search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.02k stars 293 forks source link

scanMethodForSourcesSinks no case for Both (Source and Sink) #596

Closed dschm1dt closed 1 year ago

dschm1dt commented 1 year ago

Hello, for a test app, my sources and sinks contain okhttp3.Call: okhttp3.Response execute(), which in my case is considered as both (source and sink). However, FlowDroid reports (latest version) that no sink is found. After looking into the source code, it looks like this (BOTH source and sink) is not supported anymore, as in such a case, the statement is always considered as a source. 

    private int scanMethodForSourcesSinks(final ISourceSinkManager sourcesSinks, AbstractInfoflowProblem forwardProblem,
            SootMethod m) {
                        //...
            for (Unit u : units) {
                Stmt s = (Stmt) u;
                switch (scanStmtForSourcesSinks(sourcesSinks, s)) {
                case SOURCE:
                    forwardProblem.addInitialSeeds(s, Collections.singleton(forwardProblem.zeroValue()));
                    if (getConfig().getLogSourcesAndSinks())
                        collectedSources.add(s);
                    break;
                case SINK:
                    if (getConfig().getLogSourcesAndSinks())
                        collectedSinks.add(s);
                    sinkCount++;
                    break;

                }
                       //...
                      }

    @Override
    protected SourceSinkState scanStmtForSourcesSinks(final ISourceSinkManager sourcesSinks, Stmt s) {
        if (sourcesSinks.getSourceInfo(s, manager) != null) {
            return SourceSinkState.SOURCE;
        }
        if (sourcesSinks.getSinkInfo(s, manager, null) != null) {
            return SourceSinkState.SINK;
        }
        return SourceSinkState.NEITHER;
    }