secure-software-engineering
How to use XML files as configuration?
I notice FlowDroid now allows to use XML files as configuration. Is there an example on how to do it? Thanks!
Have a look at the directory soot-infoflow-android\testXmlParser, there are a few XML files you can use as examples. The new format is much more expressive. You can, e.g., denote individual parameters as sinks, or only trigger a leak if a given access path reaches a given parameter. Same for sources, you can only taint specific access paths if you want.
Here is an example of a config file:
<?xml version="1.0"?>
<configuration>
<inputFiles>
<targetAPK>/inputApk/</targetAPK>
<sourceSinkFile>/sourceSinks.txt</sourceSinkFile>
<androidPlatform>/platforms</androidPlatform>
<outputFile>/outAnalysis</outputFile>
</inputFiles>
<androidConfiguration>
<enableCallbacks>true</enableCallbacks>
<layoutMatchingMode>NoMatch</layoutMatchingMode>
<mergeDexFiles>true</mergeDexFiles>
<callbackSourceMode>SourceListOnly</callbackSourceMode>
<callbackAnalysisTimeout>300</callbackAnalysisTimeout>
</androidConfiguration>
<iccConfiguration>
<purifyResults>true</purifyResults>
</iccConfiguration>
<dataFlowConfiguration>
<implicitFlowMode>NoImplicitFlows</implicitFlowMode>
<enableStaticFields>false</enableStaticFields>
<enableExceptions>false</enableExceptions>
<flowSensitiveAliasing>false</flowSensitiveAliasing>
<logSourcesAndSinks>false</logSourcesAndSinks>
<pathReconstructionMode>Fast</pathReconstructionMode>
<maxPathLength>1</maxPathLength>
<enableReflection >true </enableReflection>
<dataFlowTimeout>300</dataFlowTimeout>
<pathReconstructionTimeout>300</pathReconstructionTimeout>
</dataFlowConfiguration>
</configuration>
And for running the tool with a configuration file:
java -jar soot-infoflow-cmd-jar-with-dependencies.jar -c conf_file_path
where conf_file_path is the path for your conf file.
