search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.02k stars 292 forks source link

(Question) Getting methods chain between sources and sinks #684

Closed Alireza-Ardalani closed 4 months ago

Alireza-Ardalani commented 5 months ago

Hi, @StevenArzt Is there a way to get the chain of methods (according to CFG) between source and sink?

StevenArzt commented 5 months ago

The data flow path, which is part of the InfoflowResults object returned by FlowDroid contains all methods that have propagated the taint on its way from source to sink. You can iterate over these statements and retrieve the corresponding methods:

InfoflowResults results = app.runInfoflow();
final CallGraph cg = Scene.v().getCallGraph();
for (DataFlowResult res : results.getResultSet()) {
  List<SootMethod> methods = new ArrayList<>();
  for (Stmt s : res.getSource().getPathCallSites()) {
    Iterator<Edge> it = cg.edgesOutOf(s);
      while (it.hasNext()) {
        methods.add((SootMethod) it.next().getTgt());
      }
    }
}

You will also need to remove duplicates, which I didn't do here for the sake of brevity.