CryptoAnalysis icon indicating copy to clipboard operation
CryptoAnalysis copied to clipboard
verified publisher icon CROSSINGTUD

Soot Warning for Multidex Apk Scanning for Previous CogniCrypt_Android

Open LordAmit opened this issue 5 years ago • 3 comments

Hi,

I understand that a lot of things changed in the last few months as Cognicrypt_Android is being merged here.

I and my team was using CogniCrypt_SAST for Android from CROSSINGTUD/CryptoAnalysis-Android for research and found that it was giving this warning

[main] INFO soot.jimple.infoflow.android.SetupApplication - Initializing Soot...
[main] INFO soot.jimple.infoflow.android.SetupApplication - Loading dex files...
[main] WARN soot.dexpler.DexFileProvider - Multiple dex files detected, only processing 'classes.dex'. Use '-process-multiple-dex' option to process them all.

Components:

  • Using CryptoAnalysis-Android-1.0.0-jar-with-dependencies.jar
  • Using OpenJDK version 1.8.0_232 64 bit
  • Running on Ubuntu: 18.04 Kernel: 4.4.0-174-generic

This appears to be due to an issue in setting up Soot to process multidex apps. We thought we should inform you in case it is not already considered in the merged CogniCryptSAST.

Please let me know if this was the case. Thanks for creating CogniCrypt!

LordAmit avatar Jun 21 '20 03:06 LordAmit

Hi, could you please provide us a sample Android App that yields this warning?

AnakinRaW avatar Jun 25 '20 09:06 AnakinRaW

Yes! https://github.com/netmackan/ATimeTracker When an APK is created in debug mode (gradlew assembleDebug) and then scanned it will give the warning mentioned above.

For your convenience, I am attaching the apk I built here.

app-debug.apk.zip

LordAmit avatar Jun 25 '20 16:06 LordAmit

thx, it will be fixed for the next release!

AnakinRaW avatar Jul 09 '20 14:07 AnakinRaW