Coder Social home page Coder Social logo

Comments (3)

arthaud avatar arthaud commented on April 23, 2024 2

Hi @chuayupeng, thanks for reaching out.
This is because your model defines a source with port Argument(0).
This is something that we did not document well, but:

  • A source with a Return port means the source is produced at the call site, i.e:
    x = source(); // x is tainted
  • A source with an Argument port means the source is tainted in the body of the function, i.e:
    public void source(String x) { // x is tainted here }

Internally, we do differentiate between sources produced at call sites (called generations) and sources produces in the body (called parameter sources). You can also specify them in JSON.

TL, DR: Using "generations": {"kind": "IntentAsSource", "port": "Argument(0)"} instead of "sources": ... should fix the issue.

from mariana-trench.

chuayupeng avatar chuayupeng commented on April 23, 2024 2

Hi @arthaud, thanks for the easy to understand explanation! I changed the definition with the source and it worked like a charm!

from mariana-trench.

chuayupeng avatar chuayupeng commented on April 23, 2024

Source Definition (same as the implicitintentsourcegenerator):

{
    "model_generators": [
      {
        "find": "methods",
        "where": [
          {
            "constraint": "parent",
            "inner": {
              "constraint": "name",
              "pattern": "Landroid/content/Intent;"
            }
          },
          {
            "constraint": "name",
            "pattern": "\\<init\\>"
          },
          {
            "constraint": "not",
            "inner": {
              "constraint": "signature",
              "pattern": ".*Ljava/lang/Class;.*"
            }
          }
        ],
        "model": {
          "sources": [
            {
              "kind": "IntentAsSource",
              "port": "Argument(0)"
            }
            ]
        },
      "verbosity" : 1
      }
    ]
  }

Sink Definition:

{
  "model_generators": [
    {
      "find": "methods",
      "where": [
        {
          "constraint": "name",
          "pattern": "startActivityForResult"
        }
      ],
      "model": {
          "sinks": [
            {
                "kind": "IntentAsSink",
                "port": "Argument(1)"
            }
          ]
        },
        "verbosity" : 1
      }
    ]
}

rules.json:
{ "name": "IntentImplicitTest", "code":99, "description": "Test", "sources": ["IntentAsSource"], "sinks":["IntentAsSink"] }

from mariana-trench.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.