/** * Analyzes the given APK file for data flows * @param enableImplicitFlows True if implicit flows shall be tracked, * otherwise false * @return The data leaks found in the given APK file * @throws IOException Thrown if the given APK file or any other required * file could not be found * @throws XmlPullParserException Thrown if the Android manifest file could * not be read. */ private InfoflowResults analyzeAPKFile(boolean enableImplicitFlows) throws IOException, XmlPullParserException { String androidJars = System.getenv("ANDROID_JARS"); if (androidJars == null) androidJars = System.getProperty("ANDROID_JARS"); if (androidJars == null) throw new RuntimeException("Android JAR dir not set"); System.out.println("Loading Android.jar files from " + androidJars); SetupApplication setupApplication = new SetupApplication(androidJars, "insecureBank" + File.separator + "InsecureBank.apk"); setupApplication.setTaintWrapper(new EasyTaintWrapper("EasyTaintWrapperSource.txt")); setupApplication.setEnableImplicitFlows(enableImplicitFlows); setupApplication.setLayoutMatchingMode(LayoutMatchingMode.MatchAll); setupApplication.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt"); return setupApplication.runInfoflow(); }
public SetupApplicationJIT(String apkFileLocation, String sootCP, ISourceSinkDefinitionProvider sourceSinkProvider) { this.apkFileLocation = apkFileLocation; this.sootCP = sootCP; try { // Load Android callbacks this.androidCallbacks = Activator.getDefault().getAndroidCallbacks(); // Process manifest ProcessManifest processMan = new ProcessManifest(apkFileLocation); this.appPackageName = processMan.getPackageName(); this.entrypoints = processMan.getEntryPointClasses(); // Parse the resource file ARSCFileParser resParser = new ARSCFileParser(); resParser.parse(apkFileLocation); this.resourcePackages = resParser.getPackages(); // LayoutFileParser LayoutFileParser lfp = new LayoutFileParser(this.appPackageName, resParser); lfp.parseLayoutFile(apkFileLocation, entrypoints); // Create the SourceSinkManager Set<SootMethodAndClass> callbacks = new HashSet<>(); for (Set<SootMethodAndClass> methods : this.callbackMethods.values()) callbacks.addAll(methods); sourceSinkManager = new AccessPathBasedSourceSinkManager(sourceSinkProvider.getSources(), sourceSinkProvider.getSinks(), callbacks, LayoutMatchingMode.MatchSensitiveOnly, lfp == null ? null : lfp.getUserControlsByID()); sourceSinkManager.setAppPackageName(this.appPackageName); sourceSinkManager.setResourcePackages(this.resourcePackages); sourceSinkManager.setEnableCallbackSources(true); } catch (IOException | XmlPullParserException e) { LOGGER.error("Error initializing " + apkFileLocation); } }
private static String layoutMatchingModeToString(LayoutMatchingMode mode) { switch (mode) { case NoMatch: return "NONE"; case MatchSensitiveOnly: return "PWD"; case MatchAll: return "ALL"; default: return "unknown"; } }
/** * Sets the mode to be used when deciding whether a UI control is a source or not * * @param mode * The mode to be used for classifying UI controls as sources */ public void setLayoutMatchingMode(LayoutMatchingMode mode) { this.layoutMatchingMode = mode; }
