[Soot-list] How to get context-sensitive result of flowdroid

Steven Arzt Steven.Arzt at cased.de
Wed Apr 22 05:00:59 EDT 2015 

Hi Rainkin,

 

I do not understand your question. In this code example, there is only a single context. The method “foo” is always called with a tainted element which originated from sourceOne(10). In terms of contexts, the two source-to-sink connections are equal. Moreover, there is only one call to “System.out.println()” in the code, so I’m not sure how you want to get two different statements out of that.

 

The only thing you could do is to obtain two different propagation paths to record that one flow was propagated over the first call to “foo” and the other one over the second call. I’m not sure what the use case for that should be, though.

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von ???
Gesendet: Mittwoch, 22. April 2015 10:50
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] How to get context-sensitive result of flowdroid

 

Hi guys,

    this is a example:

    public void test(){
        String sourceOne = sourceOne(10); // source
        foo(sourceOne);
        foo(sourceOne);
    }

    public String sourceOne(int number){
        return number>0 ? "positive" : "negative";
    }
    
    public void foo(String s){
        System.out.println(s); // sink
    }

  

  the method sourceOne is a source and System.out.println() is a sink.

  After analysis, I get the following result:

[main] INFO soot.jimple.infoflow.Infoflow - Source lookup done, found 1 sources and 1 sinks.
[main] INFO soot.jimple.infoflow.Infoflow - IFDS problem with 14 forward and 0 backward edges solved, processing 1 results...
[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Context-sensitive path reconstructor started
[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Obtainted 1 connections between sources and sinks
[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Building path 1
[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Path processing took 0.008987293 seconds in total
[main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke $r2.<java.io.PrintStream: void println(java.lang.String)>(r1) in method <TestCode: void foo(java.lang.String)> was called with values from the following sources:
[main] INFO soot.jimple.infoflow.Infoflow - - r1 = virtualinvoke r0.<TestCode: java.lang.String sourceOne(int)>(10) in method <TestCode: void test()>
[main] INFO soot.jimple.infoflow.Infoflow -     on Path: 
[main] INFO soot.jimple.infoflow.Infoflow -      -> <TestCode: void foo(java.lang.String)>
[main] INFO soot.jimple.infoflow.Infoflow -          -> virtualinvoke $r2.<java.io.PrintStream: void println(java.lang.String)>(r1)

 

 I want to know how to get a context-sensitive result, in which  sourceOne() will point to 2 different system.out.println()

Thx,

Rainkin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150422/07d95593/attachment-0001.html

More information about the Soot-list mailing list