java.lang.RuntimeException: getInvokeExpr() called with no invokeExpr present! at soot.jimple.internal.AbstractStmt.getInvokeExpr(AbstractStmt.java:56)

[mlin2]

Good afternoon,

As a TUM Student, I take part in the Securing Android practical course. Therefore, we're trying to instrument many APK from the FDroid repository (Open Source Android Repository) and for some unknown reason we get this error:

Exception in thread "main" java.lang.RuntimeException: getInvokeExpr() called with no invokeExpr present! at soot.jimple.internal.AbstractStmt.getInvokeExpr(AbstractStmt.java:56) at de.ecspride.pep.PolicyEnforcementPoint.instrumentSourceToSinkConnections(PolicyEnforcementPoint.java:363) at de.ecspride.pep.PolicyEnforcementPoint.doAccessControlChecks(PolicyEnforcementPoint.java:198) at de.ecspride.pep.PolicyEnforcementPoint.onResultsAvailable(PolicyEnforcementPoint.java:139) at soot.jimple.infoflow.Infoflow.runAnalysis(Infoflow.java:415) at soot.jimple.infoflow.Infoflow.computeInfoflow(Infoflow.java:137) at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:698) at de.ecspride.Main.runFlowDroid(Main.java:114) at de.ecspride.Main.main(Main.java:84)

The APK I tried can be found here: https://f-droid.org/repo/com.doomy.overflow_4.apk

Did we miss something or is it really a bug in the InstrumentationPEP ?

[Alexandre-Bartel]

Thanks for reporting this! In ae9ab0e79eb4093747ca9f2717f547569c0543df, sources with no invoke expression are now skipped. You could contribute to DroidForce by writing new code to support sources with no invoke expressions (and then send a push request)!