Open
Description
When calling sink multiple times, how can I distinguish the source of each call in the result report?
When the source code is as follows, I will find 2 leaks, just as I expected
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
val s1 = source1();
val s2 = source2();
val s3 = source3();
val s4 = source4();
sink(s1+s2)
sink(s3+s4)
}<Results>
<Result>
<Sink Statement="specialinvoke r0.<com.example.myapplication.MainActivity: void sink(java.lang.String)>($r2)" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: void sink(java.lang.String)>">
<AccessPath Value="$r2" Type="java.lang.String" TaintSubFields="true"/>
</Sink>
<Sources>
<Source Statement="$r2 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source1()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source1()>">
<AccessPath Value="$r2" Type="java.lang.String" TaintSubFields="true"/>
</Source>
<Source Statement="$r3 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source2()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source2()>">
<AccessPath Value="$r3" Type="java.lang.String" TaintSubFields="true"/>
</Source>
</Sources>
</Result>
<Result>
<Sink Statement="specialinvoke r0.<com.example.myapplication.MainActivity: void sink(java.lang.String)>($r4)" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: void sink(java.lang.String)>">
<AccessPath Value="$r4" Type="java.lang.String" TaintSubFields="true"/>
</Sink>
<Sources>
<Source Statement="$r5 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source4()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source4()>">
<AccessPath Value="$r5" Type="java.lang.String" TaintSubFields="true"/>
</Source>
<Source Statement="$r4 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source3()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source3()>">
<AccessPath Value="$r4" Type="java.lang.String" TaintSubFields="true"/>
</Source>
</Sources>
</Result>
</Results>If I call sink in outersink, I will only find one leak, and I cannot directly distinguish which sources are used each time the sink is called.
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
val s1 = source1();
val s2 = source2();
val s3 = source3();
val s4 = source4();
outersink(s1+s2)
outersink(s3+s4)
}<Result>
<Sink Statement="specialinvoke r0.<com.example.myapplication.MainActivity: void sink(java.lang.String)>($r1)" Method="<com.example.myapplication.MainActivity: void outersink(java.lang.String)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: void sink(java.lang.String)>">
<AccessPath Value="$r1" Type="java.lang.String" TaintSubFields="true"/>
</Sink>
<Sources>
<Source Statement="$r5 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source4()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source4()>">
<AccessPath Value="$r5" Type="java.lang.String" TaintSubFields="true"/>
</Source>
<Source Statement="$r2 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source1()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source1()>">
<AccessPath Value="$r2" Type="java.lang.String" TaintSubFields="true"/>
</Source>
<Source Statement="$r3 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source2()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source2()>">
<AccessPath Value="$r3" Type="java.lang.String" TaintSubFields="true"/>
</Source>
<Source Statement="$r4 = specialinvoke r0.<com.example.myapplication.MainActivity: java.lang.String source3()>()" Method="<com.example.myapplication.MainActivity: void onCreate(android.os.Bundle)>" MethodSourceSinkDefinition="<com.example.myapplication.MainActivity: java.lang.String source3()>">
<AccessPath Value="$r4" Type="java.lang.String" TaintSubFields="true"/>
</Source>
</Sources>
</Result>Is there a way I can distinguish the sources that flow to the sink each time? Thank you for your time.
Metadata
Metadata
Assignees
Labels
No labels