[Soot-list] How to automaticly instrument the results of FlowDroid with the same Soot scene?

Steven Arzt Steven.Arzt at cased.de
Wed Oct 22 10:14:26 EDT 2014 

Hi Jin,

 

You need to call setSootConfig before you call runInfoflow(). FlowDroid will then use the callback you gave to setSootConfig() at the appropriate time.

 

Best regards,

  Steven

 

Von: Jin Li [mailto:lijin1988 at gmail.com] 
Gesendet: Mittwoch, 22. Oktober 2014 15:58
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: How to automaticly instrument the results of FlowDroid with the same Soot scene?

 

Hi Steven,

>From your previous email,  you mentioned that I can pass an object implementing the IInfoflowConfig to the setSootConfig method in SetupApplication class for the purpose of setting instrumentation configuration. 

My question is what is the time that I setSootConfig for instrumentation? 

Is it before the runInfoflow()?  or after the results are presented in the onResultsAvailable() ?

Best regards,
Jin

 

 

2014-10-22 15:39 GMT+08:00 Jin Li <lijin1988 at gmail.com>:

Hi Steven,

Follow your instructions, I tried as follows:

First. I implemented IInfoflowConfig interface and put the instrumentation options in the setSootOptions() method.

public class SetConfigForInstrument implements IInfoflowConfig {
    @Override
    public void setSootOptions(Options arg0) {
        
        Options.v().set_src_prec(Options.src_prec_apk);
        
        //output as APK, too//-f J
        Options.v().set_output_format(Options.output_format_dex);
        Options.v().set_output_dir("D:\\Android\\sootOutput");
        Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_whole_program(true);
        Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
        Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
        
        
        Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
        Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
        Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);
        Scene.v().addBasicClass("InstrumentHelper$1",SootClass.SIGNATURES);
        Scene.v().loadNecessaryClasses();

    }

} 

Second, I implemented ResultsAvailableHandler interface and override the onResultsAvailable method 

public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
            // Dump the results
            if (results == null) {
                print("No results found.");
                System.exit(0);
            }
            else {
                SetupApplication setapp = new SetupApplication(G_androidJar, G_filename);
                setapp.setSootConfig(new SetConfigForInstrument());
                System.out.println("After setupapplication!");
                PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
                PackManager.v().runPacks();
                PackManager.v().writeOutput();
            }
        }

And in this method I use setSootConfig to set the instrumentation configurations and then do the transformations.

However,  exceptions still appears.  

Exception in thread "main" java.lang.RuntimeException: No method void setContext(android.content.Context) in class InstrumentHelper

It seems that soot still can't find my instrumentation classes and methods.

What am  I doing wrong?

Best regards,

Jin 







 

2014-10-21 17:14 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:

Hi Jin,

 

In such a case, you need to directly start FlowDroid with the correct options for instrumentation. The Infoflow and SetupApplication classes support a method called setSootConfig which accepts an object of type IInfoflowConfig. In the callback method contained this interface, you can overwrite the Soot options you need. This way, you can have FlowDroid use Soot with the correct output format, output directory, etc.

 

Pass an object implementing the ResultsAvailableHandler interface to runInfoflow(). The callback method in this interface will be called once FlowDroid is done, but Soot is still running. This is the optimal position to do your instrumentation work.

 

Best regards,

  Steven

 

Von: Jin Li [mailto:lijin1988 at gmail.com] 
Gesendet: Dienstag, 21. Oktober 2014 10:20
An: soot-list at CS.McGill.CA; Steven Arzt
Betreff: How to automaticly instrument the results of FlowDroid with the same Soot scene?

 

Hi All,

I want to instrument the resutls of FlowDroid as soon as the results being available. 

I use runAnalysis(fileName, androidJar) to get the InfoFlowResults. 

After that, I reset the soot and set options for instrumenting. But I can't find the stmt resutls that I reserved from FlowDroid. 

some code snippets:

public class TaintFlowInstrumentDriver {
    
    public static InfoflowResults infoflowResults;

    /**
     * @param args[0] = path to apk-file
     * @param args[1] = path to android-dir (path/android-platforms)
     * @throws InterruptedException 
     * @throws IOException 
     */
    public static void main(String[] args) throws IOException, InterruptedException {
        
        //insert some code for getting flowdroid results which represents the taintgraph
        if(args.length < 2){
            printUsage();
            return;
        }
        String filePath = args[0];
        String androidJarPath = args[1];
        infoflowResults = runAnalysis(filePath, androidJarPath);

        soot.G.reset();
        //prefer Android APK files// -src-prec apk
        Options.v().set_src_prec(

        Options.src_prec_apk);
        
        //output as APK, too//-f J
        Options.v().set_output_format(Options.output_format_dex);
        Options.v().set_output_dir("D:\\Android\\sootOutput");
        Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_whole_program(true);
        Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
        Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
        
        
        Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
        Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
        Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);

        Scene.v().loadNecessaryClasses();
        PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
        PackManager.v().runPacks();
        PackManager.v().writeOutput();
    }

 

If I use soot.G.reset(), I can't find the Soot stmt objects produced by FlowDroid in my bodytransformer. 

If I don't use soot.G.reset(), I can't set the instrumenting options.

How can I correctly instrument the retults of the FlowDroid?

Best regards,

Jin

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141022/fe17c098/attachment-0001.html

More information about the Soot-list mailing list