[Soot-list] Creating ISourceSinkManager to track information flow between Stmt or Value
Wei Yang
davidyoung8906 at gmail.com
Tue Sep 30 01:54:37 EDT 2014
Hi! Steven,
Sorry that my question is a bit confusing in the earlier email. What I
try to do is to find the information flows between variables (Value). Both
methods *getSourceInfo *and *isSink *in inteface ISourceSinkManager are
based on Stmt. But I knew that the taint analysis is based on variables. So
we should be able to obtain such information from the analysis. As I'm not
very familiar with the code about the taint propagation, could you point me
a direction and related files that I can look into to track the information
flows between variables?
Thanks a lot!
On Sep 29, 2014 7:27 AM, "Steven Arzt" <Steven.Arzt at cased.de> wrote:
> Hi David,
>
>
>
> I am not sure whether I understand your question correctly. If you
> implement your own source-sink-manager directly on top of the
> ISourceSinkManager interface, you are free to define whatever kind of
> sources and sinks you need. There is no need to have a predefined list –
> FlowDroid will iterator over all statements in your program under analysis
> and ask the source-sink-manager whether to treat the respective statement
> as a source, as a sink, or as neither.
>
>
>
> Still, this is an a-priori analysis that is completed before the actual
> taint tracking starts. At the moment, I am not sure in which cases this
> should produce any limitations.
>
>
>
> Best regards,
>
> Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Wei Yang
> *Gesendet:* Sonntag, 28. September 2014 07:17
> *An:* soot-list at CS.McGill.CA; soot-list at sable.mcgill.ca
> *Betreff:* [Soot-list] Creating ISourceSinkManager to track information
> flow between Stmt or Value
>
>
>
> Hi! All,
>
> I'm trying to use FlowDroid to find if there's a information flow
> between two statements (Stmt) or Variables (Value). I found that
> in MethodBasedSourceSinkManager or AndroidSourceSinkManager, we need to
> provide the signature of source and sink methods statically for all
> program. How can I define my own ISourceSinkManager so that it can track
> information flow based on Stmt or Value provided dynamically from the
> analysis? Is there any example code I could look into to find related
> information?
>
>
>
> Thanks a lot!
>
>
> Best wishes,
>
> David
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140930/45eb6ac7/attachment-0001.html
More information about the Soot-list
mailing list