Open zhouyuhao1018 opened 2 years ago
@StevenArzt , sorry to bother you. I think that maybe I know the reason.
I found that there is no implementation of the function public Set<Abstraction> getAliasesForMethod()
in taintWrappers class.
Does this lead to the backward alias analysis missing the $i0 (in line09) that is a alias of $r2 (in line12) ?
PS: I use the EasyTaintWrapper and alias algorithm is FlowSensitive.
Dear, I have confusion about backward alias analysis, and there is false negative caused by this. The following is the case. The local $r2 in line12 is a source based on
StatementSourceSinkDefinition
, thevoid setNumber(int)
in line 17 is a sink based onMethodSourceSinkDefinition
.Obviously, the source taint
$r2
is a alias ofMainActivity.num
, and there is a leak in line 17.I try to debug this by implementing a instance of in line08. So that, the leak caused by line 16-17 is missed.
TaintPropagationHandler
and print the backward analysis step by step. The backward alias analysis stop after analyzing line9. However, the local $i0 is not tainted (i.e., $i0 is not a alias), neither theWhat can I do to avoid this ? or, Maybe my understanding of alias analysis is wrong? I really hope your suggestions.