Latest version taint analysis usage

Ask a Question
1

Hello!
I was using version 9.0.6 of proguard-core, specifically, taint analysis.
I used to set sinks and sources like this:

 val taintSource = TaintSource(
    "source signature",
    false,
    true,
    setOf(...),
    setOf(...)
)

But I don’t really understand how I am supposed to do the same thing in the latest version, as I need to use Signature now, which implies Clazz usage and so on.
Is there a convenient way to construct Signatures from the methods of the program I am trying to analyse?

2

Hi Olesya!

If you don’t have the Clazz available you can create a MethodSignature with the constructor MethodSignature(String internalClassName, String method, String descriptor). Remember that an internalClassName uses / as separator (e.g., com/example/YourClass).

You can take a look at JvmTaintCpaTest.kt in the proguard-core repo.

2 Likes