Skip to content
System using the Analysis Query Language
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
data
mvn
queries
schemas
src
.gitignore
LICENSE
README.md
_config.yml
logo.png
manpage
manual.pdf
pom.xml
tool.properties

README.md

Maven Central

AQL

The Android App Analysis Query Language (AQL) consists of two main parts, namely AQL-Queries and AQL-Answers. AQL-Queries enable us to ask for Android specific analysis subjects in a general, tool independent way. The grammar defining AQL-Queries can be found here.

Example 1: AQL-Queries

The following exemplary query can be used to get all Flows (e.g. taint flows) inside one app:

Flows IN App(’/path/to/example.apk’) ?

it is also possible to ask more specifically (or to filter the result):

Flows FROM 
	Statement(’getDeviceId()’)
	->Method(’onCreate(...)’)
	->Class(’MainActivity’)
	->App(’/path/to/example.apk’) 
TO 
	Statement(’sendTextMessage(...)’)
	->Method(’onCreate(...)’)
	->Class(’MainActivity’)
	->App(’/path/to/DirectLeak1.apk’)
?

Different operators are available to merge and further filter queries as well as methods to match intents and intent-filters.
More information about AQL-Queries can be found here.

Similarly, AQL-Answers are used to represent analysis results in a standardized form.
The syntax of AQL-Answers is defined via an XML schema definition (XSD).

Example 2: AQL-Answers

An AQL-Answer to the query from above could be (shortened):

<answer>
	<flows>
		<flow>
			<reference type="from">
				<statement>... getDeviceId() ...</statement>
				<method>... onCreate(...) ...</method>
				<classname>... MainActivity</classname>
				<app>
					<file>.../DirectLeak1.apk</file>
					<hashes>...</hashes>
				</app>
			</reference>
			<reference type="to">
				...
				sendTextMessage(...)
				...
			</reference>
		</flow>
	</flows>
</answer>

It shows a taint flow from a getDeviceId() statement to a sendTextMessage(...) statement.

AQL-System

The associated AQL-System takes AQL-Queries as input and outputs AQL-Answers.
To do so, it requires a configuration in form of an .xml file that describes

  • which tools are avaliable in a certain instance of the AQL-System and how to execute these,
  • which queries can be answered by which tool and
  • how to convert a tool’s result into an AQLAnswer.

Example 3

For instance, an AQL-System can be configured to execute FlowDroid in case of intra-app flow questions and IccTA in case of inter-app questions, since FlowDroid does not support such questions. Considering the example from above the AQL-System recognizes that FlowDroid is available and able to answer the query regarding flows inside one app only. Consequently, FlowDroid is launched and its result is converted into an AQL-Answer.

Usage

Our wiki contains tutorials how to use/extend the AQL-System: here

Execution

One tutorial deals with a simple run-through. It guides the user how to install, configure and execute an AQL-System, which is setup to use Amandroid.

Development

Library
The AQL-System or only its internal datastructure (AQL-Lib) can be used by or in other tools. We offer to options for integration:

  • Maven
<dependency>
	<groupId>de.foellix</groupId>
	<artifactId>AQL-System</artifactId>
	<version>1.1.1</version>
</dependency>
  • .jar Import
    All releases can be found here.

Building from source code

  • Import Maven project to Eclipse
  • Build pom.xml as Maven project
    • Build is stored inside the project's directory: projectDirectory/target/build
      (projectDirectory refers to your local project directory and consequently has to be replaced by the actual directory and its path)
  • Run the build (Launch parameters):
    • Option 1:
     cd projectDirectory/target/build
     java -jar AQL-System-XXX.jar
    • Option 2: Run de.foellix.aql.ui.cli.CommandLineInterface as Java Application

Publications

License

The AQL-System is licensed under the GNU General Public License v3 (see LICENSE).

Contact

Felix Pauck
Paderborn University
fpauck@mail.uni-paderborn.de
Homepage

Links

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.