search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.03k stars 293 forks source link

How to get called functions and APIs between source and sink of a given apk? #462

Closed AbdMala closed 2 years ago

AbdMala commented 2 years ago

Hi @StevenArzt,

How could I get the called functions and APIs between two points (source and sink) of a given apk.

public class MainActivity extends Activity {

    public void getLocation() {
    Location location = locationManager.getLastKnownLocation(bestProvider);
    latitude = location.getLatitude(); //source
    longitude = location.getLongitude(); //source

    test(); // how to get this? (1)
    // Or an API that will be called here (e.g. javax.crypto.Cipher)
    Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); // how to get this? (2)

    Log.d("leak location ", "latitude:" + latitude + " longitude:" + longitude); //sink
    }

    public void test () {
     // ..... Just a function that will be called in getLocation().
    }
}

With FlowDroid I found the source and the sink, now I am looking to find (1) and (2), how is it possible to do that using FlowDroid? I would like to get an output like:

Between the given source and the sink that have been called: <com.apps.MainActivity: void test ()> <javax.crypto.Cipher: Cipher Cipher.getInstance("DES/CBC/PKCS5Padding")>

Thank you in advance!

StevenArzt commented 2 years ago

FlowDroid can give you the taint propagation path. Have a look at the PathReconstructionMode in the InfoflowConfiguration. This path contains the statements that transfer the taint, i.e., all statements that have something to do with the leak. To find the intermediate statements that are irrelevant for the leak, you can use the InfoflowCFG (getSuccsOf, getPredsOf) starting from the statements on your path.