facebook/mariana-trench

Sink on no-source-code method

Closed this issue · 2 comments

Is it possible to define a sink model on a method which is not implemented inside the apk?
According to the documentation that method (let say the method foo from Service, not defined/implemented inside the apk) will have the default model, which corresponds to what I see on the verbose output:

INFO Instruction: INVOKE_VIRTUAL v0, v4, Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;
WARNING Unable to resolve call to `Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;`
INFO Getting model for virtual call ``
INFO Callee model: 
Model(method=``,
  modes={ skip-analysis add-via-obscure-feature taint-in-taint-out})

But immediately after those lines I get:

INFO Processing sinks for call to `Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;`
INFO Processing propagations for call to `Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;`
INFO Processing generations for call to `Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;`

So, it seems that is trying to process sinks/propagations/generations for that method...
Is it possible to define sinks/propagations for that method? how can I do that?

Thanks!

Apparently, Mariana Trench doesn't know the method Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;. You should first solve that problem before you can add sinks on it.

You will need to provide a jar that defines that method to Mariana Trench using the --system-jar-configuration-path option.

INFO Processing sinks for call to Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;
INFO Processing propagations for call to Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;
INFO Processing generations for call to Lcom/example/demo/Service;.foo:(Ljava/lang/String;)Ljava/lang/String;

Those lines are misleading, please ignore them.

Yes! That's what I thought!
But those INFO lines were confusing me...
Thanks arthaud!