Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Soot call graph did not fully parse the call chain #2064

Open
NiceAsiv opened this issue Apr 1, 2024 · 1 comment
Open

Soot call graph did not fully parse the call chain #2064

NiceAsiv opened this issue Apr 1, 2024 · 1 comment

Comments

@NiceAsiv
Copy link

NiceAsiv commented Apr 1, 2024

Describe the bug
Soot call graph did not fully parse the call chain

The complete call chain should include vulnerability functions in the class Book , But in the course of debugging, I couldn't trace the invocation in CallGraph from the method getTitle() within the class TestCaseDroid.test.MultilevelCall.Book to the method vulnerable() also within the same class

Input file

public class LibraryApplication {
    public static void main(String[] args) {
        Library library = new Library();
        LibraryService libraryService = new LibraryService(library);

        Book book1 = new Book("Java Fundamentals", "John Doe");
        Book book2 = new Book("Advanced Java", "Jane Doe");

        libraryService.addBookToLibrary(book1);
        libraryService.addBookToLibrary(book2);

        System.out.println("Searching for 'Java Fundamentals':");
        libraryService.displayBooksByTitle("Java Fundamentals");
    }
}
import java.util.List;

public class LibraryService {
    private Library library;

    public LibraryService(Library library) {
        this.library = library;
    }

    public void addBookToLibrary(Book book) {
        library.addBook(book);
    }

    public void displayBooksByTitle(String title) {
        List<Book> books = library.searchByTitle(title);
        for (Book book : books) {
            System.out.println(book);
        }
    }
}
import java.util.ArrayList;
import java.util.List;

public class Library {
    private List<Book> books;

    public Library() {
        this.books = new ArrayList<>();
    }

    public void addBook(Book book) {
        books.add(book);
    }

    public List<Book> searchByTitle(String title) {
        List<Book> foundBooks = new ArrayList<>();
        for (Book book : books) {
            if (book.getTitle().equalsIgnoreCase(title)) {
                foundBooks.add(book);
                book.vulnerable();
            }
        }
        return foundBooks;
    }
}
package TestCaseDroid.test.MultilevelCall;

public class Book {
    private String title;
    private String author;

    public Book(String title, String author) {
        this.title = title;
        this.author = author;
    }

    public String getTitle() {
        vulnerable();
        return title;
    }

    public String getAuthor() {
        return author;
    }


    public void vulnerable(){
        //vulnerable code
        System.out.println("vulnerable");
    }

    @Override
    public String toString() {
        return "Book{" +
                "title='" + title + '\'' +
                ", author='" + author + '\'' +
                '}';
    }
}
     Options.v().setPhaseOption("cg.cha", "on");
                    CHATransformer.v().transform();
                    CallGraph callGraph = Scene.v().getCallGraph();

output

Entry method: <TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.Book: void <init>(java.lang.String,java.lang.String)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void displayBooksByTitle(java.lang.String)>
<TestCaseDroid.test.MultilevelCall.LibraryService: void displayBooksByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)>
<TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Book: void vulnerable()>
<TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Book: java.lang.String getTitle()>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void addBookToLibrary(TestCaseDroid.test.MultilevelCall.Book)>
<TestCaseDroid.test.MultilevelCall.LibraryService: void addBookToLibrary(TestCaseDroid.test.MultilevelCall.Book)> may call <TestCaseDroid.test.MultilevelCall.Library: void addBook(TestCaseDroid.test.MultilevelCall.Book)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void <init>(TestCaseDroid.test.MultilevelCall.Library)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.Library: void <init>()>
@NiceAsiv
Copy link
Author

NiceAsiv commented Apr 1, 2024

o(╥﹏╥)oo(╥﹏╥)oo(╥﹏╥)oo(╥﹏╥)oo(╥﹏╥)o

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NiceAsiv