[Soot-list] Can I get the calling context of a source/sink?
Steven Arzt
Steven.Arzt at cased.de
Mon Jun 22 05:10:14 EDT 2015
Hi Rainkin,
I’m not sure that I understand your question correctly. Contexts in IFDS are value contexts which means that they do not refer to a certain call string or call site, but first and foremost to a value in the domain of data flow abstractions. Getting the IFDS context would thus supply you with an incomiung taint abstraction which is probably not what you want.
If you just want to get the method which contains the source / sink statements, you can use the interprocedural control flow graph that gets passed into the ResultsAvailableHandler callback which you can specify when you call computeInfoflow(…). It has a method getMethodOf(…).
Best regards,
Steven
M.Sc. M.Sc. Steven Arzt
Secure Software Engineering Group (SSE)
European Center for Security and Privacy by Design (EC SPRIDE)
Rheinstraße 75
D-64293 Darmstadt
Phone: +49 61 51 869-336
Fax: +49 61 51 16-72118
eMail: <mailto:steven.arzt at ec-spride.de> steven.arzt at ec-spride.de
Web: <http://sse.ec-spride.de/> http://sse.ec-spride.de
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von ???
Gesendet: Freitag, 12. Juni 2015 17:48
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Can I get the calling context of a source/sink?
Hi guys,
Flowdroid uses Heros to do inter-procedural data analysis. I notice that during the process of inter-procedural analysis, Flowdroid can get the calling context of a function, that is to say, where the function is actually called.
For example, the API
getReturnFlowFunction(N callSite, M calleeMethod, N exitStmt, N returnSite):
callSite is the statement where the function is called.
But in the results of Flowdroid, I can't get the calling context of a source/sink.
I want to know how to get that?
For example.
ApiTwo sharedApiTwo(ApiOne x)
{
return apiTwo(x);
}
main(){
// context1
a1 = apiOne();
b1 = sharedApiOne(a1);
apiThree(b1);
// context2
a2 = apiOne();
b2 = sharedApiOne(a2);
apiThree(b2);
}
Note that there is a wrapper function sharedApiTwo() for apiTwo().
we will get the following result:
Source
Sink
a1 = apiOne();
return apiTwo(x);
return apiTwo(x);
apiThree(b1);
a2 = apiOne();
return apiTwo(x);
return apiTwo(x);
apiThree(b2);
Take the first source-sink chain for example,
I can't know the function of the sink "return apiTwo(x)" is called in the statement "b1 = sharedApiOne(a1);"
Thank,
rainkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150622/b8b3d752/attachment-0001.html
More information about the Soot-list
mailing list