CryptoAnalysis icon indicating copy to clipboard operation
CryptoAnalysis copied to clipboard

Published 20 hours ago verified publisher icon CROSSINGTUD

Analysis crashes when run on our own CryptoAnalysis-1.0.0-jar-with-dependencies.jar file

Open johspaeth opened this issue 6 years ago • 1 comments

When the analysis is run on the own jar file, the analysis crashes. (see strack trace below)

Soot reads in the jar file incorrectly and tries to load a class with a prefix

META-INF.version9.

Debug where this prefix comes from and why the analysis crashes.

java -cp CryptoAnalysis-1.0.0-jar-with-dependencies.jar crypto.HeadlessCryptoScanner --rulesDir=<path-to-rules> --applicationCp=<path-to-har>/CryptoAnalysis-1.0.0-jar-with-dependencies.jar 
Using call graph algorithm CHA
Exception in thread "main" java.lang.RuntimeException: Class names not equal! org.apache.logging.log4j.core.util.SystemClock != META-INF.versions.9.org.apache.logging.log4j.core.util.SystemClock
at soot.asm.SootClassBuilder.visit(SootClassBuilder.java:99)
at org.objectweb.asm.ClassReader.accept(ClassReader.java:637)
at org.objectweb.asm.ClassReader.accept(ClassReader.java:521)
at soot.asm.AsmClassSource.resolve(AsmClassSource.java:62)
at soot.SootResolver.bringToHierarchyUnchecked(SootResolver.java:240)
at soot.SootResolver.bringToHierarchy(SootResolver.java:212)
at soot.SootResolver.bringToSignatures(SootResolver.java:273)
at soot.SootResolver.bringToBodies(SootResolver.java:313)
at soot.SootResolver.processResolveWorklist(SootResolver.java:167)
at soot.SootResolver.resolveClass(SootResolver.java:137)
at soot.Scene.loadClass(Scene.java:861)
at soot.Scene.loadClassAndSupport(Scene.java:847)
at soot.Scene.loadNecessaryClasses(Scene.java:1602)
at crypto.HeadlessCryptoScanner.initializeSootWithEntryPointAllReachable(HeadlessCryptoScanner.java:304)
at crypto.HeadlessCryptoScanner.exec(HeadlessCryptoScanner.java:149)
at crypto.HeadlessCryptoScanner.main(HeadlessCryptoScanner.java:61)

johspaeth avatar Jul 16 '18 09:07 johspaeth

As CryptoAnalysis-1.0.0-jar-with-dependencies.jar no longer exists, I tested the problem with the current available CryptoAnalysis-2.8.0-jar-with-dependencies.jar and found the StackOverflowError. This error is generating from Boomerang when the Call graph is applied in the analysis transformer. The image indicating the analysis results. image_2021_07_27T15_52_40_271Z

Projucti avatar Aug 06 '21 13:08 Projucti

The jar from the Release doesn't throw any errors and performs the analysis as expected.

smeyer198 avatar Nov 30 '23 11:11 smeyer198