are presented in
the onResultsAvailable()
?

Best regards,
Jin


2014-10-22 15:39 GMT+08:00 Jin Li <lijin1988 at gmail.com>:

> Hi Steven,
>
> Follow your instructions, I tried as follows:
>
> First. I implemented IInfoflowConfig interface and put the instrumentation
> options in the setSootOptions() method.
>
> public class SetConfigForInstrument implements IInfoflowConfig {
>     @Override
>     public void setSootOptions(Options arg0) {
>
>         Options.v().set_src_prec(Options.src_prec_apk);
>
>         //output as APK, too//-f J
>         Options.v().set_output_format(Options.output_format_dex);
>         Options.v().set_output_dir("D:\\Android\\sootOutput");
>
>  Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
>         Options.v().set_allow_phantom_refs(true);
>         Options.v().set_whole_program(true);
>
>  Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
>
>  Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
>
>
>
>  Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
>         Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
>         Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);
>         Scene.v().addBasicClass("InstrumentHelper$1",SootClass.SIGNATURES);
>         Scene.v().loadNecessaryClasses();
>
>     }
>
> }
>
> Second, I implemented ResultsAvailableHandler interface and override the
> onResultsAvailable method
>
> public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results)
> {
>             // Dump the results
>             if (results == null) {
>                 print("No results found.");
>                 System.exit(0);
>             }
>             else {
>                 SetupApplication setapp = new
> SetupApplication(G_androidJar, G_filename);
>                 setapp.setSootConfig(new SetConfigForInstrument());
>                 System.out.println("After setupapplication!");
>                 PackManager.v().getPack("jtp").add(new
> Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
>                 PackManager.v().runPacks();
>                 PackManager.v().writeOutput();
>             }
>         }
>
> And in this method I use setSootConfig to set the instrumentation
> configurations and then do the transformations.
>
> However,  exceptions still appears.
> Exception in thread "main" java.lang.RuntimeException: No method void
> setContext(android.content.Context) in class InstrumentHelper
>
> It seems that soot still can't find my instrumentation classes and methods.
>
> What am  I doing wrong?
>
> Best regards,
> Jin
>
>
>
>
>
>
> 2014-10-21 17:14 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:
>
>> Hi Jin,
>>
>>
>>
>> In such a case, you need to directly start FlowDroid with the correct
>> options for instrumentation. The Infoflow and SetupApplication classes
>> support a method called setSootConfig which accepts an object of type
>> IInfoflowConfig. In the callback method contained this interface, you can
>> overwrite the Soot options you need. This way, you can have FlowDroid use
>> Soot with the correct output format, output directory, etc.
>>
>>
>>
>> Pass an object implementing the ResultsAvailableHandler interface to
>> runInfoflow(). The callback method in this interface will be called once
>> FlowDroid is done, but Soot is still running. This is the optimal position
>> to do your instrumentation work.
>>
>>
>>
>> Best regards,
>>
>>   Steven
>>
>>
>>
>> *Von:* Jin Li [mailto:lijin1988 at gmail.com]
>> *Gesendet:* Dienstag, 21. Oktober 2014 10:20
>> *An:* soot-list at CS.McGill.CA; Steven Arzt
>> *Betreff:* How to automaticly instrument the results of FlowDroid with
>> the same Soot scene?
>>
>>
>>
>> Hi All,
>>
>> I want to instrument the resutls of FlowDroid as soon as the results
>> being available.
>>
>> I use runAnalysis(fileName, androidJar) to get the InfoFlowResults.
>>
>> After that, I reset the soot and set options for instrumenting. But I
>> can't find the stmt resutls that I reserved from FlowDroid.
>>
>> some code snippets:
>>
>> public class TaintFlowInstrumentDriver {
>>
>>     public static InfoflowResults infoflowResults;
>>
>>     /**
>>      * @param args[0] = path to apk-file
>>      * @param args[1] = path to android-dir (path/android-platforms)
>>      * @throws InterruptedException
>>      * @throws IOException
>>      */
>>     public static void main(String[] args) throws IOException,
>> InterruptedException {
>>
>>         //insert some code for getting flowdroid results which represents
>> the taintgraph
>>         if(args.length < 2){
>>             printUsage();
>>             return;
>>         }
>>         String filePath = args[0];
>>         String androidJarPath = args[1];
>>         infoflowResults = runAnalysis(filePath, androidJarPath);
>>
>>         soot.G.reset();
>>         //prefer Android APK files// -src-prec apk
>>         Options.v().set_src_prec(
>>
>>         Options.src_prec_apk);
>>
>>         //output as APK, too//-f J
>>         Options.v().set_output_format(Options.output_format_dex);
>>         Options.v().set_output_dir("D:\\Android\\sootOutput");
>>
>> Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
>>         Options.v().set_allow_phantom_refs(true);
>>         Options.v().set_whole_program(true);
>>
>> Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
>>
>> Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
>>
>>
>>
>> Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
>>         Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
>>         Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);
>>
>>         Scene.v().loadNecessaryClasses();
>>         PackManager.v().getPack("jtp").add(new
>> Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
>>         PackManager.v().runPacks();
>>         PackManager.v().writeOutput();
>>     }
>>
>>
>>
>> If I use soot.G.reset(), I can't find the Soot stmt objects produced by
>> FlowDroid in my bodytransformer.
>>
>> If I don't use soot.G.reset(), I can't set the instrumenting options.
>>
>> How can I correctly instrument the retults of the FlowDroid?
>>
>> Best regards,
>>
>> Jin
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141022/e5b3b2bc/attachment.html

More information about the Soot-list mailing list