Comments (2)
justfoxing
commented on April 25, 2024
2
Hey, not one of the devs, but I've been working on understanding Mariana Trench as well, and did some poking at your issue to improve my knowledge.
The key thing I noticed was that the class names in your propagation and sink models are missing trailing semicolons. "Ljava/io/InputStream" and "Ljava/io/OutputStream" should be "Ljava/io/InputStream;" and "Ljava/io/OutputStream;". I spotted this by adding "verbosity": 1 to the models so Mariana Trench would log what methods were found for each model, and noticed that nothing was turning up for these model generators. (Feature request for MT devs - could you automatically log a warning to the console for any model generator that doesn't find any matches? That'd make it a lot easier to spot these problems.)
This requirement isn't super well documented (there is a note in the documentation name: Expects an extra property pattern which is a regex to fully match the name of the item; [so the trailing semicolon is needed for the full match] - but the same documentation also gives the conflicting example of a non-full match
"constraint": "parent",
"inner": {
"constraint": "extends",
"inner": {
"constraint": "name", "pattern": "SandcastleCommand"
}
}
which just didn't seem to work in my testing. MT devs - is this example wrong in the documentation, or is it intended to work and there's just a bug?)
Once I fixed the semicolons, and added a simple rule
{
"name": "Issue78",
"code": 78,
"description": "test",
"sources": [
"ExternalSource"
],
"sinks": [
"OutputWriteSink"
]
}
the taint propagated correctly and the issue showed up. Apart from the missing semicolon, your propagation rule seems to work fine (with the slight issue that the "read.*" method constraint picks up some extra read methods that don't use a buffer at argument 1, like readChar() or readLong() - but this doesn't affect the issue you're trying to pick up).
I still don't understand the multi-source/partial sink stuff either, so hoping someone from the MT team can provide more.
from mariana-trench.
jalee0606
commented on April 25, 2024
@justfoxing ahh I see. Looks like I messed it up. Thank you for identifying and notifying me.
I guess I will try using the for_all_parameter and the where clauses to detect for any argument that is of a byte[] type to narrow the possibility. Hopefully it will works for propagation model too.
from mariana-trench.
Related Issues (20)
- [Question] Difference between attach_to_sources and features keys. HOT 4
- Does not compile with latest fmt 9.1 due to lack of formatter for types HOT 1
- How to check argument value with regex? HOT 1
- The latest version compiles, cannot be used, and various parameters are missing. MarianaTrench mariana_trench_error: the option '--output-directory' is required but missing???
- Example code does not work HOT 3
- Taint not flowing into a sink in Runnable
- Build from source fails. HOT 1
- Stuck creating generators: Found 0 issues
- Old macOS 10.15.7 failed to execute analysis HOT 4
- Tainted data not flowing through custom propagations HOT 14
- "No such file " log in sapp HOT 3
- Request for Features Description HOT 3
- Evaluate Profile-Guided Optimization (PGO) and LLVM BOLT HOT 4
- Release app with proguard HOT 1
- Error building mariana-trench HOT 1
- verifying propagations applied to the functions. HOT 2
- ImportError when using sapp HOT 3
- Default model generators missing from PyPI release HOT 2
- Flow analysis in a method.
- Sanitizer does not work, or something wrong
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mariana-trench.