marshalwahlexyz1
commented
2 weeks ago @t1mlange @StevenArzt Please your insight and comment on this would be highly appreciated.
Open marshalwahlexyz1 opened 3 weeks ago
marshalwahlexyz1
commented
2 weeks ago @t1mlange @StevenArzt Please your insight and comment on this would be highly appreciated.
To provide more clarification
I am working on analyzing Andoroid Apps, I included API used to retrieve contact,sms and media in the source and sink file.
Flowdroid does identify sources and sinks but does not detect a leak when infact data was tainted using those methods (this was confirmed b6y manualy inspecting the code as when data was tainted it ends up in a network connection, it was also confirmed dynamically using FRida to hook into the methods along that path.)
However flowdroid is not detecting this as a leak. but all i need is to be able to see the taint path for each source it analyzes.
This is the output from Flowdroid showing it finds 69 sources and 8 sinks. Na it detects 0 leaks.
[main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Looking for sources and sinks... [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Source lookup done, found 69 sources and 8 sinks. [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Taint wrapper hits: 0 [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Taint wrapper misses: 0 [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - IFDS problem with 69 forward and 0 backward edges solved in 0 seconds, processing 0 results... [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Current memory consumption: 514 MB [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Memory consumption after cleanup: 255 MB [main] INFO soot.jimple.infoflow.memory.MemoryWarningSystem - Shutting down the memory warning system... [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Memory consumption after path building: 255 MB [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Path reconstruction took 0 seconds [main] WARN soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - No results found. [main] INFO soot.jimple.infoflow.android.SetupApplication$InPlaceInfoflow - Data flow solver took 2 seconds. Maximum memory consumption: 514 MB [main] INFO soot.jimple.infoflow.android.SetupApplication - Found 0 leaks from 0 sources
My question is: How do I make Flowdroid produce Taint Path for all the identified sources regardless of if a leak is detected or not?