Open OlesiaSub opened 1 year ago
Running with PathReconstructionMode.Fast
(or Precise
; doesn't matter in this example), I get following output, first showing the method containing the statement, then the statement itself:
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke $stack10.<soot.jimple.infoflow.test.android.ConnectionManager: void publish(java.lang.String)>(taintedElement#1) in method <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()> was called with values from the following sources:
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - - $stack7 = staticinvoke <soot.jimple.infoflow.test.android.TelephonyManager: java.lang.String getDeviceId()>() in method <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - on Path:
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> $stack7 = staticinvoke <soot.jimple.infoflow.test.android.TelephonyManager: java.lang.String getDeviceId()>()
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> array[1] = $stack7
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> a1 = array[1]
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> array2[0] = a1
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> taintedElement#1 = array2[0]
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> <soot.jimple.infoflow.test.ArrayTestCode: void concreteWriteReadSamePosTest()>
[Time-limited test] INFO soot.jimple.infoflow.Infoflow - -> virtualinvoke $stack10.<soot.jimple.infoflow.test.android.ConnectionManager: void publish(java.lang.String)>(taintedElement#1)
i.e.
String tainted = TelephonyManager.getDeviceId();
array[1] = tainted;
String a1 = array[1];
array2[0] = a1;
taintedElement = array2[0];
cm.publish(taintedElement);
Hello! I've already asked a question about retrieving tainted paths, but I want to clarify something here. Could you please tell me, which lines would be present in the most comprehensive tainted path configuration possible for this test code?
I only get instructions corresponding to taint source, sink and one more that is probably corresponding to the
taintedElement = array2[0];
instruction. Is it possible to see the lines below? They contain instructions regarding tainted variable, so I thought they will appear in the path.