Closed NicolasFNino closed 1 year ago
<method signature="java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)">
<base>
<accessPath isSource="true" isSink="false" />
</base>
</method>
You can also look up the schema at https://github.com/secure-software-engineering/FlowDroid/blob/develop/soot-infoflow-android/schema/SourcesAndSinks.xsd#L28
Greetings,
How should I define a source in the SourcesAndSinks.xml file so that the method taints the object that it works on without being an assignment statement? As an example take the StringBuilder.append method:
virtualinvoke $r2.<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>("string literal");
If I want to define this method as a source how would I do it so $r2 becomes tainted. I have tried the following:
Both times the signatures are recognized as valid sources inside the code but, they do not seem to taint the object $r2.
Thanks a lot,