## Solution for sheet 4

ericbodden
Moderator
Beiträge: 243
Registriert: 5. Apr 2010 19:06

### Solution for sheet 4

... is now online.
-- Eric

pSub
Mausschubser
Beiträge: 61
Registriert: 21. Sep 2009 22:56

### Re: Solution for sheet 4

We had trouble to handle the problem in task 1f), thus I copied our test into the sample solution. But the sample solution does not pass the test, too, and from glancing over the code I do not see how this case is handled in the code.

I use the following test:

Code: Alles auswählen

public class TargetClass4 {
private class Data { Bar x; }
private class Bar { String c; }
private void foo(Data d, String taint) {
Bar b = d.x;
b.c = taint;
}
private void bar() {
Data d = new Data();
String secret = getSecret();
foo(d, secret);
leak(d.x.c);
}
}

with

Code: Alles auswählen

	@Test
public void barTest() {
MainClass.runAnalysis(new IReporter() {

@Override
public void report(SootMethod method, Unit source, Unit sink) {
if (method.getName().equals("bar"))
Assert.fail();
}

});
}

This test should fail, as the given code leaks the secret. Any ideas whats wrong?

ericbodden
Moderator
Beiträge: 243
Registriert: 5. Apr 2010 19:06

### Re: Solution for sheet 4

Hello.

Maybe a stupid question but is TargetClass4 your test entire class? If there is no main method then Soot will have trouble conducting a points-to and call-graph analysis.

Cheers,
Eric
-- Eric

ericbodden
Moderator
Beiträge: 243
Registriert: 5. Apr 2010 19:06

### Re: Solution for sheet 4

I think I have found a problem with your code. You need to replace...

private class Data { Bar x; }

... by:

private class Data { Bar x = new Bar(); }

Otherwise the points-to set for the field x will be empty. At runtime, for this code you would get a NullPointerException. With this change it should work.

I will explain tomorrow how the solution solves this test case.
-- Eric

pSub
Mausschubser
Beiträge: 61
Registriert: 21. Sep 2009 22:56

### Re: Solution for sheet 4

Ah, that fixed it! Now that you mention it, it is obvious what was wrong... Thank you for your time!