Comments (2)
Hey, not one of the devs, but I've been working on understanding Mariana Trench as well, and did some poking at your issue to improve my knowledge.
The key thing I noticed was that the class names in your propagation and sink models are missing trailing semicolons. "Ljava/io/InputStream" and "Ljava/io/OutputStream" should be "Ljava/io/InputStream;" and "Ljava/io/OutputStream;". I spotted this by adding "verbosity": 1
to the models so Mariana Trench would log what methods were found for each model, and noticed that nothing was turning up for these model generators. (Feature request for MT devs - could you automatically log a warning to the console for any model generator that doesn't find any matches? That'd make it a lot easier to spot these problems.)
This requirement isn't super well documented (there is a note in the documentation name: Expects an extra property pattern which is a regex to fully match the name of the item;
[so the trailing semicolon is needed for the full match] - but the same documentation also gives the conflicting example of a non-full match
"constraint": "parent",
"inner": {
"constraint": "extends",
"inner": {
"constraint": "name", "pattern": "SandcastleCommand"
}
}
which just didn't seem to work in my testing. MT devs - is this example wrong in the documentation, or is it intended to work and there's just a bug?)
Once I fixed the semicolons, and added a simple rule
{
"name": "Issue78",
"code": 78,
"description": "test",
"sources": [
"ExternalSource"
],
"sinks": [
"OutputWriteSink"
]
}
the taint propagated correctly and the issue showed up. Apart from the missing semicolon, your propagation rule seems to work fine (with the slight issue that the "read.*" method constraint picks up some extra read methods that don't use a buffer at argument 1, like readChar() or readLong() - but this doesn't affect the issue you're trying to pick up).
I still don't understand the multi-source/partial sink stuff either, so hoping someone from the MT team can provide more.
from mariana-trench.
@justfoxing ahh I see. Looks like I messed it up. Thank you for identifying and notifying me.
I guess I will try using the for_all_parameter
and the where
clauses to detect for any argument that is of a byte[] type to narrow the possibility. Hopefully it will works for propagation model too.
from mariana-trench.
Related Issues (20)
- [Question] Difference between attach_to_sources and features keys. HOT 4
- Does not compile with latest fmt 9.1 due to lack of formatter for types HOT 1
- How to check argument value with regex? HOT 1
- The latest version compiles, cannot be used, and various parameters are missing. MarianaTrench mariana_trench_error: the option '--output-directory' is required but missing???
- Example code does not work HOT 3
- Taint not flowing into a sink in Runnable
- Build from source fails. HOT 1
- Stuck creating generators: Found 0 issues
- Old macOS 10.15.7 failed to execute analysis HOT 4
- Tainted data not flowing through custom propagations HOT 14
- "No such file " log in sapp HOT 3
- Request for Features Description HOT 3
- Evaluate Profile-Guided Optimization (PGO) and LLVM BOLT HOT 4
- Release app with proguard HOT 1
- Error building mariana-trench HOT 1
- verifying propagations applied to the functions. HOT 2
- ImportError when using sapp HOT 3
- Default model generators missing from PyPI release HOT 2
- Flow analysis in a method.
- Sanitizer does not work, or something wrong
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mariana-trench.