Merge pull request #864 from MarcMil/issue-templates

StevenArzt · web-flow · commit 6bcfe3cdab03 · 2026-02-12T17:43:56.000+01:00
Issue templates
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,33 @@
+---
+name: Bug report
+about: Create a bug report to help us improve FlowDroid.
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+Please examine each of the following points *carefully* so that we can help you as soon and best as possible.
+
+**Describe the bug**
+A clear and concise description of what the bug is. If you use any third party library or tool that could interfere with FlowDroid in any way, you should indicate that clearly.
+
+**Input file**
+Please upload or provide a (working) link to the .class, .jar, .dex, .apk or any other input file which caused the issue (the code you want to analyze). You can drop a ZIP file right into this textbox.
+This is _very_ important. In many cases, a bug triggers only on certain input files, which happen to be structured in a particular way which causes this problem. In case you do not supply the input files, we unfortunately often **cannot** help you at all.
+
+**To reproduce**
+Steps to reproduce the behavior:
+Please include FlowDroid command line options you used or supply a code snippet to ease reproduction of the problem. **Please do not supply code snippets as _Screenshots_**. If possible, make sure that the supplied code is somewhat complete. It helps when the code for reproduction is somewhat minimal, but that is not necessary.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Stacktrace**
+If applicable, add complete stacktraces. In case your stack trace contains a line starting with "Caused by:", that line as well as the following lines are still part of the original stacktrace, so please include them as well. **Please do not supply stack traces as _Screenshots_**, copy and paste the stacktrace instead.
+
+**Version information**
+Which version of FlowDroid did you use?
+
+**Additional context**
+Add any other context about the problem here, which might help us to understand or solve your problem better. If there is more log output of FlowDroid, you should add that as well.
diff --git a/.github/ISSUE_TEMPLATE/false_negative.md b/.github/ISSUE_TEMPLATE/false_negative.md
@@ -0,0 +1,37 @@
+---
+name: False negative
+about: Report a false negative, a flow that was not found by FlowDroid
+title: ''
+labels: 'false negative'
+assignees: ''
+
+---
+Note that this report template should be used to report a false negative, a flow reported that exists in the application that was not found by FlowDroid.
+Please examine each of the following points *carefully* so that we can help you as soon and best as possible.
+When your flow involves implicit flows (i.e. taints on ```if/loop``` conditions), you'll need to set the implicit flow mode via ```InfoflowConfiguration.setImplicitFlowMode```
+Furthermore, in cases of very complex data flows, certain cut-offs such as the ```maxPathLength``` in ```PathConfiguration``` might cause flows to not be found.
+**Therefore, information about the FlowDroid configuration is very important for this issue type.**
+
+**Input file**
+Please upload or provide a (working) link to the .class, .jar, .dex, .apk or any other input file in which the flow was found. You can drop a ZIP file right into this textbox.
+This is _very_ important. In many cases, a bug triggers only on certain input files, which happen to be structured in a particular way which causes this problem. In case you do not supply the input files, we unfortunately often **cannot** help you at all.
+
+**Describe the flow that was not found by FlowDroid**
+What is the source and sink in the flow? Ideally, post code snippets of the complete data flow, e.g. in Java or Jimple.
+
+If the answer of the following two questions is unclear or you are in doubt, just state "Unsure".
+
+Are the methods that contain the source and sink statements considered reachable by the entrypoint of the program?
+Note that FlowDroid will only search for leaks when the source and sink statements are considered reachable, i.e. are present in the call graph.
+Was the presence of the flow in the application verified, e.g. by using some sort of dynamic analysis?
+
+**To reproduce**
+Steps to reproduce the behavior:
+
+Please include FlowDroid command line options you used or supply a code snippet to ease reproduction of the problem. **Please do not supply code snippets as _Screenshots_**. If possible, make sure that the supplied code is somewhat complete. It helps when the code for reproduction is somewhat minimal, but that is not necessary.
+
+**Version information**
+Which version of FlowDroid did you use?
+
+**Additional context**
+Add any other context about the problem here, which might help us to understand or solve your problem better. If there is more log output of FlowDroid, you should add that as well.
diff --git a/.github/ISSUE_TEMPLATE/false_positive.md b/.github/ISSUE_TEMPLATE/false_positive.md
@@ -0,0 +1,30 @@
+---
+name: False positive
+about: Report a false positive, a flow reported by FlowDroid that is wrong
+title: ''
+labels: 'false positive'
+assignees: ''
+
+---
+Note that this report template should be used to report a false positive, a flow reported by FlowDroid that is wrong, i.e. not a real result.
+Please examine each of the following points *carefully* so that we can help you as soon and best as possible.
+**Note that the FlowDroid configuration is very relevant for this issue type. Some analysis options trade off precision for a higher performance. If possible, test using the most precise FlowDroid options.**
+
+**Input file**
+Please upload or provide a (working) link to the .class, .jar, .dex, .apk or any other input file in which the flow was found. You can drop a ZIP file right into this textbox.
+This is _very_ important. In many cases, a bug triggers only on certain input files, which happen to be structured in a particular way which causes this problem. In case you do not supply the input files, we unfortunately often **cannot** help you at all.
+
+**Describe the incorrectly flow found by FlowDroid**
+If possible, use the context-sensitve path reconstructor to obtain a list of statements in the data-flow path and show the data-flow path here.
+What is the source and sink in this flow?
+
+**To reproduce**
+Steps to reproduce the behavior:
+
+Please include FlowDroid command line options you used or supply a code snippet to ease reproduction of the problem. **Please do not supply code snippets as _Screenshots_**. If possible, make sure that the supplied code is somewhat complete. It helps when the code for reproduction is somewhat minimal, but that is not necessary.
+
+**Version information**
+Which version of FlowDroid did you use?
+
+**Additional context**
+Add any other context about the problem here, which might help us to understand or solve your problem better. If there is more log output of FlowDroid, you should add that as well.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for FlowDroid.
+title: 'Feature request: '
+labels: 'enhancement '
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
