Fengguo Wei
Fengguo Wei
And one more question. In ActivityCommunication2, I think we should also consider implicit ICC call as sink (since in other bench app we are considering such sink).Thus 2 leakage path...
startActivity(i); at OurFlowActivity.java But as it is an implicit call, outsider may get it, thus it is a sink.
But an attacker can also register an Action as "edu.mit.icc_action_string_operations", then get your intent.
That's a nice point. It is hard to have a consistent criteria. We should have some scope assumption, and have different defining of problem. IntentSource1 has 2 leak paths, that...
I forget to update the website. The Akka actor code has been removed.
Maybe you can take a look at this example: https://github.com/arguslab/Argus-SAF-playground/blob/master/src/main/scala/org/argus/play/random/RetriveStringFromSourceOrSink.scala . The basic idea is first build a map between URL instance to url string. Then do the taint analysis...
1. Depends on your purpose, I recommend using AndroidReachingFactsAnalysis over InterProceduralSuperSpark, because InterProceduralSuperSpark is good at doing reachability analysis but not taint analysis. 2. This only tells you your method...
You are right. Of cause you can use AndroidReachingFactsAnalysis to start from your defined entry point as well. But in this case you have to prepare your own initialfacts.
For your first point, can you tell me more detail of what you mean? or you can show me your example. Second point, if you successfully build the map, then...
This example is more complex. Because it will do a lot of string operation to generate the final URL. The line you pointing is assign the baseurl to a variable...