New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any configuration example for FlowDroid taint analysis on latest version (2.5) ? #6
Comments
You can use the command line client implementation as an example of how the FlowDroid API works. The class "MainClass" in "soot-infoflow-cmd" implements a small tool that runs a data flow analysis and prints out the results. In general, you need the following things to run a data flow analysis:
These are the options you always need to configure. They are all located in the "AnalysisFileConfiguration" class which is part of "InfoflowAndroidConfiguration". All the other options are additional features or tweaks that you can configure if you want, but for which you can also use the defaults. Once your files are configured (see list above), you can instantiate the "SetupApplication" class with your configuration object and call runInfoflow(). |
Ok great ! thanks for that ! |
Yes, that is possible. You can use the method getCategory() un the class SourceSinkDefinition. When you look at the results of the data flow analysis, there is a method getDefinition() in SinkInfo and SourceInfo that will give you such a definition, which in turn contains the respective category. |
I have another question. try {
app.setCallbackFile(analyzerDirectory + "AndroidCallbacks.txt");
app.calculateSourcesSinksEntrypoints(analyzerDirectory + "SourcesAndSinks.txt");
EasyTaintWrapper easyTaintWrapper = new EasyTaintWrapper(analyzerDirectory + "EasyTaintWrapperSource.txt");
app.setTaintWrapper(easyTaintWrapper);
} catch (IOException | XmlPullParserException e) {
e.printStackTrace();
}
soot.G.reset();
soot.options.Options.v().set_allow_phantom_refs(true); // allow phantom classes
// soot.options.Options.v().set_validate(true); // validate internal bodies
soot.options.Options.v().set_src_prec(soot.options.Options.src_prec_apk); // only apk are accepted for soot analysis
soot.options.Options.v().set_android_jars(androidJars); // Load android platforms
soot.options.Options.v().set_process_dir(Collections.singletonList(pathToApk)); // loading apk to soot
// soot.options.Options.v().set_soot_classpath(androidJars);
soot.options.Options.v().set_process_multiple_dex(true);
soot.options.Options.v().set_whole_program(true);
soot.options.Options.v().set_keep_line_number(true);
soot.options.Options.v().set_output_format(soot.options.Options.output_format_jimple);
soot.options.Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
soot.options.Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint)); Do you have a best practice to use Soot first to instrument my apk code and then run infoflow ? Thank you ! |
There are two approaches you can use:
|
Thank you for your help Steven ! soot.options.Options.v().set_allow_phantom_refs(true); // allow phantom classes
soot.options.Options.v().set_validate(true); // validate internal bodies
soot.options.Options.v().set_src_prec(soot.options.Options.src_prec_apk); // only apk are accepted for soot analysis
soot.options.Options.v().set_android_jars(androidJars); // Load android platforms
soot.options.Options.v().set_process_dir(Collections.singletonList(pathToApk)); // loading apk t
soot.options.Options.v().set_process_multiple_dex(true);
soot.options.Options.v().set_output_format(soot.options.Options.output_format_jimple);
Scene.v().loadNecessaryClasses();
InfoflowAndroidConfiguration configuration = new InfoflowAndroidConfiguration();
configuration.setSootIntegrationMode(InfoflowAndroidConfiguration.SootIntegrationMode.UseExistingInstance);
app = new SetupApplication(configuration); But it doesn't work, the SetupApplication doesn't recognize the AndroidJar path and throw : throw new RuntimeException("Android platform directory not specified"); When looking at the SetupApplication.java source code, it looks like there is no reference to SootIntegrationMode.UseExistingInstance. I can only see mentions to SootIntegrationMode.UseExistingCallgraph. Am I missing something in my config or am I in a wrong Branch ? Thanks |
Ok I assume that FlowDroid will only use current instance of Soot for loaded Classes and Callgraph, but not for options like android platform path or apk path |
If FlowDroid is configured to use an existing Soot instance, it will not initialize Soot on its own. That means that neither the APK nor the platforms directory is taken from the FlowDroid settings. FlowDroid simply assumes that there is a running Soot instance that it can just use. Therefore, it doesn't matter what you set in the FlowDroid options if you take an existing Soot instance. Can you try the "develop" branch? At least there, I see a reference to the Soot integration mode in the method SootIntegrationMode.needsToBuildCallgraph(). If I recall correctly, we also use FlowDroid in that configuration in one of our research projects and I haven't heard any complaints from these colleagues. If nothing helps, can you post the stack trace of the exception and all other output that you get to the log (FlowDroid uses log4j). |
Hi Steven, 125 soot.options.Options.v().set_allow_phantom_refs(true); // allow phantom classes
126 soot.options.Options.v().set_validate(true); // validate internal bodies
127 soot.options.Options.v().set_src_prec(soot.options.Options.src_prec_apk); // only apk are accepted for soot analysis
128 soot.options.Options.v().set_android_jars(androidJars); // Load android platforms
129 soot.options.Options.v().set_process_dir(Collections.singletonList(pathToApk)); // loading apk t
130 soot.options.Options.v().set_process_multiple_dex(true);
131 soot.options.Options.v().set_whole_program(true);
132 soot.options.Options.v().set_output_format(soot.options.Options.output_format_jimple);
133 soot.options.Options.v().set_output_format(soot.options.Options.output_format_dex);
134 Scene.v().loadNecessaryClasses();
135 InfoflowAndroidConfiguration configuration = new InfoflowAndroidConfiguration();
136 configuration.setSootIntegrationMode(SootIntegrationMode.UseExistingInstance);
137 Config.app = new SetupApplication(configuration); I have the following stacktrace :
Don't understand why FlowDroid doesn't take the AndroidJars I gave to the soot configuration at line 128 … |
@AmrAshraf Please do not ask new questions in existing threads, but open a new thread instead. This discussion here is about something else. @LouisonGitzinger In your code, you specify the output format twice. That's not the problem here, but it doesn't look intended either. The exception you get is a bug. That check shouldn't be performed if you use an existing Soot instance. I will commit a fix later on, together with the rest I am currently working on. In the meantime, you can just set some Android platform directory. It will be ignored, because no new Soot instance is created. However, the superfluous check should then pass. |
Sir, I am getting the following error after executing the command-: error-: is there any error in the main file? |
is there any fix to what was stated above? I also have that problem. |
Which version of FlowDroid do you use? The line 1289 isn't plausible for the current development branch. In general, if you encounter a problem, please open a new issue unless your problem is definitely related to the current issue. It becomes very confusing if multiple different problems are cluttered in the same issue. |
Hi there,
I'm currently trying to use the latest version of FlowDroid, which looks very handy and more modular.
However, I'm a bit stuck with the new way of setting up a taint analysis programatically with sources and sinks.
I think one way to do it is to start with a InfoflowAndroidConfiguration instance, but not sure about all the options…
Do you have a working example somewhere that I could use as a starting point ?
I would like to use it as a library because i'm already using Soot in my program to instrument some methods from apks.
Thank you in advance :)
The text was updated successfully, but these errors were encountered: