[Soot-list] Flowdroid: Propagating taint object
Oswaldo Olivo
ozzyo86 at gmail.com
Sat Apr 9 03:57:30 EDT 2016
Hi,
I'm running soot infoflow programmatically on android APKs.
I was wondering if there's a way to force the analysis to propagate
taint to a receiver object (or another parameter) if one of the
parameters of a function is tainted.
Consider the following instruction:
virtualinvoke $r7.<com.facebook.acra.CrashReportData: java.lang.Object
put(java.lang.Enum,java.lang.Object)>($r8, $r4);
I want to taint $r7 whenever $r4 is tainted on a call to "put".
Let me know if there's a way to specify this.
Below is my code for running the taint analysis
===================================
public static void main(String[] args) throws Exception{
System.out.println("=== Starting ReDoS Detector ===");
// Configuration information.
String androidJar = "soot/platforms";
String apkFileLocation = "benchmarks/com.facebook.katana.apk";
boolean forceAndroidJar = false;
if(args.length > 0) {
apkFileLocation = args[0];
}
System.out.println("Analyzing APK: " + apkFileLocation);
SetupApplication app = new SetupApplication(androidJar,
apkFileLocation);
EasyTaintWrapper easyTaintWrapper = new EasyTaintWrapper(new
File("EasyTaintWrapperSource.txt"));
app.setTaintWrapper(easyTaintWrapper);
InfoflowAndroidConfiguration config = app.getConfig();
config.setAccessPathLength(1);
config.setComputeResultPaths(false);
config.setEnableCallbacks(false);
config.setEnableArraySizeTainting(false);
config.setEnableExceptionTracking(false);
config.setEnableStaticFieldTracking(false);
config.setInspectSinks(false);
config.setFlowSensitiveAliasing(false);
app.setConfig(config);
app.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt");
app.runInfoflow();
System.out.println("=== Finishing ReDoS Detector ===");
}
More information about the Soot-list
mailing list