[Soot-list] calls to objects instantiated through reflection not detected

Fri May 6 15:45:46 EDT 2016

Hi Denis,

That is related to TamiFlex. You run the program and create a log of where the reflective calls go. Afterwards, you can use that log in your next static analysis.

Best regards,

  Steven

Von: Denis Bogdanas [mailto:denis.bogdanas at gmail.com] 
Gesendet: Mittwoch, 4. Mai 2016 19:46
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] calls to objects instantiated through reflection not detected

Strange,

I see there is Kind.REFL_CLASS_NEWINSTANCE

used in a few places to add edges to CG. What is it used for?

On 4 May 2016 at 09:02, Steven Arzt <Steven.Arzt at cased.de> wrote:

Hi Denis,

That is by design. Spark needs to propagate type information to the base object of a method call. If these base object comes from a reflective call or a factory method inside a phantom class, the type information is not available through the PAG propagation and there will not be any  outgoing call edges. In that case, your best bet is to take the declared callee.

Best regards,

  Steven

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Denis Bogdanas
Gesendet: Mittwoch, 4. Mai 2016 00:42
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] calls to objects instantiated through reflection not detected

Hi,

Looks like Spark doesn't process the objects instantiated through reflection.

For the following code:

try {
    locationManager = LocationManager.class.newInstance();
} catch (I...) { }
locationManager.addGpsStatusListener(null);

edge to addGpsStatusListener() is not in the call graph. I've looked into the support for reflection in soot source code, looks like at least this scenario should be supported.

Am I wrong somewhere?

thanks,

-- 

Denis

-- 

Denis

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160506/e0f93217/attachment.html 