search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.05k stars 298 forks source link

Leak found with FlowDroid-cmd but not with FlowDroid as a Maven project #482

Open AbdMala opened 2 years ago

AbdMala commented 2 years ago

Hi @StevenArzt

I am using FlowDroid as a Java project (imported as a Maven Project with 2.10.0 version). The apk code:

KeyGenerator keygen = KeyGenerator.getInstance("AES"); keygen.init(256); SecretKey key = keygen.generateKey(); latitude = location.getLatitude(); //source byte[] secret = encMsg(String.valueOf(latitude), key); String decSecret = decryptMsg(secret, key); Log.d("Enctest", decSecret); //sink

public static String decryptMsg(byte[] cipherText, SecretKey secret) { //decryptMsg Cipher cipher; cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING"); cipher.init(Cipher.DECRYPT_MODE, secret); String decryptString = new String(cipher.doFinal(cipherText), StandardCharsets.UTF_8); return decryptString;}

public static byte[] enc(String msg, SecretKey secret) { //encMsg byte[] plaintext = msg.getBytes(StandardCharsets.UTF_8); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING"); cipher.init(Cipher.ENCRYPT_MODE, secret); byte[] ciphertext = cipher.doFinal(plaintext); return ciphertext;}

Snippet code from using FlowDroid as a Java project:

SetupApplication analyzer = new SetupApplication(androidJar, apkPath); analyzer.setTaintWrapper(new EasyTaintWrapper(taintWrapperFile)); InfoflowResults res = analyzer.runInfoflow(susiPath);

The output said: Source lookup done, found 1 source and 1 sink. but Found 0 leaks, which is actually in that case should be considered as a leak. When I run FlowDriod as cmd command with the same apk it says that it Founds 1 leak.

Do I have to change something in the config of the analyzer? If yes how? Or there is some bug with FlowDroid project when it is used as Maven project.

Thank you in advance.

AbdMala commented 2 years ago

Hi @StevenArzt , I think, I have found something related to my issue and actually it is because of the object type byte [], since I am using the simple SourceAndSink.txfile, It will not work.

Now how could I solve this problem? Since I have to run FlowDroid on many APKs (more than 100), Is there a general, expressive and more accurate configs that I could use to avoid such problems (inc. SourcesAndSinks definitions, analyzer config).

Thank you in advance

StevenArzt commented 2 years ago

Have you tried the SummaryTaintWrapper rather than the EasyTaintWrapper? With the summaries from the summariesManual folder, the example should work.