Open Jclavo opened 1 year ago
If you lose taints over library calls, it might be due to the called class containing the method being phantom (aka Soot found references to the class but couldn't find the bytecode and thus, can't resolve the method body). Either configure Soot to find the bytecode of the library or preferably, use a taint wrapper that has a summary for the methods.
Hi @StevenArzt , I am exploring soot-infloflow's tests and I managed to run 104 of them but I got 32 fails so I started to explore each folder.
For aliasing folder (FlowDroid/soot-infoflow/securiBench/securibench/micro) and the result was:
so lets focus on test alising4 (which is using cast)
It is only checking as bad
writer.println(o1);
but notwriter.println(o2);
UPDATE
While I am exploring basic folder, I have found some similar errors and my first conclusion is that every time that a TAINTED
var
does an operation like:the
var
loses its TAINTED.Do you have any idea of what could be happening?
CONFIG
I am using the last Flowdroid's dependency