-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A false positive leak caused by SummaryTaintWrapper #520
Comments
This looks like a bug on first sight, the intent object itself should not be tainted. Thanks a lot for the thorough investigation with the taint propagation handler. I'll have a look. |
Hi Richard: It is because the <flow isAlias="true" typeChecking="false">
<from sourceSinkType="Field" />
<to sourceSinkType="Return" />
</flow> Which means if any of the field in This can be fixed by setting |
This fixes issue secure-software-engineering#520
Hi @flankerhqd , Thanks for your fix. But I have a comment |
Hi @StevenArzt , FlowDroid reports a FP leak on the following case, in which only
mimeType
field in the intent should be tainted. But FlowDroid also taints theaction
field in the intent.I register a taint propagation handler to read the incoming and outgoing access paths. I found the problem may happen at the following line
The 1st outgoing is correct according to the summary manual android.content.Intent.xml. But it seems the 3rd outgoing, which taints the intent object is not correct. When the intent object is tainted, the return of
intent.getAction()
is further tainted, which results in the FP.This is how I set the taint wrapper
Do I misconfig something or is it a FlowDroid bug?
The text was updated successfully, but these errors were encountered: