soot.jimple.infoflow.results.InfoflowResults Java Examples

/**
 * Analyzes the given APK file for data flows with a given xml file
 * @param apkFileName The full path and file name of the APK file to analyze
 * @param xmlFileName The full path and file name of the xml file where sources and sinks are defined
 * @param enableImplicitFlows True if implicit flows shall be tracked,
 * otherwise false
 * @return The data leaks found in the given APK file
 * @throws IOException Thrown if the given APK file or any other required
 * file could not be found
 * @throws XmlPullParserException Thrown if the Android manifest file could
 * not be read.
 */
public InfoflowResults analyzeAPKFile(String apkFileName, String xmlFileName, boolean enableImplicitFlows, boolean enableStaticFields, boolean flowSensitiveAliasing)
				throws IOException, XmlPullParserException {
	String androidJars = System.getenv("ANDROID_JARS");
	if (androidJars == null)
		androidJars = System.getProperty("ANDROID_JARS");
	if (androidJars == null)
		throw new RuntimeException("Android JAR dir not set");
	System.out.println("Loading Android.jar files from " + androidJars);
	
	SetupApplication setupApplication = new SetupApplication(androidJars, apkFileName);
	setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt"));
	setupApplication.calculateSourcesSinksEntrypoints(xmlFileName);
	setupApplication.setEnableImplicitFlows(enableImplicitFlows);
	setupApplication.setEnableStaticFieldTracking(enableStaticFields);
	setupApplication.setFlowSensitiveAliasing(flowSensitiveAliasing);
	return setupApplication.runInfoflow();
}
 

@Test(timeout = 300000)
public void aliasStrongUpdateTest2() {
	final String sinkMethod = "<soot.jimple.infoflow.test.HeapTestCode: "
			+ "void leakData(soot.jimple.infoflow.test.HeapTestCode$Data)>";
	final String sourceMethod = "<soot.jimple.infoflow.test.HeapTestCode: "
			+ "soot.jimple.infoflow.test.HeapTestCode$Data getSecretData()>";
	
	Infoflow infoflow = initInfoflow();
	infoflow.setInspectSources(false);
	infoflow.setInspectSinks(false);
	infoflow.setEnableImplicitFlows(false);
	
	List<String> epoints = new ArrayList<String>();
	epoints.add("<soot.jimple.infoflow.test.HeapTestCode: void aliasStrongUpdateTest2()>");
	infoflow.computeInfoflow(appPath, libPath, epoints,
			Collections.singleton(sourceMethod),
			Collections.singleton(sinkMethod));
	
  	 	Assert.assertTrue(infoflow.isResultAvailable());
  	 	InfoflowResults map = infoflow.getResults();
	Assert.assertEquals(1, map.size());
	Assert.assertTrue(map.containsSinkMethod(sinkMethod));
	Assert.assertTrue(map.isPathBetweenMethods(sinkMethod, sourceMethod));
}
 

@Test(timeout = 300000)
public void aliasStrongUpdateTest() {
	final String sinkMethod = "<soot.jimple.infoflow.test.HeapTestCode: "
			+ "void leakData(soot.jimple.infoflow.test.HeapTestCode$Data)>";
	final String sourceMethod = "<soot.jimple.infoflow.test.HeapTestCode: "
			+ "soot.jimple.infoflow.test.HeapTestCode$Data getSecretData()>";
	
	Infoflow infoflow = initInfoflow();
	infoflow.setInspectSources(false);
	infoflow.setInspectSinks(false);
	infoflow.setEnableImplicitFlows(false);
	
	List<String> epoints = new ArrayList<String>();
	epoints.add("<soot.jimple.infoflow.test.HeapTestCode: void aliasStrongUpdateTest()>");
	infoflow.computeInfoflow(appPath, libPath, epoints,
			Collections.singleton(sourceMethod),
			Collections.singleton(sinkMethod));
	
  	 	Assert.assertTrue(infoflow.isResultAvailable());
  	 	InfoflowResults map = infoflow.getResults();
	Assert.assertEquals(1, map.size());
	Assert.assertTrue(map.containsSinkMethod(sinkMethod));
	Assert.assertTrue(map.isPathBetweenMethods(sinkMethod, sourceMethod));
}
 

/**
 * Analyzes the given APK file for data flows
 * @param fileName The full path and file name of the APK file to analyze
 * @param enableImplicitFlows True if implicit flows shall be tracked,
 * otherwise false
 * @return The data leaks found in the given APK file
 * @throws IOException Thrown if the given APK file or any other required
 * file could not be found
 * @throws XmlPullParserException Thrown if the Android manifest file could
 * not be read.
 */
public InfoflowResults analyzeAPKFile(String fileName, boolean enableImplicitFlows)
		throws IOException, XmlPullParserException {
	String androidJars = System.getenv("ANDROID_JARS");
	if (androidJars == null)
		androidJars = System.getProperty("ANDROID_JARS");
	if (androidJars == null)
		throw new RuntimeException("Android JAR dir not set");
	System.out.println("Loading Android.jar files from " + androidJars);

	String droidBenchDir = System.getenv("DROIDBENCH");
	if (droidBenchDir == null)
		droidBenchDir = System.getProperty("DROIDBENCH");
	if (droidBenchDir == null)
		throw new RuntimeException("DroidBench dir not set");		
	System.out.println("Loading DroidBench from " + droidBenchDir);
	
	SetupApplication setupApplication = new SetupApplication(androidJars,
			droidBenchDir + File.separator + fileName);
	setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt"));
	setupApplication.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt");
	setupApplication.setEnableImplicitFlows(enableImplicitFlows);
	return setupApplication.runInfoflow();
}
 

/**
 * Analyzes the given APK file for data flows
 * @param enableImplicitFlows True if implicit flows shall be tracked,
 * otherwise false
 * @return The data leaks found in the given APK file
 * @throws IOException Thrown if the given APK file or any other required
 * file could not be found
 * @throws XmlPullParserException Thrown if the Android manifest file could
 * not be read.
 */
private InfoflowResults analyzeAPKFile(boolean enableImplicitFlows) throws IOException, XmlPullParserException {
	String androidJars = System.getenv("ANDROID_JARS");
	if (androidJars == null)
		androidJars = System.getProperty("ANDROID_JARS");
	if (androidJars == null)
		throw new RuntimeException("Android JAR dir not set");
	System.out.println("Loading Android.jar files from " + androidJars);
	
	SetupApplication setupApplication = new SetupApplication(androidJars,
			"insecureBank" + File.separator + "InsecureBank.apk");
	setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt"));
	setupApplication.setEnableImplicitFlows(enableImplicitFlows);
	setupApplication.setLayoutMatchingMode(LayoutMatchingMode.MatchAll);
	setupApplication.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt");
	return setupApplication.runInfoflow();
}
 

@Override
public void onResultsAvailable(
		IInfoflowCFG cfg, InfoflowResults results) {
	// Dump the results
	if (results == null) {
		print("No results found.");
	}
	else {
		for (ResultSinkInfo sink : results.getResults().keySet()) {
			print("Found a flow to sink " + sink + ", from the following sources:");
			for (ResultSourceInfo source : results.getResults().get(sink)) {
				print("\t- " + source.getSource() + " (in "
						+ cfg.getMethodOf(source.getSource()).getSignature()  + ")");
				if (source.getPath() != null && !source.getPath().isEmpty())
					print("\t\ton Path " + source.getPath());
			}
		}
	}
}
 

@Test
public void runTestInsecureBank() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile(false);
	// 7 leaks + 1x inter-component communication (server ip going through an intent)
	Assert.assertEquals(12, res.size());
	
	Assert.assertTrue(res.isPathBetweenMethods(activity_startActivity, activity_findViewById));

	Assert.assertTrue(res.isPathBetweenMethods(log_e, activity_getIntent));
	Assert.assertTrue(res.isPathBetweenMethods(log_e, activity_findViewById));
	Assert.assertTrue(res.isPathBetweenMethods(log_e, bundle_getString));
	Assert.assertTrue(res.isPathBetweenMethods(log_e, urlConnection_openConnection));

	Assert.assertTrue(res.isPathBetweenMethods(log_d, cursor_getString));
	
	Assert.assertTrue(res.isPathBetweenMethods(sharedPrefs_putString, activity_findViewById));
	Assert.assertTrue(res.isPathBetweenMethods(sharedPrefs_putString, activity_findViewById));

	Assert.assertTrue(res.isPathBetweenMethods(log_i, activity_findViewById));
	
	Assert.assertTrue(res.isPathBetweenMethods(url_init, activity_getIntent));
	Assert.assertTrue(res.isPathBetweenMethods(url_init, activity_findViewById));
	Assert.assertTrue(res.isPathBetweenMethods(url_init, bundle_getString));
}
 

@Test(timeout=300000)
@Ignore // not yet supported
public void runTestMerge1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Aliasing/Merge1.apk");
	if (res != null)
		Assert.assertEquals(0, res.size());
}
 

@Test(timeout=300000)
@Ignore		// Callback ordering is not supported
public void runTestOrdering1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Callbacks/Ordering1.apk");
	Assert.assertNotNull(res);
	Assert.assertEquals(0, res.size());
}
 

protected void negativeCheckInfoflow(Infoflow infoflow){
 if(infoflow.isResultAvailable()){
	InfoflowResults map = infoflow.getResults();
	for(String sink : sinkArray){
		if(map.containsSinkMethod(sink)){
			fail("sink is reached: " +sink);
		}
	}
	assertEquals(0, map.size());
}else{
	fail("result is not available");
}
}
 

@Test(timeout=300000)
@Ignore
public void runTestReflection2() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Reflection/Reflection2.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestButton1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Callbacks/Button1.apk");
	Assert.assertNotNull(res);
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
@Ignore		// not yet supported
public void runTestLooper1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Threading/Looper1.apk");
	Assert.assertEquals(1, res.size());
}
 

@Override
public InfoflowResults getResults() {
	return this.results;
}
 

@Test(timeout=300000)
@Ignore
public void runTestReflection3() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Reflection/Reflection3.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestApplicationLifecycle1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Lifecycle/ApplicationLifecycle1.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestActivitySavedState1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Lifecycle/ActivitySavedState1.apk");
	Assert.assertEquals(2, res.size());		// We consider the saved state plus the actual leak as sinks
}
 

@Override
public InfoflowResults getResults() {
	return this.results;
}
 

@Test(timeout=300000)
public void runTestBroadcastReceiverLifecycle1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Lifecycle/BroadcastReceiverLifecycle1.apk");
	Assert.assertEquals(1, res.size());
}
 

@Override
public InfoflowResults getResults() {
	return results;
}
 

@Test(timeout=300000)
public void runTestActivityLifecycle3() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Lifecycle/ActivityLifecycle3.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestActivityLifecycle2() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Lifecycle/ActivityLifecycle2.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestActivityLifecycle1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Lifecycle/ActivityLifecycle1.apk");
	Assert.assertEquals(1, res.size());
}
 

@Override
public InfoflowResults getResults() {
	return this.results;
}
 

@Test(timeout=300000)
public void runTestVirtualDispatch2() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("GeneralJava/VirtualDispatch2.apk");
	Assert.assertEquals(2, res.size());  // normally 1, +1 for context-insensitive CFG
}
 

@Test(timeout=300000)
@Ignore		// TODO: produces false positives, need to check
public void runTestVirtualDispatch1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("GeneralJava/VirtualDispatch1.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestUnreachableCode() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("GeneralJava/UnreachableCode.apk");
	if (res != null)
		Assert.assertEquals(0, res.size());
}
 

@Test(timeout=300000)
public void runTestStringToCharArray1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("GeneralJava/StringToCharArray1.apk");
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
public void runTestMethodOverride1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("Callbacks/MethodOverride1.apk");
	Assert.assertNotNull(res);
	Assert.assertEquals(1, res.size());
}
 

@Test(timeout=300000)
@Ignore		// needs complex library summaries
public void runTestStringFormatter1() throws IOException, XmlPullParserException {
	InfoflowResults res = analyzeAPKFile("GeneralJava/StringFormatter1.apk");
	Assert.assertEquals(1, res.size());
}