Closed luoyashuo closed 3 months ago
I am not sure I understand your problem. In the XML, there is a method
attribute for each statement on the taint path. What else do you need?
You can try this:
setup.addResultsAvailableHandler(new ResultsAvailableHandler() {
@Override
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
for (DataFlowResult result : results.getResultSet()) {
for (Stmt stmt : result.getSource().getPath) {
System.out.println(icfg.getMethodOf(stmt).getSignature());
}
}
}
});
setup.runInfoflow();
I haven't had the time to test it, i.e., I just wrote it down here. You might need to fix typos.
Thank you for your response; it's almost exactly what I needed. To better assist others, here's my code snippet:
public void run(String apkFilePath) throws XmlPullParserException, IOException, URISyntaxException {
InfoflowAndroidConfiguration conf = new InfoflowAndroidConfiguration();
conf.getAnalysisFileConfig().setAndroidPlatformDir(androidDirPath);
conf.getAnalysisFileConfig().setTargetAPKFile(apkFilePath);
conf.getAnalysisFileConfig().setSourceSinkFile(sourceSinkFilePath);
File apk = new File(apkFilePath);
File droidReport = new File(String.valueOf(Paths.get(apk.getParent()).resolve(apk.getName().replace(".apk","")).resolve("flow-report.xml")));
File droidDirectory = new File((droidReport.getParent()));
if(!droidDirectory.exists()){
droidDirectory.mkdirs();
}
conf.getAnalysisFileConfig().setOutputFile(droidReport.getAbsolutePath());
// display TaintPath
conf.getPathConfiguration().setPathReconstructionMode(InfoflowConfiguration.PathReconstructionMode.Precise);
conf.setLogSourcesAndSinks(true);
conf.setMergeDexFiles(true);
conf.getCallbackConfig().setCallbackAnalyzer(InfoflowAndroidConfiguration.CallbackAnalyzer.Fast);
conf.getCallbackConfig().setEnableCallbacks(true);
SetupApplication setup = new SetupApplication(conf);
setup.setTaintWrapper(new EasyTaintWrapper(taintWrapperFilePath));
// setup.setTaintWrapper(new SummaryTaintWrapper(new LazySummaryProvider("summariesManual")));
ResultsAvailableHandler resultsHandler = new ResultsAvailableHandler() {
@Override
public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) {
// Handle the results
if (results != null && results.getResults() !=null) {
for (ResultSinkInfo sink : results.getResults().keySet()) {
System.out.println("Sink: " + sink);
for (ResultSourceInfo source : results.getResults().get(sink)) {
System.out.println("Source: " + source);
if (source.getPath() != null) {
int idx = 0;
for (Stmt stmt : source.getPath()) {
System.out.println("[Chain]:" + (++idx));
System.out.println("Stmt: " + stmt);
SootMethod sootMethod = cfg.getMethodOf(stmt);
System.out.println("Method: " + sootMethod);
System.out.println("Class: " + sootMethod.getDeclaringClass());
if (sootMethod.hasActiveBody()) {
Body body = sootMethod.getActiveBody();
int lineNumber = 1;
for (Unit unit : body.getUnits()) {
if(stmt.equals(unit)){
System.out.println("\t\tLine in Method: " + lineNumber);
}
System.out.println("\t\tLine "+lineNumber+": "+unit);
lineNumber++;
}
}
}
}
}
}
}
}
};
setup.addResultsAvailableHandler(resultsHandler);
InfoflowResults results = setup.runInfoflow();
Hello, I am currently using FlowDroid and would like to print the SootClass and SootMethod information for each Stmt in the Taint Path. This is to better visualize how the Source flows to the Sink. Below is my current code:
When I run this code, the result is something like:
While each Stmt of the Taint Path (e.g., $r1 = virtualinvoke $r2.<java.lang.StringBuilder: java.lang.String toString()>()) is shown, I cannot acquire which specific Class and Method in the program that the Taint Path is located. I hope to exhibit the complete path of Source propagating to Sink. Could you suggest any approach to achieve this?
BTW, the full result is like following:
Looking forward to your replies. Best regards, luoyashuo