secure-software-engineering / cova Goto Github PK

you said "we plan to turn COVA into an on-demand analysis such that it only computes a constraint for a given statement instead of computing a constraint map for all reachable statements." in paper "A Qualitative Analysis of Android Taint-Analysis Results".did you have implemented it?

Hi, I have read the paper and tried your tool. However, I want to extract Interprocedural path constraints from an Android apk. But I am not properly sure how to modify COVA to do that (since COVA is created for Taint analysis). Can you please tell me if you have any idea how to do that or any idea how to move forward in that direction?

The path constraints don't have to be starting from dummyMainMethod. It can simply start from any method (i.e., a callback function of Android framework) and end in its' return statements. But in my case, I need the Interprocedural path constraints starting from that function. Any help is highly appreciated.

Thanks in advance!

I would like to use COVA as a command line tool. However, I couldn't find cova.jar in my target folder. There are other jars present (See my target directory for instance):
I tried mvn install in the root directory as well.

d----- 28-07-2022 08.58 PM classes
d----- 28-07-2022 08.58 PM maven-archiver
d----- 28-07-2022 08.58 PM maven-status
d----- 02-08-2022 06.02 PM surefire-reports
d----- 28-07-2022 08.58 PM test-classes
-a---- 02-08-2022 06.03 PM 36207482 cova-0.0.1-SNAPSHOT-shaded.jar
-a---- 02-08-2022 06.03 PM 36207482 cova-0.0.1-SNAPSHOT.jar
-a---- 02-08-2022 06.03 PM 36207482 original-cova-0.0.1-SNAPSHOT.jar

Hello,

I have just compiled cova and tried to test it with cmd following the example you provided in the main git page of this project. Unfortunately, I face this error and cannot get the analysis result:

malina@malina-OptiPlex-7060:~/Documents/Tools/COVA$ java -jar ./cova/target/cova-0.0.1-SNAPSHOT.jar -android -config cova/src/test/resources/config -p ../Benchmarks/AndroidPlatforms/ -apk constraintBench/androidApps/apks/Callbacks1.apk
[main] INFO cova.setup.RunFlowDroid - Run FlowDroid...
Exception in thread "main" java.lang.NoClassDefFoundError: javax/activation/UnsupportedDataTypeException
at cova.setup.RunFlowDroid.run(RunFlowDroid.java:89)
at cova.runner.AndroidApkAnalyzer.analyzeApk(AndroidApkAnalyzer.java:297)
at cova.runner.AndroidApkAnalyzer.analyze(AndroidApkAnalyzer.java:231)
at cova.runner.AndroidApkAnalyzer.main(AndroidApkAnalyzer.java:89)
at cova.Main.main(Main.java:99)
Caused by: java.lang.ClassNotFoundException: javax.activation.UnsupportedDataTypeException
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:583)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 5 more

I would be grateful if you can help me with solving it asap.

I'm trying to build the project install using the docker image built from this dockerfile.

Steps were taken to build:

• Built the Z3 docker image
• Cloned the repo and mounted source repo inside the docker image, using this command:
  docker run -it -v $(pwd):/mnt cova:test /bin/bash
• Installed the dependencies inside the docker:
  root@xyz:/mnt/cova# localLibs/install_local_libs.sh
• Ran mvn install:
  root@xyz:/mnt/cova# mvn install

I am getting the following error:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 33.538 s
[INFO] Finished at: 2021-07-06T22:06:47Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project cova: Could not resolve dependencies for project de.upb.swt:cova:jar:0.0.1-SNAPSHOT: Could not find artifact de.upb.swt:constraintBench:jar:0.0.1-SNAPSHOT in soot-snapshot (https://soot-build.cs.uni-paderborn.de/nexus/repository/soot-snapshot/) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

Are these steps correct or am I missing any steps?

Thanks for all the help!
-Akshat