FlowDroid icon indicating copy to clipboard operation
FlowDroid copied to clipboard
verified publisher icon secure-software-engineering

The condition on checking valid layout XML files causes FNs

Open RichardHoOoOo opened this issue 3 years ago • 1 comments

Hi @StevenArzt

When collecting callbacks and fragments from xml layouts, FlowDroid requires the file name starting with "res/layout"

https://github.com/secure-software-engineering/FlowDroid/blob/fc5c2c72ea451f6fa54675cf4a44ca4170fc9989/soot-infoflow-android/src/soot/jimple/infoflow/android/resources/LayoutFileParser.java#L198

However, I found most apks, even open-source, seems to "obfuscate" the res/ folder. For example, if you unzip the wikipedia app, you will find there is no layout folder under the res folder and most xml files are just given random names.

Therefore, L198 may causes FNs. Do you think we can remove L198? Are there any side effects if we remove it?

RichardHoOoOo avatar Nov 04 '22 13:11 RichardHoOoOo

We can remove the check, but need to ensure that the parser doesn't fail for some unexpected XML formats or other file types that are cpontained in the "res" folder besides the layout files we're looking for.

Feel free to open a merge request once you have tested FlowDroid without the check on some apps. Maybe we need more careful checks in other places then.

StevenArzt avatar Nov 04 '22 13:11 StevenArzt