Sven Meyer
Sven Meyer
Since CryptoAnalysis 3.1.0, each error `E` stores its preceding errors (errors that cause `E`) and subsequent errors (errors that are caused by `E`). However, there is no form of output...
#689 added (old) tests for the `HeadlessAndroidScanner`. Running them requires an Android SDK. However, since they are licensed and rather large, they cannot be uploaded to the GitHub remote directly,...
#683 added required components to extract transformed values. On a high level, new Boomerang queries are triggered to collect all required values and then corresponding operations are executed to determine...
The `handleMaps` option extends Boomerang's default behavior by tracking keys and values of maps. For example, in the following program, Boomerang finds the allocation site `new MapAlloc()`: ```java MapAlloc someValue...
Consider called statements when evaluating constraints and predicates. Reduce number of false positives because only statements from corresponding flows are considered. Close #810 Note: Requires a previous release of Boomerang
Currently, CryptoAnalysis does not take flow sensitivity into account when evaluating constraints and propagating predicates. Consider the following example: ```java byte[] bytes1 = new byte[10]; byte[] bytes2 = new byte[10];...
Many APIs use static fields to define predefined values. For example, the class `Cipher` has the fields `ENCRYPT_MODE` that allows to call the method `init` as `c.init(Cipher.ENCRYPT_MODE, ...)`. In reality,...