Comments (3)
GoogleCodeExporter
commented on August 22, 2024
Fixed:
Callbacks_LocationLeak1
Callbacks_LocationLeak2
Callbacks_LocationLeak3
FieldAndObjectSensitivity_FieldSensitivity3
Lifecycle_ActivityLifecycle3
Lifecycle_ServiceLifecycle1
False positive:
Callbacks_MultiHandlers1: Due to object sensitivity (I think)
ArraysAndLists_ArrayAccess1: type imprecision
ArraysAndLists_ArrayAccess2: type imprecision
ArraysAndLists_ListAccess1: type imprecision
FieldAndObjectSensitivity_FieldSensitivity4: Due to flow sensitivity
FieldAndObjectSensitivity_ObjectSensitivity2: flow sensitivity
GeneralJava_UnreachableCode: We are not whole-program analysis...
True negative: We don't handle implicit flow
GeneralJava_Exceptions4
ImplicitFlows_ImplicitFlow1
ImplicitFlows_ImplicitFlow2
ImplicitFlows_ImplicitFlow3
ImplicitFlows_ImplicitFlow4
Original comment by [email protected] on 16 Sep 2013 at 7:56
from type-inference.
GoogleCodeExporter
commented on August 22, 2024
AndroidSpecific_PrivateDataLeak1: I don't think there is a leak, because
"sendMessage" isn't called in the life circle of Activity.
Original comment by [email protected] on 16 Sep 2013 at 8:05
from type-inference.
GoogleCodeExporter
commented on August 22, 2024
New Test Results:
False Positive:
AndroidSpecific_InactiveActivity
SUB-102: InactiveActivity.java:27(213):VAR_imei{@Secret} <:
(InactiveActivity.java:29(221):EXP_Log.i("INFO", imei){@Secret} =m=>
zLIB:android.util.Log:0(226):VAR_arg1{@Tainted})
ArraysAndLists_ArrayAccess1
SUB-153:
(ArrayAccess1.java:39(308):EXP_arrayData[ArrayAccess1.java:39(309):#INTERNAL#]{@
Secret} =f=> ArrayAccess1.java:39(309):#INTERNAL#{@Poly}) <:
ArrayAccess1.java:39(307):EXP_arrayData[2]{@Tainted}
ArraysAndLists_ListAccess1
SUB-187: (ListAccess1.java:27(242):THIS_onCreate(android.os.Bundle){@Secret}
=f=>
ListAccess1.java:25(239):VAR_listData:[ListAccess1.java:25(240):#INTERNAL#]{@Pol
y}) <:
ListAccess1.java:38(342):EXP_listData:[ListAccess1.java:38(343):#INTERNAL#]{@Tai
nted}
FieldAndObjectSensitivity_FieldSensitivity4
SUB-122: (FieldSensitivity4.java:30(258):VAR_data1{@Secret} =f=>
FieldSensitivity4.java:39(286):VAR_value{@Poly}) <:
FieldSensitivity4.java:33(285):EXP_data1.value{@Tainted}
FieldAndObjectSensitivity_ObjectSensitivity2
1:
SUB-157: (OverwiteValue.java:28(261):VAR_ds{@Secret} =f=>
DataStore.java:4(229):VAR_field{@Poly}) <:
OverwiteValue.java:41(332):EXP_ds.field{@Tainted}
2:
SUB-152: OverwiteValue.java:27(260):VAR_var{@Secret} <:
(OverwiteValue.java:39(298):VAR_sms{@Secret} =m=>
zLIB:android.telephony.SmsManager:0(310):VAR_arg2{@Tainted}
Negative Positive:
AndroidSpecific_PrivateDataLeak1
Callbacks_AnonymousClass1 (There are two leaks, only catch one)
Callbacks_Button2 (There are two potential leaks, only catch one)
Callbacks_LocationLeak3 (There are two leaks, only catch one)
GeneralJava_Exceptions4
ImplicitFlows_ImplicitFlow2
ImplicitFlows_ImplicitFlow3
ImplicitFlows_ImplicitFlow4
PS: When run the program, there are warnings like:
Lifecycle_ActivityLifecycle4/src/de/ecspride/MainActivity.java:25: warning:
onCreate(android.os.Bundle) in de.ecspride.MainActivity cannot override
onCreate(android.os.Bundle) in android.app.Activity; attempting to use an
incompatible receiver type
protected void onCreate(Bundle savedInstanceState) {
^
found : @Mutable @Secret MainActivity
required: @Mutable @Poly Activity
Original comment by [email protected] on 17 Sep 2013 at 3:34
from type-inference.
Related Issues (7)
- TODO LIST for Taint Analysis for Andoid Apps By Ana HOT 2
- Bug in special handling of Map structures like hashmap, request HOT 2
- Should not disallow Secret parameter for non-private static methods HOT 3
- Ana's conflict resolution algorithm HOT 1
- Reim-Infer chokes on static or block initializers HOT 2
- Empty method name output for anonymous inner class with non-nullary constructor
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from type-inference.