Description
Hello, I'm a beginner in taint analysis. I encountered a problem when using FlowDroid to analyze OkHttp3. I want to find all the network transmission-related methods and their corresponding URLs in an APK. During preprocessing, I instrument the URL strings, wrap them with Date.getConstString, and use <java.util.Date: java.lang.String getConstString(java.lang.String)> as the source and <okhttp3.Call: void enqueue(okhttp3.Callback)> as the sink.
Here is the decompiled result of my APK.
String temp226 = Date.getConstString("https://xxxxxxxx?q=");
String $r102 = z1.d(temp226, $r10, "xxxxx");
Request.Builder $r19 = new Request.Builder();
Request $r20 = $r19.url($r102).build();
OkHttpClient $r21 = b61.d;
Call $r222 = $r21.newCall($r20);
a61 $r23 = new a61($r17);
$r222.enqueue($r23);
The current issue is that FlowDroid found 0 leaks. What could be the reason? Where does the flow from source to sink break? If I want to find this leak, what should I do approximately? Do you have any suggestions?
Looking forward to your reply. Thank you very much.