You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been exploring FlowDroid and reviewing various issues and explanations regarding its behavior. However, I'm still unclear about how FlowDroid constructs its Call Flow Graph (CFG) and handles third-party or library code during taint analysis. I understand that FlowDroid uses different CFG construction algorithms and can be enhanced with a TaintWrapper.
My specific question is: Does FlowDroid consider third-party or library code when performing taint analysis? For example, if we have a sink like print() and the application code calls a method Foo() from an external library, and Foo() internally contains a print() statement, will FlowDroid detect the print() within Foo(), even though Foo() is not part of the application's own codebase?
From my experience, it seems that the answer is "No"—FlowDroid does not catch the print() in this scenario since it is within a library method. However, I would appreciate any clarification or guidance you can provide on this matter.
Thank you for your time and assistance!
Best regards,
Alireza
The text was updated successfully, but these errors were encountered:
Hello,
@StevenArzt
I've been exploring FlowDroid and reviewing various issues and explanations regarding its behavior. However, I'm still unclear about how FlowDroid constructs its Call Flow Graph (CFG) and handles third-party or library code during taint analysis. I understand that FlowDroid uses different CFG construction algorithms and can be enhanced with a TaintWrapper.
My specific question is: Does FlowDroid consider third-party or library code when performing taint analysis? For example, if we have a sink like print() and the application code calls a method Foo() from an external library, and Foo() internally contains a print() statement, will FlowDroid detect the print() within Foo(), even though Foo() is not part of the application's own codebase?
From my experience, it seems that the answer is "No"—FlowDroid does not catch the print() in this scenario since it is within a library method. However, I would appreciate any clarification or guidance you can provide on this matter.
Thank you for your time and assistance!
Best regards,
Alireza
The text was updated successfully, but these errors were encountered: