[Soot-list] Creating ISourceSinkManager to track information flow between Stmt or Value
Steven Arzt
Steven.Arzt at cased.de
Mon Sep 29 08:27:23 EDT 2014
Hi David,
I am not sure whether I understand your question correctly. If you implement your own source-sink-manager directly on top of the ISourceSinkManager interface, you are free to define whatever kind of sources and sinks you need. There is no need to have a predefined list – FlowDroid will iterator over all statements in your program under analysis and ask the source-sink-manager whether to treat the respective statement as a source, as a sink, or as neither.
Still, this is an a-priori analysis that is completed before the actual taint tracking starts. At the moment, I am not sure in which cases this should produce any limitations.
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Wei Yang
Gesendet: Sonntag, 28. September 2014 07:17
An: soot-list at CS.McGill.CA; soot-list at sable.mcgill.ca
Betreff: [Soot-list] Creating ISourceSinkManager to track information flow between Stmt or Value
Hi! All,
I'm trying to use FlowDroid to find if there's a information flow between two statements (Stmt) or Variables (Value). I found that in MethodBasedSourceSinkManager or AndroidSourceSinkManager, we need to provide the signature of source and sink methods statically for all program. How can I define my own ISourceSinkManager so that it can track information flow based on Stmt or Value provided dynamically from the analysis? Is there any example code I could look into to find related information?
Thanks a lot!
Best wishes,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140929/6072b764/attachment-0002.html
More information about the Soot-list
mailing list