Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added virtual edge to AsyncTask.onCancelled(java.lang.Object) #1921

Closed
wants to merge 1 commit into from
Closed

added virtual edge to AsyncTask.onCancelled(java.lang.Object) #1921

wants to merge 1 commit into from

Conversation

jpstotz
Copy link
Contributor

@jpstotz jpstotz commented Oct 27, 2022

The virtual edges for android.os.AsyncTask methods onPreExecute() onProgressUpdate(java.lang.Object[]) and onPostExecute(java.lang.Object) were already defined, but onCancelled(java.lang.Object) is missing.

As we already include onProgressUpdate without a check if publishProgress is ever called we should also add a virtual edge for onCancelled (without checking if cancel(boolean) is ever called on the task.

The method signature has been verified in a practical test.

@StevenArzt
Copy link
Contributor

@jpstotz Dein MR hat Conflicts

@jpstotz
Copy link
Contributor Author

jpstotz commented Oct 27, 2022

@StevenArzt Yes, I have seen that, will fix that.

The reason I have not fixed the conflict yet is that on a second thought connecting AsyncTask.execute with onCanceled is may be not the best way. I made some experiments with connecting AsyncTask.cancel(boolen) with onCanceled which would be the correct approach.

Unfortunately Soot does not allow to use a full signature with an instance entry in the virtual edges XML file. In my opinion the whole virtual edges system is pretty dangerous as all instance methods are only connected based on their subsignature totally ignoring the class they are implemented in. For subsignatures that are pretty unusual like android.os.AsyncTask execute(java.lang.Object[]) the chance is very low that a different method has the same signature but is unrelated to AsyncTask, but for a signature like boolean cancel(boolean) a false positive is pretty likely, you just need a second method with void onCancelled(java.lang.Object as subsignature in the same class.

Therefore I searched for an easy way to improve the whole system but as usual this isn't that easy with soot...

@StevenArzt
Copy link
Contributor

@jpstotz We check the base object, so we ensure that it's the same instance on which the methods are called. That's why we have the reference types (base/parameter) in the XML. We don't have full signatures, so we can't distinguish between two classes that have the same methods, but only one of which we want to treat as a callback. However, that doesn't make the analysis object-insensitive from there on, it just means that we follow the objects for potentially spurios methods that shouldn't be callbacks.

@jpstotz jpstotz closed this May 24, 2024
@jpstotz jpstotz deleted the asynctask branch May 24, 2024 09:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jpstotz @StevenArzt