[Soot-list] Can Stubdroid handle interfaces?
Kazuki Hatayama
komakomaillusion at gmail.com
Wed Sep 7 03:20:25 EDT 2016
Hi Steven,
Thanks for your reply.
I'm not sure how to use StubDroid for making summaries.
As I mentioned before, my app's snapshot is here.
$r5 = virtualinvoke $r3.<java.net.URL: java.net.URLConnection
openConnection()>();
$r6 = virtualinvoke $r5.<java.net.URLConnection:
java.io.InputStream getInputStream()>();
*interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser: void
setInput(java.io.InputStream,java.lang.String)>($r6, "UTF-8");*
[...]
$r7 = interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser:
java.lang.String nextText()>();
In the 3rd line, I want to propagate taints $r6 to $4. So I tried making
summary of "org.xmlpull.v1.XmlPullParser" , and performed the following
command.
MacBookPro-3:FlowDroid hatayama$ java -Xms10g -Xmx12g -cp
guava-18.0.jar:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:soot-infoflow-summaries.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar
soot.jimple.infoflow.methodSummary.Main android10.jar ./summaries/
org.xmlpull.v1.XmlPullParserFactory.java
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in
[jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in
[jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
Warning: org.xmlpull.v1.XmlPullParserFactory.java is a phantom class!
Warning: java.lang.invoke.LambdaMetafactory is a phantom class!
Warning: java.lang.ref.Finalizer is a phantom class!
Analyzing class org.xmlpull.v1.XmlPullParserFactory.java
Class summaries for org.xmlpull.v1.XmlPullParserFactory.java done in
0.001833 seconds for 0 summaries
Class org.xmlpull.v1.XmlPullParserFactory.java done.
[main] INFO
soot.jimple.infoflow.methodSummary.postProcessor.InfoflowResultPostProcessor
- Removed 0 flows in favour of more precise ones
Done.
But nothing was outputted. Could you show me what is my mistake?
Best regards,
Kazuki.
On 2016/09/07 5:25, Steven Arzt wrote:
>
> Hi,
>
> That should work as long as you have a StubDroid summary for at least
> one class that implements the interface. The taint wrapper should then
> use a union of all summaries of implementations. If that doesn't work,
> it's a bug and we need to fix it.
>
> Best regards,
> Steven
>
>
> On Sep 6, 2016 1:20 PM, Kazuki Hatayama <komakomaillusion at gmail.com>
> wrote:
>
> Hi all,
>
> I'm faced with the similar problem
> (https://github.com/secure-software-engineering/soot-infoflow-android/issues/125).
>
>
> here is the snapshot of my app.
> $r5 = virtualinvoke $r3.<java.net.URL:
> java.net.URLConnection openConnection()>();
> $r6 = virtualinvoke $r5.<java.net.URLConnection:
> java.io.InputStream getInputStream()>();
> *interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser: void
> setInput(java.io.InputStream,java.lang.String)>($r6, "UTF-8");*
> [...]
> $r7 = interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser:
> java.lang.String nextText()>();
>
> In 3rd line, I want to propagate taints $r6 to $4. The above web
> page says Stubdroid can handle this situation.
>
> But Stubdroid seems to be applicable to only classes, not interfaces.
>
> Can really Stubdroid handle this situation?
>
> Best regards,
> Kazuki.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160907/77101de5/attachment-0001.html
More information about the Soot-list
mailing list