search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.02k stars 292 forks source link

How to Utilize FlowDroid to Track Implicit Data-Flow #738

Closed luoyashuo closed 1 month ago

luoyashuo commented 1 month ago

Consider the following code snippet:

String encodedQuery = new Uri.Builder().appendQueryParameter("hwid", getHWID(context)).appendQueryParameter("operador", "cfData").appendQueryParameter("content", str).build().getEncodedQuery();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(encodedQuery.getBytes("UTF-8"));

I have marked the getHWID method as Source, but it does not taint encodedQuery. I am wondering how I could apply FlowDroid to handle this implicit data flow scenario and ensure encodedQuery gets tainted appropriately whenever getHWID is involved. Any detailed instructions or references would be highly appreciated.

StevenArzt commented 1 month ago

Some summaries were missing. The flow should now be found.

luoyashuo commented 1 month ago

Your update has perfectly solved my current problem, thank you very much for your timely update!