Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missed sink after second class instantiation #781

Open
draftyfrog opened this issue Nov 14, 2024 · 1 comment
Open

Missed sink after second class instantiation #781

draftyfrog opened this issue Nov 14, 2024 · 1 comment

Comments

@draftyfrog
Copy link

Please consider the following code:

 MyClass myVar = new MyClass();
 myVar.myString = source();
 MyClass mySecondVar = new MyClass(); // If this statement is removed, the leak in the next statement is reported correctly
 sink(myVar.myString); // NOT reported by FlowDroid

where public String source() and public void sink(String param) are defined as source and sink respectively in the FlowDroid config and the custom class MyClass looks like this:

class MyClass{
  String myString;
}

As annotated, FlowDroid doesn't report the leak, as long as the second instantiation is present. This is probably linked to #767 as for example adding System.out.println(mySecondVar); between the instantiation of mySecondVar ans the sink call also leads to the leak being correctly reported.

I'm using one of the newest version of FlowDroid: Commit a137b4d and the issue seems to be rather new as well: FlowDroid 2.14.1 correctly detects the leak.

SourcesAndSinks.xml

<sinkSources>
    <category id="NO_CATEGORY" description="no_category">
        <method signature="com.example.testapp.MainActivity: java.lang.String source()">
            <return type="java.lang.String">
                <accessPath isSource="true" isSink="false">

                </accessPath>
            </return>
        </method>
        <method signature="com.example.testapp.MainActivity: void sink(java.lang.String)">
            <param index="0" type="java.lang.String">
                <accessPath isSource="false" isSink="true"/>
            </param>
        </method>
    </category>
</sinkSources>

I call FlowDroid via the command line

java -jar ./soot-infoflow-cmd-a137b4d-jar-with-dependencies.jar \
 -a {path-to-apk} \
 -s ./SourcesAndSinks.xml \
 -o ./out.xml \
 -p {path-to-android-platforms-folder} \
 --mergedexfiles 

@StevenArzt
Copy link
Member

I have added a test case which works fine. Can you provide your APK file?

@StevenArzt StevenArzt reopened this Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants