[Soot-list] about custom entry points

[Arzt, Steven]

Hi,

Soot’s callgraph algorithms usually analyze programs starting from the entry point which is expected to be some main method. In the case of servlets, you need to provide a main method that emulates calls to the servlet methods. To automatically generate such a dummy main method, you can have a look at the DefaultEntryPointCreator class from FlowDroid (soot-infoflow on Github) that was exactly designed to create dummy main methods for such cases. The method it generates will not be executable, but equivalent to a real implementation for the purpose of callgraph construction.

Best regards,
  Steven

From: Soot-list [mailto:soot-list-bounces at cs.mcgill.ca] On Behalf Of liujiefeng
Sent: Wednesday, March 8, 2017 4:57 AM
To: soot-list at CS.McGill.CA
Subject: [Soot-list] about custom entry points

Hi, there!

I’ve got some problems with custom entry points.
I’ve learned from https://github.com/Sable/soot/wiki/Using-Soot-with-custom-entry-points to analyze from custom entry point.
Options.v().parse(args);
SootClass c = Scene.v().forceResolve("MyEntryPoint", SootClass.BODIES);
c.setApplicationClass();
Scene.v().loadNecessaryClasses();
SootMethod method = c.getMethodByName("myMethod");
List entryPoints = new ArrayList();
entryPoints.add(method);
Scene.v().setEntryPoints(entryPoints);
PackManager.v().runPacks();


But I can’t use

To get to my method, it just always analyze from main method.
Since my project is using servlet, so I can’t just make a call in main method since request and response is not easy to new.

So I’m wondering:

1.       Is it possible to analyze from custom entry point throw the method above?

2.       If so, what is my problem? Does “myMethod” cannot just be String of method name?

Looking forward & with best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170308/9b58d1d2/attachment.html>