中文亚洲精品无码_熟女乱子伦免费_人人超碰人人爱国产_亚洲熟妇女综合网

當前位置: 首頁 > news >正文

app應用程序百度小程序關鍵詞優(yōu)化

app應用程序,百度小程序關鍵詞優(yōu)化,蘇州網(wǎng)站開發(fā)建設方案,重慶市人力資源和社會保障網(wǎng)FlowDroid 一、處理流程學習 下載配置源碼概況代碼邏輯分析analyzeAPKFilerunInfoflowprocessEntryPointcalculateCallbacks(sourcesAndSinks)再次回到processEntryPoint 自己做一些筆記 下載配置 參照我前面的文章可以使用FlowDroid安裝初體驗 為了看代碼了解FlowDroid如何處…

FlowDroid 一、處理流程學習

  • 下載配置
  • 源碼概況
  • 代碼邏輯分析
    • analyzeAPKFile
    • runInfoflow
    • processEntryPoint
    • calculateCallbacks(sourcesAndSinks)
    • 再次回到processEntryPoint

自己做一些筆記

下載配置

參照我前面的文章可以使用FlowDroid安裝初體驗
為了看代碼了解FlowDroid如何處理,clone其官方倉庫FlowDroid GitHub

源碼概況

下載下來的內容還是挺多的,主要分了以下幾個文件夾

  • soot-infoflow: 核心功能代碼
  • soot-infoflowandroid: 安卓數(shù)據(jù)流分析代碼
  • soot-infoflow-summaries:字面意思函數(shù)摘要
  • soot-infoflow-cmd:使用cmd的解釋運行流程
    測試用例
    下面對AliasingTest進行案例分析

代碼邏輯分析

analyzeAPKFile

代碼片段
這部分跟進去是一個自定義的測試代碼片段,跟進去看具體實現(xiàn),可以看到不同的接口

ICC model(GPT4的回答):
在FlowDroid中,ICC(Inter-Component Communication,組件間通信)模型用于表示和處理安卓應用中各個組件(例如活動、服務、廣播接收器等)之間如何相互通信。在Android中,組件通常通過Intent機制來相互通信。ICC模型旨在建模這種Intent傳遞機制,以更準確地進行數(shù)據(jù)流分析。
具體來說,FlowDroid的ICC模型可能包括以下幾方面的信息:

  • 哪個組件發(fā)送了Intent。
  • Intent中包含哪些數(shù)據(jù)。
  • Intent被發(fā)送到哪個組件。
  • 如何處理接收到的Intent。

通過精確地建模這些交互,FlowDroid可以更準確地追蹤可能的數(shù)據(jù)流路徑,從而更有效地檢測潛在的安全問題。該模型對于理解應用如何處理敏感數(shù)據(jù),以及這些數(shù)據(jù)可能如何泄露(通過組件間的不安全通信)等問題非常有用。
代碼片段
再往下跟就是一些配置信息,讀取環(huán)境變量等,跟進runInfoflow函數(shù),是比較關鍵的

runInfoflow

代碼片段

//這兩行代碼做了soot的初始化
if (config.getSootIntegrationMode() == SootIntegrationMode.CreateNewInstance) {G.reset();initializeSoot();
}
//soot初始化關鍵函數(shù),比較常規(guī)
private void initializeSoot() {logger.info("Initializing Soot...");final String androidJar = config.getAnalysisFileConfig().getAndroidPlatformDir();final String apkFileLocation = config.getAnalysisFileConfig().getTargetAPKFile();// Clean up any old Soot instance we may haveG.reset();Options.v().set_no_bodies_for_excluded(true);Options.v().set_allow_phantom_refs(true);if (config.getWriteOutputFiles())Options.v().set_output_format(Options.output_format_jimple);elseOptions.v().set_output_format(Options.output_format_none);Options.v().set_whole_program(true);Options.v().set_process_dir(Collections.singletonList(apkFileLocation));if (forceAndroidJar)Options.v().set_force_android_jar(androidJar);elseOptions.v().set_android_jars(androidJar);Options.v().set_src_prec(Options.src_prec_apk_class_jimple);Options.v().set_keep_offset(false);Options.v().set_keep_line_number(config.getEnableLineNumbers());Options.v().set_throw_analysis(Options.throw_analysis_dalvik);Options.v().set_process_multiple_dex(config.getMergeDexFiles());Options.v().set_ignore_resolution_errors(true);// Set soot phase option if original names should be usedif (config.getEnableOriginalNames())Options.v().setPhaseOption("jb", "use-original-names:true");// Set the Soot configuration options. Note that this will needs to be// done before we compute the classpath.if (sootConfig != null)sootConfig.setSootOptions(Options.v(), config);Options.v().set_soot_classpath(getClasspath());Main.v().autoSetOptions();configureCallgraph();// Load whatever we needlogger.info("Loading dex files...");Scene.v().loadNecessaryClasses();// Make sure that we have valid Jimple bodiesPackManager.v().getPack("wjpp").apply();// Patch the callgraph to support additional edges. We do this now,// because during callback discovery, the context-insensitive callgraph// algorithm would flood us with invalid edges.LibraryClassPatcher patcher = getLibraryClassPatcher();patcher.patchLibraries();}

接下來對apk資源文件進行解析,分析入口點

try {parseAppResources();} catch (IOException | XmlPullParserException e) {logger.error("Parse app resource failed", e);throw new RuntimeException("Parse app resource failed", e);}
protected void parseAppResources() throws IOException, XmlPullParserException {final File targetAPK = new File(config.getAnalysisFileConfig().getTargetAPKFile());if (!targetAPK.exists())throw new RuntimeException(String.format("Target APK file %s does not exist", targetAPK.getCanonicalPath()));// Parse the resource filelong beforeARSC = System.nanoTime();this.resources = new ARSCFileParser();this.resources.parse(targetAPK.getAbsolutePath());logger.info("ARSC file parsing took " + (System.nanoTime() - beforeARSC) / 1E9 + " seconds");// To look for callbacks, we need to start somewhere. We use the Android// lifecycle methods for this purpose.this.manifest = createManifestParser(targetAPK);SystemClassHandler.v().setExcludeSystemComponents(config.getIgnoreFlowsInSystemPackages());Set<String> entryPoints = manifest.getEntryPointClasses();this.entrypoints = new HashSet<>(entryPoints.size());for (String className : entryPoints) {SootClass sc = Scene.v().getSootClassUnsafe(className);if (sc != null)this.entrypoints.add(sc);}}

processEntryPoint

Runs the data flow analysis on the given entry point class

if (config.getOneComponentAtATime()) {List<SootClass> entrypointWorklist = new ArrayList<>(entrypoints);while (!entrypointWorklist.isEmpty()) {SootClass entrypoint = entrypointWorklist.remove(0);processEntryPoint(sourcesAndSinks, resultAggregator, entrypointWorklist.size(), entrypoint);}} elseprocessEntryPoint(sourcesAndSinks, resultAggregator, -1, null);

resultAggregator 記錄結果的地方

	protected void processEntryPoint(ISourceSinkDefinitionProvider sourcesAndSinks,MultiRunResultAggregator resultAggregator, int numEntryPoints, SootClass entrypoint) {long beforeEntryPoint = System.nanoTime();// Get rid of leftovers from the last entry pointresultAggregator.clearLastResults();// Perform basic app parsinglong callbackDuration = System.nanoTime();try {if (config.getOneComponentAtATime())calculateCallbacks(sourcesAndSinks, entrypoint);elsecalculateCallbacks(sourcesAndSinks);} catch (IOException | XmlPullParserException e) {logger.error("Callgraph construction failed: " + e.getMessage(), e);throw new RuntimeException("Callgraph construction failed", e);}callbackDuration = Math.round((System.nanoTime() - callbackDuration) / 1E9);logger.info(String.format("Collecting callbacks and building a callgraph took %d seconds", (int) callbackDuration));final Collection<? extends ISourceSinkDefinition> sources = getSources();final Collection<? extends ISourceSinkDefinition> sinks = getSinks();final String apkFileLocation = config.getAnalysisFileConfig().getTargetAPKFile();if (config.getOneComponentAtATime())logger.info("Running data flow analysis on {} (component {}/{}: {}) with {} sources and {} sinks...",apkFileLocation, (entrypoints.size() - numEntryPoints), entrypoints.size(), entrypoint,sources == null ? 0 : sources.size(), sinks == null ? 0 : sinks.size());elselogger.info("Running data flow analysis on {} with {} sources and {} sinks...", apkFileLocation,sources == null ? 0 : sources.size(), sinks == null ? 0 : sinks.size());// Create a new entry point and compute the flows in it. If we// analyze all components together, we do not need a new callgraph,// but can reuse the one from the callback collection phase.if (config.getOneComponentAtATime() && config.getSootIntegrationMode().needsToBuildCallgraph()) {createMainMethod(entrypoint);constructCallgraphInternal();}// Create and run the data flow trackerinfoflow = createInfoflow();infoflow.addResultsAvailableHandler(resultAggregator);infoflow.runAnalysis(sourceSinkManager, entryPointCreator.getGeneratedMainMethod());// Update the statisticsif (config.getLogSourcesAndSinks() && infoflow.getCollectedSources() != null)this.collectedSources.addAll(infoflow.getCollectedSources());if (config.getLogSourcesAndSinks() && infoflow.getCollectedSinks() != null)this.collectedSinks.addAll(infoflow.getCollectedSinks());// Print out the found results{int resCount = resultAggregator.getLastResults() == null ? 0 : resultAggregator.getLastResults().size();if (config.getOneComponentAtATime())logger.info("Found {} leaks for component {}", resCount, entrypoint);elselogger.info("Found {} leaks", resCount);}// Update the performance object with the real data{InfoflowResults lastResults = resultAggregator.getLastResults();if (lastResults != null) {InfoflowPerformanceData perfData = lastResults.getPerformanceData();if (perfData == null)lastResults.setPerformanceData(perfData = new InfoflowPerformanceData());perfData.setCallgraphConstructionSeconds((int) callbackDuration);perfData.setTotalRuntimeSeconds((int) Math.round((System.nanoTime() - beforeEntryPoint) / 1E9));}}// We don't need the computed callbacks anymorethis.callbackMethods.clear();this.fragmentClasses.clear();// Notify our result handlersfor (ResultsAvailableHandler handler : resultsAvailableHandlers)handler.onResultsAvailable(resultAggregator.getLastICFG(), resultAggregator.getLastResults());}

calculateCallbacks(sourcesAndSinks)

傳進來的參數(shù)即為讀取的sources和sinks
Calculates the sets of sources, sinks, entry points, and callbacks methods
for the entry point in the given APK file.
sources and sinks

private void calculateCallbacks(ISourceSinkDefinitionProvider sourcesAndSinks, SootClass entryPoint)throws IOException, XmlPullParserException {// Add the callback methodsLayoutFileParser lfp = null;final CallbackConfiguration callbackConfig = config.getCallbackConfig();if (callbackConfig.getEnableCallbacks()) {// If we have a callback file, we use itString callbackFile = callbackConfig.getCallbacksFile();if (callbackFile != null && !callbackFile.isEmpty()) {File cbFile = new File(callbackFile);if (cbFile.exists()) {CollectedCallbacks callbacks = CollectedCallbacksSerializer.deserialize(callbackConfig);if (callbacks != null) {// Get our callback data from the fileentrypoints = callbacks.getEntryPoints();fragmentClasses = callbacks.getFragmentClasses();callbackMethods = callbacks.getCallbackMethods();// Create the callgraphcreateMainMethod(entryPoint);constructCallgraphInternal();createSourceSinkProvider(entryPoint, lfp);return;}}}if (callbackClasses != null && callbackClasses.isEmpty()) {logger.warn("Callback definition file is empty, disabling callbacks");} else {lfp = createLayoutFileParser();switch (callbackConfig.getCallbackAnalyzer()) {case Fast:calculateCallbackMethodsFast(lfp, entryPoint);break;case Default:calculateCallbackMethods(lfp, entryPoint);break;default:throw new RuntimeException("Unknown callback analyzer");}}} else if (config.getSootIntegrationMode().needsToBuildCallgraph()) {// Create the new iteration of the main methodcreateMainMethod(entryPoint);constructCallgraphInternal();}logger.info("Entry point calculation done.");createSourceSinkProvider(entryPoint, lfp);}

在此過程中給對Layout進行了解析LayoutFileParser(this.manifest.getPackageName(), this.resources);

lfp = createLayoutFileParser();
calculateCallbackMethods(lfp, entryPoint);
下面這是真正的計算了

private void calculateCallbackMethods(LayoutFileParser lfp, SootClass component) throws IOException {final CallbackConfiguration callbackConfig = config.getCallbackConfig();// Load the APK fileif (config.getSootIntegrationMode().needsToBuildCallgraph())releaseCallgraph();// Make sure that we don't have any leftovers from previous runsPackManager.v().getPack("wjtp").remove("wjtp.lfp");PackManager.v().getPack("wjtp").remove("wjtp.ajc");// Get the classes for which to find callbacksSet<SootClass> entryPointClasses = getComponentsToAnalyze(component);// Collect the callback interfaces implemented in the app's// source code. Note that the filters should know all components to// filter out callbacks even if the respective component is only// analyzed later.AbstractCallbackAnalyzer jimpleClass = callbackClasses == null? new DefaultCallbackAnalyzer(config, entryPointClasses, callbackMethods, callbackFile): new DefaultCallbackAnalyzer(config, entryPointClasses, callbackMethods, callbackClasses);if (valueProvider != null)jimpleClass.setValueProvider(valueProvider);jimpleClass.addCallbackFilter(new AlienHostComponentFilter(entrypoints));jimpleClass.addCallbackFilter(new ApplicationCallbackFilter(entrypoints));jimpleClass.addCallbackFilter(new UnreachableConstructorFilter());jimpleClass.collectCallbackMethods();// Find the user-defined sources in the layout XML files. This// only needs to be done once, but is a Soot phase.lfp.parseLayoutFile(config.getAnalysisFileConfig().getTargetAPKFile());// Watch the callback collection algorithm's memory consumptionFlowDroidMemoryWatcher memoryWatcher = null;FlowDroidTimeoutWatcher timeoutWatcher = null;if (jimpleClass instanceof IMemoryBoundedSolver) {// Make sure that we don't spend too much time and memory in the callback// analysismemoryWatcher = createCallbackMemoryWatcher(jimpleClass);timeoutWatcher = createCallbackTimeoutWatcher(callbackConfig, jimpleClass);}try {int depthIdx = 0;boolean hasChanged = true;boolean isInitial = true;while (hasChanged) {hasChanged = false;// Check whether the solver has been aborted in the meantimeif (jimpleClass instanceof IMemoryBoundedSolver) {if (((IMemoryBoundedSolver) jimpleClass).isKilled())break;}// Create the new iteration of the main methodcreateMainMethod(component);int numPrevEdges = 0;if (Scene.v().hasCallGraph()) {numPrevEdges = Scene.v().getCallGraph().size();}// Since the generation of the main method can take some time,// we check again whether we need to stop.if (jimpleClass instanceof IMemoryBoundedSolver) {if (((IMemoryBoundedSolver) jimpleClass).isKilled()) {logger.warn("Callback calculation aborted due to timeout");break;}}if (!isInitial) {// Reset the callgraphreleaseCallgraph();// We only want to parse the layout files oncePackManager.v().getPack("wjtp").remove("wjtp.lfp");}isInitial = false;// Run the soot-based operationsconstructCallgraphInternal();if (!Scene.v().hasCallGraph())throw new RuntimeException("No callgraph in Scene even after creating one. That's very sad "+ "and should never happen.");lfp.parseLayoutFileDirect(config.getAnalysisFileConfig().getTargetAPKFile());PackManager.v().getPack("wjtp").apply();// Creating all callgraph takes time and memory. Check whether// the solver has been aborted in the meantimeif (jimpleClass instanceof IMemoryBoundedSolver) {if (((IMemoryBoundedSolver) jimpleClass).isKilled()) {logger.warn("Aborted callback collection because of low memory");break;}}if (numPrevEdges < Scene.v().getCallGraph().size())hasChanged = true;// Collect the results of the soot-based phasesif (this.callbackMethods.putAll(jimpleClass.getCallbackMethods()))hasChanged = true;if (entrypoints.addAll(jimpleClass.getDynamicManifestComponents()))hasChanged = true;// Collect the XML-based callback methodsif (collectXmlBasedCallbackMethods(lfp, jimpleClass))hasChanged = true;// Avoid callback overruns. If we are beyond the callback limit// for one entry point, we may not collect any further callbacks// for that entry point.if (callbackConfig.getMaxCallbacksPerComponent() > 0) {for (Iterator<SootClass> componentIt = this.callbackMethods.keySet().iterator(); componentIt.hasNext();) {SootClass callbackComponent = componentIt.next();if (this.callbackMethods.get(callbackComponent).size() > callbackConfig.getMaxCallbacksPerComponent()) {componentIt.remove();jimpleClass.excludeEntryPoint(callbackComponent);}}}// Check depth limitingdepthIdx++;if (callbackConfig.getMaxAnalysisCallbackDepth() > 0&& depthIdx >= callbackConfig.getMaxAnalysisCallbackDepth())break;// If we work with an existing callgraph, the callgraph never// changes and thus it doesn't make any sense to go multiple// roundsif (config.getSootIntegrationMode() == SootIntegrationMode.UseExistingCallgraph)break;}} catch (Exception ex) {logger.error("Could not calculate callback methods", ex);throw ex;} finally {// Shut down the watchersif (timeoutWatcher != null)timeoutWatcher.stop();if (memoryWatcher != null)memoryWatcher.close();}// Filter out callbacks that belong to fragments that are not used by// the host activityAlienFragmentFilter fragmentFilter = new AlienFragmentFilter(invertMap(fragmentClasses));fragmentFilter.reset();for (Iterator<Pair<SootClass, AndroidCallbackDefinition>> cbIt = this.callbackMethods.iterator(); cbIt.hasNext();) {Pair<SootClass, AndroidCallbackDefinition> pair = cbIt.next();// Check whether the filter accepts the given mappingif (!fragmentFilter.accepts(pair.getO1(), pair.getO2().getTargetMethod()))cbIt.remove();else if (!fragmentFilter.accepts(pair.getO1(), pair.getO2().getTargetMethod().getDeclaringClass())) {cbIt.remove();}}// Avoid callback overrunsif (callbackConfig.getMaxCallbacksPerComponent() > 0) {for (Iterator<SootClass> componentIt = this.callbackMethods.keySet().iterator(); componentIt.hasNext();) {SootClass callbackComponent = componentIt.next();if (this.callbackMethods.get(callbackComponent).size() > callbackConfig.getMaxCallbacksPerComponent())componentIt.remove();}}// Make sure that we don't retain any weird Soot phasesPackManager.v().getPack("wjtp").remove("wjtp.lfp");PackManager.v().getPack("wjtp").remove("wjtp.ajc");// Warn the user if we had to abort the callback analysis earlyboolean abortedEarly = false;if (jimpleClass instanceof IMemoryBoundedSolver) {if (((IMemoryBoundedSolver) jimpleClass).isKilled()) {logger.warn("Callback analysis aborted early due to time or memory exhaustion");abortedEarly = true;}}if (!abortedEarly)logger.info("Callback analysis terminated normally");// Serialize the callbacksif (callbackConfig.isSerializeCallbacks()) {CollectedCallbacks callbacks = new CollectedCallbacks(entryPointClasses, callbackMethods, fragmentClasses);CollectedCallbacksSerializer.serialize(callbacks, callbackConfig);}}

這段代碼首先對調用圖進行重置

	protected void releaseCallgraph() {// If we are configured to use an existing callgraph, we may not release// itif (config.getSootIntegrationMode() == SootIntegrationMode.UseExistingCallgraph)return;Scene.v().releaseCallGraph();Scene.v().releasePointsToAnalysis();Scene.v().releaseReachableMethods();G.v().resetSpark();}

接下來兩行代碼不懂問了GPT

		// Make sure that we don't have any leftovers from previous runsPackManager.v().getPack("wjtp").remove("wjtp.lfp");PackManager.v().getPack("wjtp").remove("wjtp.ajc");
PackManager.v().getPack("wjtp")

這部分獲取名為 “wjtp” 的分析階段組(pack)。Soot框架將各種分析和轉換任務組織在不同的階段組(如 “wjtp”, “jtp”, “cg” 等)中。

remove(“wjtp.lfp”) 和 remove(“wjtp.ajc”):這兩行代碼從 “wjtp” 階段組中移除特定的分析或轉換階段。具體來說,它們移除名為 “wjtp.lfp” 和 “wjtp.ajc” 的階段。

這兩行代碼確保在新一輪的Soot分析或轉換開始之前,清除先前可能添加到 “wjtp” 階段組的 “wjtp.lfp” 和 “wjtp.ajc” 分析階段。這樣做主要是為了避免先前運行的殘留影響到當前的運行。這是一種清理機制,確保每次運行都是在干凈、一致的環(huán)境中進行。

再次回到processEntryPoint

變量值
準備數(shù)據(jù)流

Instantiates and configures the data flow engine

	private IInPlaceInfoflow createInfoflow() {// Some sanity checksif (config.getSootIntegrationMode().needsToBuildCallgraph()) {if (entryPointCreator == null)throw new RuntimeException("No entry point available");if (entryPointCreator.getComponentToEntryPointInfo() == null)throw new RuntimeException("No information about component entry points available");}// Get the component lifecycle methodsCollection<SootMethod> lifecycleMethods = Collections.emptySet();if (entryPointCreator != null) {ComponentEntryPointCollection entryPoints = entryPointCreator.getComponentToEntryPointInfo();if (entryPoints != null)lifecycleMethods = entryPoints.getLifecycleMethods();}// Initialize and configure the data flow trackerIInPlaceInfoflow info = createInfoflowInternal(lifecycleMethods);if (ipcManager != null)info.setIPCManager(ipcManager);info.setConfig(config);info.setSootConfig(sootConfig);info.setTaintWrapper(taintWrapper);info.setTaintPropagationHandler(taintPropagationHandler);info.setAliasPropagationHandler(aliasPropagationHandler);// We use a specialized memory manager that knows about Androidinfo.setMemoryManagerFactory(new IMemoryManagerFactory() {@Overridepublic IMemoryManager<Abstraction, Unit> getMemoryManager(boolean tracingEnabled,PathDataErasureMode erasePathData) {return new AndroidMemoryManager(tracingEnabled, erasePathData, entrypoints);}});info.setMemoryManagerFactory(null);// Inject additional post-processorsinfo.setPostProcessors(Collections.singleton(new PostAnalysisHandler() {@Overridepublic InfoflowResults onResultsAvailable(InfoflowResults results, IInfoflowCFG cfg) {// Purify the ICC results if requestedfinal IccConfiguration iccConfig = config.getIccConfig();if (iccConfig.isIccResultsPurifyEnabled()) {// no-op at the moment. We used to have a purifier here, but it didn't make// any sense. Removed it for the better.}return results;}}));return info;}

接下來進入到runAnalysis函數(shù)內部,這個函數(shù)似乎比較關鍵
Conducts a taint analysis on an already initialized callgraph

	protected void runAnalysis(final ISourceSinkManager sourcesSinks, final Set<String> additionalSeeds) {final InfoflowPerformanceData performanceData = createPerformanceDataClass();try {// Clear the data from previous runsresults = createResultsObject();results.setPerformanceData(performanceData);// Print and check our configurationcheckAndFixConfiguration();config.printSummary();// Register a memory watcherif (memoryWatcher != null) {memoryWatcher.clearSolvers();memoryWatcher = null;}memoryWatcher = new FlowDroidMemoryWatcher(results, config.getMemoryThreshold());// Initialize the abstraction configurationAbstraction.initialize(config);// Build the callgraphlong beforeCallgraph = System.nanoTime();constructCallgraph();performanceData.setCallgraphConstructionSeconds((int) Math.round((System.nanoTime() - beforeCallgraph) / 1E9));logger.info(String.format(Locale.getDefault(), "Callgraph construction took %d seconds",performanceData.getCallgraphConstructionSeconds()));// Initialize the source sink managerif (sourcesSinks != null)sourcesSinks.initialize();// Perform constant propagation and remove dead codeif (config.getCodeEliminationMode() != CodeEliminationMode.NoCodeElimination) {long currentMillis = System.nanoTime();eliminateDeadCode(sourcesSinks);logger.info("Dead code elimination took " + (System.nanoTime() - currentMillis) / 1E9 + " seconds");}// After constant value propagation, we might find more call edges// for reflective method callsif (config.getEnableReflection()) {releaseCallgraph();constructCallgraph();}if (config.getCallgraphAlgorithm() != CallgraphAlgorithm.OnDemand)logger.info("Callgraph has {} edges", Scene.v().getCallGraph().size());IInfoflowCFG iCfg = icfgFactory.buildBiDirICFG(config.getCallgraphAlgorithm(),config.getEnableExceptionTracking());if (config.isTaintAnalysisEnabled())runTaintAnalysis(sourcesSinks, additionalSeeds, iCfg, performanceData);// Gather performance dataperformanceData.setTotalRuntimeSeconds((int) Math.round((System.nanoTime() - beforeCallgraph) / 1E9));performanceData.updateMaxMemoryConsumption(getUsedMemory());logger.info(String.format("Data flow solver took %d seconds. Maximum memory consumption: %d MB",performanceData.getTotalRuntimeSeconds(), performanceData.getMaxMemoryConsumption()));// Provide the handler with the final resultsfor (ResultsAvailableHandler handler : onResultsAvailable)handler.onResultsAvailable(iCfg, results);// Write the Jimple files to disk if requestedif (config.getWriteOutputFiles())PackManager.v().writeOutput();} catch (Exception ex) {StringWriter stacktrace = new StringWriter();PrintWriter pw = new PrintWriter(stacktrace);ex.printStackTrace(pw);if (results != null)results.addException(ex.getClass().getName() + ": " + ex.getMessage() + "\n" + stacktrace.toString());logger.error("Exception during data flow analysis", ex);if (throwExceptions)throw ex;}}

constructCallgraph();
構造調用圖

	protected void constructCallgraph() {if (config.getSootIntegrationMode().needsToBuildCallgraph()) {// Allow the ICC manager to change the Soot Scene before we continueif (ipcManager != null)ipcManager.updateJimpleForICC();// Run the preprocessorsfor (PreAnalysisHandler tr : preProcessors)tr.onBeforeCallgraphConstruction();// Patch the system libraries we need for callgraph constructionLibraryClassPatcher patcher = getLibraryClassPatcher();patcher.patchLibraries();// To cope with broken APK files, we convert all classes that are still// dangling after resolution into phantomsfor (SootClass sc : Scene.v().getClasses())if (sc.resolvingLevel() == SootClass.DANGLING) {sc.setResolvingLevel(SootClass.BODIES);sc.setPhantomClass();}// We explicitly select the packs we want to run for performance// reasons. Do not re-run the callgraph algorithm if the host// application already provides us with a CG.if (config.getCallgraphAlgorithm() != CallgraphAlgorithm.OnDemand && !Scene.v().hasCallGraph()) {PackManager.v().getPack("wjpp").apply();PackManager.v().getPack("cg").apply();}}// If we don't have a FastHierarchy, we need to create it - even if we use an// existing callgraphhierarchy = Scene.v().getOrMakeFastHierarchy();if (config.getSootIntegrationMode().needsToBuildCallgraph()) {// Run the preprocessorsfor (PreAnalysisHandler tr : preProcessors)tr.onAfterCallgraphConstruction();}}

runAnalysis分析結束后回到了processEntryPoint

http://www.risenshineclean.com/news/27605.html

相關文章:

  • 網(wǎng)站建站網(wǎng)站299266co提升關鍵詞
  • 有高并發(fā) 高訪問量網(wǎng)站開發(fā)百度seo招聘
  • 怎么做企業(yè)網(wǎng)站推廣南京seo整站優(yōu)化技術
  • 本地服務器怎么做網(wǎng)站站長之家關鍵詞挖掘
  • 網(wǎng)站建設一般要多少費用網(wǎng)絡營銷的含義
  • 購物網(wǎng)站后臺好管理嗎百度seo原理
  • 代駕app軟件開發(fā)公司seo推廣怎么做
  • 個性化定制網(wǎng)站的特點一站式自媒體服務平臺
  • 做電子商務網(wǎng)站需要學什么2024年3月新冠高峰
  • 企業(yè)網(wǎng)站建設的必要性百度收錄比較好的網(wǎng)站
  • aspaccess做網(wǎng)站站長平臺百度
  • 煙臺快速建站有哪些公司低價刷粉網(wǎng)站推廣
  • 做網(wǎng)站一個月能掙多少香港seo公司
  • 西安網(wǎng)站建設設計專業(yè)公司網(wǎng)絡推廣
  • vs210做網(wǎng)站什么是網(wǎng)絡營銷公司
  • 網(wǎng)站推廣目標是什么seo整站排名
  • 如何做網(wǎng)站商城怎么開設自己的網(wǎng)站
  • 做網(wǎng)站的困難海淀區(qū)seo搜索優(yōu)化
  • 昆明做網(wǎng)站最好的小說網(wǎng)站排名
  • wordpress 8211如何優(yōu)化網(wǎng)絡速度
  • 部門網(wǎng)站建設存在的問題優(yōu)化大師免費版下載
  • 做論壇網(wǎng)站的cms網(wǎng)絡廣告策劃方案
  • 西安做網(wǎng)站的seo三人行論壇
  • 11號在線 網(wǎng)站開發(fā)廣州seo推薦
  • 沒有備案的網(wǎng)站可以用ip訪問嗎智能營銷方法
  • 海淀視頻網(wǎng)站建設搜索引擎調詞工具哪個好
  • 杭州電子商務公司排行seo推廣外包報價表
  • 做網(wǎng)站公司在哪電子商務沙盤seo關鍵詞
  • 設計網(wǎng)站賣錢企業(yè)網(wǎng)站模板源碼
  • 邯鄲網(wǎng)站制作找誰衡陽seo優(yōu)化報價