[Question] Difference between attach_to_sources and features keys.

[serrapa]

Hello, I cannot understand the difference between the attach_to_sources key and the features key. The doc says the features label is a list of features name and sources, sinks and propagations can have it. However, the attach_to_sources can have it as well for example, but it seems the aim is different, otherwise I cannot get why creating two key with the same purpose.

Moreover, if I want to tag a source with a specific feature name, what do I have to use? attach_to_source or features? I would need to treat the return value as a source only if it has the feature name specified. I wonder if it is possible.

[arthaud]

Our documentation needs to be improved quite a bit.

features can be added on a user-declared source or sink.
attach_to_source is used when you do not know what the source will be (or if there even is a source at all). It is added on inferred sources, i.e sources that the actual analysis finds.

For instance:

class A {
  public String foo() {
    // ...
  }
  public String bar() {
    // ...
  }
  public String baz() {
    if (cond()) {
      return foo();
    } else {
      return bar();
    }
  } 
}

If you want to mark foo as returning a source UserControlled with a feature, you would use a source with features:

{
  "sources": [
    {
      "kind": "UserControlled",
      "port": "Return",
      "features": ["via-foo"]
    }
  ]
}

If you want to add a feature to any sources flowing out of baz, without knowing what source it could be (it could be a source from foo or bar), you would use attach_to_source:

{
  "attach_to_sources": [
    {
      "features": ["via-baz"],
      "port": "Return"
    }
  ]
}

[serrapa]

Hello @arthaud ! Thank you for the answer. Basically, you use attach_to_sources to say "the flow passed through the baz method" because when analyzing with SAPP UI you will find the via-baz feature. This is what I understood.

However, I cannot find a use-case for features, I mean, what is the purpose to add an info like the feature name to a source with a kind defined? If features names are used for filtering in SAPP UI, while not just filtering for kinds (that are needed to define rules)?

[arthaud]

That's right, it's not really useful in general.

[serrapa]

Okay thanks for the explanation! Now it's clear. As you said, the documentation needs to be improved, it has been hard many times for me to understand some "concepts", I mean, there are not detailed enough in my opinion. This is just a suggestion that I would like to give you. I belive Mariana is very powerful and you have been doing a great job!