Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No sources found, aborting analysis #720

Open
tiash-roy opened this issue Mar 25, 2024 · 5 comments
Open

No sources found, aborting analysis #720

tiash-roy opened this issue Mar 25, 2024 · 5 comments

Comments

@tiash-roy
Copy link

Hi,

I am trying to run Flowdroid for various apps from playstore. I defined my own sources for each of the apps. But flowdrid could not detect any of the sources. For example, for the app Lazada my source was

<com.lazada.android.checkout.core.mode.biz.OrderTotalComponent: java.lang.String getTotalAmount()> -> _SOURCE_

But I am getting the message "No sources found, aborting analysis". Is there anything that I am missing? Your response would be very much appreciated. Thank you.
@t1mlange
Copy link
Contributor

FlowDroid only looks for sources in the reachable methods. Either the method isn't reachable or Soot incorrectly thinks the method is unreachable. As a first try, you could use CHA instead of SPARK (note that SPARK might be unsound when the Points-To information is incomplete. CHA is fully sound but a severe overapproximation, so only toggle this setting for testing). Otherwise, reflections might also cause the same behavior.

@tiash-roy
Copy link
Author

Thank you. May I please know how to understand if a method is reachable in the context of flowdroid?

@tiash-roy tiash-roy reopened this Mar 25, 2024
@StevenArzt
Copy link
Member

In general, a method is reachable if it is transitively called from the entry point. In an Android app, this entry point is the dummy main method that simulates the interactions between the Android OS and the app.

If we assume that our dummy main method is perfect (which it isn't), a method is reachable when it can be execued at runtime.

The easiest way to find out where your method is lost is to incrementally work your way backwards from the unreachable method. Is the method that contains the call to getTotalAmount reachable? If not, is the method that calls this method reachable? You repeat this approach until you find a method that is reachable, but its callee is not. You then need to find out why.

Another possibility is that your backward analysis will end in som callback that FlowDroid doesn't support. We can add that support once we know what is missing.

The easiest way to check a method is to look into method runTaintAnalysis in the AbstractInfoflowProblem. After the calls to scanMethodForSourcesSinks (outside the loop), query Scene.v().getReachableMethods() for the method you want to check.

@tiash-roy
Copy link
Author

I have analyzed the callgraph of the apk. The method is reachable. Here's the metod signature from the callgraph.

 node [
    id 106153
    label "Lcom/lazada/android/checkout/core/mode/biz/OrderTotalComponent;->getTotalAmount()Ljava/lang/String; [access_flags=public] @ 0x2a2570"
    external 0
    entrypoint 0
    methodname "getTotalAmount"
    descriptor "()Ljava/lang/String;"
    accessflags "public"
    classname "Lcom/lazada/android/checkout/core/mode/biz/OrderTotalComponent;"
  ]

@StevenArzt
Copy link
Member

If the method that conains the call to your source is reachable, the source should be found. If it isn't, you can debug into scanMethodForSourcesSinks . this method loops over all statements in a given Jimple method and for each statement checks whether this statement invokes a source.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@StevenArzt @t1mlange @tiash-roy