soot
soot copied to clipboard
soot-oss
Soot call graph did not fully parse the call chain
Describe the bug Soot call graph did not fully parse the call chain
The complete call chain should include vulnerability functions in the class Book , But in the course of debugging, I couldn't trace the invocation in CallGraph from the method getTitle() within the class TestCaseDroid.test.MultilevelCall.Book to the method vulnerable() also within the same class
Input file
public class LibraryApplication {
public static void main(String[] args) {
Library library = new Library();
LibraryService libraryService = new LibraryService(library);
Book book1 = new Book("Java Fundamentals", "John Doe");
Book book2 = new Book("Advanced Java", "Jane Doe");
libraryService.addBookToLibrary(book1);
libraryService.addBookToLibrary(book2);
System.out.println("Searching for 'Java Fundamentals':");
libraryService.displayBooksByTitle("Java Fundamentals");
}
}
import java.util.List;
public class LibraryService {
private Library library;
public LibraryService(Library library) {
this.library = library;
}
public void addBookToLibrary(Book book) {
library.addBook(book);
}
public void displayBooksByTitle(String title) {
List<Book> books = library.searchByTitle(title);
for (Book book : books) {
System.out.println(book);
}
}
}
import java.util.ArrayList;
import java.util.List;
public class Library {
private List<Book> books;
public Library() {
this.books = new ArrayList<>();
}
public void addBook(Book book) {
books.add(book);
}
public List<Book> searchByTitle(String title) {
List<Book> foundBooks = new ArrayList<>();
for (Book book : books) {
if (book.getTitle().equalsIgnoreCase(title)) {
foundBooks.add(book);
book.vulnerable();
}
}
return foundBooks;
}
}
package TestCaseDroid.test.MultilevelCall;
public class Book {
private String title;
private String author;
public Book(String title, String author) {
this.title = title;
this.author = author;
}
public String getTitle() {
vulnerable();
return title;
}
public String getAuthor() {
return author;
}
public void vulnerable(){
//vulnerable code
System.out.println("vulnerable");
}
@Override
public String toString() {
return "Book{" +
"title='" + title + '\'' +
", author='" + author + '\'' +
'}';
}
}
Options.v().setPhaseOption("cg.cha", "on");
CHATransformer.v().transform();
CallGraph callGraph = Scene.v().getCallGraph();
output
Entry method: <TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.Book: void <init>(java.lang.String,java.lang.String)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void displayBooksByTitle(java.lang.String)>
<TestCaseDroid.test.MultilevelCall.LibraryService: void displayBooksByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)>
<TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Book: void vulnerable()>
<TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Book: java.lang.String getTitle()>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void addBookToLibrary(TestCaseDroid.test.MultilevelCall.Book)>
<TestCaseDroid.test.MultilevelCall.LibraryService: void addBookToLibrary(TestCaseDroid.test.MultilevelCall.Book)> may call <TestCaseDroid.test.MultilevelCall.Library: void addBook(TestCaseDroid.test.MultilevelCall.Book)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void <init>(TestCaseDroid.test.MultilevelCall.Library)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.Library: void <init>()>
