[Soot-list] Soot not able to process the source code of android applications

Steven Arzt Steven.Arzt at cased.de
Tue Jun 16 14:47:44 EDT 2015 

There are several problems. Firstly, Soot’s source code front-end is not nearly as stable and reliable than Soot’s bytecode / dex code front-end. Furthermore, for processing Android applications, you need to at least parse the manifest. Soot knows how to parse the binary manifest file contained in an APK file, but there is no code that parses a plain-text manifest file. The same issue happens for the layout XML file parser in FlowDroid. There simply has not been an<y real demand for analyzing Android apps on source so far.

 

For your project, why don’t you just compile the app to an APK and then analyze the APK file in Soot? The compiler should include source line numbers into the dex file’s debug section if you perform a debug build. Therefore, it should be easy to map your findings in the APK back to the original source code.

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Sanjay Thakur
Gesendet: Dienstag, 16. Juni 2015 19:35
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] Soot not able to process the source code of android applications

 

Also, is it somehow possible to exclude the xml related objects from parsing and processing by soot. They all start as "R.*". This can work because if soot doesn't tries to reference and process those objects, then perhaps the thing might work.

 

On Tue, Jun 16, 2015 at 8:05 AM, Sanjay Thakur <sttsanjay at gmail.com> wrote:

 Hi Steven,

What we really want is to make a tool that can help an application developer to check his app for irregularities with the software engineering principles while he is still coding the app. Analyzing the apk for the same purpose has been successfully done by us. 

 

On Mon, Jun 15, 2015 at 7:10 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:

Hi Sanjay,

 

We never extended the Android components to work with source code. We always worked on the compiled APK files. Therefore, aspects like manifest parsing or layout XML file parsing will not work on source. Is there any reason for you not to use the compiled APK file as input instead of source?

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Sanjay Thakur
Gesendet: Montag, 15. Juni 2015 17:08
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] Soot not able to process the source code of android applications

 

Hi Steven,

We are making a tool to analyze apks and the source codes to look for parameters that are non-compliant and irregular with the software engineering principles. We have a successful running program to analyze the apks. We used soot for our work. But we failed to do so with the source codes of android applications. Any suggestion towards analyzing the source codes of android applications would be very useful. 

It came to my mind that if we can modify the soot source code to make it compatible with our requirement then our work will be done. Can you tell how can we start to being able to modify the soot itself, if possible. 

Thanks 

 

On Sat, Jun 13, 2015 at 7:24 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:

Hi Sanjay,

 

That is correct. Soot has no components for processing Android layout files. If you want to work with Android apps in an analysis based on Soot, you can make use of the FlowDroid parser components included in the soot-infoflow-android project. The FlowDroid project, however, works on compiled APK files, not on the original source files. Generally, Soot’s bytecode / dex code front end is much more stale and up-to-date than the front end for Java source code.


What exactly are you trying to do?

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Sanjay Thakur
Gesendet: Samstag, 13. Juni 2015 00:59
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Soot not able to process the source code of android applications

 

Hello all,

I have been trying to analyze the source code of Android applications. The soot is not able to reference and process the non-java components (which are actually the xml components) like the TextView and the layout file. I have tried using the exclude list with "R." but got no success. Here is my sample code:

 

Options.v().set_android_jars(pathToAndroidJarForSoot);

Options.v().set_soot_classpath("/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/rt.jar:/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/jce.jar:/home/sanjay/Android/Sdk/platforms/android-21/android.jar");

Options.v().set_src_prec(Options.src_prec_java);

Options.v().set_allow_phantom_refs(true);

List<String> excludeList = new LinkedList<String>();

excludeList.add("R.");

Options.v().set_exclude(excludeList);

Options.v().set_no_bodies_for_excluded(true);

Options.v().set_process_dir(Collections.singletonList(pathToDirectory));

Options.v().set_whole_program(true);

......

......

 

 

 

The errors look like the following

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:17,24:

soot.CompilationDeathException: there were errors during parsing and/or type checking (JastAdd frontend)

  Semantic Error: R.layout not found

at soot.JastAddInitialResolver.formAst(JastAddInitialResolver.java:63)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:17,33:

at soot.JavaClassSource.resolve(JavaClassSource.java:54)

  Semantic Error: no field named activity_main is accessible

at soot.SootResolver.bringToHierarchy(SootResolver.java:230)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:18,43:

at soot.SootResolver.bringToSignatures(SootResolver.java:255)

  Semantic Error: R.id not found

at soot.SootResolver.bringToBodies(SootResolver.java:291)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:18,48:

at soot.SootResolver.processResolveWorklist(SootResolver.java:165)

  Semantic Error: no field named tvMessage is accessible

at soot.SootResolver.resolveClass(SootResolver.java:130)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:26,35:

at soot.Scene.loadClass(Scene.java:693)

  Semantic Error: R.menu not found

at soot.Scene.loadClassAndSupport(Scene.java:678)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:26,42:

at soot.Scene.loadNecessaryClasses(Scene.java:1351)

  Semantic Error: no field named menu_main is accessible

at paprika.analyzer.SootAnalyzer.init(SootAnalyzer.java:82)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:38,19:

at paprika.Main.runAnalysis(Main.java:112)

  Semantic Error: R.id not found

at paprika.Main.main(Main.java:79)

/home/sanjay/Documents/UQAM/sourcesNapks/ForSoot/app/src/main/java/forsoot/com/forsoot/MainActivity.java:38,24:

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

  Semantic Error: no field named action_settings is accessible

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)

 

-- 

Sanjay Thakur

Research Intern

UQAM

Montreal, Canada




-- 

Sanjay Thakur

Research Intern

UQAM

Montreal, Canada





 

-- 

Best regards,
Sanjay Thakur

Research Intern

UQAM

Montreal, Canada





 

-- 

Best regards,
Sanjay Thakur

Research Intern

UQAM

Montreal, Canada

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150616/3c3fcbe3/attachment-0001.html

More information about the Soot-list mailing list