Git Product home page Git Product logo

Comments (1)

StevenArzt avatar StevenArzt commented on August 16, 2024

Thank you for the positive feedback on FlowDroid.

Obtaining all paths between a source and a sink is a non-trivial problem. Let's take the following code:

void main() {
  String a = source();
  foo(a);
}

void foo(String a) {
  if (...)
    sink(a);
  else
    foo("x" + a);
}

FlowDroid does not reason about conditionals. That means we always need to assume that both cases (then and else) are possible, i.e., every conditional has two control flow successors. Under this assumption, there are infinitely many flows, because we don't know how often there is a recursive call to the foo method. If we try to output all path, the analysis will not terminate. That's why we opted for a singlr arbitrary path in the first place.

Internally, the data flow is a graph. We first track the taints across the control flow graph, which gives us a taint graph. Only afterwards, we extract a single representative path from the graph. You can also work on the full taint graph if that is better for your research question. Have a look at the IAbstractionPathBuilder interface. It takes the graph (modeled via the abstraction that arrives at the sink and its transitive predecessors) and generated the path from it. In other words, at that stage, you get access to the full taint graph.

Analyzing web applications primarily requires generating a suitabl dummy main method (entry point) that simulates calls to all of the REST endpoints. It is a bit more complex, because frameworks such as Spring also allow for dependency injection and implicitly instantiated objects. A naive implementation isn't too hard, but if you really want to support real-world web applications, it's a lot of effort.

We have done this effort as part of our commercial code scanner VUSC. There are free academic licenses for non-profit organizations such as universities. We provide the scanner with a development environment (extended version of Eclipse) along with some examples of how to write analysis plugins and run them inside the scanner. Internally, VUSC uses Soot and FlowDroid plus a lot of private code to deal with Java web applications, Android apps, iOS apps, and more.

from flowdroid.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.