verifying propagations applied to the functions.

[adityavardhanpadala]

How do I verify which propagations are applied to a specific function, mariana-trench spends alot of time analysing functions like this

-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzdpv;.zzb:()Ljava/lang/Object;` took 15.10s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzekq;.zzb:()Ljava/lang/Object;` took 13.05s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzcrc;.zzb:()Ljava/lang/Object;` took 15.00s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzeaj;.zzb:()Ljava/lang/Object;` took 13.16s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzdeb;.zzb:()Ljava/lang/Object;` took 13.11s!
2023-09-26 13:10:53 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzckj;.zzb:()Ljava/lang/Object;` took 13.02s!
2023-09-26 13:10:53 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzdpr;.zzb:()Ljava/lang/Object;` took 25.50s!

Is there a way to make mariana-trench apply either taint-in-taint-out and/or taint-in-taint-this propagation automatically?

[arthaud]

If you just want to assume taint-in-taint-out and taint-in-taint-this for that function and skip its analysis, you can use a model:

{
  "find": "methods",
  "where": [
    {
      "constraint": "signature_match",
      "parent": "Lcom/example/Logger;",
      "name": "log"
    }
  ],
  "model": {
    "modes" : ["skip-analysis", "taint-in-taint-out", "taint-in-taint-this"]
  }
}

We usually do this for methods slow to analyze. You could try to understand why the analysis is slow, but that requires a good understanding of the analysis, and looking at a lot of logs.

[adityavardhanpadala]

We usually do this for methods slow to analyze. This is not very scalable when you are working on a bigger dataset of APKs so I am assuming using a model for a common set of functions is the way. Thanks!