|
| 1 | +--- |
| 2 | +name: False negative |
| 3 | +about: Report a false negative, a flow that was not found by FlowDroid |
| 4 | +title: '' |
| 5 | +labels: '' |
| 6 | +assignees: '' |
| 7 | + |
| 8 | +--- |
| 9 | +Note that this report template should be used to report a false negative, a flow reported that exists in the application that was not found by FlowDroid. |
| 10 | +Please examine each of the following points *carefully* so that we can help you as soon and best as possible. |
| 11 | +When your flow involves implicit flows (i.e. taints on ```if/loop``` conditions), you'll need to set the implicit flow mode via ```InfoflowConfiguration.setImplicitFlowMode``` |
| 12 | +Furthermore, in cases of very complex data flows, certain cut-offs such as the ```maxPathLength``` in ```PathConfiguration``` might cause flows to not be found. |
| 13 | +**Therefore, information about the FlowDroid configuration is very important for this issue type.** |
| 14 | + |
| 15 | +**Input file** |
| 16 | +Please upload or provide a (working) link to the .class, .jar, .dex, .apk or any other input file in which the flow was found. You can drop a ZIP file right into this textbox. |
| 17 | +This is _very_ important. In many cases, a bug triggers only on certain input files, which happen to be structured in a particular way which causes this problem. In case you do not supply the input files, we unfortunately often **cannot** help you at all. |
| 18 | + |
| 19 | +**Describe the flow that was not found by FlowDroid** |
| 20 | +What is the source and sink in the flow? Ideally, post code snippets of the complete data flow, e.g. in Java or Jimple. |
| 21 | + |
| 22 | +If the answer of the following two questions is unclear or you are in doubt, just state "Unsure". |
| 23 | + |
| 24 | +Are the methods that contain the source and sink statements considered reachable by the entrypoint of the program? |
| 25 | +Note that FlowDroid will only search for leaks when the source and sink statements are considered reachable, i.e. are present in the call graph. |
| 26 | +Was the presence of the flow in the application verified, e.g. by using some sort of dynamic analysis? |
| 27 | + |
| 28 | +**To reproduce** |
| 29 | +Steps to reproduce the behavior: |
| 30 | + |
| 31 | +Please include FlowDroid command line options you used or supply a code snippet to ease reproduction of the problem. **Please do not supply code snippets as _Screenshots_**. If possible, make sure that the supplied code is somewhat complete. It helps when the code for reproduction is somewhat minimal, but that is not necessary. |
| 32 | + |
| 33 | +**Version information** |
| 34 | +Which version of FlowDroid did you use? |
| 35 | + |
| 36 | +**Additional context** |
| 37 | +Add any other context about the problem here, which might help us to understand or solve your problem better. If there is more log output of FlowDroid, you should add that as well. |
0 commit comments