New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage of the tool to normal java applications(Non android) #54
Comments
Hi @akshayprasad, thanks for trying out Mariana Trench! In order to run against non-android java projects, you would need to run it through a jar-to-apk converter. Mariana Trench should be able to run on the resulting APK. Hope that helps! |
Thank you for the reply and I also see that this works for Dalvik code. The native java application that I have is bytecode, so, Also, I am a little curious about how the tool identifies the sources and the sinks. Looking forward to hearing from you. |
No, unfortunately, Mariana Trench does not work on java bytecode which is one reason the jar needs to be converted to an apk first. As for how the tool identifies sources and sinks, these are user-configurable. See https://mariana-tren.ch/docs/customize-sources-and-sinks for how they can be configured. We also have some default configurations checked in: https://github.com/facebook/mariana-trench/tree/main/configuration |
I have the source code, but it will be compiled into a high version of dex, which is not supported. So can I directly analyze the source code without providing the apk file? |
Dear Team,
I am trying to apply this tool for normal java existing projects and it says it needs apk mandatorily. Any help on this would be grateful.
Looking forward to hearing from you.
Regards,
Akshay Prasad
The text was updated successfully, but these errors were encountered: