Open neupaneprakash opened 1 year ago
neupaneprakash
commented
1 year ago Thank you @StevenArzt ! Can we use FlowDroid to carry out data flow analysis for java based web applications ? If we can how? or if we can't why not? Just any high level suggestions will be helpful.
StevenArzt
commented
1 year ago You need an approproiate dummy main method for analyzing web applications, based on the IEntryPointCreator interface. OpenSource FlowDroid does not have such an implementation for Java web applications. However, our commercial scanner VUSC (which is based on Soot and FlowDroid) has it. We can offer free academic licenses including access to the source code for scholars employed at renowned universities, but it requires a license contract / NDA to be signed.
neupaneprakash
commented
1 year ago Thank you @StevenArzt for your kind and very helpful information. I am an MS scholar primarily working on the domain of program analysis and compiler at School of Computing and Electrical Engineering, Indian Institute of Technology (IIT) Mandi , India. How can I get VUSC license contract? I purely need it for academic research purposes. I will be happy to know about the procedure. Please!
FlowDroid has several modules. The base module
soot-infoflowis a pure Java analyzer. Only the second modulesoot-infoflow-androidadds the Android support.If you need examples on analyzing Java code, have a look at the JUnit test cases in the
soot-infoflowmodule. They are based on pure Java.