Skip to content

Soot call graph did not fully parse the call chain #2064

Open
Open
Soot call graph did not fully parse the call chain#2064
@NiceAsiv

Description

@NiceAsiv
NiceAsiv
opened on Apr 1, 2024

Describe the bug
Soot call graph did not fully parse the call chain

The complete call chain should include vulnerability functions in the class Book , But in the course of debugging, I couldn't trace the invocation in CallGraph from the method getTitle() within the class TestCaseDroid.test.MultilevelCall.Book to the method vulnerable() also within the same class

Input file

public class LibraryApplication {
    public static void main(String[] args) {
        Library library = new Library();
        LibraryService libraryService = new LibraryService(library);

        Book book1 = new Book("Java Fundamentals", "John Doe");
        Book book2 = new Book("Advanced Java", "Jane Doe");

        libraryService.addBookToLibrary(book1);
        libraryService.addBookToLibrary(book2);

        System.out.println("Searching for 'Java Fundamentals':");
        libraryService.displayBooksByTitle("Java Fundamentals");
    }
}
import java.util.List;

public class LibraryService {
    private Library library;

    public LibraryService(Library library) {
        this.library = library;
    }

    public void addBookToLibrary(Book book) {
        library.addBook(book);
    }

    public void displayBooksByTitle(String title) {
        List<Book> books = library.searchByTitle(title);
        for (Book book : books) {
            System.out.println(book);
        }
    }
}
import java.util.ArrayList;
import java.util.List;

public class Library {
    private List<Book> books;

    public Library() {
        this.books = new ArrayList<>();
    }

    public void addBook(Book book) {
        books.add(book);
    }

    public List<Book> searchByTitle(String title) {
        List<Book> foundBooks = new ArrayList<>();
        for (Book book : books) {
            if (book.getTitle().equalsIgnoreCase(title)) {
                foundBooks.add(book);
                book.vulnerable();
            }
        }
        return foundBooks;
    }
}
package TestCaseDroid.test.MultilevelCall;

public class Book {
    private String title;
    private String author;

    public Book(String title, String author) {
        this.title = title;
        this.author = author;
    }

    public String getTitle() {
        vulnerable();
        return title;
    }

    public String getAuthor() {
        return author;
    }


    public void vulnerable(){
        //vulnerable code
        System.out.println("vulnerable");
    }

    @Override
    public String toString() {
        return "Book{" +
                "title='" + title + '\'' +
                ", author='" + author + '\'' +
                '}';
    }
}
     Options.v().setPhaseOption("cg.cha", "on");
                    CHATransformer.v().transform();
                    CallGraph callGraph = Scene.v().getCallGraph();

output

Entry method: <TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.Book: void <init>(java.lang.String,java.lang.String)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void displayBooksByTitle(java.lang.String)>
<TestCaseDroid.test.MultilevelCall.LibraryService: void displayBooksByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)>
<TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Book: void vulnerable()>
<TestCaseDroid.test.MultilevelCall.Library: java.util.List searchByTitle(java.lang.String)> may call <TestCaseDroid.test.MultilevelCall.Book: java.lang.String getTitle()>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void addBookToLibrary(TestCaseDroid.test.MultilevelCall.Book)>
<TestCaseDroid.test.MultilevelCall.LibraryService: void addBookToLibrary(TestCaseDroid.test.MultilevelCall.Book)> may call <TestCaseDroid.test.MultilevelCall.Library: void addBook(TestCaseDroid.test.MultilevelCall.Book)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.LibraryService: void <init>(TestCaseDroid.test.MultilevelCall.Library)>
<TestCaseDroid.test.MultilevelCall.LibraryApplication: void main(java.lang.String[])> may call <TestCaseDroid.test.MultilevelCall.Library: void <init>()>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions