Sources/Sinks file is not loading

[alyosha-bar]

Hi,

I'm having issues running FlowDroid inside a Java Application. The issue is that the SourcesAndSinks file does not seem to be loading, even though I know that there is content in the file (because it is printing it)

` File tempApkFile = null;
try {
System.out.println("Creating temporary APK file...");
tempApkFile = File.createTempFile("uploaded", ".apk");
Files.copy(apkFile.getInputStream(), tempApkFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
System.out.println("Temporary APK file created at: " + tempApkFile.getAbsolutePath());

        // Initialize FlowDroid SetupApplication
        System.out.println("Initializing FlowDroid SetupApplication...");
        SetupApplication app = new SetupApplication(androidJarPath, tempApkFile.getAbsolutePath());

        System.out.println("Loading SourcesAndSinks.txt from classpath...");
        ClassPathResource resource = new ClassPathResource("SourcesAndSinks.txt");
        InputStream inputStream = resource.getInputStream();
        String sourcesAndSinksContent = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))
                .lines().collect(Collectors.joining("\n"));

        if (sourcesAndSinksContent.isEmpty()) {
            System.out.println("Error: SourcesAndSinks.txt is empty!");
            return "Error: SourcesAndSinks.txt is empty!";
        }

        System.out.println("SourcesAndSinks.txt loaded successfully. Contents:");
        System.out.println(sourcesAndSinksContent);

        System.out.println("Loading EasyTaintWrapper with SourcesAndSinks.txt...");
        EasyTaintWrapper wrapper = new EasyTaintWrapper(new File(resource.getURI()));

        // Set the wrapper
        app.setTaintWrapper(wrapper);

        try {
            Field sourcesField = wrapper.getClass().getDeclaredField("sources");
            sourcesField.setAccessible(true);
            Object sources = sourcesField.get(wrapper);
            System.out.println("Sources: " + sources);

            Field sinksField = wrapper.getClass().getDeclaredField("sinks");
            sinksField.setAccessible(true);
            Object sinks = sinksField.get(wrapper);
            System.out.println("Sinks: " + sinks);
        } catch (NoSuchFieldException | IllegalAccessException e) {
            e.printStackTrace();
        }

        System.out.println("Starting taint analysis...");
        InfoflowResults results = app.runInfoflow();

        System.out.println("Taint analysis completed.");
        System.out.println("Results: " + results);

        return results.toString();
    } catch (IOException | XmlPullParserException e) {
        System.err.println("Error during FlowDroid execution: " + e.getMessage());
        e.printStackTrace();
        return "Error during taint analysis: " + e.getMessage();
    } catch (Exception e) {
        System.err.println("Unexpected error: " + e.getMessage());
        e.printStackTrace();
        return "Unexpected error: " + e.getMessage();
    } finally {
        // ensure the temporary APK file is deleted
        if (tempApkFile != null && tempApkFile.exists()) {
            System.out.println("Deleting temporary APK file: " + tempApkFile.getAbsolutePath());
            tempApkFile.delete();
        }
        System.out.println("Finished execution.");
    }
}`

I get these two error messages:

java.lang.NoSuchFieldException: sources at java.base/java.lang.Class.getDeclaredField(Class.java:2841) at com.example.disso_demo.controller.FilesController.runFlowDroid(FilesController.java:108) at com.example.disso_demo.controller.FilesController.uploadFile(FilesController.java:55) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580)

Unexpected error: No source/sink file specified for the data flow analysis java.lang.RuntimeException: No source/sink file specified for the data flow analysis at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1460) at com.example.disso_demo.controller.FilesController.runFlowDroid(FilesController.java:125) at com.example.disso_demo.controller.FilesController.uploadFile(FilesController.java:55) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580)

[t1mlange]

I'd suggest you to use the debugger in your IDE. It's also obvious, based on the stack trace, that your code is trying to use reflection on a non-existing field.

Further, it doesn't even make sense to provide a list of sources and sinks to a taint wrapper aka function summaries.

[alyosha-bar]

I'd suggest you to use the debugger in your IDE. It's also obvious, based on the stack trace, that your code is trying to use reflection on a non-existing field.

Further, it doesn't even make sense to provide a list of sources and sinks to a taint wrapper aka function summaries.

Hi, thanks for your reply. I am pretty new to this, can you clarify what you mean by "reflection on a non-existing field." And, if possible, I would love it if you shared a resource I can use to learn how to use FlowDroid in a Java app better, because it seems like currently my code is nonsense.

Thanks again