facebook
verifying propagations applied to the functions.
How do I verify which propagations are applied to a specific function, mariana-trench spends alot of time analysing functions like this
-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzdpv;.zzb:()Ljava/lang/Object;` took 15.10s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzekq;.zzb:()Ljava/lang/Object;` took 13.05s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzcrc;.zzb:()Ljava/lang/Object;` took 15.00s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzeaj;.zzb:()Ljava/lang/Object;` took 13.16s!
2023-09-26 13:10:52 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzdeb;.zzb:()Ljava/lang/Object;` took 13.11s!
2023-09-26 13:10:53 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzckj;.zzb:()Ljava/lang/Object;` took 13.02s!
2023-09-26 13:10:53 WARNING Analyzing `Lcom/google/android/gms/internal/ads/zzdpr;.zzb:()Ljava/lang/Object;` took 25.50s!
Is there a way to make mariana-trench apply either taint-in-taint-out and/or taint-in-taint-this propagation automatically?
If you just want to assume taint-in-taint-out and taint-in-taint-this for that function and skip its analysis, you can use a model:
{
"find": "methods",
"where": [
{
"constraint": "signature_match",
"parent": "Lcom/example/Logger;",
"name": "log"
}
],
"model": {
"modes" : ["skip-analysis", "taint-in-taint-out", "taint-in-taint-this"]
}
}
We usually do this for methods slow to analyze. You could try to understand why the analysis is slow, but that requires a good understanding of the analysis, and looking at a lot of logs.
We usually do this for methods slow to analyze. This is not very scalable when you are working on a bigger dataset of APKs so I am assuming using a model for a common set of functions is the way. Thanks!