[Soot-list] Can Stubdroid handle interfaces?

Steven Arzt steven.arzt at cased.de
Tue Sep 20 04:27:19 EDT 2016 

Hi Kazzuki,

Have you dobule-checked that this class exists inside the android15 JAR 
file that you specify on thecommand line and that the methods in there 
contain actual implementations and not just stubs? Where did you obtain 
the Android JAR file from? The one shipped with the Android SDK only 
contains stubs, but no real implementations. You can check that by using 
a decompiler such as JD GUI to look into the JAR file.

Best regards,
   Steven

On 2016-09-16 11:14, Kazuki Hatayama wrote:
> Hi Steven,
> 
> Thank you so much for your advice.
> 
> "org.kxml2.io.KXmlParser" class  implements
> "org.xmlpull.v1.XmlPullParser", so I tried making summary of that
> class. I performed the following command, but no summary file is
> outputted.
> 
> MacBookPro-3:FlowDroid hatayama$ java -Xms10g -Xmx12g -cp
> guava-18.0.jar:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:soot-infoflow-summaries.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar
> soot.jimple.infoflow.methodSummary.Main android15.jar  ./summaries/
> org.kxml2.io.KXmlParser
>  SLF4J: Class path contains multiple SLF4J bindings.
>  SLF4J: Found binding in
> [jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class
> [1]]
>  SLF4J: Found binding in
> [jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class
> [2]]
>  SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings [3] for
> an explanation.
>  SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
>  Warning: org.kxml2.io.KXmlParser is a phantom class!
>  Warning: java.lang.invoke.LambdaMetafactory is a phantom class!
>  Warning: java.lang.ref.Finalizer is a phantom class!
>  Analyzing class org.kxml2.io.KXmlParser
>  Class summaries for org.kxml2.io.KXmlParser done in 0.00298 seconds
> for 0 summaries
>  Class org.kxml2.io.KXmlParser done.
>  [main] INFO
> soot.jimple.infoflow.methodSummary.postProcessor.InfoflowResultPostProcessor
> - Removed 0 flows in favour of more precise ones
>  Done.
> 
> Could you show me what is my mistake?
> 
> Best regards,
>   Kazuki
> 
> On 2016/09/08 1:59, Steven Arzt wrote:
> 
>> Hi Kazuki,
>> 
>> You cannot generate a summary for an interface. You can only create
>> a summary for a class that implements the interface. In your case,
>> you need to find an implementation of "org.xmlpull.v1.XmlPullParser"
>> and create a summary of that class. StubDroid will then
>> automatically fill in this summary in places where the interface is
>> used.
>> 
>> The reason is simply that an interface in itself has no
>> implementation. Therefore, there is no behavior that StubDroid could
>> summarize.
>> 
>> Best regards,
>> Steven
>> 
>> On 2016-09-07 09:20, Kazuki Hatayama wrote:
>> Hi Steven,
>> 
>> Thanks for your reply.
>> 
>> I'm not sure how to use StubDroid for making summaries.
>> 
>> As I mentioned before, my app's snapshot is here.
>> $r5 = virtualinvoke $r3.<java.net.URL:
>> java.net.URLConnection
>> openConnection()>();
>> $r6 = virtualinvoke $r5.<java.net.URLConnection:
>> java.io.InputStream getInputStream()>();
>> INTERFACEINVOKE $R4.<ORG.XMLPULL.V1.XMLPULLPARSER: VOID
>> SETINPUT(JAVA.IO.INPUTSTREAM,JAVA.LANG.STRING)>($R6, "UTF-8");
>> [...]
>> $r7 = interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser:
>> java.lang.String nextText()>();
>> 
>> In the 3rd line, I want to propagate taints $r6 to $4. So I tried
>> making summary of "org.xmlpull.v1.XmlPullParser" , and performed
>> the
>> following command.
>> 
>> MacBookPro-3:FlowDroid hatayama$ java -Xms10g -Xmx12g -cp
>> 
> guava-18.0.jar:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:soot-infoflow-summaries.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar
>> 
>> soot.jimple.infoflow.methodSummary.Main android10.jar ./summaries/
>> 
>> org.xmlpull.v1.XmlPullParserFactory.java
>> SLF4J: Class path contains multiple SLF4J bindings.
>> SLF4J: Found binding in
>> 
> [jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class
>> [1]
>> [2]]
>> SLF4J: Found binding in
>> 
> [jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class
>> [2]
>> [3]]
>> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings [3]
>> [4] for
>> an explanation.
>> SLF4J: Actual binding is of type
>> [org.slf4j.impl.SimpleLoggerFactory]
>> Warning: org.xmlpull.v1.XmlPullParserFactory.java is a phantom
>> class!
>> Warning: java.lang.invoke.LambdaMetafactory is a phantom class!
>> Warning: java.lang.ref.Finalizer is a phantom class!
>> Analyzing class org.xmlpull.v1.XmlPullParserFactory.java
>> Class summaries for org.xmlpull.v1.XmlPullParserFactory.java done
>> in
>> 0.001833 seconds for 0 summaries
>> Class org.xmlpull.v1.XmlPullParserFactory.java done.
>> [main] INFO
>> 
> soot.jimple.infoflow.methodSummary.postProcessor.InfoflowResultPostProcessor
>> 
>> - Removed 0 flows in favour of more precise ones
>> Done.
>> 
>> But nothing was outputted. Could you show me what is my mistake?
>> 
>> Best regards,
>> Kazuki.
>> 
>> On 2016/09/07 5:25, Steven Arzt wrote:
>> 
>> Hi,
>> 
>> That should work as long as you have a StubDroid summary for at
>> least one class that implements the interface. The taint wrapper
>> should then use a union of all summaries of implementations. If
>> that
>> doesn't work, it's a bug and we need to fix it.
>> 
>> Best regards,
>> Steven
>> 
>> On Sep 6, 2016 1:20 PM, Kazuki Hatayama
>> <komakomaillusion at gmail.com>
>> wrote:
>> 
>> Hi all,
>> 
>> I'm faced with the similar problem
> 
> (https://github.com/secure-software-engineering/soot-infoflow-android/issues/125
> [4]
> 
>>> [1]).
>>> 
>>> here is the snapshot of my app.
>>> $r5 = virtualinvoke $r3.<java.net.URL:
>>> java.net.URLConnection openConnection()>();
>>> $r6 = virtualinvoke $r5.<java.net.URLConnection:
>>> java.io.InputStream getInputStream()>();
>>> INTERFACEINVOKE $R4.<ORG.XMLPULL.V1.XMLPULLPARSER: VOID
>>> SETINPUT(JAVA.IO.INPUTSTREAM,JAVA.LANG.STRING)>($R6, "UTF-8");
>>> [...]
>>> $r7 = interfaceinvoke $r4.<org.xmlpull.v1.XmlPullParser:
>>> java.lang.String nextText()>();
>>> 
>>> In 3rd line, I want to propagate taints $r6 to $4. The above web
>>> page says Stubdroid can handle this situation.
>>> 
>>> But Stubdroid seems to be applicable to only classes, not
>>> interfaces.
>>> 
>>> Can really Stubdroid handle this situation?
>>> 
>>> Best regards,
>>> Kazuki.
> 
>  Links:
>  ------
>  [1]
>  
> https://github.com/secure-software-engineering/soot-infoflow-android/issues/125
> [4]
>  [2]
> 
> jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class
> [1]
>  [3]
> 
> jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class
> [2]
>  [4] http://www.slf4j.org/codes.html#multiple_bindings [3]
> 
> --
> Kazuki
> 
> 
> Links:
> ------
> [1]
> jar:file:/Users/hatayama/Desktop/FlowDroid/soot-trunk.jar%21/org/slf4j/impl/StaticLoggerBinder.class
> [2]
> jar:file:/Users/hatayama/Desktop/FlowDroid/slf4j-simple-1.7.5.jar%21/org/slf4j/impl/StaticLoggerBinder.class
> [3] http://www.slf4j.org/codes.html#multiple_bindings
> [4]
> https://github.com/secure-software-engineering/soot-infoflow-android/issues/125

More information about the Soot-list mailing list