Open AbdMala opened 2 years ago
Hi @StevenArzt ,
I think, I have found something related to my issue and actually it is because of the object type byte []
, since I am using the simple SourceAndSink.txfile, It will not work.
Now how could I solve this problem? Since I have to run FlowDroid on many APKs (more than 100), Is there a general, expressive and more accurate configs that I could use to avoid such problems (inc. SourcesAndSinks definitions, analyzer config).
Thank you in advance
Have you tried the SummaryTaintWrapper
rather than the EasyTaintWrapper
? With the summaries from the summariesManual
folder, the example should work.
Hi @StevenArzt
I am using FlowDroid as a Java project (imported as a Maven Project with 2.10.0 version). The apk code:
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
SecretKey key = keygen.generateKey();
latitude = location.getLatitude();
//sourcebyte[] secret = encMsg(String.valueOf(latitude), key);
String decSecret = decryptMsg(secret, key);
Log.d("Enctest", decSecret);
//sinkpublic static String decryptMsg(byte[] cipherText, SecretKey secret) {
//decryptMsgCipher cipher;
cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secret);
String decryptString = new String(cipher.doFinal(cipherText), StandardCharsets.UTF_8);
return decryptString;}
public static byte[] enc(String msg, SecretKey secret) {
//encMsgbyte[] plaintext = msg.getBytes(StandardCharsets.UTF_8);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, secret);
byte[] ciphertext = cipher.doFinal(plaintext);
return ciphertext;}
Snippet code from using FlowDroid as a Java project:
SetupApplication analyzer = new SetupApplication(androidJar, apkPath);
analyzer.setTaintWrapper(new EasyTaintWrapper(taintWrapperFile));
InfoflowResults res = analyzer.runInfoflow(susiPath);
The output said: Source lookup done, found 1 source and 1 sink. but Found 0 leaks, which is actually in that case should be considered as a leak. When I run FlowDriod as cmd command with the same apk it says that it Founds 1 leak.
Do I have to change something in the config of the
analyzer
? If yes how? Or there is some bug with FlowDroid project when it is used as Maven project.Thank you in advance.