[Soot-list] Flowdroid: Propagating taint object

[Oswaldo Olivo]

Hi,

I'm running soot infoflow programmatically on android APKs.

I was wondering if there's a way to force the analysis to propagate
taint to a receiver object (or another parameter) if one of the
parameters of a function is tainted.

Consider the following instruction:

virtualinvoke $r7.<com.facebook.acra.CrashReportData: java.lang.Object
put(java.lang.Enum,java.lang.Object)>($r8, $r4);


I want to taint $r7 whenever $r4 is tainted on a call to "put".

Let me know if there's a way to specify this.

Below is my code for running the taint analysis

===================================
public static void main(String[] args) throws Exception{

        System.out.println("=== Starting ReDoS Detector ===");

        // Configuration information.
        String androidJar = "soot/platforms";
        String apkFileLocation = "benchmarks/com.facebook.katana.apk";
        boolean forceAndroidJar = false;

        if(args.length > 0) {
            apkFileLocation = args[0];
        }

        System.out.println("Analyzing APK: " + apkFileLocation);
        SetupApplication app = new SetupApplication(androidJar,
apkFileLocation);
        EasyTaintWrapper easyTaintWrapper = new EasyTaintWrapper(new
File("EasyTaintWrapperSource.txt"));
        app.setTaintWrapper(easyTaintWrapper);

        InfoflowAndroidConfiguration config = app.getConfig();
        config.setAccessPathLength(1);
        config.setComputeResultPaths(false);
        config.setEnableCallbacks(false);
        config.setEnableArraySizeTainting(false);
        config.setEnableExceptionTracking(false);
        config.setEnableStaticFieldTracking(false);
        config.setInspectSinks(false);
        config.setFlowSensitiveAliasing(false);
        app.setConfig(config);

        app.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt");
        app.runInfoflow();

        System.out.println("=== Finishing ReDoS Detector ===");
    }