[prev in list] [next in list] [prev in thread] [next in thread]
List: soot-list
Subject: Re: [Soot-list] Can I get the calling context of a source/sink?
From: "Steven Arzt" <Steven.Arzt () cased ! de>
Date: 2015-06-22 9:10:14
Message-ID: 006001d0accb$401a5330$c04ef990$ () cased ! de
[Download RAW message or body]
This is a multipart message in MIME format.
[Attachment #2 (multipart/alternative)]
This is a multipart message in MIME format.
Hi Rainkin,
I'm not sure that I understand your question correctly. Contexts in IFDS are value \
contexts which means that they do not refer to a certain call string or call site, \
but first and foremost to a value in the domain of data flow abstractions. Getting \
the IFDS context would thus supply you with an incomiung taint abstraction which is \
probably not what you want.
If you just want to get the method which contains the source / sink statements, you \
can use the interprocedural control flow graph that gets passed into the \
ResultsAvailableHandler callback which you can specify when you call \
computeInfoflow(…). It has a method getMethodOf(…).
Best regards,
Steven
M.Sc. M.Sc. Steven Arzt
Secure Software Engineering Group (SSE)
European Center for Security and Privacy by Design (EC SPRIDE)
Rheinstraße 75
D-64293 Darmstadt
Phone: +49 61 51 869-336
Fax: +49 61 51 16-72118
eMail: <mailto:steven.arzt@ec-spride.de> steven.arzt@ec-spride.de
Web: <http://sse.ec-spride.de/> http://sse.ec-spride.de
Von: soot-list-bounces@CS.McGill.CA [mailto:soot-list-bounces@CS.McGill.CA] Im \
Auftrag von ???
Gesendet: Freitag, 12. Juni 2015 17:48
An: soot-list@CS.McGill.CA
Betreff: [Soot-list] Can I get the calling context of a source/sink?
Hi guys,
Flowdroid uses Heros to do inter-procedural data analysis. I notice that during \
the process of inter-procedural analysis, Flowdroid can get the calling context of a \
function, that is to say, where the function is actually called.
For example, the API
getReturnFlowFunction(N callSite, M calleeMethod, N exitStmt, N returnSite):
callSite is the statement where the function is called.
But in the results of Flowdroid, I can't get the calling context of a \
source/sink.
I want to know how to get that?
For example.
ApiTwo sharedApiTwo(ApiOne x)
{
return apiTwo(x);
}
main(){
// context1
a1 = apiOne();
b1 = sharedApiOne(a1);
apiThree(b1);
// context2
a2 = apiOne();
b2 = sharedApiOne(a2);
apiThree(b2);
}
Note that there is a wrapper function sharedApiTwo() for apiTwo().
we will get the following result:
Source
Sink
a1 = apiOne();
return apiTwo(x);
return apiTwo(x);
apiThree(b1);
a2 = apiOne();
return apiTwo(x);
return apiTwo(x);
apiThree(b2);
Take the first source-sink chain for example,
I can't know the function of the sink "return apiTwo(x)" is called in the statement \
"b1 = sharedApiOne(a1);"
Thank,
rainkin
[Attachment #5 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type \
content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 \
(filtered medium)"><style><!-- /* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\[8bO53";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div \
class=WordSection1><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi \
Rainkin,<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I'm not \
sure that I understand your question correctly. Contexts in IFDS are value contexts \
which means that they do not refer to a certain call string or call site, but first \
and foremost to a value in the domain of data flow abstractions. Getting the IFDS \
context would thus supply you with an incomiung taint abstraction which is probably \
not what you want.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you just \
want to get the method which contains the source / sink statements, you can use the \
interprocedural control flow graph that gets passed into the ResultsAvailableHandler \
callback which you can specify when you call computeInfoflow(…). It has a method \
getMethodOf(…).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best \
regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> \
Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='font-size:13.5pt;font-family:"Courier \
New";color:black'>M.Sc. M.Sc. Steven Arzt</span><span lang=EN-US \
style='font-size:11.0pt;font-family:"Helvetica","sans-serif";color:#1F497D'><o:p></o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier \
New";color:black'>Secure Software Engineering Group (SSE)<o:p></o:p></span></p><p \
class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier \
New";color:black'>European Center for Security and Privacy by Design (EC SPRIDE) \
<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Courier New";color:black'>Rheinstraße \
75<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Courier New";color:black'>D-64293 \
Darmstadt<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Courier New";color:black'>Phone: +49 61 51 \
869-336<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Courier New";color:black'>Fax: +49 61 51 \
16-72118<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US \
style='font-size:10.0pt;font-family:"Courier New";color:black'>eMail: </span><span \
style='font-size:10.0pt;font-family:"Courier New";color:black'><a \
href="mailto:steven.arzt@ec-spride.de"><span lang=EN-US \
style='color:blue'>steven.arzt@ec-spride.de</span></a></span><span lang=EN-US \
style='font-size:10.0pt;font-family:"Courier \
New";color:black'><o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Courier New";color:black'>Web: <a \
href="http://sse.ec-spride.de/"><span \
style='color:blue'>http://sse.ec-spride.de</span></a><o:p></o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span lang=EN-US \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> \
soot-list-bounces@CS.McGill.CA [mailto:soot-list-bounces@CS.McGill.CA] <b>Im Auftrag \
von </b>???<br><b>Gesendet:</b> Freitag, 12. Juni 2015 17:48<br><b>An:</b> \
soot-list@CS.McGill.CA<br><b>Betreff:</b> [Soot-list] Can I get the calling context \
of a source/sink?<o:p></o:p></span></p><p \
class=MsoNormal><o:p> </o:p></p><div><div><div><div><div><div><div><div><p \
class=MsoNormal>Hi guys,<o:p></o:p></p></div><p class=MsoNormal> \
Flowdroid uses Heros to do inter-procedural data analysis. I notice that during the \
process of inter-procedural analysis, Flowdroid can get the calling context of a \
function, that is to say, where the function is actually called. \
<o:p></o:p></p></div><p class=MsoNormal> For example, the \
API<br> getReturnFlowFunction(N callSite, M calleeMethod, N \
exitStmt, N returnSite):<o:p></o:p></p></div><p class=MsoNormal \
style='margin-bottom:12.0pt'> callSite is the statement where the \
function is called.<br><br><o:p></o:p></p></div><p class=MsoNormal> \
But in the results of Flowdroid, I can't get the calling context of a source/sink. \
<o:p></o:p></p></div><div><p class=MsoNormal> I want to know how to \
get that?<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><div><p \
class=MsoNormal>For example.<o:p></o:p></p><p class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>ApiTwo sharedApiTwo(ApiOne x)</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>{</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>return apiTwo(x);</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>}</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>main(){</span><o:p></o:p></p><p \
class=MsoNormal><b><i><span \
style='font-family:"[8bO53","serif";color:#0070C0'>// context1</span></i></b><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>a1 = <b>apiOne</b>();</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>b1 = <b>sharedApiOne</b>(a1);</span><o:p></o:p></p><p \
class=MsoNormal><b><span \
style='font-family:"[8bO53","serif";color:#333333'>apiThree</span></b><span \
style='font-family:"[8bO53","serif";color:#333333'>(b1);</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'> </span><o:p></o:p></p><p \
class=MsoNormal><b><i><span \
style='font-family:"[8bO53","serif";color:#0070C0'>// context2</span></i></b><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>a2 = <b>apiOne</b>();</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>b2 = <b>sharedApiOne</b>(a2);</span><o:p></o:p></p><p \
class=MsoNormal><b><span \
style='font-family:"[8bO53","serif";color:#333333'>apiThree</span></b><span \
style='font-family:"[8bO53","serif";color:#333333'>(b2);</span><o:p></o:p></p><p \
class=MsoNormal><span \
style='font-family:"[8bO53","serif";color:#333333'>}</span><o:p></o:p></p><p \
class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p \
class=MsoNormal>Note that there is a wrapper function sharedApiTwo() for \
apiTwo().<o:p></o:p></p></div><div><p class=MsoNormal>we will get the following \
result:<o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 \
cellpadding=0 style='border-collapse:collapse'><tr><td width=295 valign=top \
style='width:221.25pt;padding:.75pt .75pt .75pt .75pt;width:7000pt'><p \
class=MsoNormal align=center style='text-align:center'><b><span \
style='font-family:"Calibri","sans-serif"'>Source</span></b><o:p></o:p></p></td><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><b><span \
style='font-family:"Calibri","sans-serif"'>Sink</span></b><o:p></o:p></p></td></tr><tr><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><span \
style='font-family:"Calibri","sans-serif"'>a1 = <b>apiOne</b>();</span><o:p></o:p></p></td><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><span \
style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td></tr><tr><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><span \
style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><b><span \
style='font-family:"Calibri","sans-serif"'>apiThree</span></b><span \
style='font-family:"Calibri","sans-serif"'>(b1);</span><o:p></o:p></p></td></tr><tr><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><span \
style='font-family:"Calibri","sans-serif"'>a2 = <b>apiOne</b>();</span><o:p></o:p></p></td><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><span \
style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td></tr><tr><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><span \
style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td><td \
width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p \
class=MsoNormal align=center style='text-align:center'><b><span \
style='font-family:"Calibri","sans-serif"'>apiThree</span></b><span \
style='font-family:"Calibri","sans-serif"'>(b2);</span><o:p></o:p></p></td></tr></table><p \
class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Take the first \
source-sink chain for example,<o:p></o:p></p></div><div><p class=MsoNormal>I can't \
know the function of the sink "return apiTwo(x)" is called in the statement \
"<span style='font-family:"[8bO53","serif";color:#333333'>b1 = <b>sharedApiOne</b>(a1);</span>"<o:p></o:p></p></div><div><p \
class=MsoNormal><o:p> </o:p></p></div><p \
class=MsoNormal>Thank,<o:p></o:p></p></div><p \
class=MsoNormal>rainkin<o:p></o:p></p></div></div></body></html>
_______________________________________________
Soot-list mailing list
Soot-list@CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic