[Soot-list] Can Stubdroid handle interfaces?

Kazuki Hatayama komakomaillusion at gmail.com
Fri Sep 16 05:14:11 EDT 2016 

Hi Steven,

Thank you so much for your advice.

"org.kxml2.io.KXmlParser" class  implements 
"org.xmlpull.v1.XmlPullParser", so I tried making summary of that class. 
I performed the following command, but no summary file is outputted.

MacBookPro-3:FlowDroid hatayama$ java -Xms10g -Xmx12g -cp 
guava-18.0.jar:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:soot-infoflow-summaries.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar 
soot.jimple.infoflow.methodSummary.Main android15.jar ./summaries/ 
org.kxml2.io.KXmlParser
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in 
[jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in 
[jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an 
explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
Warning: org.kxml2.io.KXmlParser is a phantom class!
Warning: java.lang.invoke.LambdaMetafactory is a phantom class!
Warning: java.lang.ref.Finalizer is a phantom class!
Analyzing class org.kxml2.io.KXmlParser
Class summaries for org.kxml2.io.KXmlParser done in 0.00298 seconds for 
0 summaries
Class org.kxml2.io.KXmlParser done.
[main] INFO 
soot.jimple.infoflow.methodSummary.postProcessor.InfoflowResultPostProcessor 
- Removed 0 flows in favour of more precise ones
Done.

Could you show me what is my mistake?

Best regards,
  Kazuki


On 2016/09/08 1:59, Steven Arzt wrote:
> Hi Kazuki,
>
> You cannot generate a summary for an interface. You can only create a 
> summary for a class that implements the interface. In your case, you 
> need to find an implementation of "org.xmlpull.v1.XmlPullParser" and 
> create a summary of that class. StubDroid will then automatically fill 
> in this summary in places where the interface is used.
>
> The reason is simply that an interface in itself has no 
> implementation. Therefore, there is no behavior that StubDroid could 
> summarize.
>
> Best regards,
>   Steven
>
> On 2016-09-07 09:20, Kazuki Hatayama wrote:
>> Hi Steven,
>>
>> Thanks for your reply.
>>
>> I'm not sure how to use StubDroid for making summaries.
>>
>> As I mentioned before, my app's snapshot is here.
>>          $r5 = virtualinvoke $r3.<java.net.URL: java.net.URLConnection
>> openConnection()>();
>>          $r6 = virtualinvoke $r5.<java.net.URLConnection:
>> java.io.InputStream getInputStream()>();
>>          INTERFACEINVOKE $R4.<ORG.XMLPULL.V1.XMLPULLPARSER: VOID
>> SETINPUT(JAVA.IO.INPUTSTREAM,JAVA.LANG.STRING)>($R6, "UTF-8");
>>  [...]
>>          $r7 = interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser:
>> java.lang.String nextText()>();
>>
>>  In the 3rd line, I want to propagate taints $r6 to $4. So I tried
>> making summary of  "org.xmlpull.v1.XmlPullParser" , and performed the
>> following command.
>>
>> MacBookPro-3:FlowDroid hatayama$ java -Xms10g -Xmx12g -cp
>> guava-18.0.jar:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:soot-infoflow-summaries.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar 
>>
>> soot.jimple.infoflow.methodSummary.Main android10.jar ./summaries/
>> org.xmlpull.v1.XmlPullParserFactory.java
>>  SLF4J: Class path contains multiple SLF4J bindings.
>>  SLF4J: Found binding in
>> [jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class 
>>
>> [2]]
>>  SLF4J: Found binding in
>> [jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class 
>>
>> [3]]
>>  SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings [4] for
>> an explanation.
>>  SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
>>  Warning: org.xmlpull.v1.XmlPullParserFactory.java is a phantom class!
>>  Warning: java.lang.invoke.LambdaMetafactory is a phantom class!
>>  Warning: java.lang.ref.Finalizer is a phantom class!
>>  Analyzing class org.xmlpull.v1.XmlPullParserFactory.java
>>  Class summaries for org.xmlpull.v1.XmlPullParserFactory.java done in
>> 0.001833 seconds for 0 summaries
>>  Class org.xmlpull.v1.XmlPullParserFactory.java done.
>>  [main] INFO
>> soot.jimple.infoflow.methodSummary.postProcessor.InfoflowResultPostProcessor 
>>
>> - Removed 0 flows in favour of more precise ones
>>  Done.
>>
>> But nothing was outputted. Could you show me what is my mistake?
>>
>> Best regards,
>>  Kazuki.
>>
>> On 2016/09/07 5:25, Steven Arzt wrote:
>>
>>> Hi,
>>>
>>> That should work as long as you have a StubDroid summary for at
>>> least one class that implements the interface. The taint wrapper
>>> should then use a union of all summaries of implementations. If that
>>> doesn't work, it's a bug and we need to fix it.
>>>
>>> Best regards,
>>> Steven
>>>
>>> On Sep 6, 2016 1:20 PM, Kazuki Hatayama <komakomaillusion at gmail.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm faced with the similar problem
>>>>
>>>
>> (https://github.com/secure-software-engineering/soot-infoflow-android/issues/125 
>>
>>>> [1]).
>>>>
>>>> here is the snapshot of my app.
>>>> $r5 = virtualinvoke $r3.<java.net.URL:
>>>> java.net.URLConnection openConnection()>();
>>>> $r6 = virtualinvoke $r5.<java.net.URLConnection:
>>>> java.io.InputStream getInputStream()>();
>>>> INTERFACEINVOKE $R4.<ORG.XMLPULL.V1.XMLPULLPARSER: VOID
>>>> SETINPUT(JAVA.IO.INPUTSTREAM,JAVA.LANG.STRING)>($R6, "UTF-8");
>>>> [...]
>>>> $r7 = interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser:
>>>> java.lang.String nextText()>();
>>>>
>>>> In 3rd line, I want to propagate taints $r6 to $4. The above web
>>>> page says Stubdroid can handle this situation.
>>>>
>>>> But Stubdroid seems to be applicable to only classes, not
>>>> interfaces.
>>>>
>>>> Can really Stubdroid handle this situation?
>>>>
>>>> Best regards,
>>>> Kazuki.
>>
>>
>> Links:
>> ------
>> [1]
>> https://github.com/secure-software-engineering/soot-infoflow-android/issues/125 
>>
>> [2]
>> jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class 
>>
>> [3]
>> jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class 
>>
>> [4] http://www.slf4j.org/codes.html#multiple_bindings
>

-- 
Kazuki

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160916/31cdda80/attachment.html

More information about the Soot-list mailing list