Select and highlight code on risk report click
Closed this issue · 5 comments
Currently, on click I have it opening the correct file and scrolling to the line and flagging the line on the side. I need to modify it to highlight the line.
Also, currently you have to select an item, then click a button to initiate the process which is undesireable. I need to discover how to capture a gridview click event on the dynamically loaded items.
It now captures the click on the gridview, opens the correct file and scrolls to the line. The source line numbers are off a bit. Need to identify the problem
Using baksmali, it is clear that method definitions do not have debug information in the .dex file that show the source line/column.
Tapas is using the line number of the first instruction with source info as the method def's source info. This wont work, but perhaps we could use a regex on the visualization side to correct for this.
Here is a related problem in the output:
{
"risk_score": 100,
"method": "doInBackground",
"file_name": "AppScanner.java",
"class_name": "com.example.agentsmith.AppScanner",
"short_description": "",
"long_description": "",
"start_line": 1,
"start_col": 0,
"sub_annotations": [
..., {
"start_line": 1,
"end_line": 1,
"start_col": 0,
"description": "com.example.agentsmith.AppScanner.doInBackground"
},
...
]
}
We want this method:
# virtual methods
.method protected varargs doInBackground([Ljava/lang/String;)Ljava/lang/Integer;
.registers 43
.param p1, "params" # [Ljava/lang/String;
.prologue
.line 42
move-object/from16 v0, p0
But we are getting the bridge method as the caller and callee (and thus the line 1 instead of line 42 in both annotation and subannotation):
.method protected bridge varargs synthetic doInBackground([Ljava/lang/Object;)Ljava/lang/Object;
.registers 3
.prologue
.line 1
check-cast p1, [Ljava/lang/String;
invoke-virtual {p0, p1}, Lcom/example/agentsmith/AppScanner;->doInBackground([Ljava/lang/String;)Ljava/lang/Integer;
move-result-object v0
return-object v0
.end method
from http://source.android.com/devices/tech/dalvik/dex-format.html
access_flags Definitions:
...
ACC_BRIDGE 0x40 bridge method, added automatically by compiler as a type-safe bridge
...
EDIT:
workaround for ClassDef.methods:
// dropping bridge methods since they are compiler generated and do not add
// useful call site analysis at this point
lazy val methods = combine[MethodDef](directMethods, virtualMethods).filter((md) => !md.isBridge)
The following output demonstrates why some invocations lack source info in Tapas. The debug info line for the method call in the dedexed output (.line 64) precedes the .local and :try which causes Tapas to lose the line number. Tapas needs to look "backward" for previous debug line numbers. I will investigate how to accomplish this.
Source code:
62: FileOutputStream fos;
63: try {
64: fos = c.openFileOutput(aaa, Context.MODE_PRIVATE);
Abbreviated dedexed output (baksmali):
.line 64
.local v2, "curse":Landroid/database/Cursor;
:try_start_36
move-object/from16 v0, p0
iget-object v0, v0, L.../CrashdumpHandler;->c:Landroid/content/Context;
move-object/from16 v16, v0
const-string v17, "aaa"
const/16 v18, 0x0
invoke-virtual/range {v16 .. v18}, Landroid/content/Context;->openFileOutput(Ljava/lang/String;I)Ljava/io/FileOutputStream;
move-result-object v6
.line 65
.local v6, "fos":Ljava/io/FileOutputStream;
const-string v16, "detecttime"
move-object/from16 v0, v16
invoke-interface {v2, v0}, Landroid/database/Cursor;->getColumnIndex(Ljava/lang/String;)I
move-result v13
EDIT:
workaround:
modifed DexReader.readInstructions() to use previous debug table entry for the instruction without debug info. It works for all tested cases at least... the bridge has not collapsed yet:)