[Soot-list] How to automaticly instrument the results of FlowDroid with the same Soot scene?

Steven Arzt Steven.Arzt at cased.de
Mon Oct 27 07:55:16 EDT 2014 

Hin Jin,

 

Apparently, there has been a misunderstanding. The FlowDroid initialization does not go into the ResultsAvailableHandler. You instead first initialize FlowDroid:

 

                SetupApplication setapp = new SetupApplication(G_androidJar, G_filename);
                setapp.setSootConfig(new SetConfigForInstrument());
                System.out.println("After setupapplication!");



Then you run it and write out the results:

 

                Setapp.runInfoflow(myResultsAvailableHandler);

                PackManager.v().writeOutput();

 

Inside the ResultsAvailableHandler, you can directly use the Scene and other Soot objects:

 

                SootClass sc = Scene.v().getSootClass(“foo”);

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Jin Li
Gesendet: Mittwoch, 22. Oktober 2014 09:39
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] How to automaticly instrument the results of FlowDroid with the same Soot scene?

 

Hi Steven,

Follow your instructions, I tried as follows:

First. I implemented IInfoflowConfig interface and put the instrumentation options in the setSootOptions() method.

public class SetConfigForInstrument implements IInfoflowConfig {
    @Override
    public void setSootOptions(Options arg0) {
        
        Options.v().set_src_prec(Options.src_prec_apk);
        
        //output as APK, too//-f J
        Options.v().set_output_format(Options.output_format_dex);
        Options.v().set_output_dir("D:\\Android\\sootOutput");
        Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_whole_program(true);
        Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
        Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
        
        
        Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
        Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
        Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);
        Scene.v().addBasicClass("InstrumentHelper$1",SootClass.SIGNATURES);
        Scene.v().loadNecessaryClasses();

    }

} 

Second, I implemented ResultsAvailableHandler interface and override the onResultsAvailable method 

public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
            // Dump the results
            if (results == null) {
                print("No results found.");
                System.exit(0);
            }
            else {
                SetupApplication setapp = new SetupApplication(G_androidJar, G_filename);
                setapp.setSootConfig(new SetConfigForInstrument());
                System.out.println("After setupapplication!");
                PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
                PackManager.v().runPacks();
                PackManager.v().writeOutput();
            }
        }

And in this method I use setSootConfig to set the instrumentation configurations and then do the transformations.

However,  exceptions still appears.  

Exception in thread "main" java.lang.RuntimeException: No method void setContext(android.content.Context) in class InstrumentHelper

It seems that soot still can't find my instrumentation classes and methods.

What am  I doing wrong?

Best regards,

Jin 







 

2014-10-21 17:14 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:

Hi Jin,

 

In such a case, you need to directly start FlowDroid with the correct options for instrumentation. The Infoflow and SetupApplication classes support a method called setSootConfig which accepts an object of type IInfoflowConfig. In the callback method contained this interface, you can overwrite the Soot options you need. This way, you can have FlowDroid use Soot with the correct output format, output directory, etc.

 

Pass an object implementing the ResultsAvailableHandler interface to runInfoflow(). The callback method in this interface will be called once FlowDroid is done, but Soot is still running. This is the optimal position to do your instrumentation work.

 

Best regards,

  Steven

 

Von: Jin Li [mailto:lijin1988 at gmail.com] 
Gesendet: Dienstag, 21. Oktober 2014 10:20
An: soot-list at CS.McGill.CA; Steven Arzt
Betreff: How to automaticly instrument the results of FlowDroid with the same Soot scene?

 

Hi All,

I want to instrument the resutls of FlowDroid as soon as the results being available. 

I use runAnalysis(fileName, androidJar) to get the InfoFlowResults. 

After that, I reset the soot and set options for instrumenting. But I can't find the stmt resutls that I reserved from FlowDroid. 

some code snippets:

public class TaintFlowInstrumentDriver {
    
    public static InfoflowResults infoflowResults;

    /**
     * @param args[0] = path to apk-file
     * @param args[1] = path to android-dir (path/android-platforms)
     * @throws InterruptedException 
     * @throws IOException 
     */
    public static void main(String[] args) throws IOException, InterruptedException {
        
        //insert some code for getting flowdroid results which represents the taintgraph
        if(args.length < 2){
            printUsage();
            return;
        }
        String filePath = args[0];
        String androidJarPath = args[1];
        infoflowResults = runAnalysis(filePath, androidJarPath);

        soot.G.reset();
        //prefer Android APK files// -src-prec apk
        Options.v().set_src_prec(

        Options.src_prec_apk);
        
        //output as APK, too//-f J
        Options.v().set_output_format(Options.output_format_dex);
        Options.v().set_output_dir("D:\\Android\\sootOutput");
        Options.v().set_process_dir(Collections.singletonList("D:\\Android\\TestApk\\Benign\\Callbacks_LocationLeak3.apk"));
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_whole_program(true);
        Options.v().set_soot_classpath(".;D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms\\android-19\\android.jar");
        Options.v().set_android_jars("D:\\Android\\adt-bundle-windows-x86_64-20131030\\sdk\\platforms");
        
        
        Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
        Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
        Scene.v().addBasicClass("InstrumentHelper",SootClass.SIGNATURES);

        Scene.v().loadNecessaryClasses();
        PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new TaintFlowInstrument()));
        PackManager.v().runPacks();
        PackManager.v().writeOutput();
    }

 

If I use soot.G.reset(), I can't find the Soot stmt objects produced by FlowDroid in my bodytransformer. 

If I don't use soot.G.reset(), I can't set the instrumenting options.

How can I correctly instrument the retults of the FlowDroid?

Best regards,

Jin

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141027/88abe2da/attachment-0001.html

More information about the Soot-list mailing list