<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\[8bO53";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Rainkin,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’m not sure that I understand your question correctly. Contexts in IFDS are value contexts which means that they do not refer to a certain call string or call site, but first and foremost to a value in the domain of data flow abstractions. Getting the IFDS context would thus supply you with an incomiung taint abstraction which is probably not what you want.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you just want to get the method which contains the source / sink statements, you can use the interprocedural control flow graph that gets passed into the ResultsAvailableHandler callback which you can specify when you call computeInfoflow(…). It has a method getMethodOf(…).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:13.5pt;font-family:"Courier New";color:black'>M.Sc. M.Sc. Steven Arzt</span><span lang=EN-US style='font-size:11.0pt;font-family:"Helvetica","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:black'>Secure Software Engineering Group (SSE)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:black'>European Center for Security and Privacy by Design (EC SPRIDE) <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";color:black'>Rheinstraße 75<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";color:black'>D-64293 Darmstadt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";color:black'>Phone: +49 61 51 869-336<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";color:black'>Fax: +49 61 51 16-72118<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:black'>eMail: </span><span style='font-size:10.0pt;font-family:"Courier New";color:black'><a href="mailto:steven.arzt@ec-spride.de"><span lang=EN-US style='color:blue'>steven.arzt@ec-spride.de</span></a></span><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:black'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";color:black'>Web: <a href="http://sse.ec-spride.de/"><span style='color:blue'>http://sse.ec-spride.de</span></a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> soot-list-bounces@CS.McGill.CA [mailto:soot-list-bounces@CS.McGill.CA] <b>Im Auftrag von </b>???<br><b>Gesendet:</b> Freitag, 12. Juni 2015 17:48<br><b>An:</b> soot-list@CS.McGill.CA<br><b>Betreff:</b> [Soot-list] Can I get the calling context of a source/sink?<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><div><div><div><div><p class=MsoNormal>Hi guys,<o:p></o:p></p></div><p class=MsoNormal> Flowdroid uses Heros to do inter-procedural data analysis. I notice that during the process of inter-procedural analysis, Flowdroid can get the calling context of a function, that is to say, where the function is actually called. <o:p></o:p></p></div><p class=MsoNormal> For example, the API<br> getReturnFlowFunction(N callSite, M calleeMethod, N exitStmt, N returnSite):<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'> callSite is the statement where the function is called.<br><br><o:p></o:p></p></div><p class=MsoNormal> But in the results of Flowdroid, I can't get the calling context of a source/sink. <o:p></o:p></p></div><div><p class=MsoNormal> I want to know how to get that?<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>For example.<o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>ApiTwo sharedApiTwo(ApiOne x)</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>{</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>return apiTwo(x);</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>}</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>main(){</span><o:p></o:p></p><p class=MsoNormal><b><i><span style='font-family:"[8bO53","serif";color:#0070C0'>// context1</span></i></b><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>a1 = <b>apiOne</b>();</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>b1 = <b>sharedApiOne</b>(a1);</span><o:p></o:p></p><p class=MsoNormal><b><span style='font-family:"[8bO53","serif";color:#333333'>apiThree</span></b><span style='font-family:"[8bO53","serif";color:#333333'>(b1);</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'> </span><o:p></o:p></p><p class=MsoNormal><b><i><span style='font-family:"[8bO53","serif";color:#0070C0'>// context2</span></i></b><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>a2 = <b>apiOne</b>();</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>b2 = <b>sharedApiOne</b>(a2);</span><o:p></o:p></p><p class=MsoNormal><b><span style='font-family:"[8bO53","serif";color:#333333'>apiThree</span></b><span style='font-family:"[8bO53","serif";color:#333333'>(b2);</span><o:p></o:p></p><p class=MsoNormal><span style='font-family:"[8bO53","serif";color:#333333'>}</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Note that there is a wrapper function sharedApiTwo() for apiTwo().<o:p></o:p></p></div><div><p class=MsoNormal>we will get the following result:<o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt;width:7000pt'><p class=MsoNormal align=center style='text-align:center'><b><span style='font-family:"Calibri","sans-serif"'>Source</span></b><o:p></o:p></p></td><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><b><span style='font-family:"Calibri","sans-serif"'>Sink</span></b><o:p></o:p></p></td></tr><tr><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-family:"Calibri","sans-serif"'>a1 = <b>apiOne</b>();</span><o:p></o:p></p></td><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td></tr><tr><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><b><span style='font-family:"Calibri","sans-serif"'>apiThree</span></b><span style='font-family:"Calibri","sans-serif"'>(b1);</span><o:p></o:p></p></td></tr><tr><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-family:"Calibri","sans-serif"'>a2 = <b>apiOne</b>();</span><o:p></o:p></p></td><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td></tr><tr><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><span style='font-family:"Calibri","sans-serif"'>return <b>apiTwo</b>(x);</span><o:p></o:p></p></td><td width=295 valign=top style='width:221.25pt;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=center style='text-align:center'><b><span style='font-family:"Calibri","sans-serif"'>apiThree</span></b><span style='font-family:"Calibri","sans-serif"'>(b2);</span><o:p></o:p></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Take the first source-sink chain for example,<o:p></o:p></p></div><div><p class=MsoNormal>I can't know the function of the sink "return apiTwo(x)" is called in the statement "<span style='font-family:"[8bO53","serif";color:#333333'>b1 = <b>sharedApiOne</b>(a1);</span>"<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>Thank,<o:p></o:p></p></div><p class=MsoNormal>rainkin<o:p></o:p></p></div></div></body></html>