RichardHoOoOo
commented
2 years ago Hi @StevenArzt I am sorry to disturb you again. Would you be able to look into this issue if you are available?
Thanks in advance.
Closed RichardHoOoOo closed 2 years ago
RichardHoOoOo
commented
2 years ago Hi @StevenArzt I am sorry to disturb you again. Would you be able to look into this issue if you are available?
Thanks in advance.
StevenArzt
commented
2 years ago Same as #481
Hi @StevenArzt May I ask does FlowDroid distinguish intent extras put by different keys when propagating taints (thus
"intent-extra-sensitive")? From some related discussions (e.g., #273), it seems FlowDroid can do so. I create a simple test app but it seems FlowDroid is "intent-extra-insensitive".In the example,
getTitle()is set as the source, whose return will be sent to another activity where the sinkloadUrl()can receive the title.FlowDroid can correctly report the leak.
However, if I change line 2 to
intent.putExtra("b", wv.getTitle());(replace the extra key"a"by"b"), FlowDroid can still report the leak, which is, however, a false positive.From the output by
notifyFlowOut, it seems the entire extraValues array is tainted (r7(android.content.Intent) <android.content.Intent: java.lang.Object[] extraValues> * <+length>) when a tainted variable is put into the intent extra (virtualinvoke r7.<android.content.Intent: android.content.Intent putExtra(java.lang.String,java.lang.String)>("b", $r8)).May I ask can FlowDroid distinguish different extras in an intent by their keys (assume keys are constant)? If yes, could you tell me how to config FlowDroid to do so?
I attach my current configuration for your references: