what generations means in model_generators's model ? eg.ImplicitIntentSourceGenerator.json
Closed this issue · 2 comments
The model attribute of model_generators in the document only provides sources, sinks, and propagation, and the value of generations is not found.
But in ImplicitIntentSourceGenerator.json, generations are used. I want to know what is the difference between generations and sources, or what generations means, is it to initialize a class as a source, or...
ImplicitIntentSourceGenerator.json ->
{
"model_generators": [
{
"find": "methods",
"where": [
{
"constraint": "parent",
"inner": {
"constraint": "name",
"pattern": "Landroid/content/Intent;"
}
},
{
"constraint": "name",
"pattern": "\\<init\\>"
},
{
"constraint": "not",
"inner": {
"constraint": "signature",
"pattern": ".*Ljava/lang/Class;.*"
}
}
],
"model": {
"**generations**": [
{
"kind": "IntentCreation",
"port": "Argument(0)"
}
]
}
}
]
}
rules
I found that there are many functions in use that are not reflected in the document.
For example model's key = generations,The relationship between multi_sources and partial_sinks in rules.json is And or or, for example, User input flows into implicitly launched intent rule, the text means that external input is passed to new Intent(...) and then launched intent.
I think the process should be
1, User Input -> Intent test = this.getIntent();
2, Intent ha = new Intent(test);
3, startActivity(ha);
But multi_sources seems to be an or relationship,
1, User Input-> Intent test = this.getIntent();
3, startActivity(ha);
or
2, Intent ha = new Intent(test);
3, startActivity(ha);
{
"name": "User input flows into implicitly launched intent",
"code": 3,
"description": "Values from user-controlled source may eventually flow into an implicit intent and intent launcher",
"multi_sources": {
"a": [
"IntentCreation"
],
"b": [
"FragmentUserInput",
"ActivityUserInput",
"ReceiverUserInput",
"ServiceUserInput"
]
},
"partial_sinks": [
"LaunchingComponent"
]
},
Hi @gitWK86, thanks for reaching out.
See #48 (comment) for the difference between source and generation.
Regarding the rules: those are multi-source sink rules, which are currently not described in the documentation. cc @yuhshin-oss
Thanks arthaud!