Is there a taint analysis tool for open-source application

[bay0max]

Is there a taint analysis tool for open-source application which can analyze source code of application

[StevenArzt]

FlowDroid is a pure binary scanner. For analyzing source code, I recommend compiling the source to binary and then applying FlowDroid on the binary.

[bay0max]

yeah,it works.I'm just wondering if source code analysis would be more efficient?Have you guys ever tried taint analysis of source code?

[StevenArzt]

We have chosen bytecode analysis, because the bytecode format remains fairly constant over time. There are hardly ever any new bytecode instructions.

In source code, on the other hand, you need to integrate support for all new language features (lambdas, "var" parameter types, etc.). These features are "compiler magic", so with bytecode analysis, we can leave all the work of mapping these features to the bytecode to the compiler.

Lastly, we do a lot of research on Android apps crawled from stores. We simply don't have the source code. The same applies to some of the commercial Java programs we get for commercial penetration testing and analysis projects.