Comments (3)
Hi @chuayupeng, thanks for reaching out.
This is because your model defines a source
with port
Argument(0)
.
This is something that we did not document well, but:
- A source with a
Return
port means the source is produced at the call site, i.e:
x = source(); // x is tainted
- A source with an
Argument
port means the source is tainted in the body of the function, i.e:
public void source(String x) { // x is tainted here }
Internally, we do differentiate between sources produced at call sites (called generations
) and sources produces in the body (called parameter sources
). You can also specify them in JSON.
TL, DR: Using "generations": {"kind": "IntentAsSource", "port": "Argument(0)"}
instead of "sources": ...
should fix the issue.
from mariana-trench.
Hi @arthaud, thanks for the easy to understand explanation! I changed the definition with the source and it worked like a charm!
from mariana-trench.
Source Definition (same as the implicitintentsourcegenerator):
{
"model_generators": [
{
"find": "methods",
"where": [
{
"constraint": "parent",
"inner": {
"constraint": "name",
"pattern": "Landroid/content/Intent;"
}
},
{
"constraint": "name",
"pattern": "\\<init\\>"
},
{
"constraint": "not",
"inner": {
"constraint": "signature",
"pattern": ".*Ljava/lang/Class;.*"
}
}
],
"model": {
"sources": [
{
"kind": "IntentAsSource",
"port": "Argument(0)"
}
]
},
"verbosity" : 1
}
]
}
Sink Definition:
{
"model_generators": [
{
"find": "methods",
"where": [
{
"constraint": "name",
"pattern": "startActivityForResult"
}
],
"model": {
"sinks": [
{
"kind": "IntentAsSink",
"port": "Argument(1)"
}
]
},
"verbosity" : 1
}
]
}
rules.json:
{ "name": "IntentImplicitTest", "code":99, "description": "Test", "sources": ["IntentAsSource"], "sinks":["IntentAsSink"] }
from mariana-trench.
Related Issues (20)
- [Question] Difference between attach_to_sources and features keys. HOT 4
- Does not compile with latest fmt 9.1 due to lack of formatter for types HOT 1
- How to check argument value with regex? HOT 1
- The latest version compiles, cannot be used, and various parameters are missing. MarianaTrench mariana_trench_error: the option '--output-directory' is required but missing???
- Example code does not work HOT 3
- Taint not flowing into a sink in Runnable
- Build from source fails. HOT 1
- Stuck creating generators: Found 0 issues
- Old macOS 10.15.7 failed to execute analysis HOT 4
- Tainted data not flowing through custom propagations HOT 14
- "No such file " log in sapp HOT 3
- Request for Features Description HOT 3
- Evaluate Profile-Guided Optimization (PGO) and LLVM BOLT HOT 4
- Release app with proguard HOT 1
- Error building mariana-trench HOT 1
- verifying propagations applied to the functions. HOT 2
- ImportError when using sapp HOT 3
- Default model generators missing from PyPI release HOT 2
- Flow analysis in a method.
- Sanitizer does not work, or something wrong
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mariana-trench.