[Soot-list] How to make FlowDroid detect indirect dependence between values
John Ng
john.ng162014 at gmail.com
Thu Aug 13 16:43:37 EDT 2015
Hi All,
I just tried the example in the Flowdroid paper. The code is as following:
public class Main {
public static void main(String[] args) {
Main m = new Main();
A a = new A();
B b = a.g;
m.foo(a);
String t = a.g.f;
*// t = t + "test";*
m.*sink(t)*;
}
String source() {
return "test";
}
void sink(String f) {
System.out.println(f);
}
void foo(A z) {
B x = z.g;
String w = *source()*;
x.f = w;
}
}
I used soot-infoflow to detect flow from source() to sink() and it can
successfully detect it. However, I am not sure how can I make Flowdroid to
taint the indirect dependent value of a tainted value. For example, if I
uncomment the bold, red line (t = t + "test";) in the function main(),
Flowdroid cannot detect the connection between sources and sinks. Can you
please let me know what I should do in this case? Thank you in advance.
Best,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150813/b8559200/attachment-0001.html
More information about the Soot-list
mailing list