[Soot-list] Can I get the calling context of a source/sink?

Steven Arzt Steven.Arzt at cased.de
Mon Jun 22 05:10:14 EDT 2015 

Hi Rainkin,

 

I’m not sure that I understand your question correctly. Contexts in IFDS are value contexts which means that they do not refer to a certain call string or call site, but first and foremost to a value in the domain of data flow abstractions. Getting the IFDS context would thus supply you with an incomiung taint abstraction which is probably not what you want.

 

If you just want to get the method which contains the source / sink statements, you can use the interprocedural control flow graph that gets passed into the ResultsAvailableHandler callback which you can specify when you call computeInfoflow(…). It has a method getMethodOf(…).

 

Best regards,

  Steven

 

 

M.Sc. M.Sc. Steven Arzt

Secure Software Engineering Group (SSE)

European Center for Security and Privacy by Design (EC SPRIDE) 

Rheinstraße 75

D-64293 Darmstadt

Phone: +49 61 51 869-336

Fax: +49 61 51 16-72118

eMail:  <mailto:steven.arzt at ec-spride.de> steven.arzt at ec-spride.de

Web:  <http://sse.ec-spride.de/> http://sse.ec-spride.de

 

 

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von ???
Gesendet: Freitag, 12. Juni 2015 17:48
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Can I get the calling context of a source/sink?

 

Hi guys,

    Flowdroid uses Heros to do inter-procedural data analysis. I notice that during the process of inter-procedural analysis, Flowdroid can get the calling context of a function, that is to say, where the function is actually called. 

    For example, the API
    getReturnFlowFunction(N callSite, M calleeMethod, N exitStmt, N returnSite):

    callSite is the statement where the function is called.



    But in the results of Flowdroid, I can't get the calling context of a source/sink. 

    I want to know how to get that?

 

For example.

ApiTwo sharedApiTwo(ApiOne x)

{

return apiTwo(x);

}

main(){

// context1

a1 = apiOne();

b1 = sharedApiOne(a1);

apiThree(b1);

 

// context2

a2 = apiOne();

b2 = sharedApiOne(a2);

apiThree(b2);

}

 

 

Note that there is a wrapper function sharedApiTwo() for apiTwo().

we will get the following result:


Source

Sink


a1 = apiOne();

return apiTwo(x);


return apiTwo(x);

apiThree(b1);


a2 = apiOne();

return apiTwo(x);


return apiTwo(x);

apiThree(b2);

 

Take the first source-sink chain for example,

I can't know the function of the sink "return apiTwo(x)" is called in the statement "b1 = sharedApiOne(a1);"

 

Thank,

rainkin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150622/b8b3d752/attachment-0001.html

More information about the Soot-list mailing list