/** * Analyzes the given APK file for data flows * @param fileName The full path and file name of the APK file to analyze * @param enableImplicitFlows True if implicit flows shall be tracked, * otherwise false * @return The data leaks found in the given APK file * @throws IOException Thrown if the given APK file or any other required * file could not be found * @throws XmlPullParserException Thrown if the Android manifest file could * not be read. */ public InfoflowResults analyzeAPKFile(String fileName, boolean enableImplicitFlows) throws IOException, XmlPullParserException { String androidJars = System.getenv("ANDROID_JARS"); if (androidJars == null) androidJars = System.getProperty("ANDROID_JARS"); if (androidJars == null) throw new RuntimeException("Android JAR dir not set"); System.out.println("Loading Android.jar files from " + androidJars); String droidBenchDir = System.getenv("DROIDBENCH"); if (droidBenchDir == null) droidBenchDir = System.getProperty("DROIDBENCH"); if (droidBenchDir == null) throw new RuntimeException("DroidBench dir not set"); System.out.println("Loading DroidBench from " + droidBenchDir); SetupApplication setupApplication = new SetupApplication(androidJars, droidBenchDir + File.separator + fileName); setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt")); setupApplication.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt"); setupApplication.setEnableImplicitFlows(enableImplicitFlows); return setupApplication.runInfoflow(); }
/** * Analyzes the given APK file for data flows with a given xml file * @param apkFileName The full path and file name of the APK file to analyze * @param xmlFileName The full path and file name of the xml file where sources and sinks are defined * @param enableImplicitFlows True if implicit flows shall be tracked, * otherwise false * @return The data leaks found in the given APK file * @throws IOException Thrown if the given APK file or any other required * file could not be found * @throws XmlPullParserException Thrown if the Android manifest file could * not be read. */ public InfoflowResults analyzeAPKFile(String apkFileName, String xmlFileName, boolean enableImplicitFlows, boolean enableStaticFields, boolean flowSensitiveAliasing) throws IOException, XmlPullParserException { String androidJars = System.getenv("ANDROID_JARS"); if (androidJars == null) androidJars = System.getProperty("ANDROID_JARS"); if (androidJars == null) throw new RuntimeException("Android JAR dir not set"); System.out.println("Loading Android.jar files from " + androidJars); SetupApplication setupApplication = new SetupApplication(androidJars, apkFileName); setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt")); setupApplication.calculateSourcesSinksEntrypoints(xmlFileName); setupApplication.setEnableImplicitFlows(enableImplicitFlows); setupApplication.setEnableStaticFieldTracking(enableStaticFields); setupApplication.setFlowSensitiveAliasing(flowSensitiveAliasing); return setupApplication.runInfoflow(); }
/** * Analyzes the given APK file for data flows * @param fileName The full path and file name of the APK file to analyze * @param enableImplicitFlows True if implicit flows shall be tracked, * otherwise false * @param enableStaticFields True if taints in static fields shall be tracked, * otherwise false * @param flowSensitiveAliasing True if a flow-sensitive alias analysis * shall be used, otherwise false * @return The data leaks found in the given APK file * @throws IOException Thrown if the given APK file or any other required * file could not be found * @throws XmlPullParserException Thrown if the Android manifest file could * not be read. */ public InfoflowResults analyzeAPKFile(String fileName, boolean enableImplicitFlows, boolean enableStaticFields, boolean flowSensitiveAliasing) throws IOException, XmlPullParserException { String androidJars = System.getenv("ANDROID_JARS"); if (androidJars == null) androidJars = System.getProperty("ANDROID_JARS"); if (androidJars == null) throw new RuntimeException("Android JAR dir not set"); System.out.println("Loading Android.jar files from " + androidJars); SetupApplication setupApplication = new SetupApplication(androidJars, fileName); setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt")); setupApplication.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt"); setupApplication.setEnableImplicitFlows(enableImplicitFlows); setupApplication.setEnableStaticFieldTracking(enableStaticFields); setupApplication.setFlowSensitiveAliasing(flowSensitiveAliasing); return setupApplication.runInfoflow(); }
/** * Analyzes the given APK file for data flows * @param enableImplicitFlows True if implicit flows shall be tracked, * otherwise false * @return The data leaks found in the given APK file * @throws IOException Thrown if the given APK file or any other required * file could not be found * @throws XmlPullParserException Thrown if the Android manifest file could * not be read. */ private InfoflowResults analyzeAPKFile(boolean enableImplicitFlows) throws IOException, XmlPullParserException { String androidJars = System.getenv("ANDROID_JARS"); if (androidJars == null) androidJars = System.getProperty("ANDROID_JARS"); if (androidJars == null) throw new RuntimeException("Android JAR dir not set"); System.out.println("Loading Android.jar files from " + androidJars); SetupApplication setupApplication = new SetupApplication(androidJars, "insecureBank" + File.separator + "InsecureBank.apk"); setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt")); setupApplication.setEnableImplicitFlows(enableImplicitFlows); setupApplication.setLayoutMatchingMode(LayoutMatchingMode.MatchAll); setupApplication.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt"); return setupApplication.runInfoflow(); }
public static void main(String[] args) { startTime = System.currentTimeMillis(); long d = 0; Set<AndroidMethod> sources, sinks; log.info("Starting Intrumentation-PEP"); //arguments will be set Settings.instance.parseCommandLineArgs(args); log.info("Initialize Soot and FlowDroid."); //Soot is initialized Settings.instance.initialiseSoot(); //clean the sootOutput dir before start Util.clearSootOutputJimpleDir(); //parse the eventInformation.xml file in order to extract all information about the //events we will cover EventInformationParser eventInfoParser = new EventInformationParser(); Map<String, EventInformation> eventInformation = eventInfoParser.parseEventInformation(); if (log.isDebugEnabled()) { log.debug("All Event Information:"); for (String k: eventInformation.keySet()) { log.debug("event information for "+ k); log.debug(""+ eventInformation.get(k)); } log.debug(""); } SourcesSinks sourcesSinks = new SourcesSinks(); //get Android sources sources = sourcesSinks.getAndroidSourcesMethods(Settings.instance.sourceFile); //get Android sinks sinks = sourcesSinks.getAndroidSinkMethods(Settings.instance.sinkFile); //get SetupApplication SetupApplication setupApp = new SetupApplication(Settings.instance.androidJar == null ? Settings.instance.androidPlatforms : Settings.instance.androidJar, Settings.instance.apkFile); try{ //initialize SetupApplication setupApp.calculateSourcesSinksEntrypoints(sources, sinks); }catch(Exception ex){ ex.printStackTrace(); System.exit(0); } d = (System.currentTimeMillis() - startTime); log.info("Initialization done. Duration: "+ d +" ms."); log.info("Starting taint analysis and bytecode instrumentation."); startTime = System.currentTimeMillis(); runFlowDroid(setupApp, eventInformation); d = (System.currentTimeMillis() - startTime); log.info("Taint analysis and bytecode instrumentation have finished. Duration: " + d +" ms"); }
