SuSi icon indicating copy to clipboard operation
SuSi copied to clipboard
verified publisher icon secure-software-engineering

Classification categories

Open ezamorab opened this issue 7 years ago • 3 comments

Hi, @StevenArzt

Is there any documentation that talks about the different categories and the content of each one in detail? I can only find out what the categories are, but there is no mention, for example, of what the "network" category encompasses.

Thanks.

ezamorab avatar Nov 18 '18 11:11 ezamorab

We unfortunately do not have any precise description of the categories. We hoped that they would be self-explanatory. If this is not the case or you find any misclassifications, feel free to report (and ideally propose a fix for) that.

StevenArzt avatar Nov 19 '18 09:11 StevenArzt

@StevenArzt How can I annotate sources and sinks ? FlowDroid does not recognise categories.

pranavgaikwad avatar Nov 19 '18 19:11 pranavgaikwad

The category syntax depends on the input format that you use. FlowDroid supports a newer XML-based format that is much more expressive than the old text-style format. Since FlowDroid and Susi share the same data objects, you should be able to use this newer format for Susi as well. You can have a look here: https://github.com/secure-software-engineering/FlowDroid/blob/master/soot-infoflow-android/testXmlParser/complete.xml.

If you want to use the old and simpler format, it looks like this:

<com.android.server.connectivity.Tethering$TetherMasterSM$InitialState: boolean turnOnUpstreamMobileConnection(int)> (1) -> _SINK_|_PHONE_CONNECTION_

In that case, PHONE_CONNECTION is the category.

StevenArzt avatar Nov 20 '18 11:11 StevenArzt